r7395: * new feature 'map to guest = bad uid' (based on patch from

  aruna.prabakar@hp.com).

This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
(This used to be commit b7455fbf81f4e47c087c861f70d492a328730a9b)

1 files changed, 15 insertions, 5 deletions

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index b777e97cc9..61f638fcd0 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -279,6 +279,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 		}
 	}
 
+	/* successful authentication */
+	
 	if (NT_STATUS_IS_OK(nt_status)) {
 		unix_username = (*server_info)->unix_name;
 		if (!(*server_info)->guest) {
@@ -304,14 +306,22 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 			       user_info->internal_username.str, 
 			       unix_username));
 		}
+		
+		return nt_status;
 	}
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
+	
+	/* failed authentication; check for guest lapping */
+	
+	if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) {
+	 	make_server_info_guest(server_info); 
+		nt_status = NT_STATUS_OK;
+	 } else {
 		DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n", 
-			  user_info->smb_name.str, user_info->internal_username.str, 
-			  nt_errstr(nt_status)));
-		ZERO_STRUCTP(server_info);
+	  	user_info->smb_name.str, user_info->internal_username.str, 
+	  	nt_errstr(nt_status)));
+		ZERO_STRUCTP(server_info); 
 	}
+	
 	return nt_status;
 }