From 60747ab66e768ac6801838c460a1a4fc8bba32cf Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sat, 20 Oct 2001 11:47:44 +0000
Subject: crude fix for anonymous session setup with extended security
 negotiated (This used to be commit b3caf2109090cb2b97a829913bee7e50e7eacba8)

---
 source3/smbd/sesssetup.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 62 insertions(+), 1 deletion(-)

diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index c8bf2a4f94..1ca7066c41 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -66,8 +66,15 @@ static int reply_spnego_kerberos(connection_struct *conn,
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 	}
 
+#if 0
+	ret = krb5_build_principal(context, &server, strlen(realm),
+				   realm, "HOST", "blu", NULL);
+#else
 	ret = krb5_build_principal(context, &server, strlen(realm),
 				   realm, service, NULL);
+#endif
+	krb5_princ_type(context, server) = KRB5_NT_PRINCIPAL;
+
 	if (ret) {
 		DEBUG(1,("krb5_build_principal failed (%s)\n", error_message(ret)));
 		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
@@ -364,6 +371,55 @@ static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 }
 
 
+/****************************************************************************
+reply to a session setup spnego anonymous packet
+****************************************************************************/
+static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *outbuf,
+				  int length, int bufsize)
+{
+	char *user;
+	int sess_vuid;
+	gid_t gid;
+	uid_t uid;
+	char *full_name;
+	char *p;
+	const struct passwd *pw;
+
+	DEBUG(3,("Got anonymous request\n"));
+
+	user = lp_guestaccount(-1);
+
+	/* the password is good - let them in */
+	pw = smb_getpwnam(user,False);
+	if (!pw) {
+		DEBUG(1,("Guest username %s is invalid on this system\n",user));
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+	gid = pw->pw_gid;
+	uid = pw->pw_uid;
+	full_name = pw->pw_gecos;
+
+	sess_vuid = register_vuid(uid,gid,user,user,lp_workgroup(),True,full_name);
+	
+	if (sess_vuid == -1) {
+		return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+	}
+
+	set_message(outbuf,4,0,True);
+	SSVAL(outbuf, smb_vwv3, 0);
+	p = smb_buf(outbuf);
+	p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE);
+	p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
+	set_message_end(outbuf,p);
+ 
+	SSVAL(outbuf,smb_uid,sess_vuid);
+	SSVAL(inbuf,smb_uid,sess_vuid);
+	
+	return chain_reply(inbuf,outbuf,length,bufsize);
+}
+
+
 /****************************************************************************
 reply to a session setup command
 ****************************************************************************/
@@ -381,9 +437,14 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,cha
 		
 	p = smb_buf(inbuf);
 
+	if (SVAL(inbuf, smb_vwv7) == 0) {
+		/* an anonymous request */
+		return reply_spnego_anonymous(conn, inbuf, outbuf, length, bufsize);
+	}
+
 	/* pull the spnego blob */
 	blob1 = data_blob(p, SVAL(inbuf, smb_vwv7));
-	
+
 #if 0
 	chdir("/home/tridge");
 	file_save("negotiate.dat", blob1.data, blob1.length);
-- 
cgit