search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4:kdc: strictly have 2 16-bit parts in krbtgt kvnos
[Samba.git] / source3 / auth / auth_builtin.c
blob046b9793e33ed718fd4f72cabd5a7addf4168e2a
1 /*
2 Unix SMB/CIFS implementation.
3 Generic authentication types
4 Copyright (C) Andrew Bartlett 2001-2002
5 Copyright (C) Jelmer Vernooij 2002
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "auth.h"
23 #include "lib/util/string_wrappers.h"
24
25 #undef DBGC_CLASS
26 #define DBGC_CLASS DBGC_AUTH
27
28 /**
29 * Return a guest logon for anonymous users (username = "")
30 *
31 * Typically used as the first module in the auth chain, this allows
32 * guest logons to be dealt with in one place. Non-guest logons 'fail'
33 * and pass onto the next module.
34 **/
35
36 static NTSTATUS check_anonymous_security(const struct auth_context *auth_context,
37 void *my_private_data,
38 TALLOC_CTX *mem_ctx,
39 const struct auth_usersupplied_info *user_info,
40 struct auth_serversupplied_info **server_info)
41 {
42 DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
43
44 if (user_info->mapped.account_name && *user_info->mapped.account_name) {
45 /* mark this as 'not for me' */
46 return NT_STATUS_NOT_IMPLEMENTED;
47 }
48
49 switch (user_info->password_state) {
50 case AUTH_PASSWORD_PLAIN:
51 if (user_info->password.plaintext != NULL &&
52 strlen(user_info->password.plaintext) > 0)
53 {
54 /* mark this as 'not for me' */
55 return NT_STATUS_NOT_IMPLEMENTED;
56 }
57 break;
58 case AUTH_PASSWORD_HASH:
59 if (user_info->password.hash.lanman != NULL) {
60 /* mark this as 'not for me' */
61 return NT_STATUS_NOT_IMPLEMENTED;
62 }
63 if (user_info->password.hash.nt != NULL) {
64 /* mark this as 'not for me' */
65 return NT_STATUS_NOT_IMPLEMENTED;
66 }
67 break;
68 case AUTH_PASSWORD_RESPONSE:
69 if (user_info->password.response.lanman.length == 1) {
70 if (user_info->password.response.lanman.data[0] != '\0') {
71 /* mark this as 'not for me' */
72 return NT_STATUS_NOT_IMPLEMENTED;
73 }
74 } else if (user_info->password.response.lanman.length > 1) {
75 /* mark this as 'not for me' */
76 return NT_STATUS_NOT_IMPLEMENTED;
77 }
78 if (user_info->password.response.nt.length > 0) {
79 /* mark this as 'not for me' */
80 return NT_STATUS_NOT_IMPLEMENTED;
81 }
82 break;
83 }
84
85 return make_server_info_anonymous(NULL, server_info);
86 }
87
88 /* Guest modules initialisation */
89
90 static NTSTATUS auth_init_anonymous(
91 struct auth_context *auth_context,
92 const char *options,
93 struct auth_methods **auth_method)
94 {
95 struct auth_methods *result;
96
97 result = talloc_zero(auth_context, struct auth_methods);
98 if (result == NULL) {
99 return NT_STATUS_NO_MEMORY;
100 }
101 result->auth = check_anonymous_security;
102 result->name = "anonymous";
103
104 *auth_method = result;
105 return NT_STATUS_OK;
106 }
107
108 #ifdef DEVELOPER
109 /**
110 * Return an error based on username
111 *
112 * This function allows the testing of obsure errors, as well as the generation
113 * of NT_STATUS -> DOS error mapping tables.
114 *
115 * This module is of no value to end-users.
116 *
117 * The password is ignored.
118 *
119 * @return An NTSTATUS value based on the username
120 **/
121
122 static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
123 void *my_private_data,
124 TALLOC_CTX *mem_ctx,
125 const struct auth_usersupplied_info *user_info,
126 struct auth_serversupplied_info **server_info)
127 {
128 NTSTATUS nt_status;
129 fstring user;
130 long error_num;
131
132 DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
133
134 fstrcpy(user, user_info->client.account_name);
135
136 if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
137 if (!strupper_m(user)) {
138 return NT_STATUS_INVALID_PARAMETER;
139 }
140 return nt_status_string_to_code(user);
141 }
142
143 if (!strlower_m(user)) {
144 return NT_STATUS_INVALID_PARAMETER;
145 }
146 error_num = strtoul(user, NULL, 16);
147
148 DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
149
150 nt_status = NT_STATUS(error_num);
151
152 return nt_status;
153 }
154
155 /** Module initialisation function */
156
157 static NTSTATUS auth_init_name_to_ntstatus(
158 struct auth_context *auth_context,
159 const char *param,
160 struct auth_methods **auth_method)
161 {
162 struct auth_methods *result;
163
164 result = talloc_zero(auth_context, struct auth_methods);
165 if (result == NULL) {
166 return NT_STATUS_NO_MEMORY;
167 }
168 result->auth = check_name_to_ntstatus_security;
169 result->name = "name_to_ntstatus";
170
171 *auth_method = result;
172 return NT_STATUS_OK;
173 }
174
175 #endif /* DEVELOPER */
176
177 NTSTATUS auth_builtin_init(TALLOC_CTX *mem_ctx)
178 {
179 smb_register_auth(AUTH_INTERFACE_VERSION, "anonymous", auth_init_anonymous);
180 #ifdef DEVELOPER
181 smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
182 #endif
183 return NT_STATUS_OK;
184 }
Samba GIT mirror