source: vendor/current/source3/auth/auth_builtin.c

Last change on this file was 988, checked in by Silvan Scherrer, 9 years ago

Samba Server: update vendor to version 4.4.3
File size: 4.9 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3 Generic authentication types
4 Copyright (C) Andrew Bartlett 2001-2002
5 Copyright (C) Jelmer Vernooij 2002
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21#include "includes.h"
22#include "auth.h"
23
24#undef DBGC_CLASS
25#define DBGC_CLASS DBGC_AUTH
26
27/**
28 * Return a guest logon for guest users (username = "")
29 *
30 * Typically used as the first module in the auth chain, this allows
31 * guest logons to be dealt with in one place. Non-guest logons 'fail'
32 * and pass onto the next module.
33 **/
34
35static NTSTATUS check_guest_security(const struct auth_context *auth_context,
36 void *my_private_data,
37 TALLOC_CTX *mem_ctx,
38 const struct auth_usersupplied_info *user_info,
39 struct auth_serversupplied_info **server_info)
40{
41 DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
42
43 if (user_info->mapped.account_name && *user_info->mapped.account_name) {
44 /* mark this as 'not for me' */
45 return NT_STATUS_NOT_IMPLEMENTED;
46 }
47
48 switch (user_info->password_state) {
49 case AUTH_PASSWORD_PLAIN:
50 if (user_info->password.plaintext != NULL &&
51 strlen(user_info->password.plaintext) > 0)
52 {
53 /* mark this as 'not for me' */
54 return NT_STATUS_NOT_IMPLEMENTED;
55 }
56 break;
57 case AUTH_PASSWORD_HASH:
58 if (user_info->password.hash.lanman != NULL) {
59 /* mark this as 'not for me' */
60 return NT_STATUS_NOT_IMPLEMENTED;
61 }
62 if (user_info->password.hash.nt != NULL) {
63 /* mark this as 'not for me' */
64 return NT_STATUS_NOT_IMPLEMENTED;
65 }
66 break;
67 case AUTH_PASSWORD_RESPONSE:
68 if (user_info->password.response.lanman.length == 1) {
69 if (user_info->password.response.lanman.data[0] != '\0') {
70 /* mark this as 'not for me' */
71 return NT_STATUS_NOT_IMPLEMENTED;
72 }
73 } else if (user_info->password.response.lanman.length > 1) {
74 /* mark this as 'not for me' */
75 return NT_STATUS_NOT_IMPLEMENTED;
76 }
77 if (user_info->password.response.nt.length > 0) {
78 /* mark this as 'not for me' */
79 return NT_STATUS_NOT_IMPLEMENTED;
80 }
81 break;
82 }
83
84 return make_server_info_guest(NULL, server_info);
85}
86
87/* Guest modules initialisation */
88
89static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
90{
91 struct auth_methods *result;
92
93 result = talloc_zero(auth_context, struct auth_methods);
94 if (result == NULL) {
95 return NT_STATUS_NO_MEMORY;
96 }
97 result->auth = check_guest_security;
98 result->name = "guest";
99
100 *auth_method = result;
101 return NT_STATUS_OK;
102}
103
104#ifdef DEVELOPER
105/**
106 * Return an error based on username
107 *
108 * This function allows the testing of obsure errors, as well as the generation
109 * of NT_STATUS -> DOS error mapping tables.
110 *
111 * This module is of no value to end-users.
112 *
113 * The password is ignored.
114 *
115 * @return An NTSTATUS value based on the username
116 **/
117
118static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
119 void *my_private_data,
120 TALLOC_CTX *mem_ctx,
121 const struct auth_usersupplied_info *user_info,
122 struct auth_serversupplied_info **server_info)
123{
124 NTSTATUS nt_status;
125 fstring user;
126 long error_num;
127
128 DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
129
130 fstrcpy(user, user_info->client.account_name);
131
132 if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
133 if (!strupper_m(user)) {
134 return NT_STATUS_INVALID_PARAMETER;
135 }
136 return nt_status_string_to_code(user);
137 }
138
139 if (!strlower_m(user)) {
140 return NT_STATUS_INVALID_PARAMETER;
141 }
142 error_num = strtoul(user, NULL, 16);
143
144 DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
145
146 nt_status = NT_STATUS(error_num);
147
148 return nt_status;
149}
150
151/** Module initialisation function */
152
153static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
154{
155 struct auth_methods *result;
156
157 result = talloc_zero(auth_context, struct auth_methods);
158 if (result == NULL) {
159 return NT_STATUS_NO_MEMORY;
160 }
161 result->auth = check_name_to_ntstatus_security;
162 result->name = "name_to_ntstatus";
163
164 *auth_method = result;
165 return NT_STATUS_OK;
166}
167
168#endif /* DEVELOPER */
169
170NTSTATUS auth_builtin_init(void)
171{
172 smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest);
173#ifdef DEVELOPER
174 smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
175#endif
176 return NT_STATUS_OK;
177}
Note: See TracBrowser for help on using the repository browser.