From e058de31e81a23692ccb2bef290042a558e0e795 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 16 Jul 2010 11:05:34 -0700 Subject: Make the "map to guest" parameter work correctly with NTLMSSP (spnego and raw) under SMB2. Still need to investigate fixing this with krb5 auth (does this make sense ?). Jeremy. --- source3/smbd/smb2_sesssetup.c | 35 ++++++++++++++++++++++++++++------- 1 file changed, 28 insertions(+), 7 deletions(-) (limited to 'source3/smbd/smb2_sesssetup.c') diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 6586a45439..493e74802d 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -143,6 +143,26 @@ static int smbd_smb2_session_destructor(struct smbd_smb2_session *session) return 0; } +static NTSTATUS setup_ntlmssp_server_info(struct smbd_smb2_session *session, + NTSTATUS status) +{ + if (NT_STATUS_IS_OK(status)) { + status = auth_ntlmssp_server_info(session, + session->auth_ntlmssp_state, + &session->server_info); + } else { + /* Note that this server_info won't have a session + * key. But for map to guest, that's exactly the right + * thing - we can't reasonably guess the key the + * client wants, as the password was wrong */ + status = do_map_to_guest(status, + &session->server_info, + auth_ntlmssp_get_username(session->auth_ntlmssp_state), + auth_ntlmssp_get_domain(session->auth_ntlmssp_state)); + } + return status; +} + #ifdef HAVE_KRB5 static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, struct smbd_smb2_request *smb2req, @@ -615,13 +635,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint64_t *out_session_id) { fstring tmp; - NTSTATUS status = auth_ntlmssp_server_info(session, session->auth_ntlmssp_state, - &session->server_info); - if (!NT_STATUS_IS_OK(status)) { - auth_ntlmssp_end(&session->auth_ntlmssp_state); - TALLOC_FREE(session); - return status; - } if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == Required) { @@ -773,6 +786,11 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session, status = auth_ntlmssp_update(session->auth_ntlmssp_state, auth, &auth_out); + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { + status = setup_ntlmssp_server_info(session, status); + } + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) { auth_ntlmssp_end(&session->auth_ntlmssp_state); @@ -850,6 +868,9 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session, *out_session_id = session->vuid; return status; } + + status = setup_ntlmssp_server_info(session, status); + if (!NT_STATUS_IS_OK(status)) { auth_ntlmssp_end(&session->auth_ntlmssp_state); TALLOC_FREE(session); -- cgit