1/* 2 Unix SMB/CIFS implementation. 3 Authentication utility functions 4 Copyright (C) Andrew Tridgell 1992-1998 5 Copyright (C) Andrew Bartlett 2001 6 Copyright (C) Jeremy Allison 2000-2001 7 Copyright (C) Rafal Szczesniak 2002 8 Copyright (C) Stefan Metzmacher 2005 9 10 This program is free software; you can redistribute it and/or modify 11 it under the terms of the GNU General Public License as published by 12 the Free Software Foundation; either version 3 of the License, or 13 (at your option) any later version. 14 15 This program is distributed in the hope that it will be useful, 16 but WITHOUT ANY WARRANTY; without even the implied warranty of 17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 GNU General Public License for more details. 19 20 You should have received a copy of the GNU General Public License 21 along with this program. If not, see <http://www.gnu.org/licenses/>. 22*/ 23 24#include "includes.h" 25#include "auth/auth.h" 26#include "libcli/security/security.h" 27#include "libcli/auth/libcli_auth.h" 28#include "dsdb/samdb/samdb.h" 29#include "auth/credentials/credentials.h" 30#include "param/param.h" 31#include "auth/session_proto.h" 32 33_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx, 34 struct tevent_context *event_ctx, 35 struct loadparm_context *lp_ctx) 36{ 37 NTSTATUS nt_status; 38 struct auth_session_info *session_info = NULL; 39 nt_status = auth_anonymous_session_info(mem_ctx, event_ctx, lp_ctx, &session_info); 40 if (!NT_STATUS_IS_OK(nt_status)) { 41 return NULL; 42 } 43 return session_info; 44} 45 46_PUBLIC_ NTSTATUS auth_anonymous_session_info(TALLOC_CTX *parent_ctx, 47 struct tevent_context *event_ctx, 48 struct loadparm_context *lp_ctx, 49 struct auth_session_info **_session_info) 50{ 51 NTSTATUS nt_status; 52 struct auth_serversupplied_info *server_info = NULL; 53 struct auth_session_info *session_info = NULL; 54 TALLOC_CTX *mem_ctx = talloc_new(parent_ctx); 55 56 nt_status = auth_anonymous_server_info(mem_ctx, 57 lp_netbios_name(lp_ctx), 58 &server_info); 59 if (!NT_STATUS_IS_OK(nt_status)) { 60 talloc_free(mem_ctx); 61 return nt_status; 62 } 63 64 /* references the server_info into the session_info */ 65 nt_status = auth_generate_session_info(parent_ctx, event_ctx, lp_ctx, server_info, &session_info); 66 talloc_free(mem_ctx); 67 68 NT_STATUS_NOT_OK_RETURN(nt_status); 69 70 session_info->credentials = cli_credentials_init(session_info); 71 if (!session_info->credentials) { 72 return NT_STATUS_NO_MEMORY; 73 } 74 75 cli_credentials_set_conf(session_info->credentials, lp_ctx); 76 cli_credentials_set_anonymous(session_info->credentials); 77 78 *_session_info = session_info; 79 80 return NT_STATUS_OK; 81} 82 83_PUBLIC_ NTSTATUS auth_anonymous_server_info(TALLOC_CTX *mem_ctx, 84 const char *netbios_name, 85 struct auth_serversupplied_info **_server_info) 86{ 87 struct auth_serversupplied_info *server_info; 88 server_info = talloc(mem_ctx, struct auth_serversupplied_info); 89 NT_STATUS_HAVE_NO_MEMORY(server_info); 90 91 server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS); 92 NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid); 93 94 /* is this correct? */ 95 server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS); 96 NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid); 97 98 server_info->n_domain_groups = 0; 99 server_info->domain_groups = NULL; 100 101 /* annoying, but the Anonymous really does have a session key... */ 102 server_info->user_session_key = data_blob_talloc(server_info, NULL, 16); 103 NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data); 104 105 server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16); 106 NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data); 107 108 /* and it is all zeros! */ 109 data_blob_clear(&server_info->user_session_key); 110 data_blob_clear(&server_info->lm_session_key); 111 112 server_info->account_name = talloc_strdup(server_info, "ANONYMOUS LOGON"); 113 NT_STATUS_HAVE_NO_MEMORY(server_info->account_name); 114 115 server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY"); 116 NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name); 117 118 server_info->full_name = talloc_strdup(server_info, "Anonymous Logon"); 119 NT_STATUS_HAVE_NO_MEMORY(server_info->full_name); 120 121 server_info->logon_script = talloc_strdup(server_info, ""); 122 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script); 123 124 server_info->profile_path = talloc_strdup(server_info, ""); 125 NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path); 126 127 server_info->home_directory = talloc_strdup(server_info, ""); 128 NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory); 129 130 server_info->home_drive = talloc_strdup(server_info, ""); 131 NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive); 132 133 server_info->logon_server = talloc_strdup(server_info, netbios_name); 134 NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server); 135 136 server_info->last_logon = 0; 137 server_info->last_logoff = 0; 138 server_info->acct_expiry = 0; 139 server_info->last_password_change = 0; 140 server_info->allow_password_change = 0; 141 server_info->force_password_change = 0; 142 143 server_info->logon_count = 0; 144 server_info->bad_password_count = 0; 145 146 server_info->acct_flags = ACB_NORMAL; 147 148 server_info->authenticated = false; 149 150 *_server_info = server_info; 151 152 return NT_STATUS_OK; 153} 154 155_PUBLIC_ NTSTATUS auth_generate_session_info(TALLOC_CTX *mem_ctx, 156 struct tevent_context *event_ctx, 157 struct loadparm_context *lp_ctx, 158 struct auth_serversupplied_info *server_info, 159 struct auth_session_info **_session_info) 160{ 161 struct auth_session_info *session_info; 162 NTSTATUS nt_status; 163 164 session_info = talloc(mem_ctx, struct auth_session_info); 165 NT_STATUS_HAVE_NO_MEMORY(session_info); 166 167 session_info->server_info = talloc_reference(session_info, server_info); 168 169 /* unless set otherwise, the session key is the user session 170 * key from the auth subsystem */ 171 session_info->session_key = server_info->user_session_key; 172 173 nt_status = security_token_create(session_info, 174 event_ctx, 175 lp_ctx, 176 server_info->account_sid, 177 server_info->primary_group_sid, 178 server_info->n_domain_groups, 179 server_info->domain_groups, 180 server_info->authenticated, 181 &session_info->security_token); 182 NT_STATUS_NOT_OK_RETURN(nt_status); 183 184 session_info->credentials = NULL; 185 186 *_session_info = session_info; 187 return NT_STATUS_OK; 188} 189 190/** 191 * prints a struct auth_session_info security token to debug output. 192 */ 193void auth_session_info_debug(int dbg_lev, 194 const struct auth_session_info *session_info) 195{ 196 if (!session_info) { 197 DEBUG(dbg_lev, ("Session Info: (NULL)\n")); 198 return; 199 } 200 201 security_token_debug(dbg_lev, session_info->security_token); 202} 203 204