summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/globals.h2
-rw-r--r--source3/smbd/msdfs.c4
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/smbd/proto.h12
-rw-r--r--source3/smbd/server_reload.c2
-rw-r--r--source3/smbd/service.c14
-rw-r--r--source3/smbd/sesssetup.c47
-rw-r--r--source3/smbd/uid.c14
8 files changed, 64 insertions, 33 deletions
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 911a86a15f..c7bf239a36 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -422,7 +422,7 @@ struct smbd_smb2_session {
NTSTATUS status;
uint64_t vuid;
struct auth_ntlmssp_state *auth_ntlmssp_state;
- struct auth_serversupplied_info *session_info;
+ struct auth3_session_info *session_info;
DATA_BLOB session_key;
bool do_signing;
diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c
index 4629a39aa3..25a82cdbb0 100644
--- a/source3/smbd/msdfs.c
+++ b/source3/smbd/msdfs.c
@@ -225,7 +225,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
connection_struct **pconn,
int snum,
const char *path,
- const struct auth_serversupplied_info *session_info,
+ const struct auth3_session_info *session_info,
char **poldcwd)
{
connection_struct *conn;
@@ -266,7 +266,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
conn->sconn->num_tcons_open++;
if (session_info != NULL) {
- conn->session_info = copy_serverinfo(conn, session_info);
+ conn->session_info = copy_session_info(conn, session_info);
if (conn->session_info == NULL) {
DEBUG(0, ("copy_serverinfo failed\n"));
TALLOC_FREE(conn);
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 6a3b6ddf2f..f32989da54 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -263,7 +263,7 @@ int register_homes_share(const char *username)
int register_existing_vuid(struct smbd_server_connection *sconn,
uint16 vuid,
- struct auth_serversupplied_info *session_info,
+ struct auth3_session_info *session_info,
DATA_BLOB response_blob,
const char *smb_name)
{
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index ae63f0adf2..f3b54e7221 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -478,7 +478,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx,
connection_struct **pconn,
int snum,
const char *path,
- const struct auth_serversupplied_info *session_info,
+ const struct auth3_session_info *session_info,
char **poldcwd);
/* The following definitions come from smbd/negprot.c */
@@ -711,7 +711,7 @@ int register_initial_vuid(struct smbd_server_connection *sconn);
int register_homes_share(const char *username);
int register_existing_vuid(struct smbd_server_connection *sconn,
uint16 vuid,
- struct auth_serversupplied_info *session_info,
+ struct auth3_session_info *session_info,
DATA_BLOB response_blob,
const char *smb_name);
void add_session_user(struct smbd_server_connection *sconn, const char *user);
@@ -1009,7 +1009,7 @@ int list_sessions(TALLOC_CTX *mem_ctx, struct sessionid **session_list);
/* The following definitions come from smbd/sesssetup.c */
NTSTATUS do_map_to_guest(NTSTATUS status,
- struct auth_serversupplied_info **session_info,
+ struct auth3_session_info **session_info,
const char *user, const char *domain);
NTSTATUS parse_spnego_mechanisms(TALLOC_CTX *ctx,
@@ -1108,10 +1108,10 @@ void reply_transs2(struct smb_request *req);
bool change_to_guest(void);
bool change_to_user(connection_struct *conn, uint16 vuid);
bool change_to_user_by_session(connection_struct *conn,
- const struct auth_serversupplied_info *session_info);
+ const struct auth3_session_info *session_info);
bool change_to_root_user(void);
bool smbd_change_to_root_user(void);
-bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info);
+bool become_authenticated_pipe_user(struct auth3_session_info *session_info);
bool unbecome_authenticated_pipe_user(void);
void become_root(void);
void unbecome_root(void);
@@ -1119,7 +1119,7 @@ void smbd_become_root(void);
void smbd_unbecome_root(void);
bool become_user(connection_struct *conn, uint16 vuid);
bool become_user_by_session(connection_struct *conn,
- const struct auth_serversupplied_info *session_info);
+ const struct auth3_session_info *session_info);
bool unbecome_user(void);
uid_t get_current_uid(connection_struct *conn);
gid_t get_current_gid(connection_struct *conn);
diff --git a/source3/smbd/server_reload.c b/source3/smbd/server_reload.c
index 259a963abf..1242aae673 100644
--- a/source3/smbd/server_reload.c
+++ b/source3/smbd/server_reload.c
@@ -37,7 +37,7 @@
void reload_printers(struct tevent_context *ev,
struct messaging_context *msg_ctx)
{
- struct auth_serversupplied_info *session_info = NULL;
+ struct auth3_session_info *session_info = NULL;
struct spoolss_PrinterInfo2 *pinfo2 = NULL;
int snum;
int n_services = lp_numservices();
diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index 5c410be02a..c772b8a069 100644
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -373,22 +373,22 @@ static NTSTATUS find_forced_group(bool force_user,
}
/****************************************************************************
- Create an auth_serversupplied_info structure for a connection_struct
+ Create an auth3_session_info structure for a connection_struct
****************************************************************************/
static NTSTATUS create_connection_session_info(struct smbd_server_connection *sconn,
TALLOC_CTX *mem_ctx, int snum,
- struct auth_serversupplied_info *vuid_serverinfo,
+ struct auth3_session_info *vuid_serverinfo,
DATA_BLOB password,
- struct auth_serversupplied_info **presult)
+ struct auth3_session_info **presult)
{
if (lp_guest_only(snum)) {
- return make_server_info_guest(mem_ctx, presult);
+ return make_session_info_guest(mem_ctx, presult);
}
if (vuid_serverinfo != NULL) {
- struct auth_serversupplied_info *result;
+ struct auth3_session_info *result;
/*
* This is the normal security != share case where we have a
@@ -414,7 +414,7 @@ static NTSTATUS create_connection_session_info(struct smbd_server_connection *sc
}
}
- result = copy_serverinfo(mem_ctx, vuid_serverinfo);
+ result = copy_session_info(mem_ctx, vuid_serverinfo);
if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -466,7 +466,7 @@ NTSTATUS set_conn_force_user_group(connection_struct *conn, int snum)
*/
char *fuser;
- struct auth_serversupplied_info *forced_serverinfo;
+ struct auth3_session_info *forced_serverinfo;
fuser = talloc_string_sub(conn, lp_force_user(snum), "%S",
lp_const_servicename(snum));
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 74d9e1cebf..694c0874f2 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -49,9 +49,9 @@ struct pending_auth_data {
on a logon error possibly map the error to success if "map to guest"
is set approriately
*/
-NTSTATUS do_map_to_guest(NTSTATUS status,
- struct auth_serversupplied_info **server_info,
- const char *user, const char *domain)
+static NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
+ struct auth_serversupplied_info **server_info,
+ const char *user, const char *domain)
{
user = user ? user : "";
domain = domain ? domain : "";
@@ -76,6 +76,37 @@ NTSTATUS do_map_to_guest(NTSTATUS status,
return status;
}
+/*
+ on a logon error possibly map the error to success if "map to guest"
+ is set approriately
+*/
+NTSTATUS do_map_to_guest(NTSTATUS status,
+ struct auth3_session_info **session_info,
+ const char *user, const char *domain)
+{
+ user = user ? user : "";
+ domain = domain ? domain : "";
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+ if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
+ (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+ DEBUG(3,("No such user %s [%s] - using guest account\n",
+ user, domain));
+ status = make_session_info_guest(NULL, session_info);
+ }
+ }
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+ if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
+ DEBUG(3,("Registered username %s for guest access\n",
+ user));
+ status = make_session_info_guest(NULL, session_info);
+ }
+ }
+
+ return status;
+}
+
/****************************************************************************
Add the standard 'Samba' signature to the end of the session setup.
****************************************************************************/
@@ -251,7 +282,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
int sess_vuid = req->vuid;
NTSTATUS ret = NT_STATUS_OK;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
- struct auth_serversupplied_info *session_info = NULL;
+ struct auth3_session_info *session_info = NULL;
DATA_BLOB session_key = data_blob_null;
uint8 tok_id[2];
DATA_BLOB nullblob = data_blob_null;
@@ -456,7 +487,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
{
bool do_invalidate = true;
DATA_BLOB response;
- struct auth_serversupplied_info *session_info = NULL;
+ struct auth3_session_info *session_info = NULL;
struct smbd_server_connection *sconn = req->sconn;
if (NT_STATUS_IS_OK(nt_status)) {
@@ -1297,7 +1328,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
const char *primary_domain;
struct auth_usersupplied_info *user_info = NULL;
struct auth_serversupplied_info *server_info = NULL;
- struct auth_serversupplied_info *session_info = NULL;
+ struct auth3_session_info *session_info = NULL;
uint16 smb_flag2 = req->flags2;
NTSTATUS nt_status;
@@ -1635,8 +1666,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
free_user_info(&user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- nt_status = do_map_to_guest(nt_status, &server_info,
- user, domain);
+ nt_status = do_map_to_guest_server_info(nt_status, &server_info,
+ user, domain);
}
if (!NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 8114144574..5d703e3a18 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -87,7 +87,7 @@ static void free_conn_session_info_if_unused(connection_struct *conn)
static bool check_user_ok(connection_struct *conn,
uint16_t vuid,
- const struct auth_serversupplied_info *session_info,
+ const struct auth3_session_info *session_info,
int snum)
{
bool valid_vuid = (vuid != UID_FIELD_INVALID);
@@ -158,7 +158,7 @@ static bool check_user_ok(connection_struct *conn,
* username-based faked one.
*/
- ent->session_info = copy_serverinfo(
+ ent->session_info = copy_session_info(
conn, conn->force_user ? conn->session_info : session_info);
if (ent->session_info == NULL) {
@@ -190,7 +190,7 @@ static bool check_user_ok(connection_struct *conn,
****************************************************************************/
static bool change_to_user_internal(connection_struct *conn,
- const struct auth_serversupplied_info *session_info,
+ const struct auth3_session_info *session_info,
uint16_t vuid)
{
int snum;
@@ -277,7 +277,7 @@ static bool change_to_user_internal(connection_struct *conn,
bool change_to_user(connection_struct *conn, uint16_t vuid)
{
- const struct auth_serversupplied_info *session_info = NULL;
+ const struct auth3_session_info *session_info = NULL;
user_struct *vuser;
int snum = SNUM(conn);
@@ -328,7 +328,7 @@ bool change_to_user(connection_struct *conn, uint16_t vuid)
}
bool change_to_user_by_session(connection_struct *conn,
- const struct auth_serversupplied_info *session_info)
+ const struct auth3_session_info *session_info)
{
SMB_ASSERT(conn != NULL);
SMB_ASSERT(session_info != NULL);
@@ -367,7 +367,7 @@ bool smbd_change_to_root_user(void)
user. Doesn't modify current_user.
****************************************************************************/
-bool become_authenticated_pipe_user(struct auth_serversupplied_info *session_info)
+bool become_authenticated_pipe_user(struct auth3_session_info *session_info)
{
if (!push_sec_ctx())
return False;
@@ -487,7 +487,7 @@ bool become_user(connection_struct *conn, uint16 vuid)
}
bool become_user_by_session(connection_struct *conn,
- const struct auth_serversupplied_info *session_info)
+ const struct auth3_session_info *session_info)
{
if (!push_sec_ctx())
return false;
generated by cgit (git 2.34.1) at 2024-07-30 15:31:10 +0000