root/source4/auth/ntlm/auth_developer.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. name_to_ntstatus_want_check
  2. name_to_ntstatus_check_password
  3. fixed_challenge_get_challenge
  4. fixed_challenge_want_check
  5. fixed_challenge_check_password
  6. auth_developer_init

   1 /* 
   2    Unix SMB/CIFS implementation.
   3    Generic authentication types
   4    Copyright (C) Andrew Bartlett         2001-2002
   5    Copyright (C) Jelmer Vernooij              2002
   6    Copyright (C) Stefan Metzmacher            2005
   7    
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12    
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17    
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21 
  22 #include "includes.h"
  23 #include "auth/auth.h"
  24 #include "auth/ntlm/auth_proto.h"
  25 #include "libcli/security/security.h"
  26 #include "librpc/gen_ndr/ndr_samr.h"
  27 
  28 static NTSTATUS name_to_ntstatus_want_check(struct auth_method_context *ctx,
     /* [<][>][^][v][top][bottom][index][help] */
  29                                             TALLOC_CTX *mem_ctx,
  30                                             const struct auth_usersupplied_info *user_info)
  31 {
  32         return NT_STATUS_OK;
  33 }
  34 
  35 /** 
  36  * Return an error based on username
  37  *
  38  * This function allows the testing of obsure errors, as well as the generation
  39  * of NT_STATUS -> DOS error mapping tables.
  40  *
  41  * This module is of no value to end-users.
  42  *
  43  * The password is ignored.
  44  *
  45  * @return An NTSTATUS value based on the username
  46  **/
  47 
  48 static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
     /* [<][>][^][v][top][bottom][index][help] */
  49                                                 TALLOC_CTX *mem_ctx,
  50                                                 const struct auth_usersupplied_info *user_info, 
  51                                                 struct auth_serversupplied_info **_server_info)
  52 {
  53         NTSTATUS nt_status;
  54         struct auth_serversupplied_info *server_info;
  55         uint32_t error_num;
  56         const char *user;
  57 
  58         user = user_info->client.account_name;
  59 
  60         if (strncasecmp("NT_STATUS", user, strlen("NT_STATUS")) == 0) {
  61                 nt_status = nt_status_string_to_code(user);
  62         } else {
  63                 error_num = strtoul(user, NULL, 16);
  64                 DEBUG(5,("name_to_ntstatus_check_password: Error for user %s was 0x%08X\n", user, error_num));
  65                 nt_status = NT_STATUS(error_num);
  66         }
  67         NT_STATUS_NOT_OK_RETURN(nt_status);
  68 
  69         server_info = talloc(mem_ctx, struct auth_serversupplied_info);
  70         NT_STATUS_HAVE_NO_MEMORY(server_info);
  71 
  72         server_info->account_sid = dom_sid_parse_talloc(server_info, SID_NT_ANONYMOUS);
  73         NT_STATUS_HAVE_NO_MEMORY(server_info->account_sid);
  74 
  75         /* is this correct? */
  76         server_info->primary_group_sid = dom_sid_parse_talloc(server_info, SID_BUILTIN_GUESTS);
  77         NT_STATUS_HAVE_NO_MEMORY(server_info->primary_group_sid);
  78 
  79         server_info->n_domain_groups = 0;
  80         server_info->domain_groups = NULL;
  81 
  82         /* annoying, but the Anonymous really does have a session key, 
  83            and it is all zeros! */
  84         server_info->user_session_key = data_blob_talloc(server_info, NULL, 16);
  85         NT_STATUS_HAVE_NO_MEMORY(server_info->user_session_key.data);
  86 
  87         server_info->lm_session_key = data_blob_talloc(server_info, NULL, 16);
  88         NT_STATUS_HAVE_NO_MEMORY(server_info->lm_session_key.data);
  89 
  90         data_blob_clear(&server_info->user_session_key);
  91         data_blob_clear(&server_info->lm_session_key);
  92 
  93         server_info->account_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s ANONYMOUS LOGON", user);
  94         NT_STATUS_HAVE_NO_MEMORY(server_info->account_name);
  95 
  96         server_info->domain_name = talloc_strdup(server_info, "NT AUTHORITY");
  97         NT_STATUS_HAVE_NO_MEMORY(server_info->domain_name);
  98 
  99         server_info->full_name = talloc_asprintf(server_info, "NAME TO NTSTATUS %s Anonymous Logon", user);
 100         NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
 101 
 102         server_info->logon_script = talloc_strdup(server_info, "");
 103         NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
 104 
 105         server_info->profile_path = talloc_strdup(server_info, "");
 106         NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
 107 
 108         server_info->home_directory = talloc_strdup(server_info, "");
 109         NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
 110 
 111         server_info->home_drive = talloc_strdup(server_info, "");
 112         NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
 113 
 114         server_info->last_logon = 0;
 115         server_info->last_logoff = 0;
 116         server_info->acct_expiry = 0;
 117         server_info->last_password_change = 0;
 118         server_info->allow_password_change = 0;
 119         server_info->force_password_change = 0;
 120 
 121         server_info->logon_count = 0;
 122         server_info->bad_password_count = 0;
 123 
 124         server_info->acct_flags = ACB_NORMAL;
 125 
 126         server_info->authenticated = false;
 127 
 128         *_server_info = server_info;
 129 
 130         return nt_status;
 131 }
 132 
 133 static const struct auth_operations name_to_ntstatus_auth_ops = {
 134         .name           = "name_to_ntstatus",
 135         .get_challenge  = auth_get_challenge_not_implemented,
 136         .want_check     = name_to_ntstatus_want_check,
 137         .check_password = name_to_ntstatus_check_password
 138 };
 139 
 140 /** 
 141  * Return a 'fixed' challenge instead of a variable one.
 142  *
 143  * The idea of this function is to make packet snifs consistant
 144  * with a fixed challenge, so as to aid debugging.
 145  *
 146  * This module is of no value to end-users.
 147  *
 148  * This module does not actually authenticate the user, but
 149  * just pretenteds to need a specified challenge.  
 150  * This module removes *all* security from the challenge-response system
 151  *
 152  * @return NT_STATUS_UNSUCCESSFUL
 153  **/
 154 static NTSTATUS fixed_challenge_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, DATA_BLOB *_blob)
     /* [<][>][^][v][top][bottom][index][help] */
 155 {
 156         DATA_BLOB blob;
 157         const char *challenge = "I am a teapot";
 158 
 159         blob = data_blob_talloc(mem_ctx, challenge, 8);
 160         NT_STATUS_HAVE_NO_MEMORY(blob.data);
 161 
 162         *_blob = blob;
 163         return NT_STATUS_OK;
 164 }
 165 
 166 static NTSTATUS fixed_challenge_want_check(struct auth_method_context *ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 167                                            TALLOC_CTX *mem_ctx,
 168                                            const struct auth_usersupplied_info *user_info)
 169 {
 170         /* don't handle any users */
 171         return NT_STATUS_NOT_IMPLEMENTED;
 172 }
 173 
 174 static NTSTATUS fixed_challenge_check_password(struct auth_method_context *ctx,
     /* [<][>][^][v][top][bottom][index][help] */
 175                                                TALLOC_CTX *mem_ctx,
 176                                                const struct auth_usersupplied_info *user_info,
 177                                                struct auth_serversupplied_info **_server_info)
 178 {
 179         /* don't handle any users */
 180         return NT_STATUS_NO_SUCH_USER;
 181 }
 182 
 183 static const struct auth_operations fixed_challenge_auth_ops = {
 184         .name           = "fixed_challenge",
 185         .get_challenge  = fixed_challenge_get_challenge,
 186         .want_check     = fixed_challenge_want_check,
 187         .check_password = fixed_challenge_check_password
 188 };
 189 
 190 _PUBLIC_ NTSTATUS auth_developer_init(void)
     /* [<][>][^][v][top][bottom][index][help] */
 191 {
 192         NTSTATUS ret;
 193 
 194         ret = auth_register(&name_to_ntstatus_auth_ops);
 195         if (!NT_STATUS_IS_OK(ret)) {
 196                 DEBUG(0,("Failed to register 'name_to_ntstatus' auth backend!\n"));
 197                 return ret;
 198         }
 199 
 200         ret = auth_register(&fixed_challenge_auth_ops);
 201         if (!NT_STATUS_IS_OK(ret)) {
 202                 DEBUG(0,("Failed to register 'fixed_challenge' auth backend!\n"));
 203                 return ret;
 204         }
 205 
 206         return ret;
 207 }

/* [<][>][^][v][top][bottom][index][help] */