1/* 2 Unix SMB/CIFS implementation. 3 Generic authentication types 4 Copyright (C) Andrew Bartlett 2001-2002 5 Copyright (C) Jelmer Vernooij 2002 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 3 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program. If not, see <http://www.gnu.org/licenses/>. 19*/ 20 21#include "includes.h" 22 23#undef DBGC_CLASS 24#define DBGC_CLASS DBGC_AUTH 25 26/** 27 * Return a guest logon for guest users (username = "") 28 * 29 * Typically used as the first module in the auth chain, this allows 30 * guest logons to be dealt with in one place. Non-guest logons 'fail' 31 * and pass onto the next module. 32 **/ 33 34static NTSTATUS check_guest_security(const struct auth_context *auth_context, 35 void *my_private_data, 36 TALLOC_CTX *mem_ctx, 37 const auth_usersupplied_info *user_info, 38 auth_serversupplied_info **server_info) 39{ 40 /* mark this as 'not for me' */ 41 NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; 42 43 if (!(user_info->internal_username 44 && *user_info->internal_username)) { 45 nt_status = make_server_info_guest(NULL, server_info); 46 } 47 48 return nt_status; 49} 50 51/* Guest modules initialisation */ 52 53static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) 54{ 55 if (!make_auth_methods(auth_context, auth_method)) 56 return NT_STATUS_NO_MEMORY; 57 58 (*auth_method)->auth = check_guest_security; 59 (*auth_method)->name = "guest"; 60 return NT_STATUS_OK; 61} 62 63#ifdef DEVELOPER 64/** 65 * Return an error based on username 66 * 67 * This function allows the testing of obsure errors, as well as the generation 68 * of NT_STATUS -> DOS error mapping tables. 69 * 70 * This module is of no value to end-users. 71 * 72 * The password is ignored. 73 * 74 * @return An NTSTATUS value based on the username 75 **/ 76 77static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context, 78 void *my_private_data, 79 TALLOC_CTX *mem_ctx, 80 const auth_usersupplied_info *user_info, 81 auth_serversupplied_info **server_info) 82{ 83 NTSTATUS nt_status; 84 fstring user; 85 long error_num; 86 fstrcpy(user, user_info->smb_name); 87 88 if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) { 89 strupper_m(user); 90 return nt_status_string_to_code(user); 91 } 92 93 strlower_m(user); 94 error_num = strtoul(user, NULL, 16); 95 96 DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num)); 97 98 nt_status = NT_STATUS(error_num); 99 100 return nt_status; 101} 102 103/** Module initialisation function */ 104 105static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 106{ 107 if (!make_auth_methods(auth_context, auth_method)) 108 return NT_STATUS_NO_MEMORY; 109 110 (*auth_method)->auth = check_name_to_ntstatus_security; 111 (*auth_method)->name = "name_to_ntstatus"; 112 return NT_STATUS_OK; 113} 114 115/** 116 * Return a 'fixed' challenge instead of a variable one. 117 * 118 * The idea of this function is to make packet snifs consistant 119 * with a fixed challenge, so as to aid debugging. 120 * 121 * This module is of no value to end-users. 122 * 123 * This module does not actually authenticate the user, but 124 * just pretenteds to need a specified challenge. 125 * This module removes *all* security from the challenge-response system 126 * 127 * @return NT_STATUS_UNSUCCESSFUL 128 **/ 129 130static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context, 131 void *my_private_data, 132 TALLOC_CTX *mem_ctx, 133 const auth_usersupplied_info *user_info, 134 auth_serversupplied_info **server_info) 135{ 136 return NT_STATUS_NOT_IMPLEMENTED; 137} 138 139/**************************************************************************** 140 Get the challenge out of a password server. 141****************************************************************************/ 142 143static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context, 144 void **my_private_data, 145 TALLOC_CTX *mem_ctx) 146{ 147 const char *challenge = "I am a teapot"; 148 return data_blob(challenge, 8); 149} 150 151 152/** Module initailisation function */ 153 154static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 155{ 156 if (!make_auth_methods(auth_context, auth_method)) 157 return NT_STATUS_NO_MEMORY; 158 159 (*auth_method)->auth = check_fixed_challenge_security; 160 (*auth_method)->get_chal = auth_get_fixed_challenge; 161 (*auth_method)->name = "fixed_challenge"; 162 return NT_STATUS_OK; 163} 164#endif /* DEVELOPER */ 165 166NTSTATUS auth_builtin_init(void) 167{ 168 smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest); 169#ifdef DEVELOPER 170 smb_register_auth(AUTH_INTERFACE_VERSION, "fixed_challenge", auth_init_fixed_challenge); 171 smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus); 172#endif 173 return NT_STATUS_OK; 174} 175