libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there withou...
authorRalph Boehme <slow@samba.org>
Wed, 14 Mar 2018 10:44:49 +0000 (11:44 +0100)
committerRalph Boehme <slow@samba.org>
Thu, 15 Mar 2018 20:54:16 +0000 (21:54 +0100)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
libcli/security/session.c

index 0fbb87d584eb5f0e232a1488c13af4c44f8750e2..f17e884c847783b4cda0d52b0fc5690cef90301c 100644 (file)
@@ -26,6 +26,9 @@
 enum security_user_level security_session_user_level(struct auth_session_info *session_info,
                                                     const struct dom_sid *domain_sid)
 {
+       bool authenticated = false;
+       bool guest = false;
+
        if (!session_info) {
                return SECURITY_ANONYMOUS;
        }
@@ -38,8 +41,13 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
                return SECURITY_ANONYMOUS;
        }
 
-       if (security_token_has_builtin_guests(session_info->security_token)) {
-               return SECURITY_GUEST;
+       authenticated = security_token_has_nt_authenticated_users(session_info->security_token);
+       guest = security_token_has_builtin_guests(session_info->security_token);
+       if (!authenticated) {
+               if (guest) {
+                       return SECURITY_GUEST;
+               }
+               return SECURITY_ANONYMOUS;
        }
 
        if (security_token_has_builtin_administrators(session_info->security_token)) {
@@ -60,9 +68,5 @@ enum security_user_level security_session_user_level(struct auth_session_info *s
                return SECURITY_DOMAIN_CONTROLLER;
        }
 
-       if (security_token_has_nt_authenticated_users(session_info->security_token)) {
-               return SECURITY_USER;
-       }
-
-       return SECURITY_ANONYMOUS;
+       return SECURITY_USER;
 }