search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tests/krb5: Remove unused parameter
[Samba.git] / source4 / auth / system_session.c
blobe46b4584817eeb09eb3b75e419a0d41b2c3f4b46
1 /*
2 Unix SMB/CIFS implementation.
3 Authentication utility functions
4 Copyright (C) Andrew Tridgell 1992-1998
5 Copyright (C) Andrew Bartlett 2001-2010
6 Copyright (C) Jeremy Allison 2000-2001
7 Copyright (C) Rafal Szczesniak 2002
8 Copyright (C) Stefan Metzmacher 2005
9
10 This program is free software; you can redistribute it and/or modify
11 it under the terms of the GNU General Public License as published by
12 the Free Software Foundation; either version 3 of the License, or
13 (at your option) any later version.
14
15 This program is distributed in the hope that it will be useful,
16 but WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 GNU General Public License for more details.
19
20 You should have received a copy of the GNU General Public License
21 along with this program. If not, see <http://www.gnu.org/licenses/>.
22 */
23
24 #include "includes.h"
25 #include "libcli/security/security.h"
26 #include "auth/credentials/credentials.h"
27 #include "param/param.h"
28 #include "auth/auth.h" /* for auth_user_info_dc */
29 #include "auth/session.h"
30 #include "auth/system_session_proto.h"
31
32 #undef DBGC_CLASS
33 #define DBGC_CLASS DBGC_AUTH
34
35 /*
36 prevent the static system session being freed
37 */
38 static int system_session_destructor(struct auth_session_info *info)
39 {
40 return -1;
41 }
42
43 /* Create a security token for a session SYSTEM (the most
44 * trusted/privileged account), including the local machine account as
45 * the off-host credentials
46 */
47 _PUBLIC_ struct auth_session_info *system_session(struct loadparm_context *lp_ctx)
48 {
49 static struct auth_session_info *static_session;
50 NTSTATUS nt_status;
51
52 if (static_session) {
53 return static_session;
54 }
55
56 /*
57 * Use NULL here, not the autofree context for this
58 * static pointer. The destructor prevents freeing this
59 * memory anyway.
60 */
61 nt_status = auth_system_session_info(NULL,
62 lp_ctx,
63 &static_session);
64 if (!NT_STATUS_IS_OK(nt_status)) {
65 TALLOC_FREE(static_session);
66 return NULL;
67 }
68 talloc_set_destructor(static_session, system_session_destructor);
69 return static_session;
70 }
71
72 NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
73 struct loadparm_context *lp_ctx,
74 struct auth_session_info **_session_info)
75 {
76 NTSTATUS nt_status;
77 struct auth_user_info_dc *user_info_dc = NULL;
78 struct auth_session_info *session_info = NULL;
79 TALLOC_CTX *mem_ctx = NULL;
80 bool ok;
81
82 mem_ctx = talloc_new(parent_ctx);
83 if (mem_ctx == NULL) {
84 return NT_STATUS_NO_MEMORY;
85 }
86
87 nt_status = auth_system_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
88 &user_info_dc);
89 if (!NT_STATUS_IS_OK(nt_status)) {
90 talloc_free(mem_ctx);
91 return nt_status;
92 }
93
94 /* references the user_info_dc into the session_info */
95 nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
96 talloc_free(mem_ctx);
97
98 NT_STATUS_NOT_OK_RETURN(nt_status);
99
100 session_info->credentials = cli_credentials_init(session_info);
101 if (!session_info->credentials) {
102 return NT_STATUS_NO_MEMORY;
103 }
104
105 ok = cli_credentials_set_conf(session_info->credentials, lp_ctx);
106 if (!ok) {
107 return NT_STATUS_INTERNAL_ERROR;
108 }
109
110 cli_credentials_set_machine_account_pending(session_info->credentials, lp_ctx);
111 *_session_info = session_info;
112
113 return NT_STATUS_OK;
114 }
115
116 NTSTATUS auth_system_user_info_dc(TALLOC_CTX *mem_ctx, const char *netbios_name,
117 struct auth_user_info_dc **_user_info_dc)
118 {
119 struct auth_user_info_dc *user_info_dc;
120 struct auth_user_info *info;
121
122 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
123 NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
124
125 /* This returns a pointer to a struct dom_sid, which is the
126 * same as a 1 element list of struct dom_sid */
127 user_info_dc->num_sids = 1;
128 user_info_dc->sids = dom_sid_dup(user_info_dc, &global_sid_System);
129 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
130
131 /* annoying, but the Anonymous really does have a session key,
132 and it is all zeros! */
133 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
134 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
135
136 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
137 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
138
139 data_blob_clear(&user_info_dc->user_session_key);
140 data_blob_clear(&user_info_dc->lm_session_key);
141
142 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
143 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
144
145 info->account_name = talloc_strdup(info, "SYSTEM");
146 NT_STATUS_HAVE_NO_MEMORY(info->account_name);
147
148 info->domain_name = talloc_strdup(info, "NT AUTHORITY");
149 NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
150
151 info->full_name = talloc_strdup(info, "System");
152 NT_STATUS_HAVE_NO_MEMORY(info->full_name);
153
154 info->logon_script = talloc_strdup(info, "");
155 NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
156
157 info->profile_path = talloc_strdup(info, "");
158 NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
159
160 info->home_directory = talloc_strdup(info, "");
161 NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
162
163 info->home_drive = talloc_strdup(info, "");
164 NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
165
166 info->logon_server = talloc_strdup(info, netbios_name);
167 NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
168
169 info->last_logon = 0;
170 info->last_logoff = 0;
171 info->acct_expiry = 0;
172 info->last_password_change = 0;
173 info->allow_password_change = 0;
174 info->force_password_change = 0;
175
176 info->logon_count = 0;
177 info->bad_password_count = 0;
178
179 info->acct_flags = ACB_NORMAL;
180
181 info->authenticated = true;
182
183 *_user_info_dc = user_info_dc;
184
185 return NT_STATUS_OK;
186 }
187
188
189 static NTSTATUS auth_domain_admin_user_info_dc(TALLOC_CTX *mem_ctx,
190 const char *netbios_name,
191 const char *domain_name,
192 struct dom_sid *domain_sid,
193 struct auth_user_info_dc **_user_info_dc)
194 {
195 struct auth_user_info_dc *user_info_dc;
196 struct auth_user_info *info;
197
198 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
199 NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
200
201 user_info_dc->num_sids = 7;
202 user_info_dc->sids = talloc_array(user_info_dc, struct dom_sid, user_info_dc->num_sids);
203
204 user_info_dc->sids[PRIMARY_USER_SID_INDEX] = *domain_sid;
205 sid_append_rid(&user_info_dc->sids[PRIMARY_USER_SID_INDEX], DOMAIN_RID_ADMINISTRATOR);
206
207 user_info_dc->sids[PRIMARY_GROUP_SID_INDEX] = *domain_sid;
208 sid_append_rid(&user_info_dc->sids[PRIMARY_GROUP_SID_INDEX], DOMAIN_RID_USERS);
209
210 user_info_dc->sids[2] = global_sid_Builtin_Administrators;
211
212 user_info_dc->sids[3] = *domain_sid;
213 sid_append_rid(&user_info_dc->sids[3], DOMAIN_RID_ADMINS);
214 user_info_dc->sids[4] = *domain_sid;
215 sid_append_rid(&user_info_dc->sids[4], DOMAIN_RID_ENTERPRISE_ADMINS);
216 user_info_dc->sids[5] = *domain_sid;
217 sid_append_rid(&user_info_dc->sids[5], DOMAIN_RID_POLICY_ADMINS);
218 user_info_dc->sids[6] = *domain_sid;
219 sid_append_rid(&user_info_dc->sids[6], DOMAIN_RID_SCHEMA_ADMINS);
220
221 /* What should the session key be?*/
222 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
223 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
224
225 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
226 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
227
228 data_blob_clear(&user_info_dc->user_session_key);
229 data_blob_clear(&user_info_dc->lm_session_key);
230
231 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
232 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
233
234 info->account_name = talloc_strdup(info, "Administrator");
235 NT_STATUS_HAVE_NO_MEMORY(info->account_name);
236
237 info->domain_name = talloc_strdup(info, domain_name);
238 NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
239
240 info->full_name = talloc_strdup(info, "Administrator");
241 NT_STATUS_HAVE_NO_MEMORY(info->full_name);
242
243 info->logon_script = talloc_strdup(info, "");
244 NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
245
246 info->profile_path = talloc_strdup(info, "");
247 NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
248
249 info->home_directory = talloc_strdup(info, "");
250 NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
251
252 info->home_drive = talloc_strdup(info, "");
253 NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
254
255 info->logon_server = talloc_strdup(info, netbios_name);
256 NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
257
258 info->last_logon = 0;
259 info->last_logoff = 0;
260 info->acct_expiry = 0;
261 info->last_password_change = 0;
262 info->allow_password_change = 0;
263 info->force_password_change = 0;
264
265 info->logon_count = 0;
266 info->bad_password_count = 0;
267
268 info->acct_flags = ACB_NORMAL;
269
270 info->authenticated = true;
271
272 *_user_info_dc = user_info_dc;
273
274 return NT_STATUS_OK;
275 }
276
277 static NTSTATUS auth_domain_admin_session_info(TALLOC_CTX *parent_ctx,
278 struct loadparm_context *lp_ctx,
279 struct dom_sid *domain_sid,
280 struct auth_session_info **session_info)
281 {
282 NTSTATUS nt_status;
283 struct auth_user_info_dc *user_info_dc = NULL;
284 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
285
286 NT_STATUS_HAVE_NO_MEMORY(mem_ctx);
287
288 nt_status = auth_domain_admin_user_info_dc(mem_ctx, lpcfg_netbios_name(lp_ctx),
289 lpcfg_workgroup(lp_ctx), domain_sid,
290 &user_info_dc);
291 if (!NT_STATUS_IS_OK(nt_status)) {
292 talloc_free(mem_ctx);
293 return nt_status;
294 }
295
296 nt_status = auth_generate_session_info(mem_ctx, NULL, NULL, user_info_dc,
297 AUTH_SESSION_INFO_SIMPLE_PRIVILEGES|AUTH_SESSION_INFO_AUTHENTICATED|AUTH_SESSION_INFO_DEFAULT_GROUPS,
298 session_info);
299 /* There is already a reference between the sesion_info and user_info_dc */
300 if (NT_STATUS_IS_OK(nt_status)) {
301 talloc_steal(parent_ctx, *session_info);
302 }
303 talloc_free(mem_ctx);
304 return nt_status;
305 }
306
307 _PUBLIC_ struct auth_session_info *admin_session(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct dom_sid *domain_sid)
308 {
309 NTSTATUS nt_status;
310 struct auth_session_info *session_info = NULL;
311 nt_status = auth_domain_admin_session_info(mem_ctx,
312 lp_ctx,
313 domain_sid,
314 &session_info);
315 if (!NT_STATUS_IS_OK(nt_status)) {
316 return NULL;
317 }
318 return session_info;
319 }
320
321 _PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx,
322 struct loadparm_context *lp_ctx,
323 struct auth_session_info **_session_info)
324 {
325 NTSTATUS nt_status;
326 struct auth_user_info_dc *user_info_dc = NULL;
327 struct auth_session_info *session_info = NULL;
328 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx);
329 bool ok;
330
331 nt_status = auth_anonymous_user_info_dc(mem_ctx,
332 lpcfg_netbios_name(lp_ctx),
333 &user_info_dc);
334 if (!NT_STATUS_IS_OK(nt_status)) {
335 talloc_free(mem_ctx);
336 return nt_status;
337 }
338
339 /* references the user_info_dc into the session_info */
340 nt_status = auth_generate_session_info(parent_ctx, NULL, NULL, user_info_dc, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, &session_info);
341 talloc_free(mem_ctx);
342
343 NT_STATUS_NOT_OK_RETURN(nt_status);
344
345 session_info->credentials = cli_credentials_init(session_info);
346 if (!session_info->credentials) {
347 return NT_STATUS_NO_MEMORY;
348 }
349
350 ok = cli_credentials_set_conf(session_info->credentials, lp_ctx);
351 if (!ok) {
352 return NT_STATUS_INTERNAL_ERROR;
353 }
354 cli_credentials_set_anonymous(session_info->credentials);
355
356 *_session_info = session_info;
357
358 return NT_STATUS_OK;
359 }
360
361 _PUBLIC_ NTSTATUS auth_anonymous_user_info_dc(TALLOC_CTX *mem_ctx,
362 const char *netbios_name,
363 struct auth_user_info_dc **_user_info_dc)
364 {
365 struct auth_user_info_dc *user_info_dc;
366 struct auth_user_info *info;
367 user_info_dc = talloc(mem_ctx, struct auth_user_info_dc);
368 NT_STATUS_HAVE_NO_MEMORY(user_info_dc);
369
370 /* This returns a pointer to a struct dom_sid, which is the
371 * same as a 1 element list of struct dom_sid */
372 user_info_dc->num_sids = 1;
373 user_info_dc->sids = dom_sid_dup(user_info_dc, &global_sid_Anonymous);
374 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->sids);
375
376 /* annoying, but the Anonymous really does have a session key... */
377 user_info_dc->user_session_key = data_blob_talloc(user_info_dc, NULL, 16);
378 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->user_session_key.data);
379
380 user_info_dc->lm_session_key = data_blob_talloc(user_info_dc, NULL, 16);
381 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->lm_session_key.data);
382
383 /* and it is all zeros! */
384 data_blob_clear(&user_info_dc->user_session_key);
385 data_blob_clear(&user_info_dc->lm_session_key);
386
387 user_info_dc->info = info = talloc_zero(user_info_dc, struct auth_user_info);
388 NT_STATUS_HAVE_NO_MEMORY(user_info_dc->info);
389
390 info->account_name = talloc_strdup(info, "ANONYMOUS LOGON");
391 NT_STATUS_HAVE_NO_MEMORY(info->account_name);
392
393 info->domain_name = talloc_strdup(info, "NT AUTHORITY");
394 NT_STATUS_HAVE_NO_MEMORY(info->domain_name);
395
396 info->full_name = talloc_strdup(info, "Anonymous Logon");
397 NT_STATUS_HAVE_NO_MEMORY(info->full_name);
398
399 info->logon_script = talloc_strdup(info, "");
400 NT_STATUS_HAVE_NO_MEMORY(info->logon_script);
401
402 info->profile_path = talloc_strdup(info, "");
403 NT_STATUS_HAVE_NO_MEMORY(info->profile_path);
404
405 info->home_directory = talloc_strdup(info, "");
406 NT_STATUS_HAVE_NO_MEMORY(info->home_directory);
407
408 info->home_drive = talloc_strdup(info, "");
409 NT_STATUS_HAVE_NO_MEMORY(info->home_drive);
410
411 info->logon_server = talloc_strdup(info, netbios_name);
412 NT_STATUS_HAVE_NO_MEMORY(info->logon_server);
413
414 info->last_logon = 0;
415 info->last_logoff = 0;
416 info->acct_expiry = 0;
417 info->last_password_change = 0;
418 info->allow_password_change = 0;
419 info->force_password_change = 0;
420
421 info->logon_count = 0;
422 info->bad_password_count = 0;
423
424 info->acct_flags = ACB_NORMAL;
425
426 info->authenticated = false;
427
428 *_user_info_dc = user_info_dc;
429
430 return NT_STATUS_OK;
431 }
432
Samba GIT mirror