d09d60e6cf74332055d23bf1eaa41e38002bc433
[kai/samba.git] / source3 / auth / auth_sam.c
1 /* 
2    Unix SMB/CIFS implementation.
3    Password and authentication handling
4    Copyright (C) Andrew Tridgell              1992-2000
5    Copyright (C) Luke Kenneth Casson Leighton 1996-2000
6    Copyright (C) Andrew Bartlett              2001-2003
7    Copyright (C) Gerald Carter                2003
8
9    This program is free software; you can redistribute it and/or modify
10    it under the terms of the GNU General Public License as published by
11    the Free Software Foundation; either version 3 of the License, or
12    (at your option) any later version.
13
14    This program is distributed in the hope that it will be useful,
15    but WITHOUT ANY WARRANTY; without even the implied warranty of
16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17    GNU General Public License for more details.
18
19    You should have received a copy of the GNU General Public License
20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #include "includes.h"
24 #include "auth.h"
25
26 #undef DBGC_CLASS
27 #define DBGC_CLASS DBGC_AUTH
28
29 static NTSTATUS auth_sam_ignoredomain_auth(const struct auth_context *auth_context,
30                                            void *my_private_data,
31                                            TALLOC_CTX *mem_ctx,
32                                            const struct auth_usersupplied_info *user_info,
33                                            struct auth_serversupplied_info **server_info)
34 {
35         if (!user_info || !auth_context) {
36                 return NT_STATUS_UNSUCCESSFUL;
37         }
38         return check_sam_security(&auth_context->challenge, mem_ctx,
39                                   user_info, server_info);
40 }
41
42 /* module initialisation */
43 static NTSTATUS auth_init_sam_ignoredomain(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
44 {
45         struct auth_methods *result;
46
47         result = TALLOC_ZERO_P(auth_context, struct auth_methods);
48         if (result == NULL) {
49                 return NT_STATUS_NO_MEMORY;
50         }
51         result->auth = auth_sam_ignoredomain_auth;
52         result->name = "sam_ignoredomain";
53
54         *auth_method = result;
55         return NT_STATUS_OK;
56 }
57
58
59 /****************************************************************************
60 Check SAM security (above) but with a few extra checks.
61 ****************************************************************************/
62
63 static NTSTATUS auth_samstrict_auth(const struct auth_context *auth_context,
64                                     void *my_private_data,
65                                     TALLOC_CTX *mem_ctx,
66                                     const struct auth_usersupplied_info *user_info,
67                                     struct auth_serversupplied_info **server_info)
68 {
69         bool is_local_name, is_my_domain;
70
71         if (!user_info || !auth_context) {
72                 return NT_STATUS_LOGON_FAILURE;
73         }
74
75         DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
76
77         is_local_name = is_myname(user_info->mapped.domain_name);
78         is_my_domain  = strequal(user_info->mapped.domain_name, lp_workgroup());
79
80         /* check whether or not we service this domain/workgroup name */
81
82         switch ( lp_server_role() ) {
83                 case ROLE_STANDALONE:
84                 case ROLE_DOMAIN_MEMBER:
85                         if ( !is_local_name ) {
86                                 DEBUG(6,("check_samstrict_security: %s is not one of my local names (%s)\n",
87                                         user_info->mapped.domain_name, (lp_server_role() == ROLE_DOMAIN_MEMBER
88                                         ? "ROLE_DOMAIN_MEMBER" : "ROLE_STANDALONE") ));
89                                 return NT_STATUS_NOT_IMPLEMENTED;
90                         }
91                 case ROLE_DOMAIN_PDC:
92                 case ROLE_DOMAIN_BDC:
93                         if ( !is_local_name && !is_my_domain ) {
94                                 DEBUG(6,("check_samstrict_security: %s is not one of my local names or domain name (DC)\n",
95                                         user_info->mapped.domain_name));
96                                 return NT_STATUS_NOT_IMPLEMENTED;
97                         }
98                 default: /* name is ok */
99                         break;
100         }
101
102         return check_sam_security(&auth_context->challenge, mem_ctx,
103                                   user_info, server_info);
104 }
105
106 /* module initialisation */
107 static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
108 {
109         struct auth_methods *result;
110
111         result = TALLOC_ZERO_P(auth_context, struct auth_methods);
112         if (result == NULL) {
113                 return NT_STATUS_NO_MEMORY;
114         }
115         result->auth = auth_samstrict_auth;
116         result->name = "sam";
117
118         *auth_method = result;
119         return NT_STATUS_OK;
120 }
121
122 NTSTATUS auth_sam_init(void)
123 {
124         smb_register_auth(AUTH_INTERFACE_VERSION, "sam", auth_init_sam);
125         smb_register_auth(AUTH_INTERFACE_VERSION, "sam_ignoredomain", auth_init_sam_ignoredomain);
126         return NT_STATUS_OK;
127 }