1/*
2 * 'Guest' password backend for samba
3 * Copyright (C) Jelmer Vernooij 2002
4 * Copyright (C) Andrew Bartlett 2003
5 *
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU General Public License as published by the Free
8 * Software Foundation; either version 2 of the License, or (at your option)
9 * any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, write to the Free Software Foundation, Inc., 675
18 * Mass Ave, Cambridge, MA 02139, USA.
19 */
20
21#include "includes.h"
22
23/******************************************************************
24  Lookup a name in the SAM database
25 ******************************************************************/
26
27static NTSTATUS guestsam_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *sam_account, const char *sname)
28{
29	const char *guest_account = lp_guestaccount();
30
31	if (!sam_account || !sname) {
32		DEBUG(0,("invalid name specified"));
33		return NT_STATUS_UNSUCCESSFUL;
34	}
35
36	if (!(guest_account && *guest_account)) {
37		DEBUG(1, ("NULL guest account!?!?\n"));
38		return NT_STATUS_UNSUCCESSFUL;
39	}
40
41	if (!methods) {
42		DEBUG(0,("invalid methods\n"));
43		return NT_STATUS_UNSUCCESSFUL;
44	}
45	if (!strequal(guest_account, sname)) {
46		return NT_STATUS_NO_SUCH_USER;
47	}
48
49	pdb_fill_default_sam(sam_account);
50
51	if (!pdb_set_username(sam_account, guest_account, PDB_SET))
52		return NT_STATUS_UNSUCCESSFUL;
53
54	if (!pdb_set_fullname(sam_account, guest_account, PDB_SET))
55		return NT_STATUS_UNSUCCESSFUL;
56
57	if (!pdb_set_domain(sam_account, get_global_sam_name(), PDB_DEFAULT))
58		return NT_STATUS_UNSUCCESSFUL;
59
60	if (!pdb_set_acct_ctrl(sam_account, ACB_NORMAL, PDB_DEFAULT))
61		return NT_STATUS_UNSUCCESSFUL;
62
63	if (!pdb_set_user_sid_from_rid(sam_account, DOMAIN_USER_RID_GUEST, PDB_SET))
64		return NT_STATUS_UNSUCCESSFUL;
65
66	if (!pdb_set_group_sid_from_rid(sam_account, DOMAIN_GROUP_RID_GUESTS, PDB_DEFAULT))
67		return NT_STATUS_UNSUCCESSFUL;
68
69	return NT_STATUS_OK;
70}
71
72
73/***************************************************************************
74  Search by rid
75 **************************************************************************/
76
77static NTSTATUS guestsam_getsampwrid (struct pdb_methods *methods,
78				 SAM_ACCOUNT *sam_account, uint32 rid)
79{
80	if (rid != DOMAIN_USER_RID_GUEST) {
81		return NT_STATUS_NO_SUCH_USER;
82	}
83
84	if (!sam_account) {
85		return NT_STATUS_INVALID_PARAMETER;
86	}
87
88	return guestsam_getsampwnam (methods, sam_account, lp_guestaccount());
89}
90
91static NTSTATUS guestsam_getsampwsid(struct pdb_methods *my_methods, SAM_ACCOUNT * user, const DOM_SID *sid)
92{
93	uint32 rid;
94	if (!sid_peek_check_rid(get_global_sam_sid(), sid, &rid))
95		return NT_STATUS_NO_SUCH_USER;
96
97	return guestsam_getsampwrid(my_methods, user, rid);
98}
99
100
101/***************************************************************************
102  Updates a SAM_ACCOUNT
103
104  This isn't a particulary practical option for pdb_guest.  We certainly don't
105  want to twidde the filesystem, so what should we do?
106
107  Current plan is to transparently add the account.  It should appear
108  as if the pdb_guest version was modified, but its actually stored somehwere.
109 ****************************************************************************/
110
111static NTSTATUS guestsam_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *newpwd)
112{
113#if 1	/* JERRY */
114
115	/* apparently thr build farm relies upon this heavior :-( */
116
117	return methods->parent->pdb_add_sam_account(methods->parent, newpwd);
118#else
119	/* I don't think we should allow any modification of
120	   the guest account as SID will could messed up with
121	   the smbpasswd backend   --jerry */
122
123	return NT_STATUS_NOT_IMPLEMENTED;
124#endif
125}
126
127NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
128{
129	NTSTATUS nt_status;
130
131	if (!pdb_context) {
132		DEBUG(0, ("invalid pdb_context specified\n"));
133		return NT_STATUS_UNSUCCESSFUL;
134	}
135
136	if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
137		return nt_status;
138	}
139
140	(*pdb_method)->name = "guestsam";
141
142	(*pdb_method)->getsampwnam = guestsam_getsampwnam;
143	(*pdb_method)->getsampwsid = guestsam_getsampwsid;
144	(*pdb_method)->update_sam_account = guestsam_update_sam_account;
145
146	/* we should do no group mapping here */
147	(*pdb_method)->getgrsid = pdb_nop_getgrsid;
148	(*pdb_method)->getgrgid = pdb_nop_getgrgid;
149	(*pdb_method)->getgrnam = pdb_nop_getgrnam;
150	(*pdb_method)->add_group_mapping_entry = pdb_nop_add_group_mapping_entry;
151	(*pdb_method)->update_group_mapping_entry = pdb_nop_update_group_mapping_entry;
152	(*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry;
153	(*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping;
154
155
156	/* There's not very much to initialise here */
157	return NT_STATUS_OK;
158}
159
160NTSTATUS pdb_guest_init(void)
161{
162	return smb_register_passdb(PASSDB_INTERFACE_VERSION, "guest", pdb_init_guestsam);
163}
164
165