s3:smbd: only mark real guest sessions with the GUEST flag

Real anonymous sessions don't get it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit 79a71545bfc87525c6ba6c8fe9fa7d8a9da33441)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 1dbc1806ebea8106d4b30ef1e25e5758bc8856a1..77b80776cbe9fb62bbcb3df672569267913346d1 100644 (file)
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -285,7 +285,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                        return;
                }
 
-               if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+               if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
                        action |= SMB_SETUP_GUEST;
                }
 
@@ -411,7 +411,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
                        return;
                }
 
-               if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+               if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
                        action |= SMB_SETUP_GUEST;
                }
 
@@ -939,7 +939,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
                /* perhaps grab OS version here?? */
        }
 
-       if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
+       if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
                action |= SMB_SETUP_GUEST;
        }
 

diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index 8b239c9b3b0195192943090f51743545766d2da2..c738856110d84530cccac7c2fd70b70f23aa8770 100644 (file)
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -202,11 +202,12 @@ static NTSTATUS smbd_smb2_auth_generic_return(struct smbXsrv_session *session,
        }
 
        if (security_session_user_level(session_info, NULL) < SECURITY_USER) {
-               /* we map anonymous to guest internally */
-               *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
-               *out_session_flags |= SMB2_SESSION_FLAG_IS_NULL;
+               if (security_session_user_level(session_info, NULL) == SECURITY_GUEST) {
+                       *out_session_flags |= SMB2_SESSION_FLAG_IS_GUEST;
+               }
                /* force no signing */
                x->global->signing_required = false;
+               /* we map anonymous to guest internally */
                guest = true;
        }