From: Stefan Metzmacher <metze@samba.org>
Date: Wed, 20 Apr 2016 14:34:28 +0000 (+0200)
Subject: s3:smbd: only mark real guest sessions with the GUEST flag
X-Git-Tag: talloc-2.1.7~76
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=79a71545bfc87525c6ba6c8fe9fa7d8a9da33441;p=thirdparty%2Fsamba.git

s3:smbd: only mark real guest sessions with the GUEST flag

Real anonymous sessions don't get it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
---

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 88cbf97b20d..62dc49e186d 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -293,7 +293,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			return;
 		}
 
-		if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+		if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
 			action |= SMB_SETUP_GUEST;
 		}
 
@@ -419,7 +419,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 			return;
 		}
 
-		if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+		if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
 			action |= SMB_SETUP_GUEST;
 		}
 
@@ -948,7 +948,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		/* perhaps grab OS version here?? */
 	}
 
-	if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+	if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
 		action |= SMB_SETUP_GUEST;
 	}
 
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 78bda7b2333..821024fec18 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -278,11 +278,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
 	}
 
 	if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
-		/* we map anonymous to guest internally */
-		*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
-		*out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
+		if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+			*out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
+		}
 		/* force no signing */
 		x->global->signing_flags &= ~SMBXSRV_SIGNING_REQUIRED;
+		/* we map anonymous to guest internally */
 		guest = true;
 	}