summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-08-12 06:58:10 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:57:54 -0500
commitb918c6c5cdb490506c70c38056d32e5d406b07e7 (patch)
tree23c8e18ecfc68330d257c68698bb46d3379c8d71
parent2b51ce3ca44943758f70017c7553dd2bb0bb977c (diff)
downloadsamba-b918c6c5cdb490506c70c38056d32e5d406b07e7.tar.gz
samba-b918c6c5cdb490506c70c38056d32e5d406b07e7.tar.bz2
samba-b918c6c5cdb490506c70c38056d32e5d406b07e7.zip
r1762: Ensure that a user (as opposed to guest) cannot login without SPNEGO,
when we have negotiated SPNEGO. Andrew Bartlett (This used to be commit 07e3d2c4cd77d06c9ffaefd481ba58e4debe028c)
-rw-r--r--source4/smb_server/sesssetup.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c
index 14cb1be067..e1245748a0 100644
--- a/source4/smb_server/sesssetup.c
+++ b/source4/smb_server/sesssetup.c
@@ -106,16 +106,18 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s
if (req->smb_conn->negotiate.spnego_negotiated) {
struct auth_context *auth_context;
+ if (sess->nt1.in.user && *sess->nt1.in.user) {
+ return NT_STATUS_ACCESS_DENIED;
+ } else {
+ make_user_info_guest(&user_info);
+ }
+
status = make_auth_context_subsystem(&auth_context);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- if (!sess->nt1.in.user || !*sess->nt1.in.user) {
- make_user_info_guest(&user_info);
- }
-
status = auth_context->check_ntlm_password(auth_context,
user_info,
&server_info);