More control over which users are permitted access via the guest user account if the normal authentication process fails

SMBLibrary/Server/INTLMAuthenticationProvider.cs

@@ -1,4 +1,4 @@
-/* Copyright (C) 2014 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
+/* Copyright (C) 2014-2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  * 
  * You can redistribute this program and/or modify it under the terms of
  * the GNU Lesser Public License as published by the Free Software Foundation,
@@ -21,11 +21,19 @@ namespace SMBLibrary.Server
         byte[] GetChallengeMessageBytes(byte[] negotiateMessageBytes);
         User Authenticate(byte[] authenticateMessageBytes);
 
-        List<string> ListUsers();
+        /// <summary>
+        /// Permit access to this user via the guest user account if the normal authentication process fails.
+        /// </summary>
+        /// <remarks>
+        /// Windows will permit fallback when these conditions are met:
+        /// 1. The guest user account is enabled.
+        /// 2. The guest user account does not have a password set.
+        /// 3. The specified account does not exist.
+        ///    OR:
+        ///    The password is correct but 'limitblankpassworduse' is set to 1 (logon over a network is disabled for accounts without a password).
+        /// </remarks>
+        bool FallbackToGuest(string userName);
 
-        bool EnableGuestLogin
-        {
-            get;
-        }
+        List<string> ListUsers();
     }
 }

SMBLibrary/Server/IndependentUserCollection.cs

@@ -1,4 +1,4 @@
-/* Copyright (C) 2014 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
+/* Copyright (C) 2014-2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  * 
  * You can redistribute this program and/or modify it under the terms of
  * the GNU Lesser Public License as published by the Free Software Foundation,
@@ -176,7 +176,12 @@ namespace SMBLibrary.Server
             return AuthenticateV1(accountNameToAuth, m_serverChallenge, lmResponse, ntlmResponse);
         }
 
-        public bool EnableGuestLogin
+        public bool FallbackToGuest(string userName)
+        {
+            return (EnableGuestLogin && (IndexOf(userName) == -1));
+        }
+
+        private bool EnableGuestLogin
         {
             get
             {

SMBLibrary/Server/SMB1/SessionSetupHelper.cs

@@ -46,7 +46,7 @@ namespace SMBLibrary.Server.SMB1
                 header.UID = userID.Value;
                 response.PrimaryDomain = request.PrimaryDomain;
             }
-            else if (users.EnableGuestLogin)
+            else if (users.FallbackToGuest(user.AccountName))
             {
                 ushort? userID = state.AddConnectedUser("Guest");
                 if (!userID.HasValue)
@@ -132,7 +132,7 @@ namespace SMBLibrary.Server.SMB1
                     }
                     header.UID = userID.Value;
                 }
-                else if (users.EnableGuestLogin)
+                else if (users.FallbackToGuest(user.AccountName))
                 {
                     ushort? userID = state.AddConnectedUser("Guest");
                     if (!userID.HasValue)

SMBLibrary/Win32/Win32UserCollection.cs

@@ -1,4 +1,4 @@
-/* Copyright (C) 2014 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
+/* Copyright (C) 2014-2017 Tal Aloni <tal.aloni.il@gmail.com>. All rights reserved.
  * 
  * You can redistribute this program and/or modify it under the terms of
  * the GNU Lesser Public License as published by the Free Software Foundation,
@@ -189,10 +189,15 @@ namespace SMBLibrary.Server.Win32
             return false;
         }
 
+        public bool FallbackToGuest(string userName)
+        {
+            return (EnableGuestLogin && (IndexOf(userName) == -1));
+        }
+
         /// <summary>
         /// We immitate Windows, Guest logins are disabled when the guest account has password set
         /// </summary>
-        public bool EnableGuestLogin
+        private bool EnableGuestLogin
         {
             get
             {