diff options
author | Gerald Carter <jerry@samba.org> | 2005-06-08 14:23:49 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2005-06-08 14:23:49 +0000 |
commit | 5319d1255c578a6859d4c9754c06720774654027 (patch) | |
tree | 290ece72270575e0ce3e36757e7ab2d13e143000 /source/auth/auth.c | |
parent | c0c90da33ce05a8c58bb8f2eb931a3c79d39ab0f (diff) | |
download | samba-5319d1255c578a6859d4c9754c06720774654027.tar.gz samba-5319d1255c578a6859d4c9754c06720774654027.tar.xz samba-5319d1255c578a6859d4c9754c06720774654027.zip |
r7395: * new feature 'map to guest = bad uid' (based on patch from
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
Diffstat (limited to 'source/auth/auth.c')
-rw-r--r-- | source/auth/auth.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/source/auth/auth.c b/source/auth/auth.c index b777e97cc9d..61f638fcd0b 100644 --- a/source/auth/auth.c +++ b/source/auth/auth.c @@ -279,6 +279,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } } + /* successful authentication */ + if (NT_STATUS_IS_OK(nt_status)) { unix_username = (*server_info)->unix_name; if (!(*server_info)->guest) { @@ -304,14 +306,22 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, user_info->internal_username.str, unix_username)); } + + return nt_status; } - - if (!NT_STATUS_IS_OK(nt_status)) { + + /* failed authentication; check for guest lapping */ + + if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) { + make_server_info_guest(server_info); + nt_status = NT_STATUS_OK; + } else { DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", - user_info->smb_name.str, user_info->internal_username.str, - nt_errstr(nt_status))); - ZERO_STRUCTP(server_info); + user_info->smb_name.str, user_info->internal_username.str, + nt_errstr(nt_status))); + ZERO_STRUCTP(server_info); } + return nt_status; } |