diff options
author | Stefan Metzmacher <metze@samba.org> | 2016-04-27 01:48:32 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2016-04-29 12:06:26 +0200 |
commit | 5f10f25f8e384da8fc89183216ba7a171ff88d28 (patch) | |
tree | f804c48a23038e7a70c7f3c501b466f8a7eb410e | |
parent | 00f2691e1af2b71fab96c538de87401e78e91ca0 (diff) | |
download | samba-5f10f25f8e384da8fc89183216ba7a171ff88d28.tar.gz |
s3:auth_builtin: anonymous authentication doesn't allow a password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit ead483b0c0ec746c0869162024c97f2e08df7f4b)
-rw-r--r-- | source3/auth/auth_builtin.c | 47 |
1 files changed, 40 insertions, 7 deletions
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index dce58bf8bfc..74807993cb7 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -38,17 +38,50 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - /* mark this as 'not for me' */ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); - if (!(user_info->mapped.account_name - && *user_info->mapped.account_name)) { - nt_status = make_server_info_guest(NULL, server_info); + if (user_info->mapped.account_name && *user_info->mapped.account_name) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; } - return nt_status; + switch (user_info->password_state) { + case AUTH_PASSWORD_PLAIN: + if (user_info->password.plaintext != NULL && + strlen(user_info->password.plaintext) > 0) + { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + case AUTH_PASSWORD_HASH: + if (user_info->password.hash.lanman != NULL) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + if (user_info->password.hash.nt != NULL) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + case AUTH_PASSWORD_RESPONSE: + if (user_info->password.response.lanman.length == 1) { + if (user_info->password.response.lanman.data[0] != '\0') { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + } else if (user_info->password.response.lanman.length > 1) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + if (user_info->password.response.nt.length > 0) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + } + + return make_server_info_guest(NULL, server_info); } /* Guest modules initialisation */ |