- conn->nt_user_token = NULL;
-
- if (lp_guest_only(snum)) {
- const char *guestname = lp_guestaccount();
- NTSTATUS status2;
- char *found_username = NULL;
-
- guest = True;
- pass = getpwnam_alloc(NULL, guestname);
- if (!pass) {
- DEBUG(0,("make_connection_snum: Invalid guest "
- "account %s??\n",guestname));
- conn_free(conn);
- *status = NT_STATUS_NO_SUCH_USER;
- return NULL;
- }
- status2 = create_token_from_username(conn, pass->pw_name, True,
- &conn->uid, &conn->gid,
- &found_username,
- &conn->nt_user_token);
- if (!NT_STATUS_IS_OK(status2)) {
- TALLOC_FREE(pass);
- conn_free(conn);
- *status = status2;
- return NULL;
- }
- fstrcpy(user, found_username);
- string_set(&conn->user,user);
- conn->force_user = True;
- TALLOC_FREE(found_username);
- TALLOC_FREE(pass);
- DEBUG(3,("Guest only user %s\n",user));
- } else if (vuser) {
- if (vuser->guest) {
- if (!lp_guest_ok(snum)) {
- DEBUG(2, ("guest user (from session setup) "
- "not permitted to access this share "
- "(%s)\n", lp_servicename(snum)));
- conn_free(conn);
- *status = NT_STATUS_ACCESS_DENIED;
- return NULL;
- }
- } else {
- if (!user_ok_token(vuser->user.unix_name,
- vuser->server_info->ptok, snum)) {
- DEBUG(2, ("user '%s' (from session setup) not "
- "permitted to access this share "
- "(%s)\n", vuser->user.unix_name,
- lp_servicename(snum)));
- conn_free(conn);
- *status = NT_STATUS_ACCESS_DENIED;
- return NULL;
- }
- }
- conn->vuid = vuser->vuid;
- conn->uid = vuser->uid;
- conn->gid = vuser->gid;
- string_set(&conn->user,vuser->user.unix_name);
- fstrcpy(user,vuser->user.unix_name);
- guest = vuser->guest;
- } else if (lp_security() == SEC_SHARE) {
- NTSTATUS status2;
- char *found_username = NULL;
-
- /* add it as a possible user name if we
- are in share mode security */
- add_session_user(lp_servicename(snum));
- /* shall we let them in? */
- if (!authorise_login(snum,user,password,&guest)) {
- DEBUG( 2, ( "Invalid username/password for [%s]\n",
- lp_servicename(snum)) );
- conn_free(conn);
- *status = NT_STATUS_WRONG_PASSWORD;
- return NULL;
- }
- pass = Get_Pwnam_alloc(talloc_tos(), user);
- status2 = create_token_from_username(conn, pass->pw_name, True,
- &conn->uid, &conn->gid,
- &found_username,
- &conn->nt_user_token);
- TALLOC_FREE(pass);
- if (!NT_STATUS_IS_OK(status2)) {
- conn_free(conn);
- *status = status2;
- return NULL;
- }
- fstrcpy(user, found_username);
- string_set(&conn->user,user);
- TALLOC_FREE(found_username);
- conn->force_user = True;
- } else {
- DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));