Add create_connection_server_info() -- not used yet

(This used to be commit 50bf075f7556fd09e0081175c31a5020a8eaf4d6)

diff --git a/source3/smbd/service.c b/source3/smbd/service.c
index f589f0644b84b0d8a99ed21c962ea405f2cf9023..35a415b0acf447a4f5c85d881a3a9ed8fd2c5f4e 100644 (file)
--- a/source3/smbd/service.c
+++ b/source3/smbd/service.c
@@ -639,6 +639,82 @@ static NTSTATUS find_forced_group(bool force_user,
        return result;
 }
 
+/****************************************************************************
+  Create an auth_serversupplied_info structure for a connection_struct
+****************************************************************************/
+
+static NTSTATUS create_connection_server_info(TALLOC_CTX *mem_ctx, int snum,
+                                              struct auth_serversupplied_info *vuid_serverinfo,
+                                             DATA_BLOB password,
+                                              struct auth_serversupplied_info **presult)
+{
+        if (lp_guest_only(snum)) {
+                return make_server_info_guest(mem_ctx, presult);
+        }
+
+        if (vuid_serverinfo != NULL) {
+
+               struct auth_serversupplied_info *result;
+
+                /*
+                 * This is the normal security != share case where we have a
+                 * valid vuid from the session setup.                 */
+
+                if (vuid_serverinfo->guest) {
+                        if (!lp_guest_ok(snum)) {
+                                DEBUG(2, ("guest user (from session setup) "
+                                          "not permitted to access this share "
+                                          "(%s)\n", lp_servicename(snum)));
+                                return NT_STATUS_ACCESS_DENIED;
+                        }
+                } else {
+                        if (!user_ok_token(vuid_serverinfo->unix_name,
+                                           vuid_serverinfo->ptok, snum)) {
+                                DEBUG(2, ("user '%s' (from session setup) not "
+                                          "permitted to access this share "
+                                          "(%s)\n",
+                                          vuid_serverinfo->unix_name,
+                                          lp_servicename(snum)));
+                                return NT_STATUS_ACCESS_DENIED;
+                        }
+                }
+
+                result = copy_serverinfo(mem_ctx, vuid_serverinfo);
+               if (result == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               *presult = result;
+               return NT_STATUS_OK;
+        }
+
+        if (lp_security() == SEC_SHARE) {
+
+                fstring user;
+               bool guest;
+
+                /* add the sharename as a possible user name if we
+                   are in share mode security */
+
+                add_session_user(lp_servicename(snum));
+
+                /* shall we let them in? */
+
+                if (!authorise_login(snum,user,password,&guest)) {
+                        DEBUG( 2, ( "Invalid username/password for [%s]\n",
+                                    lp_servicename(snum)) );
+                       return NT_STATUS_WRONG_PASSWORD;
+                }
+
+               return make_serverinfo_from_username(mem_ctx, user, guest,
+                                                    presult);
+        }
+
+       DEBUG(0, ("invalid VUID (vuser) but not in security=share\n"));
+       return NT_STATUS_ACCESS_DENIED;
+}
+
+
 /****************************************************************************
   Make a connection, given the snum to connect to, and the vuser of the
   connecting user if appropriate.