From 42287c6f976828c173cb3376abf9c258ad117200 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Jul 2005 05:04:45 +0000 Subject: r8706: My previous patch oversimplied the previous change to session setup - we didn't cope with the 'anonymous NTLM under SPNEGO' login. Andrew Bartlett (This used to be commit c3cc14542e426b23e468a11803c1bab0f6fe290f) --- source4/smb_server/sesssetup.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'source4') diff --git a/source4/smb_server/sesssetup.c b/source4/smb_server/sesssetup.c index f8c16d8c69..6cdf398860 100644 --- a/source4/smb_server/sesssetup.c +++ b/source4/smb_server/sesssetup.c @@ -134,6 +134,7 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s NTSTATUS status; const char *remote_machine = NULL; + struct auth_context *auth_context; struct smbsrv_session *smb_sess; struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; @@ -158,6 +159,17 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s * don't have a challenge */ return NT_STATUS_LOGON_FAILURE; } + + /* TODO: should we use just "anonymous" here? */ + status = auth_context_create(mem_ctx, lp_auth_methods(), + &auth_context, + req->smb_conn->connection->event.ctx); + if (!NT_STATUS_IS_OK(status)) { + talloc_free(mem_ctx); + return status; + } + } else { + auth_context = req->smb_conn->negotiate.auth_context; } if (req->smb_conn->negotiate.called_name) { @@ -187,9 +199,8 @@ static NTSTATUS sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *s user_info->password.response.nt = sess->nt1.in.password2; user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data); - status = auth_check_password(req->smb_conn->negotiate.auth_context, - req, user_info, &server_info); - + status = auth_check_password(auth_context, + mem_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); return auth_nt_status_squash(status); -- cgit