diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-07-22 11:33:52 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-03 18:48:02 +1000 |
| commit | 8a650243b336f5a85ff119aa40c7744542c005e7 (patch) | |
| tree | facc17ee6213efcfdb93db401d2ae02813e37b55 /source3/auth | |
| parent | 35b309fa0cac9341f364243b03ebfcc80f74198e (diff) | |
| download | samba-8a650243b336f5a85ff119aa40c7744542c005e7.tar.gz samba-8a650243b336f5a85ff119aa40c7744542c005e7.tar.bz2 samba-8a650243b336f5a85ff119aa40c7744542c005e7.zip | |
s3-auth Move map to guest to directly after the check_password calls
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 4 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 32 | ||||
| -rw-r--r-- | source3/auth/proto.h | 4 |
3 files changed, 40 insertions, 0 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 61029bc95d..2157d355d2 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -145,6 +145,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, free_user_info(&user_info); if (!NT_STATUS_IS_OK(nt_status)) { + nt_status = do_map_to_guest_server_info(nt_status, + &auth_ntlmssp_state->server_info, + auth_ntlmssp_state->ntlmssp_state->user, + auth_ntlmssp_state->ntlmssp_state->domain); return nt_status; } diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index a261e39b7b..1621630b87 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -1580,3 +1580,35 @@ bool is_trusted_domain(const char* dom_name) return false; } + + +/* + on a logon error possibly map the error to success if "map to guest" + is set approriately +*/ +NTSTATUS do_map_to_guest_server_info(NTSTATUS status, + struct auth_serversupplied_info **server_info, + const char *user, const char *domain) +{ + user = user ? user : ""; + domain = domain ? domain : ""; + + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || + (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { + DEBUG(3,("No such user %s [%s] - using guest account\n", + user, domain)); + status = make_server_info_guest(NULL, server_info); + } + } + + if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { + if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) { + DEBUG(3,("Registered username %s for guest access\n", + user)); + status = make_server_info_guest(NULL, server_info); + } + } + + return status; +} diff --git a/source3/auth/proto.h b/source3/auth/proto.h index d51a3e6444..f2b7875997 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -214,6 +214,10 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info, enum auth_password_state password_state); void free_user_info(struct auth_usersupplied_info **user_info); +NTSTATUS do_map_to_guest_server_info(NTSTATUS status, + struct auth_serversupplied_info **server_info, + const char *user, const char *domain); + /* The following definitions come from auth/auth_winbind.c */ NTSTATUS auth_winbind_init(void); |