Change to guest logon code.

This changes the way we process guest logons - we now treat them as normal
logons, but set the 'guest' flag.  In particular this is needed becouse Win2k
will do an NTLMSSP login with username "", therefore missing our previous guest
connection code - this is getting a pain to do as a special case all over the
shop.

Tridge:  We don't seem to be setting a guest bit for NTLMSSP, in either the
anonymous or authenticated case, can you take a look at this?

Also some cleanups in the check_password() code that should make some of the
debugs clearer.

Various other minor cleanups:

 - change the session code to just take a vuser, rather than having to do a
   vuid lookup on vuser.vuid

 - Change some of the global_client_caps linking

 - Better debug in authorise_login(): show the vuid.

Andrew Bartlett

1 files changed, 8 insertions, 1 deletions

diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c
index 44faefb6453..1aa58f52745 100644
--- a/source/rpc_server/srv_netlog_nt.c
+++ b/source/rpc_server/srv_netlog_nt.c
@@ -597,7 +597,7 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 
 	free_user_info(&user_info);
 	
-	DEBUG(5, ("_net_sam_logon: exiting with status %s\n", 
+	DEBUG(5, ("_net_sam_logon: check_password returned status %s\n", 
 		  get_nt_error_msg(status)));
 
 	/* Check account and password */
@@ -607,6 +607,13 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
 		return status;
 	}
 
+	if (server_info->guest) {
+		/* We don't like guest domain logons... */
+		DEBUG(5,("_net_sam_logon: Attempted domain logon as GUEST denied.\n"));
+		free_server_info(&server_info);
+		return NT_STATUS_LOGON_FAILURE;
+	}
+
 	/* This is the point at which, if the login was successful, that
            the SAM Local Security Authority should record that the user is
            logged in to the domain.  */