IntegratedNTLMAuthenticationProvider: Bugfix: IsGuest was not always set when the username did not exist

SMBLibrary/Win32/IntegratedNTLMAuthenticationProvider.cs

@@ -75,7 +75,8 @@ namespace SMBLibrary.Win32.Security
 
             authContext.UserName = message.UserName;
             authContext.SessionKey = message.EncryptedRandomSessionKey;
-            if ((message.NegotiateFlags & NegotiateFlags.Anonymous) > 0)
+            if ((message.NegotiateFlags & NegotiateFlags.Anonymous) > 0 ||
+                !IsUserExists(message.UserName))
             {
                 if (this.EnableGuestLogin)
                 {
@@ -113,7 +114,7 @@ namespace SMBLibrary.Win32.Security
                 // 3. The specified account does not exist.
                 //    OR:
                 //    The password is correct but 'limitblankpassworduse' is set to 1 (logon over a network is disabled for accounts without a password).
-                bool allowFallback = (!IsUserExists(message.UserName) || result == Win32Error.ERROR_ACCOUNT_RESTRICTION);
+                bool allowFallback = (result == Win32Error.ERROR_ACCOUNT_RESTRICTION);
                 if (allowFallback && this.EnableGuestLogin)
                 {
                     authContext.IsGuest = true;

SMBLibrary/Win32/Security/SSPIHelper.cs

@@ -325,6 +325,8 @@ namespace SMBLibrary.Win32.Security
         /// 1. The account is listed under the "Deny access to this computer from the network" list.
         /// 2. 'limitblankpassworduse' is set to 1, non-guest is attempting to login with an empty password,
         ///    and the Guest account is disabled, has non-empty pasword set or listed under the "Deny access to this computer from the network" list.
+        /// 
+        /// Note: "If the Guest account is enabled, SSPI logon may succeed as Guest for user credentials that are not valid".
         /// </summary>
         /// <remarks>
         /// 1. 'limitblankpassworduse' will not affect the Guest account.