s3-auth Move map to guest to directly after the check_password calls
[amitay/samba.git] / source3 / auth / auth_util.c
index a261e39b7befa4524529f4e3b82563e85120359f..1621630b876960013725736be0c15bd0171e30e2 100644 (file)
@@ -1580,3 +1580,35 @@ bool is_trusted_domain(const char* dom_name)
        return false;
 }
 
+
+
+/*
+  on a logon error possibly map the error to success if "map to guest"
+  is set approriately
+*/
+NTSTATUS do_map_to_guest_server_info(NTSTATUS status,
+                                    struct auth_serversupplied_info **server_info,
+                                    const char *user, const char *domain)
+{
+       user = user ? user : "";
+       domain = domain ? domain : "";
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
+               if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
+                   (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+                       DEBUG(3,("No such user %s [%s] - using guest account\n",
+                                user, domain));
+                       status = make_server_info_guest(NULL, server_info);
+               }
+       }
+
+       if (NT_STATUS_EQUAL(status, NT_STATUS_WRONG_PASSWORD)) {
+               if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
+                       DEBUG(3,("Registered username %s for guest access\n",
+                               user));
+                       status = make_server_info_guest(NULL, server_info);
+               }
+       }
+
+       return status;
+}