summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2001-12-20 09:06:53 +0000
committerAndrew Tridgell <tridge@samba.org>2001-12-20 09:06:53 +0000
commit1a242b6fd9c6f7dc43b629d0dc22ff42053e3c32 (patch)
tree4a49f8cadb9482c844e0b37f2092f16b91e2d097
parentdb54a8c04159fbce4d3d6427725634025ebb9286 (diff)
downloadsamba-1a242b6fd9c6f7dc43b629d0dc22ff42053e3c32.tar.gz
samba-1a242b6fd9c6f7dc43b629d0dc22ff42053e3c32.tar.bz2
samba-1a242b6fd9c6f7dc43b629d0dc22ff42053e3c32.zip
support "map to guest" with spnego
(This used to be commit e873d0ff1eee9442ff6152d666b8d874b6a01972)
-rw-r--r--source3/smbd/sesssetup.c64
1 files changed, 43 insertions, 21 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 60c9cd30e5..7fd0fd917a 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -25,6 +25,35 @@
uint32 global_client_caps = 0;
static auth_authsupplied_info *ntlmssp_auth_info;
+/*
+ on a logon error possibly map the error to success if "map to guest"
+ is set approriately
+*/
+static NTSTATUS do_map_to_guest(NTSTATUS status, auth_serversupplied_info **server_info,
+ const char *user, const char *domain)
+{
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
+ (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+ DEBUG(3,("No such user %s [%s] - using guest account\n",
+ user, domain));
+ make_server_info_guest(server_info);
+ status = NT_STATUS_OK;
+ }
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+ if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
+ DEBUG(3,("Registered username %s for guest access\n",user));
+ make_server_info_guest(server_info);
+ status = NT_STATUS_OK;
+ }
+ }
+
+ return status;
+}
+
+
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
****************************************************************************/
@@ -341,11 +370,15 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
return ERROR_NT(NT_STATUS_NO_MEMORY);
}
+ nt_status = check_password(user_info, ntlmssp_auth_info, &server_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ nt_status = do_map_to_guest(nt_status, &server_info, user, workgroup);
+ }
+
SAFE_FREE(workgroup);
SAFE_FREE(machine);
-
- nt_status = check_password(user_info, ntlmssp_auth_info, &server_info);
-
+
free_auth_info(&ntlmssp_auth_info);
free_user_info(&user_info);
@@ -353,7 +386,7 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
data_blob_free(&lmhash);
data_blob_free(&nthash);
-
+
if (!NT_STATUS_IS_OK(nt_status)) {
SAFE_FREE(user);
return ERROR_NT(nt_status_squash(nt_status));
@@ -371,6 +404,11 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
set_message(outbuf,4,0,True);
SSVAL(outbuf, smb_vwv3, 0);
+
+ if (server_info->guest) {
+ SSVAL(outbuf,smb_vwv2,1);
+ }
+
add_signature(outbuf);
SSVAL(outbuf,smb_uid,sess_vuid);
@@ -663,7 +701,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
}
nt_status = check_password(user_info, negprot_global_auth_info, &server_info);
-
} else {
auth_authsupplied_info *plaintext_auth_info = NULL;
DATA_BLOB chal;
@@ -692,22 +729,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
data_blob_clear_free(&plaintext_password);
if (!NT_STATUS_IS_OK(nt_status)) {
- if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
- if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
- (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
-
- DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
- make_server_info_guest(&server_info);
- nt_status = NT_STATUS_OK;
- }
-
- } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
- if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
- DEBUG(3,("Registered username %s for guest access\n",user));
- make_server_info_guest(&server_info);
- nt_status = NT_STATUS_OK;
- }
- }
+ nt_status = do_map_to_guest(nt_status, &server_info, user, domain);
}
if (!NT_STATUS_IS_OK(nt_status)) {