s4:auth_anonymous: anonymous authentication doesn't allow a password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d247dceaaab24b568425f2360e40f5e91be452cc)

diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index 28cbfe831ef125d91025b805fbd897848d51f114..ab1aac2693fbce7514f50443c91501f3170c7f9b 100644 (file)
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -41,6 +41,36 @@ static NTSTATUS anonymous_want_check(struct auth_method_context *ctx,
                return NT_STATUS_NOT_IMPLEMENTED;
        }
 
+       switch (user_info->password_state) {
+       case AUTH_PASSWORD_PLAIN:
+               if (user_info->password.plaintext != NULL &&
+                   strlen(user_info->password.plaintext) > 0)
+               {
+                       return NT_STATUS_NOT_IMPLEMENTED;
+               }
+               break;
+       case AUTH_PASSWORD_HASH:
+               if (user_info->password.hash.lanman != NULL) {
+                       return NT_STATUS_NOT_IMPLEMENTED;
+               }
+               if (user_info->password.hash.nt != NULL) {
+                       return NT_STATUS_NOT_IMPLEMENTED;
+               }
+               break;
+       case AUTH_PASSWORD_RESPONSE:
+               if (user_info->password.response.lanman.length == 1) {
+                       if (user_info->password.response.lanman.data[0] != '\0') {
+                               return NT_STATUS_NOT_IMPLEMENTED;
+                       }
+               } else if (user_info->password.response.lanman.length > 1) {
+                       return NT_STATUS_NOT_IMPLEMENTED;
+               }
+               if (user_info->password.response.nt.length > 0) {
+                       return NT_STATUS_NOT_IMPLEMENTED;
+               }
+               break;
+       }
+
        return NT_STATUS_OK;
 }