/* These match exactly the values from the
* auth_serversupplied_info, but should be changed to
* checks involving just the SIDs */
- boolean8 guest;
boolean8 system;
[unique,charset(UTF8),string] char *unix_name;
lib/ldap_escape.o @CHARSET_STATIC@ \
../libcli/security/secdesc.o ../libcli/security/access_check.o \
../libcli/security/secace.o ../libcli/security/object_tree.o \
- ../libcli/security/sddl.o \
+ ../libcli/security/sddl.o ../libcli/security/session.o \
../libcli/security/secacl.o @PTHREADPOOL_OBJ@ \
lib/fncall.o \
libads/krb5_errs.o lib/system_smbd.o lib/audit.o $(LIBNDR_OBJ) \
return NT_STATUS_NO_MEMORY;
}
- session_info->unix_info->guest = server_info->guest;
session_info->unix_info->system = server_info->system;
if (session_key) {
/* This element must be provided to convert back to an auth_serversupplied_info */
SMB_ASSERT(src->unix_info);
- dst->guest = src->unix_info->guest;
- dst->system = src->unix_info->system;
+ dst->guest = true;
+ dst->system = false;
/* This element must be provided to convert back to an
* auth_serversupplied_info. This needs to be from hte
return NT_STATUS_INVALID_PARAMETER;
}
- if (p->session_info->unix_info->guest) {
+ if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
/*
* I'm 99% sure this is not the right place to do this,
* global_sid_Anonymous should probably be put into the token
#include "auth.h"
#include "ntdomain.h"
#include "rpc_server/rpc_ncacn_np.h"
+#include "../libcli/security/security.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
return True;
}
- if (p->session_info->unix_info->guest) {
+ if (security_session_user_level(p->session_info, NULL) < SECURITY_USER) {
return False;
}
}
if (api_commands[i].auth_user && lp_restrict_anonymous()) {
user_struct *user = get_valid_user_struct(req->sconn, vuid);
- if (!user || user->session_info->unix_info->guest) {
+ if (!user || security_session_user_level(user->session_info, NULL) < SECURITY_USER) {
reply_nterror(req, NT_STATUS_ACCESS_DENIED);
return;
}
#include "smbd/globals.h"
#include "../librpc/gen_ndr/netlogon.h"
#include "auth.h"
+#include "../libcli/security/security.h"
/* Fix up prototypes for OSX 10.4, where they're missing */
#ifndef HAVE_SETNETGRENT_PROTOTYPE
{
fstring tmp;
user_struct *vuser;
+ bool guest = security_session_user_level(session_info, NULL) < SECURITY_USER;
vuser = get_partial_auth_user_struct(sconn, vuid);
if (!vuser) {
vuser->session_info->unix_info->unix_name,
vuser->session_info->unix_info->sanitized_username,
vuser->session_info->info->domain_name,
- vuser->session_info->unix_info->guest ));
+ guest));
DEBUG(3, ("register_existing_vuid: User name: %s\t"
"Real name: %s\n", vuser->session_info->unix_info->unix_name,
vuser->homes_snum = -1;
- if (!vuser->session_info->unix_info->guest) {
+
+ if (!guest) {
vuser->homes_snum = register_homes_share(
vuser->session_info->unix_info->unix_name);
}
if (srv_is_signing_negotiated(sconn) &&
- !vuser->session_info->unix_info->guest) {
+ !guest) {
/* Try and turn on server signing on the first non-guest
* sessionsetup. */
srv_set_signing(sconn,
* This is the normal security != share case where we have a
* valid vuid from the session setup. */
- if (vuid_serverinfo->unix_info->guest) {
- if (!lp_guest_ok(snum)) {
+ if (security_session_user_level(vuid_serverinfo, NULL) < SECURITY_USER) {
+ if (!lp_guest_ok(snum)) {
DEBUG(2, ("guest user (from session setup) "
"not permitted to access this share "
"(%s)\n", lp_servicename(snum)));
char *fuser;
struct auth_session_info *forced_serverinfo;
+ bool guest;
fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
lp_const_servicename(snum));
return NT_STATUS_NO_MEMORY;
}
+ guest = security_session_user_level(conn->session_info, NULL) < SECURITY_USER;
+
status = make_session_info_from_username(
- conn, fuser, conn->session_info->unix_info->guest,
+ conn, fuser,
+ guest,
&forced_serverinfo);
if (!NT_STATUS_IS_OK(status)) {
return status;
#include "session.h"
#include "auth.h"
#include "../lib/tsocket/tsocket.h"
+#include "../libcli/security/security.h"
/********************************************************************
called when a session is created
/* don't register sessions for the guest user - its just too
expensive to go through pam session code for browsing etc */
- if (vuser->session_info->unix_info->guest) {
+ if (security_session_user_level(vuser->session_info, NULL) < SECURITY_USER) {
return True;
}
#include "auth.h"
#include "messages.h"
#include "smbprofile.h"
+#include "../libcli/security/security.h"
/* For split krb5 SPNEGO blobs. */
struct pending_auth_data {
SSVAL(req->outbuf, smb_vwv3, 0);
- if (session_info->unix_info->guest) {
+ if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
SSVAL(req->outbuf,smb_vwv2,1);
}
SSVAL(req->outbuf, smb_vwv3, 0);
- if (session_info->unix_info->guest) {
+ if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
SSVAL(req->outbuf,smb_vwv2,1);
}
}
/* perhaps grab OS version here?? */
}
- if (session_info->unix_info->guest) {
+ if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
SSVAL(req->outbuf,smb_vwv2,1);
}
#include "../lib/util/asn1.h"
#include "auth.h"
#include "../lib/tsocket/tsocket.h"
+#include "../libcli/security/security.h"
static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
uint64_t in_session_id,
session->do_signing = true;
}
- if (session->session_info->unix_info->guest) {
+ if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
session->session_info->unix_info->sanitized_username =
talloc_strdup(session->session_info, tmp);
- if (!session->session_info->unix_info->guest) {
+ if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}
session->do_signing = true;
}
- if (session->session_info->unix_info->guest) {
+ if (security_session_user_level(session->session_info, NULL) < SECURITY_USER) {
/* we map anonymous to guest internally */
*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
session->session_info->unix_info->sanitized_username = talloc_strdup(
session->session_info, tmp);
- if (!session->compat_vuser->session_info->unix_info->guest) {
+ if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
session->compat_vuser->homes_snum =
register_homes_share(session->session_info->unix_info->unix_name);
}