The Samba-Bugzilla – Attachment 8877 Details for
Bug 9867
Anonymous guest share access does not work if using "samba4" in "auth methods"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch to allow guest access based on the domain guest account status
29_zentyal_guest_access (text/plain), 3.45 KB, created by
Samuel Cabrero
on 2013-05-10 22:59:37 UTC
(
hide
)
Description:
Patch to allow guest access based on the domain guest account status
Filename:
MIME Type:
Creator:
Samuel Cabrero
Created:
2013-05-10 22:59:37 UTC
Size:
3.45 KB
patch
obsolete
>diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c >index f234f72..582eb0d 100644 >--- a/source4/auth/ntlm/auth_sam.c >+++ b/source4/auth/ntlm/auth_sam.c >@@ -69,6 +69,58 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context * > } > > /**************************************************************************** >+ Look for the guest account in the sam, return ldb result structures >+****************************************************************************/ >+ >+static NTSTATUS authsam_search_guest_account(TALLOC_CTX *mem_ctx, >+ struct ldb_context *sam_ctx, >+ struct ldb_dn *domain_dn, >+ struct ldb_message **ret_msg) >+{ >+ int ret; >+ const struct dom_sid *domain_sid; >+ struct dom_sid *guest_sid; >+ >+ domain_sid = samdb_domain_sid(sam_ctx); >+ if (domain_sid == NULL) { >+ return NT_STATUS_INTERNAL_DB_CORRUPTION; >+ } >+ >+ guest_sid = dom_sid_add_rid(mem_ctx, domain_sid, DOMAIN_RID_GUEST); >+ if (guest_sid == NULL) { >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ /* pull the user attributes */ >+ ret = dsdb_search_one(sam_ctx, mem_ctx, ret_msg, domain_dn, >+ LDB_SCOPE_SUBTREE, >+ user_attrs, >+ DSDB_SEARCH_SHOW_EXTENDED_DN, >+ "(&(objectSID=%s)(objectclass=user))", >+ ldap_encode_ndr_dom_sid(mem_ctx, guest_sid)); >+ if (ret == LDB_ERR_NO_SUCH_OBJECT) { >+ DEBUG(3,("%s: Couldn't find guest user in samdb, under %s\n", >+ __func__, >+ ldb_dn_get_linearized(domain_dn))); >+ return NT_STATUS_NO_SUCH_USER; >+ } >+ if (ret != LDB_SUCCESS) { >+ return NT_STATUS_INTERNAL_DB_CORRUPTION; >+ } >+ >+ /* Return no such user if the account is disabled */ >+ uint16_t acct_flags = samdb_result_acct_flags(sam_ctx, mem_ctx, >+ *ret_msg, domain_dn); >+ if (acct_flags & ACB_DISABLED) { >+ DEBUG(3,("%s: Account for guest user is disabled.\n", >+ __func__)); >+ return NT_STATUS_NO_SUCH_USER; >+ } >+ >+ return NT_STATUS_OK; >+} >+ >+/**************************************************************************** > Do a specific test for an smb password being correct, given a smb_password and > the lanman and NT responses. > ****************************************************************************/ >@@ -269,15 +321,28 @@ static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx > return NT_STATUS_NO_SUCH_DOMAIN; > } > >- nt_status = authsam_search_account(tmp_ctx, ctx->auth_ctx->sam_ctx, account_name, domain_dn, &msg); >- if (!NT_STATUS_IS_OK(nt_status)) { >- talloc_free(tmp_ctx); >- return nt_status; >- } >- >- nt_status = authsam_authenticate(ctx->auth_ctx, tmp_ctx, ctx->auth_ctx->sam_ctx, domain_dn, msg, user_info, >- &user_sess_key, &lm_sess_key); >- if (!NT_STATUS_IS_OK(nt_status)) { >+ nt_status = authsam_search_account(tmp_ctx, ctx->auth_ctx->sam_ctx, >+ account_name, domain_dn, &msg); >+ if (NT_STATUS_IS_OK(nt_status)) { >+ nt_status = authsam_authenticate(ctx->auth_ctx, >+ tmp_ctx, ctx->auth_ctx->sam_ctx, domain_dn, >+ msg, user_info, &user_sess_key, &lm_sess_key); >+ if (!NT_STATUS_IS_OK(nt_status)) { >+ talloc_free(tmp_ctx); >+ return nt_status; >+ } >+ } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { >+ DEBUG(3, ("%s: User %s not found, mapping to guest account\n", >+ __func__, account_name)); >+ nt_status = authsam_search_guest_account(tmp_ctx, >+ ctx->auth_ctx->sam_ctx, domain_dn, &msg); >+ if (!NT_STATUS_IS_OK(nt_status)) { >+ talloc_free(tmp_ctx); >+ return nt_status; >+ } >+ user_sess_key = data_blob(NULL, 0); >+ lm_sess_key = data_blob(NULL, 0); >+ } else { > talloc_free(tmp_ctx); > return nt_status; > }
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9867
:
8863
| 8877