summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2001-09-16 02:35:55 +0000
committerAndrew Bartlett <abartlet@samba.org>2001-09-16 02:35:55 +0000
commit4d89a65a845dbf6f8fa8aa46d2631cfd3a879e0a (patch)
tree0e434cc7e484d8fac280894a9f1a59518e459aff /source3
parent41432074f56307cd3043ec5ed1ef6359a1a01cea (diff)
downloadsamba-4d89a65a845dbf6f8fa8aa46d2631cfd3a879e0a.tar.gz
samba-4d89a65a845dbf6f8fa8aa46d2631cfd3a879e0a.tar.bz2
samba-4d89a65a845dbf6f8fa8aa46d2631cfd3a879e0a.zip
Start pushing the NTSTATUS stuff out to the wire for session setups.
Rework the 'map to guest' code, its now possible to follow what its trying to do... Add an NT_STATUS_EQUAL(x,y) macro to make this stuff sane to look at. Andrew Bartlett (This used to be commit d618880661976644a6ee713edf969ad561e82097)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/smbd/reply.c78
2 files changed, 28 insertions, 51 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index e426f46921..85cd042976 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -235,6 +235,7 @@ typedef uint32 WERROR;
#define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0)
#define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000)
+#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y))
#define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0)
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 0b8f160854..a379bf1f7f 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -486,7 +486,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
pstring smb_apasswd;
int smb_ntpasslen = 0;
pstring smb_ntpasswd;
- BOOL valid_password = False;
pstring user;
pstring orig_user;
fstring domain;
@@ -719,57 +718,34 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
add_session_user(user);
if (!guest) {
- valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user,
- domain,
- (unsigned char *)smb_apasswd,
- smb_apasslen,
- (unsigned char *)smb_ntpasswd,
- smb_ntpasslen));
-
- /* The true branch will be executed if
- (1) the NT password failed (or was not tried), and
- (2) LanMan authentication failed (or was disabled)
- */
- if (!valid_password)
- {
- if (lp_security() >= SEC_USER)
- {
- if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
- {
- DEBUG(1,("Rejecting user '%s': authentication failed\n", user));
- END_PROFILE(SMBsesssetupX);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
- }
-
- if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
- {
- if (smb_getpwnam(user,True))
- {
- DEBUG(1,("Rejecting user '%s': bad password\n", user));
- END_PROFILE(SMBsesssetupX);
- return ERROR_NT(NT_STATUS_LOGON_FAILURE);
- }
- }
-
- /*
- * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
- * Then always map to guest account - as done below.
- */
- }
-
- if (*smb_apasswd || !smb_getpwnam(user,True))
- pstrcpy(user,lp_guestaccount(-1));
- DEBUG(3,("Registered username %s for guest access\n",user));
- guest = True;
- }
- }
-
- if (!smb_getpwnam(user,True)) {
- DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
- pstrcpy(user,lp_guestaccount(-1));
- guest = True;
+ NTSTATUS nt_status;
+ nt_status = pass_check_smb(orig_user, user,
+ domain,
+ (unsigned char *)smb_apasswd,
+ smb_apasslen,
+ (unsigned char *)smb_ntpasswd,
+ smb_ntpasslen);
+
+ if NT_STATUS_IS_OK(nt_status) {
+
+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)
+ && lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) {
+ DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
+ pstrcpy(user,lp_guestaccount(-1));
+ guest = True;
+
+ } else if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)
+ || NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
+ && (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+ pstrcpy(user,lp_guestaccount(-1));
+ DEBUG(3,("Registered username %s for guest access\n",user));
+ guest = True;
+
+ } else {
+ return ERROR_NT(nt_status);
+ }
}
-
+
if (!strequal(user,lp_guestaccount(-1)) &&
lp_servicenumber(user) < 0)
{