diff options
author | Gerald Carter <jerry@samba.org> | 2005-06-08 14:23:49 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:57:08 -0500 |
commit | b7455fbf81f4e47c087c861f70d492a328730a9b (patch) | |
tree | 290ece72270575e0ce3e36757e7ab2d13e143000 /source/auth | |
parent | 512585293963a1737f831af697ea1dc092d63cb0 (diff) | |
download | samba-b7455fbf81f4e47c087c861f70d492a328730a9b.tar.gz samba-b7455fbf81f4e47c087c861f70d492a328730a9b.tar.xz samba-b7455fbf81f4e47c087c861f70d492a328730a9b.zip |
r7395: * new feature 'map to guest = bad uid' (based on patch from
aruna.prabakar@hp.com).
This re-enables the Samba 2.2 behavior where a user that was
successfully authenticated by a remote DC would be mapped
to the guest account if there was not existing UNIX account
for that user and we could not create one.
Diffstat (limited to 'source/auth')
-rw-r--r-- | source/auth/auth.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/source/auth/auth.c b/source/auth/auth.c index b777e97cc9d..61f638fcd0b 100644 --- a/source/auth/auth.c +++ b/source/auth/auth.c @@ -279,6 +279,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } } + /* successful authentication */ + if (NT_STATUS_IS_OK(nt_status)) { unix_username = (*server_info)->unix_name; if (!(*server_info)->guest) { @@ -304,14 +306,22 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, user_info->internal_username.str, unix_username)); } + + return nt_status; } - - if (!NT_STATUS_IS_OK(nt_status)) { + + /* failed authentication; check for guest lapping */ + + if ( lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID ) { + make_server_info_guest(server_info); + nt_status = NT_STATUS_OK; + } else { DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", - user_info->smb_name.str, user_info->internal_username.str, - nt_errstr(nt_status))); - ZERO_STRUCTP(server_info); + user_info->smb_name.str, user_info->internal_username.str, + nt_errstr(nt_status))); + ZERO_STRUCTP(server_info); } + return nt_status; } |