source3/auth/auth_builtin.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Generic authentication types
   4    Copyright (C) Andrew Bartlett         2001-2002
   5    Copyright (C) Jelmer Vernooij              2002
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 3 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  19 */
  20
  21 #include "includes.h"
  22
  23 #undef DBGC_CLASS
  24 #define DBGC_CLASS DBGC_AUTH
  25
  26 /**
  27  * Return a guest logon for guest users (username = "")
  28  *
  29  * Typically used as the first module in the auth chain, this allows
  30  * guest logons to be dealt with in one place.  Non-guest logons 'fail'
  31  * and pass onto the next module.
  32  **/
  33
  34 static NTSTATUS check_guest_security(const struct auth_context *auth_context,
  35                                      void *my_private_data,
  36                                      TALLOC_CTX *mem_ctx,
  37                                      const struct auth_usersupplied_info *user_info,
  38                                      struct auth_serversupplied_info **server_info)
  39 {
  40         /* mark this as 'not for me' */
  41         NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
  42
  43         if (!(user_info->internal_username
  44               && *user_info->internal_username)) {
  45                 nt_status = make_server_info_guest(NULL, server_info);
  46         }
  47
  48         return nt_status;
  49 }
  50
  51 /* Guest modules initialisation */
  52
  53 static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
  54 {
  55         struct auth_methods *result;
  56
  57         result = TALLOC_ZERO_P(auth_context, struct auth_methods);
  58         if (result == NULL) {
  59                 return NT_STATUS_NO_MEMORY;
  60         }
  61         result->auth = check_guest_security;
  62         result->name = "guest";
  63
  64         *auth_method = result;
  65         return NT_STATUS_OK;
  66 }
  67
  68 #ifdef DEVELOPER
  69 /**
  70  * Return an error based on username
  71  *
  72  * This function allows the testing of obsure errors, as well as the generation
  73  * of NT_STATUS -> DOS error mapping tables.
  74  *
  75  * This module is of no value to end-users.
  76  *
  77  * The password is ignored.
  78  *
  79  * @return An NTSTATUS value based on the username
  80  **/
  81
  82 static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
  83                                                 void *my_private_data,
  84                                                 TALLOC_CTX *mem_ctx,
  85                                                 const struct auth_usersupplied_info *user_info,
  86                                                 struct auth_serversupplied_info **server_info)
  87 {
  88         NTSTATUS nt_status;
  89         fstring user;
  90         long error_num;
  91         fstrcpy(user, user_info->smb_name);
  92
  93         if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
  94                 strupper_m(user);
  95                 return nt_status_string_to_code(user);
  96         }
  97
  98         strlower_m(user);
  99         error_num = strtoul(user, NULL, 16);
 100
 101         DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
 102
 103         nt_status = NT_STATUS(error_num);
 104
 105         return nt_status;
 106 }
 107
 108 /** Module initialisation function */
 109
 110 static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
 111 {
 112         struct auth_methods *result;
 113
 114         result = TALLOC_ZERO_P(auth_context, struct auth_methods);
 115         if (result == NULL) {
 116                 return NT_STATUS_NO_MEMORY;
 117         }
 118         result->auth = check_name_to_ntstatus_security;
 119         result->name = "name_to_ntstatus";
 120
 121         *auth_method = result;
 122         return NT_STATUS_OK;
 123 }
 124
 125 /**
 126  * Return a 'fixed' challenge instead of a variable one.
 127  *
 128  * The idea of this function is to make packet snifs consistant
 129  * with a fixed challenge, so as to aid debugging.
 130  *
 131  * This module is of no value to end-users.
 132  *
 133  * This module does not actually authenticate the user, but
 134  * just pretenteds to need a specified challenge.
 135  * This module removes *all* security from the challenge-response system
 136  *
 137  * @return NT_STATUS_UNSUCCESSFUL
 138  **/
 139
 140 static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
 141                                                void *my_private_data,
 142                                                TALLOC_CTX *mem_ctx,
 143                                                const struct auth_usersupplied_info *user_info,
 144                                                struct auth_serversupplied_info **server_info)
 145 {
 146         return NT_STATUS_NOT_IMPLEMENTED;
 147 }
 148
 149 /****************************************************************************
 150  Get the challenge out of a password server.
 151 ****************************************************************************/
 152
 153 static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context,
 154                                           void **my_private_data,
 155                                           TALLOC_CTX *mem_ctx)
 156 {
 157         const char *challenge = "I am a teapot";
 158         return data_blob(challenge, 8);
 159 }
 160
 161
 162 /** Module initialisation function */
 163
 164 static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
 165 {
 166         struct auth_methods *result;
 167
 168         result = TALLOC_ZERO_P(auth_context, struct auth_methods);
 169         if (result == NULL) {
 170                 return NT_STATUS_NO_MEMORY;
 171         }
 172         result->auth = check_fixed_challenge_security;
 173         result->get_chal = auth_get_fixed_challenge;
 174         result->name = "fixed_challenge";
 175
 176         *auth_method = result;
 177         return NT_STATUS_OK;
 178 }
 179 #endif /* DEVELOPER */
 180
 181 NTSTATUS auth_builtin_init(void)
 182 {
 183         smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest);
 184 #ifdef DEVELOPER
 185         smb_register_auth(AUTH_INTERFACE_VERSION, "fixed_challenge", auth_init_fixed_challenge);
 186         smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
 187 #endif
 188         return NT_STATUS_OK;
 189 }