From b918c6c5cdb490506c70c38056d32e5d406b07e7 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Thu, 12 Aug 2004 06:58:10 +0000
Subject: r1762: Ensure that a user (as opposed to guest) cannot login without
 SPNEGO, when we have negotiated SPNEGO.

Andrew Bartlett
(This used to be commit 07e3d2c4cd77d06c9ffaefd481ba58e4debe028c)
---
 source4/smb_server/sesssetup.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'source4/smb_server')

diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c
index 14cb1be067..e1245748a0 100644
--- a/source4/smb_server/sesssetup.c
+++ b/source4/smb_server/sesssetup.c
@@ -106,16 +106,18 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s
 	if (req->smb_conn->negotiate.spnego_negotiated) {
 		struct auth_context *auth_context;
 
+		if (sess->nt1.in.user && *sess->nt1.in.user) {
+			return NT_STATUS_ACCESS_DENIED;
+		} else {
+			make_user_info_guest(&user_info);
+		}
+		
 		status = make_auth_context_subsystem(&auth_context);
 
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
 		
-		if (!sess->nt1.in.user || !*sess->nt1.in.user) {
-			make_user_info_guest(&user_info);
-		}
-		
 		status = auth_context->check_ntlm_password(auth_context, 
 							   user_info, 
 							   &server_info);
-- 
cgit