From 662282106318e3f1f0bbcc7281f49ee5b3727f21 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 19 Jul 2011 11:57:05 +1000
Subject: [PATCH] s3-auth Remove seperate guest boolean

Instead, we base our guest calculations on the presence or absense of the
authenticated users group in the token, ensuring that we have only
one canonical source of this important piece of authorization data

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
---
 librpc/idl/auth.idl                 |  1 -
 source3/Makefile.in                 |  2 +-
 source3/auth/auth_util.c            |  5 ++---
 source3/rpc_server/lsa/srv_lsa_nt.c |  2 +-
 source3/rpc_server/rpc_handles.c    |  3 ++-
 source3/smbd/lanman.c               |  2 +-
 source3/smbd/password.c             |  9 ++++++---
 source3/smbd/service.c              | 10 +++++++---
 source3/smbd/session.c              |  3 ++-
 source3/smbd/sesssetup.c            |  7 ++++---
 source3/smbd/smb2_sesssetup.c       |  9 +++++----
 11 files changed, 31 insertions(+), 22 deletions(-)

diff --git a/librpc/idl/auth.idl b/librpc/idl/auth.idl
index f1f888c0ddf..3b4853b657f 100644
--- a/librpc/idl/auth.idl
+++ b/librpc/idl/auth.idl
@@ -65,7 +65,6 @@ interface auth
 		/* These match exactly the values from the
 		 * auth_serversupplied_info, but should be changed to
 		 * checks involving just the SIDs */
-		boolean8 guest;
 		boolean8 system;
 
 		[unique,charset(UTF8),string] char *unix_name;
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 0a72cf579aa..51b0a7cb67d 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -466,7 +466,7 @@ LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \
 	  lib/ldap_escape.o @CHARSET_STATIC@ \
 	  ../libcli/security/secdesc.o ../libcli/security/access_check.o \
 	  ../libcli/security/secace.o ../libcli/security/object_tree.o \
-	  ../libcli/security/sddl.o \
+	  ../libcli/security/sddl.o ../libcli/security/session.o \
 	  ../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \
 	  lib/fncall.o \
 	  libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index d5ca1a206b9..b0deb2c8ab1 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -504,7 +504,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	session_info->unix_info->guest = server_info->guest;
 	session_info->unix_info->system = server_info->system;
 
 	if (session_key) {
@@ -993,8 +992,8 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
 	/* This element must be provided to convert back to an auth_serversupplied_info */
 	SMB_ASSERT(src->unix_info);
 
-	dst->guest = src->unix_info->guest;
-	dst->system = src->unix_info->system;
+	dst->guest = true;
+	dst->system = false;
 
 	/* This element must be provided to convert back to an
 	 * auth_serversupplied_info.  This needs to be from hte
diff --git a/source3/rpc_server/lsa/srv_lsa_nt.c b/source3/rpc_server/lsa/srv_lsa_nt.c
index 8aea353679e..5877c7b295c 100644
--- a/source3/rpc_server/lsa/srv_lsa_nt.c
+++ b/source3/rpc_server/lsa/srv_lsa_nt.c
@@ -2400,7 +2400,7 @@ NTSTATUS _lsa_GetUserName(struct pipes_struct *p,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (p->session_info->unix_info->guest) {
+	if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
 		/*
 		 * I'm 99% sure this is not the right place to do this,
 		 * global_sid_Anonymous should probably be put into the token
diff --git a/source3/rpc_server/rpc_handles.c b/source3/rpc_server/rpc_handles.c
index f3a97b37a22..3500a228d59 100644
--- a/source3/rpc_server/rpc_handles.c
+++ b/source3/rpc_server/rpc_handles.c
@@ -25,6 +25,7 @@
 #include "auth.h"
 #include "ntdomain.h"
 #include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
@@ -346,7 +347,7 @@ bool pipe_access_check(struct pipes_struct *p)
 			return True;
 		}
 
-		if (p->session_info->unix_info->guest) {
+		if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
 			return False;
 		}
 	}
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4f905cf9b1c..292ebf43853 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -5857,7 +5857,7 @@ void api_reply(connection_struct *conn, uint16 vuid,
 	if (api_commands[i].auth_user && lp_restrict_anonymous()) {
 		user_struct *user = get_valid_user_struct(req->sconn, vuid);
 
-		if (!user || user->session_info->unix_info->guest) {
+		if (!user || security_session_user_level(user->session_info, NULL) < SECURITY_USER) {
 			reply_nterror(req, NT_STATUS_ACCESS_DENIED);
 			return;
 		}
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index d529dc1a634..e23818f2d1a 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -24,6 +24,7 @@
 #include "smbd/globals.h"
 #include "../librpc/gen_ndr/netlogon.h"
 #include "auth.h"
+#include "../libcli/security/security.h"
 
 /* Fix up prototypes for OSX 10.4, where they're missing */
 #ifndef HAVE_SETNETGRENT_PROTOTYPE
@@ -269,6 +270,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 {
 	fstring tmp;
 	user_struct *vuser;
+	bool guest = security_session_user_level(session_info, NULL) < SECURITY_USER;
 
 	vuser = get_partial_auth_user_struct(sconn, vuid);
 	if (!vuser) {
@@ -294,7 +296,7 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 		  vuser->session_info->unix_info->unix_name,
 		  vuser->session_info->unix_info->sanitized_username,
 		  vuser->session_info->info->domain_name,
-		  vuser->session_info->unix_info->guest ));
+		  guest));
 
 	DEBUG(3, ("register_existing_vuid: User name: %s\t"
 		  "Real name: %s\n", vuser->session_info->unix_info->unix_name,
@@ -328,13 +330,14 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 
 	vuser->homes_snum = -1;
 
-	if (!vuser->session_info->unix_info->guest) {
+
+	if (!guest) {
 		vuser->homes_snum = register_homes_share(
 			vuser->session_info->unix_info->unix_name);
 	}
 
 	if (srv_is_signing_negotiated(sconn) &&
-	    !vuser->session_info->unix_info->guest) {
+	    !guest) {
 		/* Try and turn on server signing on the first non-guest
 		 * sessionsetup. */
 		srv_set_signing(sconn,
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 71681aeca2b..f1d2ca040d2 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -394,8 +394,8 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
                  * This is the normal security != share case where we have a
                  * valid vuid from the session setup.                 */
 
-                if (vuid_serverinfo->unix_info->guest) {
-                        if (!lp_guest_ok(snum)) {
+		if (security_session_user_level(vuid_serverinfo, NULL) < SECURITY_USER) {
+                      if (!lp_guest_ok(snum)) {
                                 DEBUG(2, ("guest user (from session setup) "
                                           "not permitted to access this share "
                                           "(%s)\n", lp_servicename(snum)));
@@ -467,6 +467,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
 
 		char *fuser;
 		struct auth_session_info *forced_serverinfo;
+		bool guest;
 
 		fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
 					  lp_const_servicename(snum));
@@ -474,8 +475,11 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
 			return NT_STATUS_NO_MEMORY;
 		}
 
+		guest = security_session_user_level(conn->session_info, NULL) < SECURITY_USER;
+
 		status = make_session_info_from_username(
-			conn, fuser, conn->session_info->unix_info->guest,
+			conn, fuser,
+			guest,
 			&forced_serverinfo);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
diff --git a/source3/smbd/session.c b/source3/smbd/session.c
index 9b8d11cc652..10f7defb81e 100644
--- a/source3/smbd/session.c
+++ b/source3/smbd/session.c
@@ -33,6 +33,7 @@
 #include "session.h"
 #include "auth.h"
 #include "../lib/tsocket/tsocket.h"
+#include "../libcli/security/security.h"
 
 /********************************************************************
  called when a session is created
@@ -53,7 +54,7 @@ bool session_claim(struct smbd_server_connection *sconn, user_struct *vuser)
 
 	/* don't register sessions for the guest user - its just too
 	   expensive to go through pam session code for browsing etc */
-	if (vuser->session_info->unix_info->guest) {
+	if (security_session_user_level(vuser->session_info, NULL) < SECURITY_USER) {
 		return True;
 	}
 
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index b6a3243b85a..2df8b435e56 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -35,6 +35,7 @@
 #include "auth.h"
 #include "messages.h"
 #include "smbprofile.h"
+#include "../libcli/security/security.h"
 
 /* For split krb5 SPNEGO blobs. */
 struct pending_auth_data {
@@ -441,7 +442,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 
 		SSVAL(req->outbuf, smb_vwv3, 0);
 
-		if (session_info->unix_info->guest) {
+		if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
 			SSVAL(req->outbuf,smb_vwv2,1);
 		}
 
@@ -535,7 +536,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 
 		SSVAL(req->outbuf, smb_vwv3, 0);
 
-		if (session_info->unix_info->guest) {
+		if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
 			SSVAL(req->outbuf,smb_vwv2,1);
 		}
 	}
@@ -1702,7 +1703,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		/* perhaps grab OS version here?? */
 	}
 
-	if (session_info->unix_info->guest) {
+	if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
 		SSVAL(req->outbuf,smb_vwv2,1);
 	}
 
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 9475ffb3632..7a839532564 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -31,6 +31,7 @@
 #include "../lib/util/asn1.h"
 #include "auth.h"
 #include "../lib/tsocket/tsocket.h"
+#include "../libcli/security/security.h"
 
 static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 					uint64_t in_session_id,
@@ -253,7 +254,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 		session->do_signing = true;
 	}
 
-	if (session->session_info->unix_info->guest) {
+	if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
 		/* we map anonymous to guest internally */
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@@ -280,7 +281,7 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	session->session_info->unix_info->sanitized_username =
 				talloc_strdup(session->session_info, tmp);
 
-	if (!session->session_info->unix_info->guest) {
+	if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
 		session->compat_vuser->homes_snum =
 			register_homes_share(session->session_info->unix_info->unix_name);
 	}
@@ -460,7 +461,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		session->do_signing = true;
 	}
 
-	if (session->session_info->unix_info->guest) {
+	if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
 		/* we map anonymous to guest internally */
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
 		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
@@ -491,7 +492,7 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 	session->session_info->unix_info->sanitized_username = talloc_strdup(
 		session->session_info, tmp);
 
-	if (!session->compat_vuser->session_info->unix_info->guest) {
+	if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
 		session->compat_vuser->homes_snum =
 			register_homes_share(session->session_info->unix_info->unix_name);
 	}
-- 
2.34.1