static NTSTATUS auth_anonymous_session_info(TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { NTSTATUS status; status = make_session_info_guest(mem_ctx, session_info); if (!NT_STATUS_IS_OK(status)) { return status; } return NT_STATUS_OK; }
static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, TALLOC_CTX *mem_ctx, int snum, struct auth_session_info *session_info, struct auth_session_info **presult) { struct auth_session_info *result; if (lp_guest_only(snum)) { return make_session_info_guest(mem_ctx, presult); } /* * This is the normal security != share case where we have a * valid vuid from the session setup. */ if (security_session_user_level(session_info, NULL) < SECURITY_USER) { if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " "(%s)\n", lp_servicename(talloc_tos(), snum))); return NT_STATUS_ACCESS_DENIED; } } else { if (!user_ok_token(session_info->unix_info->unix_name, session_info->info->domain_name, session_info->security_token, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", session_info->unix_info->unix_name, lp_servicename(talloc_tos(), snum))); return NT_STATUS_ACCESS_DENIED; } } result = copy_session_info(mem_ctx, session_info); if (result == NULL) { return NT_STATUS_NO_MEMORY; } *presult = result; return NT_STATUS_OK; }
NTSTATUS auth3_generate_session_info(struct auth4_context *auth_context, TALLOC_CTX *mem_ctx, void *server_returned_info, const char *original_user_name, uint32_t session_info_flags, struct auth_session_info **session_info) { struct auth_user_info_dc *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; NTSTATUS nt_status; /* * This is a hack, some callers... * * Some callers pass auth_user_info_dc, the SCHANNEL and * NCALRPC_AS_SYSTEM gensec modules. * * While the reset passes auth3_check_password() returned. */ user_info = talloc_get_type(server_returned_info, struct auth_user_info_dc); if (user_info != NULL) { const struct dom_sid *sid; int cmp; /* * This should only be called from SCHANNEL or NCALRPC_AS_SYSTEM */ if (user_info->num_sids != 1) { return NT_STATUS_INTERNAL_ERROR; } sid = &user_info->sids[PRIMARY_USER_SID_INDEX]; cmp = dom_sid_compare(sid, &global_sid_System); if (cmp == 0) { return make_session_info_system(mem_ctx, session_info); } cmp = dom_sid_compare(sid, &global_sid_Anonymous); if (cmp == 0) { /* * TODO: use auth_anonymous_session_info() here? */ return make_session_info_guest(mem_ctx, session_info); } return NT_STATUS_INTERNAL_ERROR; } server_info = talloc_get_type_abort(server_returned_info, struct auth_serversupplied_info); nt_status = create_local_token(mem_ctx, server_info, NULL, original_user_name, session_info); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_local_token failed: %s\n", nt_errstr(nt_status))); return nt_status; } return NT_STATUS_OK; }
static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn, TALLOC_CTX *mem_ctx, int snum, struct auth_session_info *vuid_serverinfo, DATA_BLOB password, struct auth_session_info **presult) { if (lp_guest_only(snum)) { return make_session_info_guest(mem_ctx, presult); } if (vuid_serverinfo != NULL) { struct auth_session_info *result; /* * This is the normal security != share case where we have a * valid vuid from the session setup. */ if (security_session_user_level(vuid_serverinfo, NULL) < SECURITY_USER) { if (!lp_guest_ok(snum)) { DEBUG(2, ("guest user (from session setup) " "not permitted to access this share " "(%s)\n", lp_servicename(snum))); return NT_STATUS_ACCESS_DENIED; } } else { if (!user_ok_token(vuid_serverinfo->unix_info->unix_name, vuid_serverinfo->info->domain_name, vuid_serverinfo->security_token, snum)) { DEBUG(2, ("user '%s' (from session setup) not " "permitted to access this share " "(%s)\n", vuid_serverinfo->unix_info->unix_name, lp_servicename(snum))); return NT_STATUS_ACCESS_DENIED; } } result = copy_session_info(mem_ctx, vuid_serverinfo); if (result == NULL) { return NT_STATUS_NO_MEMORY; } *presult = result; return NT_STATUS_OK; } if (lp_security() == SEC_SHARE) { fstring user; bool guest; /* add the sharename as a possible user name if we are in share mode security */ add_session_user(sconn, lp_servicename(snum)); /* shall we let them in? */ if (!authorise_login(sconn, snum,user,password,&guest)) { DEBUG( 2, ( "Invalid username/password for [%s]\n", lp_servicename(snum)) ); return NT_STATUS_WRONG_PASSWORD; } return make_session_info_from_username(mem_ctx, user, guest, presult); } DEBUG(0, ("invalid VUID (vuser) but not in security=share\n")); return NT_STATUS_ACCESS_DENIED; }