Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 : Generic authentication types
4 : Copyright (C) Andrew Bartlett 2001-2002
5 : Copyright (C) Jelmer Vernooij 2002
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "includes.h"
22 : #include "auth.h"
23 : #include "lib/util/string_wrappers.h"
24 :
25 : #undef DBGC_CLASS
26 : #define DBGC_CLASS DBGC_AUTH
27 :
28 : /**
29 : * Return a guest logon for anonymous users (username = "")
30 : *
31 : * Typically used as the first module in the auth chain, this allows
32 : * guest logons to be dealt with in one place. Non-guest logons 'fail'
33 : * and pass onto the next module.
34 : **/
35 :
36 900 : static NTSTATUS check_anonymous_security(const struct auth_context *auth_context,
37 : void *my_private_data,
38 : TALLOC_CTX *mem_ctx,
39 : const struct auth_usersupplied_info *user_info,
40 : struct auth_serversupplied_info **server_info)
41 : {
42 900 : DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
43 :
44 900 : if (user_info->mapped.account_name && *user_info->mapped.account_name) {
45 : /* mark this as 'not for me' */
46 714 : return NT_STATUS_NOT_IMPLEMENTED;
47 : }
48 :
49 186 : switch (user_info->password_state) {
50 0 : case AUTH_PASSWORD_PLAIN:
51 0 : if (user_info->password.plaintext != NULL &&
52 0 : strlen(user_info->password.plaintext) > 0)
53 : {
54 : /* mark this as 'not for me' */
55 0 : return NT_STATUS_NOT_IMPLEMENTED;
56 : }
57 0 : break;
58 0 : case AUTH_PASSWORD_HASH:
59 0 : if (user_info->password.hash.lanman != NULL) {
60 : /* mark this as 'not for me' */
61 0 : return NT_STATUS_NOT_IMPLEMENTED;
62 : }
63 0 : if (user_info->password.hash.nt != NULL) {
64 : /* mark this as 'not for me' */
65 0 : return NT_STATUS_NOT_IMPLEMENTED;
66 : }
67 0 : break;
68 186 : case AUTH_PASSWORD_RESPONSE:
69 186 : if (user_info->password.response.lanman.length == 1) {
70 0 : if (user_info->password.response.lanman.data[0] != '\0') {
71 : /* mark this as 'not for me' */
72 0 : return NT_STATUS_NOT_IMPLEMENTED;
73 : }
74 186 : } else if (user_info->password.response.lanman.length > 1) {
75 : /* mark this as 'not for me' */
76 2 : return NT_STATUS_NOT_IMPLEMENTED;
77 : }
78 184 : if (user_info->password.response.nt.length > 0) {
79 : /* mark this as 'not for me' */
80 0 : return NT_STATUS_NOT_IMPLEMENTED;
81 : }
82 184 : break;
83 : }
84 :
85 184 : return make_server_info_anonymous(NULL, server_info);
86 : }
87 :
88 : /* Guest modules initialisation */
89 :
90 4206 : static NTSTATUS auth_init_anonymous(
91 : struct auth_context *auth_context,
92 : const char *options,
93 : struct auth_methods **auth_method)
94 : {
95 : struct auth_methods *result;
96 :
97 4206 : result = talloc_zero(auth_context, struct auth_methods);
98 4206 : if (result == NULL) {
99 0 : return NT_STATUS_NO_MEMORY;
100 : }
101 4206 : result->auth = check_anonymous_security;
102 4206 : result->name = "anonymous";
103 :
104 4206 : *auth_method = result;
105 4206 : return NT_STATUS_OK;
106 : }
107 :
108 : #ifdef DEVELOPER
109 : /**
110 : * Return an error based on username
111 : *
112 : * This function allows the testing of obsure errors, as well as the generation
113 : * of NT_STATUS -> DOS error mapping tables.
114 : *
115 : * This module is of no value to end-users.
116 : *
117 : * The password is ignored.
118 : *
119 : * @return An NTSTATUS value based on the username
120 : **/
121 :
122 0 : static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
123 : void *my_private_data,
124 : TALLOC_CTX *mem_ctx,
125 : const struct auth_usersupplied_info *user_info,
126 : struct auth_serversupplied_info **server_info)
127 : {
128 : NTSTATUS nt_status;
129 : fstring user;
130 : long error_num;
131 :
132 0 : DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
133 :
134 0 : fstrcpy(user, user_info->client.account_name);
135 :
136 0 : if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
137 0 : if (!strupper_m(user)) {
138 0 : return NT_STATUS_INVALID_PARAMETER;
139 : }
140 0 : return nt_status_string_to_code(user);
141 : }
142 :
143 0 : if (!strlower_m(user)) {
144 0 : return NT_STATUS_INVALID_PARAMETER;
145 : }
146 0 : error_num = strtoul(user, NULL, 16);
147 :
148 0 : DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
149 :
150 0 : nt_status = NT_STATUS(error_num);
151 :
152 0 : return nt_status;
153 : }
154 :
155 : /** Module initialisation function */
156 :
157 0 : static NTSTATUS auth_init_name_to_ntstatus(
158 : struct auth_context *auth_context,
159 : const char *param,
160 : struct auth_methods **auth_method)
161 : {
162 : struct auth_methods *result;
163 :
164 0 : result = talloc_zero(auth_context, struct auth_methods);
165 0 : if (result == NULL) {
166 0 : return NT_STATUS_NO_MEMORY;
167 : }
168 0 : result->auth = check_name_to_ntstatus_security;
169 0 : result->name = "name_to_ntstatus";
170 :
171 0 : *auth_method = result;
172 0 : return NT_STATUS_OK;
173 : }
174 :
175 : #endif /* DEVELOPER */
176 :
177 5149 : NTSTATUS auth_builtin_init(TALLOC_CTX *mem_ctx)
178 : {
179 5149 : smb_register_auth(AUTH_INTERFACE_VERSION, "anonymous", auth_init_anonymous);
180 : #ifdef DEVELOPER
181 5149 : smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
182 : #endif
183 5149 : return NT_STATUS_OK;
184 : }
|
