summaryrefslogtreecommitdiff
path: root/source3/smbd/reply.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/reply.c')
-rw-r--r--source3/smbd/reply.c28
1 files changed, 20 insertions, 8 deletions
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index a9db0b3840..9177b3cde1 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -482,6 +482,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
pstring smb_ntpasswd;
BOOL valid_nt_password = False;
pstring user;
+ pstring orig_user;
BOOL guest=False;
static BOOL done_sesssetup = False;
BOOL doencrypt = SMBENCRYPT();
@@ -624,6 +625,14 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
reload_services(True);
/*
+ * Save the username before mapping. We will use
+ * the original username sent to us for security=server
+ * and security=domain checking.
+ */
+
+ pstrcpy( orig_user, user);
+
+ /*
* Pass the user through the NT -> unix user mapping
* function.
*/
@@ -645,14 +654,17 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize)
guest = True;
if (!guest && !(lp_security() == SEC_SERVER &&
- server_validate(user, domain,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen)) &&
- !(lp_security() == SEC_DOMAIN &&
- domain_client_validate(user, domain,
- smb_apasswd, smb_apasslen,
- smb_ntpasswd, smb_ntpasslen)) &&
- !check_hosts_equiv(user))
+ /* Check with orig_user for security=server and
+ security=domain. */
+ server_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen)) &&
+ !(lp_security() == SEC_DOMAIN &&
+ domain_client_validate(orig_user, domain,
+ smb_apasswd, smb_apasslen,
+ smb_ntpasswd, smb_ntpasslen)) &&
+ !check_hosts_equiv(user)
+ )
{
/* now check if it's a valid username/password */