Start pushing the NTSTATUS stuff out to the wire for session setups.

Rework the 'map to guest' code, its now possible to follow what its trying
to do...

Add an NT_STATUS_EQUAL(x,y) macro to make this stuff sane to look at.

Andrew Bartlett
(This used to be commit d618880661976644a6ee713edf969ad561e82097)

diff --git a/source3/include/smb.h b/source3/include/smb.h
index e426f46921ca1c9e02fc25e1a9ae81330fa9aef7..85cd042976f3bee3591c4b08d6069049aa6c840c 100644 (file)
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -235,6 +235,7 @@ typedef uint32 WERROR;
 
 #define NT_STATUS_IS_OK(x) (NT_STATUS_V(x) == 0)
 #define NT_STATUS_IS_ERR(x) ((NT_STATUS_V(x) & 0xc0000000) == 0xc0000000)
+#define NT_STATUS_EQUAL(x,y) (NT_STATUS_V(x) == NT_STATUS_V(y))
 #define W_ERROR_IS_OK(x) (W_ERROR_V(x) == 0)
 
 

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 0b8f16085496380eadd916e5c50514a32fe09f79..a379bf1f7fe4472719ac4f00229f59df3772c8fd 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -486,7 +486,6 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
   pstring smb_apasswd;
   int   smb_ntpasslen = 0;   
   pstring smb_ntpasswd;
-  BOOL valid_password = False;
   pstring user;
   pstring orig_user;
   fstring domain;
@@ -719,57 +718,34 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int
   add_session_user(user);
 
   if (!guest) {
-         valid_password = NT_STATUS_IS_OK(pass_check_smb(orig_user, user, 
-                                                          domain, 
-                                                         (unsigned char *)smb_apasswd, 
-                                                         smb_apasslen, 
-                                                         (unsigned char *)smb_ntpasswd,
-                                                         smb_ntpasslen));
-
-    /* The true branch will be executed if 
-       (1) the NT password failed (or was not tried), and 
-       (2) LanMan authentication failed (or was disabled) 
-     */
-    if (!valid_password)
-    {
-      if (lp_security() >= SEC_USER) 
-      {
-        if (lp_map_to_guest() == NEVER_MAP_TO_GUEST)
-        {
-               DEBUG(1,("Rejecting user '%s': authentication failed\n", user));
-               END_PROFILE(SMBsesssetupX);
-               return ERROR_NT(NT_STATUS_LOGON_FAILURE);
-        }
-
-        if (lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER)
-        {
-          if (smb_getpwnam(user,True))
-          {
-            DEBUG(1,("Rejecting user '%s': bad password\n", user));
-               END_PROFILE(SMBsesssetupX);
-            return ERROR_NT(NT_STATUS_LOGON_FAILURE);
-          }
-        }
-
-        /*
-         * ..else if lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_PASSWORD
-         * Then always map to guest account - as done below.
-         */
-      }
-
-      if (*smb_apasswd || !smb_getpwnam(user,True))
-         pstrcpy(user,lp_guestaccount(-1));
-      DEBUG(3,("Registered username %s for guest access\n",user));
-      guest = True;
-    }
-  }
-
-  if (!smb_getpwnam(user,True)) {
-    DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
-    pstrcpy(user,lp_guestaccount(-1));
-    guest = True;
+         NTSTATUS nt_status;
+         nt_status = pass_check_smb(orig_user, user, 
+                                    domain, 
+                                    (unsigned char *)smb_apasswd, 
+                                    smb_apasslen, 
+                                    (unsigned char *)smb_ntpasswd,
+                                    smb_ntpasslen);
+         
+         if NT_STATUS_IS_OK(nt_status) {
+
+         } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)
+                    && lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_USER) {
+                 DEBUG(3,("No such user %s [%s] - using guest account\n",user, domain));
+                 pstrcpy(user,lp_guestaccount(-1));
+                 guest = True;
+
+         } else if ((NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) 
+                     || NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER))
+                    &&  (lp_map_to_guest() ==  MAP_TO_GUEST_ON_BAD_PASSWORD)) {
+                 pstrcpy(user,lp_guestaccount(-1));
+                 DEBUG(3,("Registered username %s for guest access\n",user));
+                 guest = True;
+
+         } else {
+                 return ERROR_NT(nt_status);
+         }  
   }
-
+  
   if (!strequal(user,lp_guestaccount(-1)) &&
       lp_servicenumber(user) < 0)      
   {