#include "includes.h"
#include "smbd/globals.h"
-
-extern enum protocol_types Protocol;
+#include "../libcli/auth/spnego.h"
+#include "ntlmssp.h"
/* For split krb5 SPNEGO blobs. */
struct pending_auth_data {
is set approriately
*/
static NTSTATUS do_map_to_guest(NTSTATUS status,
- auth_serversupplied_info **server_info,
+ struct auth_serversupplied_info **server_info,
const char *user, const char *domain)
{
if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
Do a 'guest' logon, getting back the
****************************************************************************/
-static NTSTATUS check_guest_password(auth_serversupplied_info **server_info)
+static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info)
{
struct auth_context *auth_context;
- auth_usersupplied_info *user_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
NTSTATUS nt_status;
unsigned char chal[8];
NTSTATUS ret = NT_STATUS_OK;
struct PAC_DATA *pac_data = NULL;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
DATA_BLOB session_key = data_blob_null;
uint8 tok_id[2];
DATA_BLOB nullblob = data_blob_null;
}
} else {
- ret = make_server_info_pw(&server_info, real_username, pw);
+ /*
+ * We didn't get a PAC, we have to make up the user
+ * ourselves. Try to ask the pdb backend to provide
+ * SID consistency with ntlmssp session setup
+ */
+ struct samu *sampass;
+
+ sampass = samu_new(talloc_tos());
+ if (sampass == NULL) {
+ ret = NT_STATUS_NO_MEMORY;
+ data_blob_free(&ap_rep);
+ data_blob_free(&session_key);
+ TALLOC_FREE(mem_ctx);
+ reply_nterror(req, nt_status_squash(ret));
+ return;
+ }
+
+ if (pdb_getsampwnam(sampass, real_username)) {
+ DEBUG(10, ("found user %s in passdb, calling "
+ "make_server_info_sam\n", real_username));
+ ret = make_server_info_sam(&server_info, sampass);
+ } else {
+ /*
+ * User not in passdb, make it up artificially
+ */
+ TALLOC_FREE(sampass);
+ DEBUG(10, ("didn't find user %s in passdb, calling "
+ "make_server_info_pw\n", real_username));
+ ret = make_server_info_pw(&server_info, real_username,
+ pw);
+ }
if ( !NT_STATUS_IS_OK(ret) ) {
- DEBUG(1,("make_server_info_pw failed: %s!\n",
+ DEBUG(1,("make_server_info_[sam|pw] failed: %s!\n",
nt_errstr(ret)));
data_blob_free(&ap_rep);
data_blob_free(&session_key);
const char *native_os;
const char *native_lanman;
const char *primary_domain;
- auth_usersupplied_info *user_info = NULL;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
uint16 smb_flag2 = req->flags2;
NTSTATUS nt_status;
smb_bufsize = SVAL(req->vwv+2, 0);
- if (Protocol < PROTOCOL_NT1) {
+ if (get_Protocol() < PROTOCOL_NT1) {
uint16 passlen1 = SVAL(req->vwv+7, 0);
/* Never do NT status codes with protocols before NT1 as we
/* it's ok - setup a reply */
reply_outbuf(req, 3, 0);
- if (Protocol >= PROTOCOL_NT1) {
+ if (get_Protocol() >= PROTOCOL_NT1) {
push_signature(&req->outbuf);
/* perhaps grab OS version here?? */
}
SSVAL(req->outbuf,smb_uid,sess_vuid);
SSVAL(req->inbuf,smb_uid,sess_vuid);
+ req->vuid = sess_vuid;
if (!sconn->smb1.sessions.done_sesssetup) {
sconn->smb1.sessions.max_send =