diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-07-22 11:33:52 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-08-03 18:48:02 +1000 |
| commit | 8a650243b336f5a85ff119aa40c7744542c005e7 (patch) | |
| tree | facc17ee6213efcfdb93db401d2ae02813e37b55 /source3/smbd/sesssetup.c | |
| parent | 35b309fa0cac9341f364243b03ebfcc80f74198e (diff) | |
| download | samba-8a650243b336f5a85ff119aa40c7744542c005e7.tar.gz samba-8a650243b336f5a85ff119aa40c7744542c005e7.tar.bz2 samba-8a650243b336f5a85ff119aa40c7744542c005e7.zip | |
s3-auth Move map to guest to directly after the check_password calls
This means we no longer need two different map to guest functions
and have consistent logic with fewer layering violations.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/smbd/sesssetup.c')
| -rw-r--r-- | source3/smbd/sesssetup.c | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 2df8b435e5..329b8b6aa5 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -46,68 +46,6 @@ struct pending_auth_data { DATA_BLOB partial_data; }; -/* - on a logon error possibly map the error to success if "map to guest" - is set approriately -*/ -static NTSTATUS do_map_to_guest_server_info(NTSTATUS status, - struct auth_serversupplied_info **server_info, - const char *user, const char *domain) -{ - user = user ? user : ""; - domain = domain ? domain : ""; - - if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { - if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || - (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { - DEBUG(3,("No such user %s [%s] - using guest account\n", - user, domain)); - status = make_server_info_guest(NULL, server_info); - } - } - - if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) { - DEBUG(3,("Registered username %s for guest access\n", - user)); - status = make_server_info_guest(NULL, server_info); - } - } - - return status; -} - -/* - on a logon error possibly map the error to success if "map to guest" - is set approriately -*/ -NTSTATUS do_map_to_guest(NTSTATUS status, - struct auth_session_info **session_info, - const char *user, const char *domain) -{ - user = user ? user : ""; - domain = domain ? domain : ""; - - if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { - if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) || - (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { - DEBUG(3,("No such user %s [%s] - using guest account\n", - user, domain)); - status = make_session_info_guest(NULL, session_info); - } - } - - if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) { - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) { - DEBUG(3,("Registered username %s for guest access\n", - user)); - status = make_session_info_guest(NULL, session_info); - } - } - - return status; -} - /**************************************************************************** Add the standard 'Samba' signature to the end of the session setup. ****************************************************************************/ @@ -494,15 +432,6 @@ static void reply_spnego_ntlmssp(struct smb_request *req, if (NT_STATUS_IS_OK(nt_status)) { nt_status = auth_ntlmssp_steal_session_info(talloc_tos(), (*auth_ntlmssp_state), &session_info); - } else { - /* Note that this session_info won't have a session - * key. But for map to guest, that's exactly the right - * thing - we can't reasonably guess the key the - * client wants, as the password was wrong */ - nt_status = do_map_to_guest(nt_status, - &session_info, - auth_ntlmssp_get_username(*auth_ntlmssp_state), - auth_ntlmssp_get_domain(*auth_ntlmssp_state)); } reply_outbuf(req, 4, 0); |