2 Unix SMB/CIFS implementation.
3 Password and authentication handling
4 Copyright (C) Andrew Tridgell 1992-2000
5 Copyright (C) Luke Kenneth Casson Leighton 1996-2000
6 Copyright (C) Andrew Bartlett 2001-2003
7 Copyright (C) Gerald Carter 2003
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #define DBGC_CLASS DBGC_AUTH
29 static NTSTATUS
auth_sam_ignoredomain_auth(const struct auth_context
*auth_context
,
30 void *my_private_data
,
32 const struct auth_usersupplied_info
*user_info
,
33 struct auth_serversupplied_info
**server_info
)
35 if (!user_info
|| !auth_context
) {
36 return NT_STATUS_UNSUCCESSFUL
;
38 return check_sam_security(&auth_context
->challenge
, mem_ctx
,
39 user_info
, server_info
);
42 /* module initialisation */
43 static NTSTATUS
auth_init_sam_ignoredomain(struct auth_context
*auth_context
, const char *param
, auth_methods
**auth_method
)
45 struct auth_methods
*result
;
47 result
= talloc_zero(auth_context
, struct auth_methods
);
49 return NT_STATUS_NO_MEMORY
;
51 result
->auth
= auth_sam_ignoredomain_auth
;
52 result
->name
= "sam_ignoredomain";
54 *auth_method
= result
;
59 /****************************************************************************
60 Check SAM security (above) but with a few extra checks.
61 ****************************************************************************/
63 static NTSTATUS
auth_samstrict_auth(const struct auth_context
*auth_context
,
64 void *my_private_data
,
66 const struct auth_usersupplied_info
*user_info
,
67 struct auth_serversupplied_info
**server_info
)
69 bool is_local_name
, is_my_domain
;
71 if (!user_info
|| !auth_context
) {
72 return NT_STATUS_LOGON_FAILURE
;
75 DEBUG(10, ("Check auth for: [%s]\n", user_info
->mapped
.account_name
));
77 is_local_name
= is_myname(user_info
->mapped
.domain_name
);
78 is_my_domain
= strequal(user_info
->mapped
.domain_name
, lp_workgroup());
80 /* check whether or not we service this domain/workgroup name */
82 switch ( lp_server_role() ) {
84 case ROLE_DOMAIN_MEMBER
:
85 if ( !is_local_name
) {
86 DEBUG(6,("check_samstrict_security: %s is not one of my local names (%s)\n",
87 user_info
->mapped
.domain_name
, (lp_server_role() == ROLE_DOMAIN_MEMBER
88 ? "ROLE_DOMAIN_MEMBER" : "ROLE_STANDALONE") ));
89 return NT_STATUS_NOT_IMPLEMENTED
;
93 if ( !is_local_name
&& !is_my_domain
) {
94 DEBUG(6,("check_samstrict_security: %s is not one of my local names or domain name (DC)\n",
95 user_info
->mapped
.domain_name
));
96 return NT_STATUS_NOT_IMPLEMENTED
;
98 default: /* name is ok */
102 return check_sam_security(&auth_context
->challenge
, mem_ctx
,
103 user_info
, server_info
);
106 /* module initialisation */
107 static NTSTATUS
auth_init_sam(struct auth_context
*auth_context
, const char *param
, auth_methods
**auth_method
)
109 struct auth_methods
*result
;
111 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
112 && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
113 DEBUG(0, ("server role = 'active directory domain controller' not compatible with running the auth_sam module. \n"));
114 DEBUGADD(0, ("You should not set 'auth methods' when running the AD DC.\n"));
118 result
= talloc_zero(auth_context
, struct auth_methods
);
119 if (result
== NULL
) {
120 return NT_STATUS_NO_MEMORY
;
122 result
->auth
= auth_samstrict_auth
;
123 result
->name
= "sam";
124 *auth_method
= result
;
128 static NTSTATUS
auth_sam_netlogon3_auth(const struct auth_context
*auth_context
,
129 void *my_private_data
,
131 const struct auth_usersupplied_info
*user_info
,
132 struct auth_serversupplied_info
**server_info
)
136 if (!user_info
|| !auth_context
) {
137 return NT_STATUS_LOGON_FAILURE
;
140 DBG_DEBUG("Check auth for: [%s]\\[%s]\n",
141 user_info
->mapped
.domain_name
,
142 user_info
->mapped
.account_name
);
144 /* check whether or not we service this domain/workgroup name */
146 switch (lp_server_role()) {
147 case ROLE_DOMAIN_PDC
:
148 case ROLE_DOMAIN_BDC
:
151 DBG_ERR("Invalid server role\n");
152 return NT_STATUS_INVALID_SERVER_STATE
;
155 is_my_domain
= strequal(user_info
->mapped
.domain_name
, lp_workgroup());
157 DBG_INFO("%s is not our domain name (DC for %s)\n",
158 user_info
->mapped
.domain_name
, lp_workgroup());
159 return NT_STATUS_NOT_IMPLEMENTED
;
162 return check_sam_security(&auth_context
->challenge
, mem_ctx
,
163 user_info
, server_info
);
166 /* module initialisation */
167 static NTSTATUS
auth_init_sam_netlogon3(struct auth_context
*auth_context
,
168 const char *param
, auth_methods
**auth_method
)
170 struct auth_methods
*result
;
172 if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC
173 && !lp_parm_bool(-1, "server role check", "inhibit", false)) {
174 DEBUG(0, ("server role = 'active directory domain controller' "
175 "not compatible with running the auth_sam module.\n"));
176 DEBUGADD(0, ("You should not set 'auth methods' when "
177 "running the AD DC.\n"));
181 result
= talloc_zero(auth_context
, struct auth_methods
);
182 if (result
== NULL
) {
183 return NT_STATUS_NO_MEMORY
;
185 result
->auth
= auth_sam_netlogon3_auth
;
186 result
->name
= "sam_netlogon3";
187 *auth_method
= result
;
191 NTSTATUS
auth_sam_init(TALLOC_CTX
*mem_ctx
)
193 smb_register_auth(AUTH_INTERFACE_VERSION
, "sam", auth_init_sam
);
194 smb_register_auth(AUTH_INTERFACE_VERSION
, "sam_ignoredomain", auth_init_sam_ignoredomain
);
195 smb_register_auth(AUTH_INTERFACE_VERSION
, "sam_netlogon3", auth_init_sam_netlogon3
);
