This change updates lp_guestaccount() to be a *global* paramater, rather than

per-share.  I beleive that almost all the things that this could have done on
a per-share basis can be done with other tools, like 'force user'.

Almost all the user's of this paramater used it as a global anyway...

While this is one step at a time, I hope it will allow me to considerably
simplfy the make_connection() code, particularly for the user-level security
case.

This already removes an absolute truckload of extra attempted password lookups
on the guest account.

Andrew Bartlett
(This used to be commit 8e708332eded210c1d1fe0cebca3c9c19f054b71)

1 files changed, 6 insertions, 5 deletions

diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index cbd4d14681..b2687980ac 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -474,11 +474,12 @@ BOOL authorise_login(int snum,char *user, DATA_BLOB password,
 			return False;
 		}
 
-		if (!vuser->guest && user_ok(vuser->user.unix_name,snum)) {
+		if ((!vuser->guest && user_ok(vuser->user.unix_name,snum)) || 
+		    (vuser->guest && GUEST_OK(snum))) {
 			fstrcpy(user,vuser->user.unix_name);
-			*guest = False;
-			DEBUG(3,("authorise_login: ACCEPTED: validated uid ok as non-guest \
-(user=%s)\n", user));
+			*guest = vuser->guest;
+			DEBUG(3,("authorise_login: ACCEPTED: validated based on vuid as %sguest \
+(user=%s)\n", vuser->guest ? "" : "non-", user));
 			return True;
 		}
 	}
@@ -577,7 +578,7 @@ and given password ok (%s)\n", user));
 	/* check for a normal guest connection */
 	if (!ok && GUEST_OK(snum)) {
 		fstring guestname;
-		StrnCpy(guestname,lp_guestaccount(snum),sizeof(guestname)-1);
+		StrnCpy(guestname,lp_guestaccount(),sizeof(guestname)-1);
 		if (Get_Pwnam(guestname)) {
 			fstrcpy(user,guestname);
 			ok = True;