diff options
Diffstat (limited to 'source3')
-rw-r--r-- | source3/client/smbumount.c | 2 | ||||
-rw-r--r-- | source3/include/includes.h | 3 | ||||
-rw-r--r-- | source3/smbd/reply.c | 28 |
3 files changed, 25 insertions, 8 deletions
diff --git a/source3/client/smbumount.c b/source3/client/smbumount.c index 91b41d4206..ef9e5ef203 100644 --- a/source3/client/smbumount.c +++ b/source3/client/smbumount.c @@ -33,6 +33,8 @@ extern pid_t waitpid(pid_t, int *, int); #include <linux/smb_mount.h> #include <linux/smb_fs.h> +#include "includes.h" + static char *progname; static void diff --git a/source3/include/includes.h b/source3/include/includes.h index dae97b121b..ea09dcb367 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -293,6 +293,9 @@ typedef unsigned short mode_t; /* SunOS doesn't have POSIX atexit */ #define atexit on_exit #define NOSTRCASECMP +#ifndef QSORT_CAST +#define QSORT_CAST (int (*)(const void *, const void *)) +#endif /* QSORT_CAST */ #endif diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index a9db0b3840..9177b3cde1 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -482,6 +482,7 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) pstring smb_ntpasswd; BOOL valid_nt_password = False; pstring user; + pstring orig_user; BOOL guest=False; static BOOL done_sesssetup = False; BOOL doencrypt = SMBENCRYPT(); @@ -624,6 +625,14 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) reload_services(True); /* + * Save the username before mapping. We will use + * the original username sent to us for security=server + * and security=domain checking. + */ + + pstrcpy( orig_user, user); + + /* * Pass the user through the NT -> unix user mapping * function. */ @@ -645,14 +654,17 @@ int reply_sesssetup_and_X(char *inbuf,char *outbuf,int length,int bufsize) guest = True; if (!guest && !(lp_security() == SEC_SERVER && - server_validate(user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen)) && - !(lp_security() == SEC_DOMAIN && - domain_client_validate(user, domain, - smb_apasswd, smb_apasslen, - smb_ntpasswd, smb_ntpasslen)) && - !check_hosts_equiv(user)) + /* Check with orig_user for security=server and + security=domain. */ + server_validate(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen)) && + !(lp_security() == SEC_DOMAIN && + domain_client_validate(orig_user, domain, + smb_apasswd, smb_apasslen, + smb_ntpasswd, smb_ntpasslen)) && + !check_hosts_equiv(user) + ) { /* now check if it's a valid username/password */ |