source/smbd/sesssetup.c

   1 /*
   2    Unix SMB/Netbios implementation.
   3    Version 3.0
   4    handle SMBsessionsetup
   5    Copyright (C) Andrew Tridgell 1998-2001
   6    Copyright (C) Andrew Bartlett      2001
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 2 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program; if not, write to the Free Software
  20    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  21 */
  22
  23 #include "includes.h"
  24
  25 uint32 global_client_caps = 0;
  26
  27 /****************************************************************************
  28  Add the standard 'Samba' signiture to the end of the session setup.
  29 ****************************************************************************/
  30 static void add_signiture(char *outbuf)
  31 {
  32         char *p;
  33         p = smb_buf(outbuf);
  34         p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
  35         p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE);
  36         p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
  37         set_message_end(outbuf,p);
  38 }
  39
  40 #if HAVE_KRB5
  41 /****************************************************************************
  42 reply to a session setup spnego negotiate packet for kerberos
  43 ****************************************************************************/
  44 static int reply_spnego_kerberos(connection_struct *conn,
  45                                  char *inbuf, char *outbuf,
  46                                  int length, int bufsize,
  47                                  DATA_BLOB *secblob)
  48 {
  49         DATA_BLOB ticket;
  50         krb5_context context;
  51         krb5_auth_context auth_context = NULL;
  52         krb5_keytab keytab = NULL;
  53         krb5_data packet;
  54         krb5_ticket *tkt = NULL;
  55         int ret;
  56         char *realm, *client, *p;
  57         const struct passwd *pw;
  58         char *user;
  59         int sess_vuid;
  60         auth_serversupplied_info *server_info = NULL;
  61
  62         realm = lp_realm();
  63
  64         if (!spnego_parse_krb5_wrap(*secblob, &ticket)) {
  65                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
  66         }
  67
  68         ret = krb5_init_context(&context);
  69         if (ret) {
  70                 DEBUG(1,("krb5_init_context failed (%s)\n", error_message(ret)));
  71                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
  72         }
  73
  74         packet.length = ticket.length;
  75         packet.data = (krb5_pointer)ticket.data;
  76
  77 #if 0
  78         file_save("/tmp/ticket.dat", ticket.data, ticket.length);
  79 #endif
  80
  81         if ((ret = krb5_rd_req(context, &auth_context, &packet,
  82                                NULL, keytab, NULL, &tkt))) {
  83                 DEBUG(3,("krb5_rd_req failed (%s)\n",
  84                          error_message(ret)));
  85                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
  86         }
  87
  88         if ((ret = krb5_unparse_name(context, tkt->enc_part2->client,
  89                                      &client))) {
  90                 DEBUG(3,("krb5_unparse_name failed (%s)\n",
  91                          error_message(ret)));
  92                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
  93         }
  94
  95         DEBUG(3,("Ticket name is [%s]\n", client));
  96
  97         p = strchr_m(client, '@');
  98         if (!p) {
  99                 DEBUG(3,("Doesn't look like a valid principal\n"));
 100                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 101         }
 102
 103         *p = 0;
 104         if (strcasecmp(p+1, realm) != 0) {
 105                 DEBUG(3,("Ticket for incorrect realm %s\n", p+1));
 106                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 107         }
 108
 109         user = client;
 110
 111         /* the password is good - let them in */
 112         pw = smb_getpwnam(user,False);
 113         if (!pw) {
 114                 DEBUG(1,("Username %s is invalid on this system\n",user));
 115                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 116         }
 117
 118         if (!make_server_info_pw(&server_info,pw)) {
 119                 DEBUG(1,("make_server_info_from_pw failed!\n"));
 120                 return ERROR_NT(NT_STATUS_NO_MEMORY);
 121         }
 122
 123         sess_vuid = register_vuid(server_info, user);
 124
 125         free_server_info(&server_info);
 126
 127         if (sess_vuid == -1) {
 128                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 129         }
 130
 131         set_message(outbuf,4,0,True);
 132         SSVAL(outbuf, smb_vwv3, 0);
 133         add_signiture(outbuf);
 134
 135         SSVAL(outbuf,smb_uid,sess_vuid);
 136         SSVAL(inbuf,smb_uid,sess_vuid);
 137
 138         return chain_reply(inbuf,outbuf,length,bufsize);
 139 }
 140 #endif
 141
 142
 143 /****************************************************************************
 144 send a security blob via a session setup reply
 145 ****************************************************************************/
 146 static BOOL reply_sesssetup_blob(connection_struct *conn, char *outbuf,
 147                                  DATA_BLOB blob)
 148 {
 149         char *p;
 150
 151         set_message(outbuf,4,0,True);
 152
 153         /* we set NT_STATUS_MORE_PROCESSING_REQUIRED to tell the other end
 154            that we aren't finished yet */
 155
 156         SIVAL(outbuf, smb_rcls, NT_STATUS_V(NT_STATUS_MORE_PROCESSING_REQUIRED));
 157         SSVAL(outbuf, smb_vwv0, 0xFF); /* no chaining possible */
 158         SSVAL(outbuf, smb_vwv3, blob.length);
 159         p = smb_buf(outbuf);
 160         memcpy(p, blob.data, blob.length);
 161         p += blob.length;
 162         p += srvstr_push(outbuf, p, "Unix", -1, STR_TERMINATE);
 163         p += srvstr_push(outbuf, p, "Samba", -1, STR_TERMINATE);
 164         p += srvstr_push(outbuf, p, lp_workgroup(), -1, STR_TERMINATE);
 165         set_message_end(outbuf,p);
 166
 167         return send_smb(smbd_server_fd(),outbuf);
 168 }
 169
 170 /****************************************************************************
 171 reply to a session setup spnego negotiate packet
 172 ****************************************************************************/
 173 static int reply_spnego_negotiate(connection_struct *conn,
 174                                   char *inbuf,
 175                                   char *outbuf,
 176                                   int length, int bufsize,
 177                                   DATA_BLOB blob1)
 178 {
 179         char *OIDs[ASN1_MAX_OIDS];
 180         DATA_BLOB secblob;
 181         int i;
 182         uint32 ntlmssp_command, neg_flags;
 183         DATA_BLOB sess_key, chal, spnego_chal;
 184         uint8 cryptkey[8];
 185         BOOL got_kerberos = False;
 186
 187         /* parse out the OIDs and the first sec blob */
 188         if (!parse_negTokenTarg(blob1, OIDs, &secblob)) {
 189                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 190         }
 191
 192         for (i=0;OIDs[i];i++) {
 193                 DEBUG(3,("Got OID %s\n", OIDs[i]));
 194                 if (strcmp(OID_KERBEROS5, OIDs[i]) == 0 ||
 195                     strcmp(OID_KERBEROS5_OLD, OIDs[i]) == 0) {
 196                         got_kerberos = True;
 197                 }
 198                 free(OIDs[i]);
 199         }
 200         DEBUG(3,("Got secblob of size %d\n", secblob.length));
 201
 202 #if HAVE_KRB5
 203         if (got_kerberos) {
 204                 int ret = reply_spnego_kerberos(conn, inbuf, outbuf,
 205                                                 length, bufsize, &secblob);
 206                 data_blob_free(&secblob);
 207                 return ret;
 208         }
 209 #endif
 210
 211         /* parse the NTLMSSP packet */
 212 #if 0
 213         file_save("secblob.dat", secblob.data, secblob.length);
 214 #endif
 215
 216         if (!msrpc_parse(&secblob, "CddB",
 217                          "NTLMSSP",
 218                          &ntlmssp_command,
 219                          &neg_flags,
 220                          &sess_key)) {
 221                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 222         }
 223
 224         data_blob_free(&secblob);
 225         data_blob_free(&sess_key);
 226
 227         if (ntlmssp_command != NTLMSSP_NEGOTIATE) {
 228                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 229         }
 230
 231         DEBUG(3,("Got neg_flags=%08x\n", neg_flags));
 232
 233         if (!last_challenge(cryptkey)) {
 234                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 235         }
 236
 237         /* Give them the challenge. For now, ignore neg_flags and just
 238            return the flags we want. Obviously this is not correct */
 239
 240         neg_flags = NTLMSSP_NEGOTIATE_UNICODE |
 241                 NTLMSSP_NEGOTIATE_LM_KEY |
 242                 NTLMSSP_NEGOTIATE_NTLM;
 243
 244         msrpc_gen(&chal, "Cddddbdddd",
 245                   "NTLMSSP",
 246                   NTLMSSP_CHALLENGE,
 247                   0,
 248                   0x30, /* ?? */
 249                   neg_flags,
 250                   cryptkey, 8,
 251                   0, 0, 0,
 252                   0x3000); /* ?? */
 253
 254         if (!spnego_gen_challenge(&spnego_chal, &chal, &chal)) {
 255                 DEBUG(3,("Failed to generate challenge\n"));
 256                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 257         }
 258
 259         /* now tell the client to send the auth packet */
 260         reply_sesssetup_blob(conn, outbuf, spnego_chal);
 261
 262         data_blob_free(&chal);
 263         data_blob_free(&spnego_chal);
 264
 265         /* and tell smbd that we have already replied to this packet */
 266         return -1;
 267 }
 268
 269
 270 /****************************************************************************
 271 reply to a session setup spnego auth packet
 272 ****************************************************************************/
 273 static int reply_spnego_auth(connection_struct *conn, char *inbuf, char *outbuf,
 274                              int length, int bufsize,
 275                              DATA_BLOB blob1)
 276 {
 277         DATA_BLOB auth;
 278         char *workgroup, *user, *machine;
 279         DATA_BLOB lmhash, nthash, sess_key;
 280         DATA_BLOB plaintext_password = data_blob(NULL, 0);
 281         DATA_BLOB sec_blob;
 282         uint32 ntlmssp_command, neg_flags;
 283         NTSTATUS nt_status;
 284         int sess_vuid;
 285         char chal[8];
 286
 287         auth_usersupplied_info *user_info = NULL;
 288         auth_serversupplied_info *server_info = NULL;
 289
 290         if (!spnego_parse_auth(blob1, &auth)) {
 291 #if 0
 292                 file_save("auth.dat", blob1.data, blob1.length);
 293 #endif
 294                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 295         }
 296
 297         /* now the NTLMSSP encoded auth hashes */
 298         if (!msrpc_parse(&auth, "CdBBUUUBd",
 299                          "NTLMSSP",
 300                          &ntlmssp_command,
 301                          &lmhash,
 302                          &nthash,
 303                          &workgroup,
 304                          &user,
 305                          &machine,
 306                          &sess_key,
 307                          &neg_flags)) {
 308                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 309         }
 310
 311         data_blob_free(&auth);
 312         data_blob_free(&sess_key);
 313
 314         DEBUG(3,("Got user=[%s] workgroup=[%s] machine=[%s] len1=%d len2=%d\n",
 315                  user, workgroup, machine, lmhash.length, nthash.length));
 316
 317 #if 0
 318         file_save("nthash1.dat", nthash.data, nthash.length);
 319         file_save("lmhash1.dat", lmhash.data, lmhash.length);
 320 #endif
 321
 322         if (!last_challenge(chal)) {
 323                 DEBUG(0,("Encrypted login but no challange set!\n"));
 324                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 325         }
 326         sec_blob = data_blob(chal, 8);
 327         if (!sec_blob.data) {
 328                 return ERROR_NT(NT_STATUS_NO_MEMORY);
 329         }
 330
 331         if (!make_user_info_map(&user_info,
 332                                 user, workgroup,
 333                                 machine, sec_blob,
 334                                 lmhash, nthash,
 335                                 plaintext_password,
 336                                 neg_flags, True)) {
 337                 return ERROR_NT(NT_STATUS_NO_MEMORY);
 338         }
 339
 340         nt_status = check_password(user_info, &server_info);
 341
 342         free_user_info(&user_info);
 343
 344         data_blob_free(&lmhash);
 345
 346         data_blob_free(&nthash);
 347
 348         if (!NT_STATUS_IS_OK(nt_status)) {
 349                 return ERROR_NT(nt_status_squash(nt_status));
 350         }
 351
 352         sess_vuid = register_vuid(server_info, user);
 353
 354         free_server_info(&server_info);
 355
 356         if (sess_vuid == -1) {
 357                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 358         }
 359
 360         set_message(outbuf,4,0,True);
 361         SSVAL(outbuf, smb_vwv3, 0);
 362         add_signiture(outbuf);
 363
 364         SSVAL(outbuf,smb_uid,sess_vuid);
 365         SSVAL(inbuf,smb_uid,sess_vuid);
 366
 367         return chain_reply(inbuf,outbuf,length,bufsize);
 368 }
 369
 370
 371 /****************************************************************************
 372 reply to a session setup spnego anonymous packet
 373 ****************************************************************************/
 374 static int reply_spnego_anonymous(connection_struct *conn, char *inbuf, char *outbuf,
 375                                   int length, int bufsize)
 376 {
 377         int sess_vuid;
 378         auth_usersupplied_info *user_info = NULL;
 379         auth_serversupplied_info *server_info = NULL;
 380
 381         NTSTATUS nt_status;
 382
 383         DEBUG(3,("Got anonymous request\n"));
 384
 385         make_user_info_guest(&user_info);
 386
 387         nt_status = check_password(user_info, &server_info);
 388
 389         sess_vuid = register_vuid(server_info, lp_guestaccount());
 390         free_server_info(&server_info);
 391
 392         if (sess_vuid == -1) {
 393                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 394         }
 395
 396         set_message(outbuf,4,0,True);
 397         SSVAL(outbuf, smb_vwv3, 0);
 398         add_signiture(outbuf);
 399
 400         SSVAL(outbuf,smb_uid,sess_vuid);
 401         SSVAL(inbuf,smb_uid,sess_vuid);
 402
 403         return chain_reply(inbuf,outbuf,length,bufsize);
 404 }
 405
 406
 407 /****************************************************************************
 408 reply to a session setup command
 409 ****************************************************************************/
 410 static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,char *outbuf,
 411                                         int length,int bufsize)
 412 {
 413         uint8 *p;
 414         DATA_BLOB blob1;
 415         int ret;
 416
 417         DEBUG(3,("Doing spnego session setup\n"));
 418
 419         if (global_client_caps == 0) {
 420                 global_client_caps = IVAL(inbuf,smb_vwv10);
 421         }
 422
 423         p = (uint8 *)smb_buf(inbuf);
 424
 425         if (SVAL(inbuf, smb_vwv7) == 0) {
 426                 /* an anonymous request */
 427                 return reply_spnego_anonymous(conn, inbuf, outbuf, length, bufsize);
 428         }
 429
 430         /* pull the spnego blob */
 431         blob1 = data_blob(p, SVAL(inbuf, smb_vwv7));
 432
 433 #if 0
 434         file_save("negotiate.dat", blob1.data, blob1.length);
 435 #endif
 436
 437         if (blob1.data[0] == ASN1_APPLICATION(0)) {
 438                 /* its a negTokenTarg packet */
 439                 ret = reply_spnego_negotiate(conn, inbuf, outbuf, length, bufsize, blob1);
 440                 data_blob_free(&blob1);
 441                 return ret;
 442         }
 443
 444         if (blob1.data[0] == ASN1_CONTEXT(1)) {
 445                 /* its a auth packet */
 446                 ret = reply_spnego_auth(conn, inbuf, outbuf, length, bufsize, blob1);
 447                 data_blob_free(&blob1);
 448                 return ret;
 449         }
 450
 451         /* what sort of packet is this? */
 452         DEBUG(1,("Unknown packet in reply_sesssetup_and_X_spnego\n"));
 453
 454         data_blob_free(&blob1);
 455
 456         return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 457 }
 458
 459
 460 /****************************************************************************
 461 reply to a session setup command
 462 ****************************************************************************/
 463 int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
 464                           int length,int bufsize)
 465 {
 466         int sess_vuid;
 467         int   smb_bufsize;
 468         DATA_BLOB lm_resp;
 469         DATA_BLOB nt_resp;
 470         DATA_BLOB plaintext_password;
 471         pstring user;
 472         pstring sub_user; /* Sainitised username for substituion */
 473         fstring domain;
 474         fstring native_os;
 475         fstring native_lanman;
 476         static BOOL done_sesssetup = False;
 477         extern BOOL global_encrypted_passwords_negotiated;
 478         extern BOOL global_spnego_negotiated;
 479         extern int Protocol;
 480         extern fstring remote_machine;
 481         extern userdom_struct current_user_info;
 482         extern int max_send;
 483
 484         auth_usersupplied_info *user_info = NULL;
 485         auth_serversupplied_info *server_info = NULL;
 486
 487         NTSTATUS nt_status;
 488
 489         BOOL doencrypt = global_encrypted_passwords_negotiated;
 490
 491         START_PROFILE(SMBsesssetupX);
 492
 493         ZERO_STRUCT(lm_resp);
 494         ZERO_STRUCT(nt_resp);
 495         ZERO_STRUCT(plaintext_password);
 496
 497         DEBUG(3,("wct=%d flg2=0x%x\n", CVAL(inbuf, smb_wct), SVAL(inbuf, smb_flg2)));
 498
 499         /* a SPNEGO session setup has 12 command words, whereas a normal
 500            NT1 session setup has 13. See the cifs spec. */
 501         if (CVAL(inbuf, smb_wct) == 12 &&
 502             (SVAL(inbuf, smb_flg2) & FLAGS2_EXTENDED_SECURITY)) {
 503                 return reply_sesssetup_and_X_spnego(conn, inbuf, outbuf, length, bufsize);
 504         }
 505
 506         smb_bufsize = SVAL(inbuf,smb_vwv2);
 507
 508         if (Protocol < PROTOCOL_NT1) {
 509                 uint16 passlen1 = SVAL(inbuf,smb_vwv7);
 510                 if (passlen1 > MAX_PASS_LEN) {
 511                         return ERROR_DOS(ERRDOS,ERRbuftoosmall);
 512                 }
 513
 514                 if (doencrypt) {
 515                         lm_resp = data_blob(smb_buf(inbuf), passlen1);
 516                 } else {
 517                         plaintext_password = data_blob(smb_buf(inbuf), passlen1+1);
 518                         if (!plaintext_password.data) {
 519                                 DEBUG(0,("reply_sesssetup_and_X: malloc failed for plaintext_password!\n"));
 520                                 return ERROR_NT(NT_STATUS_NO_MEMORY);
 521                         } else {
 522                                 /* Ensure null termination */
 523                                 plaintext_password.data[passlen1] = 0;
 524                         }
 525                 }
 526
 527                 srvstr_pull(inbuf, user, smb_buf(inbuf)+passlen1, sizeof(user), -1, STR_TERMINATE);
 528
 529         } else {
 530                 uint16 passlen1 = SVAL(inbuf,smb_vwv7);
 531                 uint16 passlen2 = SVAL(inbuf,smb_vwv8);
 532                 enum remote_arch_types ra_type = get_remote_arch();
 533                 char *p = smb_buf(inbuf);
 534
 535                 if(global_client_caps == 0)
 536                         global_client_caps = IVAL(inbuf,smb_vwv11);
 537
 538                 /* client_caps is used as final determination if client is NT or Win95.
 539                    This is needed to return the correct error codes in some
 540                    circumstances.
 541                 */
 542
 543                 if(ra_type == RA_WINNT || ra_type == RA_WIN2K || ra_type == RA_WIN95) {
 544                         if(!(global_client_caps & (CAP_NT_SMBS | CAP_STATUS32))) {
 545                                 set_remote_arch( RA_WIN95);
 546                         }
 547                 }
 548
 549                 if (passlen1 > MAX_PASS_LEN) {
 550                         return ERROR_DOS(ERRDOS,ERRbuftoosmall);
 551                 }
 552
 553                 passlen1 = MIN(passlen1, MAX_PASS_LEN);
 554                 passlen2 = MIN(passlen2, MAX_PASS_LEN);
 555
 556                 if (!doencrypt) {
 557                         /* both Win95 and WinNT stuff up the password lengths for
 558                            non-encrypting systems. Uggh.
 559
 560                            if passlen1==24 its a win95 system, and its setting the
 561                            password length incorrectly. Luckily it still works with the
 562                            default code because Win95 will null terminate the password
 563                            anyway
 564
 565                            if passlen1>0 and passlen2>0 then maybe its a NT box and its
 566                            setting passlen2 to some random value which really stuffs
 567                            things up. we need to fix that one.  */
 568
 569                         if (passlen1 > 0 && passlen2 > 0 && passlen2 != 24 && passlen2 != 1)
 570                                 passlen2 = 0;
 571                 }
 572
 573                 /* Save the lanman2 password and the NT md4 password. */
 574
 575                 if ((doencrypt) && (passlen1 != 0) && (passlen1 != 24)) {
 576                         doencrypt = False;
 577                 }
 578
 579                 if (doencrypt) {
 580                         lm_resp = data_blob(p, passlen1);
 581                         nt_resp = data_blob(p+passlen1, passlen2);
 582                 } else {
 583                         plaintext_password = data_blob(p, passlen1+1);
 584                         /* Ensure null termination */
 585                         plaintext_password.data[passlen1] = 0;
 586                 }
 587
 588                 p += passlen1 + passlen2;
 589                 p += srvstr_pull(inbuf, user, p, sizeof(user), -1,
 590                                  STR_TERMINATE);
 591                 p += srvstr_pull(inbuf, domain, p, sizeof(domain),
 592                                  -1, STR_TERMINATE);
 593                 p += srvstr_pull(inbuf, native_os, p, sizeof(native_os),
 594                                  -1, STR_TERMINATE);
 595                 p += srvstr_pull(inbuf, native_lanman, p, sizeof(native_lanman),
 596                                  -1, STR_TERMINATE);
 597                 DEBUG(3,("Domain=[%s]  NativeOS=[%s] NativeLanMan=[%s]\n",
 598                          domain,native_os,native_lanman));
 599         }
 600
 601         /* don't allow for weird usernames or domains */
 602         alpha_strcpy(user, user, ". _-$", sizeof(user));
 603         alpha_strcpy(domain, domain, ". _-", sizeof(domain));
 604         if (strstr(user, "..") || strstr(domain,"..")) {
 605                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 606         }
 607
 608         DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, remote_machine));
 609
 610         if (*user) {
 611                 if (global_spnego_negotiated) {
 612                         DEBUG(0,("reply_sesssetup_and_X:  Rejecting attempt at 'normal' session setup after negotiating spnego.\n"));
 613                         return ERROR_NT(NT_STATUS_UNSUCCESSFUL);
 614                 }
 615         }
 616
 617         if (*user) {
 618                 pstrcpy(sub_user, user);
 619         } else {
 620                 pstrcpy(sub_user, lp_guestaccount());
 621         }
 622
 623         pstrcpy(current_user_info.smb_name,sub_user);
 624
 625         reload_services(True);
 626
 627         if (lp_security() == SEC_SHARE) {
 628                 /* in share level we should ignore any passwords */
 629
 630                 data_blob_free(&lm_resp);
 631                 data_blob_free(&nt_resp);
 632                 data_blob_clear_free(&plaintext_password);
 633
 634                 map_username(sub_user);
 635                 add_session_user(sub_user);
 636                 /* Then force it to null for the benfit of the code below */
 637                 *user = 0;
 638         }
 639
 640         if (!make_user_info_for_reply(&user_info,
 641                                       user, domain,
 642                                       lm_resp, nt_resp,
 643                                       plaintext_password, doencrypt)) {
 644                 return ERROR_NT(NT_STATUS_NO_MEMORY);
 645         }
 646
 647         nt_status = check_password(user_info, &server_info);
 648
 649         free_user_info(&user_info);
 650
 651         data_blob_free(&lm_resp);
 652         data_blob_free(&nt_resp);
 653         data_blob_clear_free(&plaintext_password);
 654
 655         if (!NT_STATUS_IS_OK(nt_status)) {
 656                 if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) {
 657                         if ((lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) ||
 658                             (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD)) {
 659
 660                                 DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
 661                                 make_server_info_guest(&server_info);
 662                                 nt_status = NT_STATUS_OK;
 663                         }
 664
 665                 } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) {
 666                         if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD) {
 667                                 DEBUG(3,("Registered username %s for guest access\n",user));
 668                                 make_server_info_guest(&server_info);
 669                                 nt_status = NT_STATUS_OK;
 670                         }
 671                 }
 672         }
 673
 674         if (!NT_STATUS_IS_OK(nt_status)) {
 675                 return ERROR_NT(nt_status_squash(nt_status));
 676         }
 677
 678         /* it's ok - setup a reply */
 679         if (Protocol < PROTOCOL_NT1) {
 680                 set_message(outbuf,3,0,True);
 681         } else {
 682                 set_message(outbuf,3,0,True);
 683                 add_signiture(outbuf);
 684                 /* perhaps grab OS version here?? */
 685         }
 686
 687         if (server_info->guest) {
 688                 SSVAL(outbuf,smb_vwv2,1);
 689         } else {
 690                 const char *home_dir = pdb_get_homedir(server_info->sam_account);
 691                 const char *username = pdb_get_username(server_info->sam_account);
 692                 if ((home_dir && *home_dir)
 693                     && (lp_servicenumber(username) < 0)) {
 694                         add_home_service(username, home_dir);
 695                 }
 696         }
 697
 698         /* register the name and uid as being validated, so further connections
 699            to a uid can get through without a password, on the same VC */
 700
 701         sess_vuid = register_vuid(server_info, sub_user);
 702
 703         free_server_info(&server_info);
 704
 705         if (sess_vuid == -1) {
 706                 return ERROR_NT(NT_STATUS_LOGON_FAILURE);
 707         }
 708
 709
 710         SSVAL(outbuf,smb_uid,sess_vuid);
 711         SSVAL(inbuf,smb_uid,sess_vuid);
 712
 713         if (!done_sesssetup)
 714                 max_send = MIN(max_send,smb_bufsize);
 715
 716         done_sesssetup = True;
 717
 718         END_PROFILE(SMBsesssetupX);
 719         return chain_reply(inbuf,outbuf,length,bufsize);
 720 }