summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2005-06-08 14:23:49 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:57:08 -0500
commit377f947930f3a3fe69c21d5b9386642cbf8b3df7 (patch)
tree29405a3939304b51974c5b0c2ed84f9918b797af /source3/auth
parent4bc39f05b77a8601506fa144a20d7e9ab9c3efe6 (diff)
downloadsamba-377f947930f3a3fe69c21d5b9386642cbf8b3df7.tar.gz
samba-377f947930f3a3fe69c21d5b9386642cbf8b3df7.tar.bz2
samba-377f947930f3a3fe69c21d5b9386642cbf8b3df7.zip
r7395: * new feature 'map to guest = bad uid' (based on patch from
aruna.prabakar@hp.com). This re-enables the Samba 2.2 behavior where a user that was successfully authenticated by a remote DC would be mapped to the guest account if there was not existing UNIX account for that user and we could not create one. (This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index b777e97cc9..61f638fcd0 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -279,6 +279,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
}
}
+ /* successful authentication */
+
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
@@ -304,14 +306,22 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
user_info->internal_username.str,
unix_username));
}
+
+ return nt_status;
}
-
- if (!NT_STATUS_IS_OK(nt_status)) {
+
+ /* failed authentication; check for guest lapping */
+
+ if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) {
+ make_server_info_guest(server_info);
+ nt_status = NT_STATUS_OK;
+ } else {
DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
- user_info->smb_name.str, user_info->internal_username.str,
- nt_errstr(nt_status)));
- ZERO_STRUCTP(server_info);
+ user_info->smb_name.str, user_info->internal_username.str,
+ nt_errstr(nt_status)));
+ ZERO_STRUCTP(server_info);
}
+
return nt_status;
}