s3-smbd: Use security_session_user_level() rather than nt_token_check_sid()

This allows the unix.whoami test to pass when configured as part of the AD DC.

The struct auth_session_info is slightly different in the AD DC configuration
when using auth_samba4.  In particular, there is a distinction between Guest
and Anonymous logins.

Andrew Bartlett

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 63ee76bce9e771186d1c664850c8359173543de2..5cfbc3128bd39d4097a8a37dbb2f8175509a3e73 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -3426,22 +3426,10 @@ cBytesSector=%u, cUnitTotal=%u, cUnitAvail=%d\n", (unsigned int)bsize, (unsigned
                                return NT_STATUS_BUFFER_TOO_SMALL;
                        }
 
-                       /* We ARE guest if global_sid_Builtin_Guests is
-                        * in our list of SIDs.
-                        */
-                       if (nt_token_check_sid(&global_sid_Builtin_Guests,
-                                              conn->session_info->security_token)) {
+                       if (security_session_user_level(conn->session_info, NULL) < SECURITY_USER) {
                                flags |= SMB_WHOAMI_GUEST;
                        }
 
-                       /* We are NOT guest if global_sid_Authenticated_Users
-                        * is in our list of SIDs.
-                        */
-                       if (nt_token_check_sid(&global_sid_Authenticated_Users,
-                                              conn->session_info->security_token)) {
-                               flags &= ~SMB_WHOAMI_GUEST;
-                       }
-
                        /* NOTE: 8 bytes for UID/GID, irrespective of native
                         * platform size. This matches
                         * SMB_QUERY_FILE_UNIX_BASIC and friends.