diff options
author | Ralph Boehme <slow@samba.org> | 2018-03-14 11:44:49 +0100 |
---|---|---|
committer | Ralph Boehme <slow@samba.org> | 2018-03-15 21:54:16 +0100 |
commit | f564847c8e9d31fe07dd3cbf435986b36f097fa3 (patch) | |
tree | e76f3360df4575bd0fee2243cf6d4168d016dbcd /libcli/security | |
parent | bf707a1eba39e996bb19457b63ddb658cc4183c2 (diff) | |
download | samba-f564847c8e9d31fe07dd3cbf435986b36f097fa3.tar.gz |
libcli/security: only announce a session as GUEST if 'Builtin\Guests' is there without 'Authenticated User'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Diffstat (limited to 'libcli/security')
-rw-r--r-- | libcli/security/session.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/libcli/security/session.c b/libcli/security/session.c index 0fbb87d584e..f17e884c847 100644 --- a/libcli/security/session.c +++ b/libcli/security/session.c @@ -26,6 +26,9 @@ enum security_user_level security_session_user_level(struct auth_session_info *session_info, const struct dom_sid *domain_sid) { + bool authenticated = false; + bool guest = false; + if (!session_info) { return SECURITY_ANONYMOUS; } @@ -38,8 +41,13 @@ enum security_user_level security_session_user_level(struct auth_session_info *s return SECURITY_ANONYMOUS; } - if (security_token_has_builtin_guests(session_info->security_token)) { - return SECURITY_GUEST; + authenticated = security_token_has_nt_authenticated_users(session_info->security_token); + guest = security_token_has_builtin_guests(session_info->security_token); + if (!authenticated) { + if (guest) { + return SECURITY_GUEST; + } + return SECURITY_ANONYMOUS; } if (security_token_has_builtin_administrators(session_info->security_token)) { @@ -60,9 +68,5 @@ enum security_user_level security_session_user_level(struct auth_session_info *s return SECURITY_DOMAIN_CONTROLLER; } - if (security_token_has_nt_authenticated_users(session_info->security_token)) { - return SECURITY_USER; - } - - return SECURITY_ANONYMOUS; + return SECURITY_USER; } |