From 4d89a65a845dbf6f8fa8aa46d2631cfd3a879e0a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 16 Sep 2001 02:35:55 +0000 Subject: Start pushing the NTSTATUS stuff out to the wire for session setups. Rework the 'map to guest' code, its now possible to follow what its trying to do... Add an NT_STATUS_EQUAL(x,y) macro to make this stuff sane to look at. Andrew Bartlett (This used to be commit d618880661976644a6ee713edf969ad561e82097) --- source3/include/smb.h | 1 + source3/smbd/reply.c | 78 ++++++++++++++++++--------------------------------- 2 files changed, 28 insertions(+), 51 deletions(-) (limited to 'source3') diff --git a/source3/include/smb.h b/source3/include/smb.h index e426f46921..85cd042976 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -235,6 +235,7 @@ typedef uint32 WERROR; #define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0) #define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000) +#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y)) #define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0b8f160854..a379bf1f7f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -486,7 +486,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int pstring smb_apasswd; int smb_ntpasslen = 0; pstring smb_ntpasswd; - BOOL valid_password = False; pstring user; pstring orig_user; fstring domain; @@ -719,57 +718,34 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int add_session_user(user); if (!guest) { - valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user, - domain, - (unsigned char *)smb_apasswd, - smb_apasslen, - (unsigned char *)smb_ntpasswd, - smb_ntpasslen)); - - /* The true branch will be executed if - (1) the NT password failed (or was not tried), and - (2) LanMan authentication failed (or was disabled) - */ - if (!valid_password) - { - if (lp_security() >= SEC_USER) - { - if (lp_map_to_guest() == NEVER_MAP_TO_GUEST) - { - DEBUG(1,("Rejecting user '%s': authentication failed\n", user)); - END_PROFILE(SMBsesssetupX); - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - - if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) - { - if (smb_getpwnam(user,True)) - { - DEBUG(1,("Rejecting user '%s': bad password\n", user)); - END_PROFILE(SMBsesssetupX); - return ERROR_NT(NT_STATUS_LOGON_FAILURE); - } - } - - /* - * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD - * Then always map to guest account - as done below. - */ - } - - if (*smb_apasswd || !smb_getpwnam(user,True)) - pstrcpy(user,lp_guestaccount(-1)); - DEBUG(3,("Registered username %s for guest access\n",user)); - guest = True; - } - } - - if (!smb_getpwnam(user,True)) { - DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain)); - pstrcpy(user,lp_guestaccount(-1)); - guest = True; + NTSTATUS nt_status; + nt_status = pass_check_smb(orig_user, user, + domain, + (unsigned char *)smb_apasswd, + smb_apasslen, + (unsigned char *)smb_ntpasswd, + smb_ntpasslen); + + if NT_STATUS_IS_OK(nt_status) { + + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) + && lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) { + DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain)); + pstrcpy(user,lp_guestaccount(-1)); + guest = True; + + } else if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) + || NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) + && (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) { + pstrcpy(user,lp_guestaccount(-1)); + DEBUG(3,("Registered username %s for guest access\n",user)); + guest = True; + + } else { + return ERROR_NT(nt_status); + } } - + if (!strequal(user,lp_guestaccount(-1)) && lp_servicenumber(user) < 0) { -- cgit