s3-smbd: Split make_serverinfo_from_username guest parameters into two parts

This handles differently the case where we are the guest (from security=share) and
when we are forced to be a different user with force user.  We want to maintain
only the is_guest flag if were forced to become any other user, we need the rest
of the token to change.

Andrew Bartlett

Fix bug #9746 - guest ok + force user + force group doesn't work.

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 0e1f4379f9d860c2dd6dde611c31539cf1e92875..288f46142e7a87b19c8ac7f0aa36b865c0d65837 100644 (file)
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -902,6 +902,7 @@ static NTSTATUS make_new_session_info_system(TALLOC_CTX *mem_ctx,
 
 NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
                                       const char *username,
+                                      bool use_guest_token,
                                       bool is_guest,
                                       struct auth_serversupplied_info **presult)
 {
@@ -925,7 +926,7 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
        result->nss_token = true;
        result->guest = is_guest;
 
-       if (is_guest) {
+       if (use_guest_token) {
                status = make_server_info_guest(mem_ctx, &result);
        } else {
                status = create_local_token(result);

diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index b23d827803fc593ff4b5c05863d584969083282d..3d1fa069e765ce6534458b6d02b5f3587dec69bc 100644 (file)
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -149,6 +149,7 @@ NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
                             struct passwd *pwd);
 NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
                                       const char *username,
+                                      bool use_guest_token,
                                       bool is_guest,
                                       struct auth_serversupplied_info **presult);
 struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 6c8c8d3461ba31f1b223ba25b7c664ff9811e553..a22b0dfa6cd5b3ba93dff41bcce1dbc0ad314892 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -656,7 +656,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
                        return NT_STATUS_WRONG_PASSWORD;
                 }
 
-               return make_serverinfo_from_username(mem_ctx, user, guest,
+               return make_serverinfo_from_username(mem_ctx, user, guest, guest,
                                                     presult);
         }
 
@@ -690,7 +690,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
                }
 
                status = make_serverinfo_from_username(
-                       conn, fuser, conn->session_info->guest,
+                       conn, fuser, false, conn->session_info->guest,
                        &forced_serverinfo);
                if (!NT_STATUS_IS_OK(status)) {
                        return status;