diff options
-rw-r--r-- | source3/include/smb.h | 1 | ||||
-rw-r--r-- | source3/smbd/reply.c | 78 |
2 files changed, 28 insertions, 51 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h index e426f46921..85cd042976 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -235,6 +235,7 @@ typedef uint32 WERROR; #define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0) #define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000) +#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y)) #define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0b8f160854..a379bf1f7f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -486,7 +486,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int pstring smb_apasswd; int smb_ntpasslen = 0; pstring smb_ntpasswd; - BOOL valid_password = False; pstring user; pstring orig_user; fstring domain; @@ -719,57 +718,34 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int add_session_user(user); if (!guest) { - valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user, - domain, - (unsigned char *)smb_apasswd, - smb_apasslen, - (unsigned char *)smb_ntpasswd, - smb_ntpasslen)); - - /* The true branch will be executed if - (1) the NT password failed (or was not tried), and - (2) LanMan authentication failed (or was disabled) - */ - if (!valid_password) - { - if (lp_security() >= SEC_USER) - { - if (lp_map_to_guest() == NEVER_MAP_TO_GUEST) - { - DEBUG(1,("Rejecting user '%s': authentication failed\n", user)); - END_PROFILE(SMBsesssetupX); - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) - { - if (smb_getpwnam(user,True)) - { - DEBUG(1,("Rejecting user '%s': bad password\n", user)); - END_PROFILE(SMBsesssetupX); - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - } - - /* - * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD - * Then always map to guest account - as done below. - */ - } - - if (*smb_apasswd || !smb_getpwnam(user,True)) - pstrcpy(user,lp_guestaccount(-1)); - DEBUG(3,("Registered username %s for guest access\n",user)); - guest = True; - } - } - - if (!smb_getpwnam(user,True)) { - DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain)); - pstrcpy(user,lp_guestaccount(-1)); - guest = True; + NTSTATUS nt_status; + nt_status = pass_check_smb(orig_user, user, + domain, + (unsigned char *)smb_apasswd, + smb_apasslen, + (unsigned char *)smb_ntpasswd, + smb_ntpasslen); + + if NT_STATUS_IS_OK(nt_status) { + + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) + && lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) { + DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain)); + pstrcpy(user,lp_guestaccount(-1)); + guest = True; + + } else if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) + || NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) + && (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { + pstrcpy(user,lp_guestaccount(-1)); + DEBUG(3,("Registered username %s for guest access\n",user)); + guest = True; + + } else { + return ERROR_NT(nt_status); + } } - + if (!strequal(user,lp_guestaccount(-1)) && lp_servicenumber(user) < 0) { |