r7395: * new feature 'map to guest = bad uid' (based on patch from

  aruna.prabakar@hp.com).  

This re-enables the Samba 2.2 behavior where a user that was 
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.

1 files changed, 15 insertions, 5 deletions

diff --git a/source/auth/auth.c b/source/auth/auth.c
index b777e97cc9d..61f638fcd0b 100644
--- a/source/auth/auth.c
+++ b/source/auth/auth.c
@@ -279,6 +279,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 		}
 	}
 
+	/* successful authentication */
+	
 	if (NT_STATUS_IS_OK(nt_status)) {
 		unix_username = (*server_info)->unix_name;
 		if (!(*server_info)->guest) {
@@ -304,14 +306,22 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 			       user_info->internal_username.str, 
 			       unix_username));
 		}
+		
+		return nt_status;
 	}
-
-	if (!NT_STATUS_IS_OK(nt_status)) {
+	
+	/* failed authentication; check for guest lapping */
+	
+	if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) {
+	 	make_server_info_guest(server_info); 
+		nt_status = NT_STATUS_OK;
+	 } else {
 		DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n", 
-			  user_info->smb_name.str, user_info->internal_username.str, 
-			  nt_errstr(nt_status)));
-		ZERO_STRUCTP(server_info);
+	  	user_info->smb_name.str, user_info->internal_username.str, 
+	  	nt_errstr(nt_status)));
+		ZERO_STRUCTP(server_info); 
 	}
+	
 	return nt_status;
 }