source3/auth/auth_builtin.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3    Generic authentication types
   4    Copyright (C) Andrew Bartlett         2001-2002
   5    Copyright (C) Jelmer Vernooij              2002
   6
   7    This program is free software; you can redistribute it and/or modify
   8    it under the terms of the GNU General Public License as published by
   9    the Free Software Foundation; either version 2 of the License, or
  10    (at your option) any later version.
  11
  12    This program is distributed in the hope that it will be useful,
  13    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15    GNU General Public License for more details.
  16
  17    You should have received a copy of the GNU General Public License
  18    along with this program; if not, write to the Free Software
  19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
  20 */
  21
  22 #include "includes.h"
  23
  24 #undef DBGC_CLASS
  25 #define DBGC_CLASS DBGC_AUTH
  26
  27 /**
  28  * Return a guest logon for guest users (username = "")
  29  *
  30  * Typically used as the first module in the auth chain, this allows
  31  * guest logons to be dealt with in one place.  Non-guest logons 'fail'
  32  * and pass onto the next module.
  33  **/
  34
  35 static NTSTATUS check_guest_security(const struct auth_context *auth_context,
  36                                      void *my_private_data,
  37                                      TALLOC_CTX *mem_ctx,
  38                                      const auth_usersupplied_info *user_info,
  39                                      auth_serversupplied_info **server_info)
  40 {
  41         NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
  42
  43         if (!(user_info->internal_username.str
  44               && *user_info->internal_username.str)) {
  45                 nt_status = make_server_info_guest(server_info);
  46         }
  47
  48         return nt_status;
  49 }
  50
  51 /* Guest modules initialisation */
  52
  53 static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
  54 {
  55         if (!make_auth_methods(auth_context, auth_method))
  56                 return NT_STATUS_NO_MEMORY;
  57
  58         (*auth_method)->auth = check_guest_security;
  59         (*auth_method)->name = "guest";
  60         return NT_STATUS_OK;
  61 }
  62
  63 #ifdef DEVELOPER
  64 /**
  65  * Return an error based on username
  66  *
  67  * This function allows the testing of obsure errors, as well as the generation
  68  * of NT_STATUS -> DOS error mapping tables.
  69  *
  70  * This module is of no value to end-users.
  71  *
  72  * The password is ignored.
  73  *
  74  * @return An NTSTATUS value based on the username
  75  **/
  76
  77 static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
  78                                                 void *my_private_data,
  79                                                 TALLOC_CTX *mem_ctx,
  80                                                 const auth_usersupplied_info *user_info,
  81                                                 auth_serversupplied_info **server_info)
  82 {
  83         NTSTATUS nt_status;
  84         fstring user;
  85         long error_num;
  86         fstrcpy(user, user_info->smb_name.str);
  87
  88         if (strncasecmp("NT_STATUS", user, strlen("NT_STATUS")) == 0) {
  89                 strupper(user);
  90                 return nt_status_string_to_code(user);
  91         }
  92
  93         strlower(user);
  94         error_num = strtoul(user, NULL, 16);
  95
  96         DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
  97
  98         nt_status = NT_STATUS(error_num);
  99
 100         return nt_status;
 101 }
 102
 103 /** Module initialisation function */
 104
 105 static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
 106 {
 107         if (!make_auth_methods(auth_context, auth_method))
 108                 return NT_STATUS_NO_MEMORY;
 109
 110         (*auth_method)->auth = check_name_to_ntstatus_security;
 111         (*auth_method)->name = "name_to_ntstatus";
 112         return NT_STATUS_OK;
 113 }
 114
 115 /**
 116  * Return a 'fixed' challenge instead of a variable one.
 117  *
 118  * The idea of this function is to make packet snifs consistant
 119  * with a fixed challenge, so as to aid debugging.
 120  *
 121  * This module is of no value to end-users.
 122  *
 123  * This module does not actually authenticate the user, but
 124  * just pretenteds to need a specified challenge.
 125  * This module removes *all* security from the challenge-response system
 126  *
 127  * @return NT_STATUS_UNSUCCESSFUL
 128  **/
 129
 130 static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
 131                                                void *my_private_data,
 132                                                TALLOC_CTX *mem_ctx,
 133                                                const auth_usersupplied_info *user_info,
 134                                                auth_serversupplied_info **server_info)
 135 {
 136         return NT_STATUS_UNSUCCESSFUL;
 137 }
 138
 139 /****************************************************************************
 140  Get the challenge out of a password server.
 141 ****************************************************************************/
 142
 143 static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context,
 144                                           void **my_private_data,
 145                                           TALLOC_CTX *mem_ctx)
 146 {
 147         const char *challenge = "I am a teapot";
 148         return data_blob(challenge, 8);
 149 }
 150
 151
 152 /** Module initailisation function */
 153
 154 static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
 155 {
 156         if (!make_auth_methods(auth_context, auth_method))
 157                 return NT_STATUS_NO_MEMORY;
 158
 159         (*auth_method)->auth = check_fixed_challenge_security;
 160         (*auth_method)->get_chal = auth_get_fixed_challenge;
 161         (*auth_method)->name = "fixed_challenge";
 162         return NT_STATUS_OK;
 163 }
 164 #endif /* DEVELOPER */
 165
 166 NTSTATUS auth_builtin_init(void)
 167 {
 168         smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest);
 169 #ifdef DEVELOPER
 170         smb_register_auth(AUTH_INTERFACE_VERSION, "fixed_challenge", auth_init_fixed_challenge);
 171         smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
 172 #endif
 173         return NT_STATUS_OK;
 174 }