1/* 2 Unix SMB/CIFS implementation. 3 Generic authentication types 4 Copyright (C) Andrew Bartlett 2001-2002 5 Copyright (C) Jelmer Vernooij 2002 6 7 This program is free software; you can redistribute it and/or modify 8 it under the terms of the GNU General Public License as published by 9 the Free Software Foundation; either version 2 of the License, or 10 (at your option) any later version. 11 12 This program is distributed in the hope that it will be useful, 13 but WITHOUT ANY WARRANTY; without even the implied warranty of 14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 GNU General Public License for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with this program; if not, write to the Free Software 19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 20*/ 21 22#include "includes.h" 23 24#undef DBGC_CLASS 25#define DBGC_CLASS DBGC_AUTH 26 27/** 28 * Return a guest logon for guest users (username = "") 29 * 30 * Typically used as the first module in the auth chain, this allows 31 * guest logons to be dealt with in one place. Non-guest logons 'fail' 32 * and pass onto the next module. 33 **/ 34 35static NTSTATUS check_guest_security(const struct auth_context *auth_context, 36 void *my_private_data, 37 TALLOC_CTX *mem_ctx, 38 const auth_usersupplied_info *user_info, 39 auth_serversupplied_info **server_info) 40{ 41 /* mark this as 'not for me' */ 42 NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; 43 44 if (!(user_info->internal_username.str 45 && *user_info->internal_username.str)) { 46 nt_status = make_server_info_guest(server_info); 47 } 48 49 return nt_status; 50} 51 52/* Guest modules initialisation */ 53 54static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) 55{ 56 if (!make_auth_methods(auth_context, auth_method)) 57 return NT_STATUS_NO_MEMORY; 58 59 (*auth_method)->auth = check_guest_security; 60 (*auth_method)->name = "guest"; 61 return NT_STATUS_OK; 62} 63 64#ifdef DEVELOPER 65/** 66 * Return an error based on username 67 * 68 * This function allows the testing of obsure errors, as well as the generation 69 * of NT_STATUS -> DOS error mapping tables. 70 * 71 * This module is of no value to end-users. 72 * 73 * The password is ignored. 74 * 75 * @return An NTSTATUS value based on the username 76 **/ 77 78static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context, 79 void *my_private_data, 80 TALLOC_CTX *mem_ctx, 81 const auth_usersupplied_info *user_info, 82 auth_serversupplied_info **server_info) 83{ 84 NTSTATUS nt_status; 85 fstring user; 86 long error_num; 87 fstrcpy(user, user_info->smb_name.str); 88 89 if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) { 90 strupper_m(user); 91 return nt_status_string_to_code(user); 92 } 93 94 strlower_m(user); 95 error_num = strtoul(user, NULL, 16); 96 97 DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num)); 98 99 nt_status = NT_STATUS(error_num); 100 101 return nt_status; 102} 103 104/** Module initialisation function */ 105 106static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 107{ 108 if (!make_auth_methods(auth_context, auth_method)) 109 return NT_STATUS_NO_MEMORY; 110 111 (*auth_method)->auth = check_name_to_ntstatus_security; 112 (*auth_method)->name = "name_to_ntstatus"; 113 return NT_STATUS_OK; 114} 115 116/** 117 * Return a 'fixed' challenge instead of a variable one. 118 * 119 * The idea of this function is to make packet snifs consistant 120 * with a fixed challenge, so as to aid debugging. 121 * 122 * This module is of no value to end-users. 123 * 124 * This module does not actually authenticate the user, but 125 * just pretenteds to need a specified challenge. 126 * This module removes *all* security from the challenge-response system 127 * 128 * @return NT_STATUS_UNSUCCESSFUL 129 **/ 130 131static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context, 132 void *my_private_data, 133 TALLOC_CTX *mem_ctx, 134 const auth_usersupplied_info *user_info, 135 auth_serversupplied_info **server_info) 136{ 137 return NT_STATUS_NOT_IMPLEMENTED; 138} 139 140/**************************************************************************** 141 Get the challenge out of a password server. 142****************************************************************************/ 143 144static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context, 145 void **my_private_data, 146 TALLOC_CTX *mem_ctx) 147{ 148 const char *challenge = "I am a teapot"; 149 return data_blob(challenge, 8); 150} 151 152 153/** Module initailisation function */ 154 155static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 156{ 157 if (!make_auth_methods(auth_context, auth_method)) 158 return NT_STATUS_NO_MEMORY; 159 160 (*auth_method)->auth = check_fixed_challenge_security; 161 (*auth_method)->get_chal = auth_get_fixed_challenge; 162 (*auth_method)->name = "fixed_challenge"; 163 return NT_STATUS_OK; 164} 165#endif /* DEVELOPER */ 166 167NTSTATUS auth_builtin_init(void) 168{ 169 smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest); 170#ifdef DEVELOPER 171 smb_register_auth(AUTH_INTERFACE_VERSION, "fixed_challenge", auth_init_fixed_challenge); 172 smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus); 173#endif 174 return NT_STATUS_OK; 175} 176