From: Stefan Metzmacher Date: Tue, 26 Apr 2016 23:48:32 +0000 (+0200) Subject: s3:auth_builtin: anonymous authentication doesn't allow a password X-Git-Tag: samba-4.2.12~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f10f25f8e384da8fc89183216ba7a171ff88d28;p=thirdparty%2Fsamba.git s3:auth_builtin: anonymous authentication doesn't allow a password BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Reviewed-by: Günther Deschner (cherry picked from commit ead483b0c0ec746c0869162024c97f2e08df7f4b) --- diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index dce58bf8bfc..74807993cb7 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -38,17 +38,50 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, const struct auth_usersupplied_info *user_info, struct auth_serversupplied_info **server_info) { - /* mark this as 'not for me' */ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); - if (!(user_info->mapped.account_name - && *user_info->mapped.account_name)) { - nt_status = make_server_info_guest(NULL, server_info); + if (user_info->mapped.account_name && *user_info->mapped.account_name) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; } - return nt_status; + switch (user_info->password_state) { + case AUTH_PASSWORD_PLAIN: + if (user_info->password.plaintext != NULL && + strlen(user_info->password.plaintext) > 0) + { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + case AUTH_PASSWORD_HASH: + if (user_info->password.hash.lanman != NULL) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + if (user_info->password.hash.nt != NULL) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + case AUTH_PASSWORD_RESPONSE: + if (user_info->password.response.lanman.length == 1) { + if (user_info->password.response.lanman.data[0] != '\0') { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + } else if (user_info->password.response.lanman.length > 1) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + if (user_info->password.response.nt.length > 0) { + /* mark this as 'not for me' */ + return NT_STATUS_NOT_IMPLEMENTED; + } + break; + } + + return make_server_info_guest(NULL, server_info); } /* Guest modules initialisation */