diff options
| author | Andrew Tridgell <tridge@samba.org> | 2001-10-20 11:47:44 +0000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2001-10-20 11:47:44 +0000 |
| commit | 60747ab66e768ac6801838c460a1a4fc8bba32cf (patch) | |
| tree | e50015a3348fb69407e7b84e3b455568caa74997 | |
| parent | 93645be91f7fd12dfee75b6f09dda6799f0ac902 (diff) | |
| download | samba-60747ab66e768ac6801838c460a1a4fc8bba32cf.tar.gz samba-60747ab66e768ac6801838c460a1a4fc8bba32cf.tar.bz2 samba-60747ab66e768ac6801838c460a1a4fc8bba32cf.zip | |
crude fix for anonymous session setup with extended security
negotiated
(This used to be commit b3caf2109090cb2b97a829913bee7e50e7eacba8)
| -rw-r--r-- | source3/smbd/sesssetup.c | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index c8bf2a4f94..1ca7066c41 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -66,8 +66,15 @@ static int reply_spnego_kerberos(connection_struct *conn, return ERROR_NT(NT_STATUS_LOGON_FAILURE); } +#if 0 + ret = krb5_build_principal(context, &server, strlen(realm), + realm, "HOST", "blu", NULL); +#else ret = krb5_build_principal(context, &server, strlen(realm), realm, service, NULL); +#endif + krb5_princ_type(context, server) = KRB5_NT_PRINCIPAL; + if (ret) { DEBUG(1,("krb5_build_principal failed (%s)\n", error_message(ret))); return ERROR_NT(NT_STATUS_LOGON_FAILURE); @@ -365,6 +372,55 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf, /**************************************************************************** +reply to a session setup spnego anonymous packet +****************************************************************************/ +static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *outbuf, + int length, int bufsize) +{ + char *user; + int sess_vuid; + gid_t gid; + uid_t uid; + char *full_name; + char *p; + const struct passwd *pw; + + DEBUG(3,("Got anonymous request\n")); + + user = lp_guestaccount(-1); + + /* the password is good - let them in */ + pw = smb_getpwnam(user,False); + if (!pw) { + DEBUG(1,("Guest username %s is invalid on this system\n",user)); + return ERROR_NT(NT_STATUS_LOGON_FAILURE); + } + gid = pw->pw_gid; + uid = pw->pw_uid; + full_name = pw->pw_gecos; + + sess_vuid = register_vuid(uid,gid,user,user,lp_workgroup(),True,full_name); + + if (sess_vuid == -1) { + return ERROR_NT(NT_STATUS_LOGON_FAILURE); + } + + set_message(outbuf,4,0,True); + SSVAL(outbuf, smb_vwv3, 0); + p = smb_buf(outbuf); + p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE); + p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE); + p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE); + set_message_end(outbuf,p); + + SSVAL(outbuf,smb_uid,sess_vuid); + SSVAL(inbuf,smb_uid,sess_vuid); + + return chain_reply(inbuf,outbuf,length,bufsize); +} + + +/**************************************************************************** reply to a session setup command ****************************************************************************/ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,char *outbuf, @@ -381,9 +437,14 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,cha p = smb_buf(inbuf); + if (SVAL(inbuf, smb_vwv7) == 0) { + /* an anonymous request */ + return reply_spnego_anonymous(conn, inbuf, outbuf, length, bufsize); + } + /* pull the spnego blob */ blob1 = data_blob(p, SVAL(inbuf, smb_vwv7)); - + #if 0 chdir("/home/tridge"); file_save("negotiate.dat", blob1.data, blob1.length); |