2003-08-13 01:53:07 +00:00
/*
Unix SMB / CIFS implementation .
Password and authentication handling
2004-05-13 23:16:33 +00:00
Copyright ( C ) Andrew Bartlett < abartlet @ samba . org > 2001 - 2004
Copyright ( C ) Gerald Carter 2003
2005-01-09 12:55:25 +00:00
Copyright ( C ) Stefan Metzmacher 2005
2003-08-13 01:53:07 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2003-08-13 01:53:07 +00:00
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-08-13 01:53:07 +00:00
*/
# include "includes.h"
2006-11-07 00:48:36 +00:00
# include "librpc/gen_ndr/ndr_netlogon.h"
2004-11-02 00:24:21 +00:00
# include "system/time.h"
2006-11-07 00:48:36 +00:00
# include "lib/ldb/include/ldb.h"
2007-12-02 17:09:52 +01:00
# include "util/util_ldb.h"
2006-04-27 19:50:13 +00:00
# include "auth/auth.h"
2008-04-02 04:53:27 +02:00
# include "auth/auth_proto.h"
2006-04-27 19:50:13 +00:00
# include "auth/auth_sam.h"
2006-03-14 15:03:25 +00:00
# include "dsdb/samdb/samdb.h"
2006-04-02 12:02:01 +00:00
# include "libcli/security/security.h"
2007-12-06 21:39:49 +01:00
# include "libcli/ldap/ldap_ndr.h"
2007-09-08 12:42:09 +00:00
# include "param/param.h"
2003-08-13 01:53:07 +00:00
2006-04-27 19:50:13 +00:00
extern const char * user_attrs [ ] ;
extern const char * domain_ref_attrs [ ] ;
2003-08-13 01:53:07 +00:00
/****************************************************************************
2004-10-25 04:25:29 +00:00
Look for the specified user in the sam , return ldb result structures
2003-08-13 01:53:07 +00:00
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2005-06-05 13:41:32 +00:00
static NTSTATUS authsam_search_account ( TALLOC_CTX * mem_ctx , struct ldb_context * sam_ctx ,
2005-01-09 12:55:25 +00:00
const char * account_name ,
const char * domain_name ,
struct ldb_message * * * ret_msgs ,
2005-10-26 23:38:37 +00:00
struct ldb_message * * * ret_msgs_domain_ref )
2003-08-13 01:53:07 +00:00
{
2005-05-18 14:19:17 +00:00
struct ldb_message * * msgs_tmp ;
2004-05-13 15:34:56 +00:00
struct ldb_message * * msgs ;
2005-10-26 23:38:37 +00:00
struct ldb_message * * msgs_domain_ref ;
2006-11-22 00:59:34 +00:00
struct ldb_dn * partitions_basedn = samdb_partitions_dn ( sam_ctx , mem_ctx ) ;
2004-05-14 01:15:16 +00:00
2005-01-09 12:55:25 +00:00
int ret ;
int ret_domain ;
2004-05-14 01:15:16 +00:00
2006-11-22 00:59:34 +00:00
struct ldb_dn * domain_dn = NULL ;
2004-05-14 01:15:16 +00:00
2005-01-09 12:55:25 +00:00
if ( domain_name ) {
2006-12-27 01:59:33 +00:00
domain_dn = samdb_domain_to_dn ( sam_ctx , mem_ctx , domain_name ) ;
2007-05-01 03:22:17 +00:00
if ( ! domain_dn ) {
2004-10-25 04:25:29 +00:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2003-08-13 01:53:07 +00:00
}
2005-01-09 12:55:25 +00:00
2004-05-14 01:15:16 +00:00
/* pull the user attributes */
2005-10-23 22:20:42 +00:00
ret = gendb_search ( sam_ctx , mem_ctx , domain_dn , & msgs , user_attrs ,
2004-05-13 15:34:56 +00:00
" (&(sAMAccountName=%s)(objectclass=user)) " ,
2005-12-19 07:07:11 +00:00
ldb_binary_encode_string ( mem_ctx , account_name ) ) ;
2005-01-09 12:55:25 +00:00
if ( ret = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2004-05-13 15:34:56 +00:00
if ( ret = = 0 ) {
2006-06-14 23:50:58 +00:00
DEBUG ( 3 , ( " sam_search_user: Couldn't find user [%s \\ %s] in samdb, under %s \n " ,
2006-11-22 02:05:19 +00:00
domain_name , account_name , ldb_dn_get_linearized ( domain_dn ) ) ) ;
2003-08-13 01:53:07 +00:00
return NT_STATUS_NO_SUCH_USER ;
}
2004-05-13 15:34:56 +00:00
if ( ret > 1 ) {
2005-01-09 12:55:25 +00:00
DEBUG ( 0 , ( " Found %d records matching user [%s] \n " , ret , account_name ) ) ;
2004-05-14 01:15:16 +00:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2005-01-09 12:55:25 +00:00
2007-05-01 03:22:17 +00:00
if ( ! domain_dn ) {
2005-06-24 00:18:20 +00:00
struct dom_sid * domain_sid ;
2005-01-09 12:55:25 +00:00
2004-10-25 04:25:29 +00:00
domain_sid = samdb_result_sid_prefix ( mem_ctx , msgs [ 0 ] , " objectSid " ) ;
if ( ! domain_sid ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2004-05-14 01:15:16 +00:00
2004-10-25 04:25:29 +00:00
/* find the domain's DN */
2006-08-25 07:08:06 +00:00
ret = gendb_search ( sam_ctx , mem_ctx , NULL , & msgs_tmp , NULL ,
2006-12-02 13:16:15 +00:00
" (&(objectSid=%s)(objectClass=domain)) " ,
2005-06-24 00:18:20 +00:00
ldap_encode_ndr_dom_sid ( mem_ctx , domain_sid ) ) ;
2005-05-18 14:19:17 +00:00
if ( ret = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
if ( ret = = 0 ) {
DEBUG ( 3 , ( " check_sam_security: Couldn't find domain_sid [%s] in passdb file. \n " ,
2005-06-24 00:18:20 +00:00
dom_sid_string ( mem_ctx , domain_sid ) ) ) ;
2005-05-18 14:19:17 +00:00
return NT_STATUS_NO_SUCH_USER ;
}
if ( ret > 1 ) {
DEBUG ( 0 , ( " Found %d records matching domain_sid [%s] \n " ,
2005-06-24 00:18:20 +00:00
ret , dom_sid_string ( mem_ctx , domain_sid ) ) ) ;
2005-05-18 14:19:17 +00:00
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2007-05-01 03:22:17 +00:00
domain_dn = msgs_tmp [ 0 ] - > dn ;
}
2005-05-18 14:19:17 +00:00
2007-05-01 03:22:17 +00:00
ret_domain = gendb_search ( sam_ctx , mem_ctx , partitions_basedn , & msgs_domain_ref , domain_ref_attrs ,
2007-05-01 08:43:52 +00:00
" (nCName=%s) " , ldb_dn_get_linearized ( domain_dn ) ) ;
2007-05-01 03:22:17 +00:00
if ( ret_domain = = - 1 ) {
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
}
2004-10-25 04:25:29 +00:00
2007-05-01 03:22:17 +00:00
if ( ret_domain = = 0 ) {
DEBUG ( 3 , ( " check_sam_security: Couldn't find domain [%s] in passdb file. \n " ,
ldb_dn_get_linearized ( msgs_tmp [ 0 ] - > dn ) ) ) ;
return NT_STATUS_NO_SUCH_USER ;
}
2004-10-25 04:25:29 +00:00
2007-05-01 03:22:17 +00:00
if ( ret_domain > 1 ) {
DEBUG ( 0 , ( " Found %d records matching domain [%s] \n " ,
ret_domain , ldb_dn_get_linearized ( msgs_tmp [ 0 ] - > dn ) ) ) ;
return NT_STATUS_INTERNAL_DB_CORRUPTION ;
2004-05-14 01:15:16 +00:00
}
2005-01-09 12:55:25 +00:00
2004-10-25 04:25:29 +00:00
* ret_msgs = msgs ;
2005-10-26 23:38:37 +00:00
* ret_msgs_domain_ref = msgs_domain_ref ;
2004-10-25 04:25:29 +00:00
return NT_STATUS_OK ;
}
2006-04-27 19:50:13 +00:00
/****************************************************************************
Do a specific test for an smb password being correct , given a smb_password and
the lanman and NT responses .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS authsam_password_ok ( struct auth_context * auth_context ,
TALLOC_CTX * mem_ctx ,
uint16_t acct_flags ,
const struct samr_Password * lm_pwd ,
const struct samr_Password * nt_pwd ,
const struct auth_usersupplied_info * user_info ,
DATA_BLOB * user_sess_key ,
DATA_BLOB * lm_sess_key )
{
NTSTATUS status ;
if ( acct_flags & ACB_PWNOTREQ ) {
2007-12-02 17:56:09 +01:00
if ( lp_null_passwords ( auth_context - > lp_ctx ) ) {
2006-04-27 19:50:13 +00:00
DEBUG ( 3 , ( " Account for user '%s' has no password and null passwords are allowed. \n " ,
user_info - > mapped . account_name ) ) ;
return NT_STATUS_OK ;
} else {
DEBUG ( 3 , ( " Account for user '%s' has no password and null passwords are NOT allowed. \n " ,
user_info - > mapped . account_name ) ) ;
return NT_STATUS_LOGON_FAILURE ;
}
}
switch ( user_info - > password_state ) {
case AUTH_PASSWORD_PLAIN :
{
const struct auth_usersupplied_info * user_info_temp ;
status = encrypt_user_info ( mem_ctx , auth_context ,
AUTH_PASSWORD_HASH ,
user_info , & user_info_temp ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 1 , ( " Failed to convert plaintext password to password HASH: %s \n " , nt_errstr ( status ) ) ) ;
return status ;
}
user_info = user_info_temp ;
/*fall through*/
}
case AUTH_PASSWORD_HASH :
* lm_sess_key = data_blob ( NULL , 0 ) ;
* user_sess_key = data_blob ( NULL , 0 ) ;
status = hash_password_check ( mem_ctx ,
2007-12-02 17:56:09 +01:00
auth_context - > lp_ctx ,
2006-04-27 19:50:13 +00:00
user_info - > password . hash . lanman ,
user_info - > password . hash . nt ,
user_info - > mapped . account_name ,
lm_pwd , nt_pwd ) ;
NT_STATUS_NOT_OK_RETURN ( status ) ;
break ;
case AUTH_PASSWORD_RESPONSE :
2007-12-02 17:56:09 +01:00
status = ntlm_password_check ( mem_ctx ,
auth_context - > lp_ctx ,
user_info - > logon_parameters ,
2006-04-27 19:50:13 +00:00
& auth_context - > challenge . data ,
& user_info - > password . response . lanman ,
& user_info - > password . response . nt ,
user_info - > mapped . account_name ,
user_info - > client . account_name ,
user_info - > client . domain_name ,
lm_pwd , nt_pwd ,
user_sess_key , lm_sess_key ) ;
NT_STATUS_NOT_OK_RETURN ( status ) ;
break ;
}
if ( user_sess_key & & user_sess_key - > data ) {
talloc_steal ( auth_context , user_sess_key - > data ) ;
}
if ( lm_sess_key & & lm_sess_key - > data ) {
talloc_steal ( auth_context , lm_sess_key - > data ) ;
}
return NT_STATUS_OK ;
}
2005-07-22 04:10:07 +00:00
static NTSTATUS authsam_authenticate ( struct auth_context * auth_context ,
2005-06-05 13:41:32 +00:00
TALLOC_CTX * mem_ctx , struct ldb_context * sam_ctx ,
2005-01-09 12:55:25 +00:00
struct ldb_message * * msgs ,
2005-11-05 21:26:28 +00:00
struct ldb_message * * msgs_domain_ref ,
2005-01-09 12:55:25 +00:00
const struct auth_usersupplied_info * user_info ,
DATA_BLOB * user_sess_key , DATA_BLOB * lm_sess_key )
2004-10-25 04:25:29 +00:00
{
struct samr_Password * lm_pwd , * nt_pwd ;
NTSTATUS nt_status ;
2008-02-28 08:50:00 +11:00
struct ldb_dn * domain_dn = samdb_result_dn ( sam_ctx , mem_ctx , msgs_domain_ref [ 0 ] , " nCName " , NULL ) ;
uint16_t acct_flags = samdb_result_acct_flags ( sam_ctx , mem_ctx , msgs [ 0 ] , domain_dn ) ;
2004-05-13 15:34:56 +00:00
2004-05-02 08:45:00 +00:00
/* Quit if the account was locked out. */
2004-05-13 15:34:56 +00:00
if ( acct_flags & ACB_AUTOLOCK ) {
DEBUG ( 3 , ( " check_sam_security: Account for user %s was locked out. \n " ,
2005-07-22 04:10:07 +00:00
user_info - > mapped . account_name ) ) ;
2004-05-02 08:45:00 +00:00
return NT_STATUS_ACCOUNT_LOCKED_OUT ;
}
2005-10-28 11:20:48 +00:00
/* You can only do an interactive login to normal accounts */
if ( user_info - > flags & USER_INFO_INTERACTIVE_LOGON ) {
if ( ! ( acct_flags & ACB_NORMAL ) ) {
return NT_STATUS_NO_SUCH_USER ;
}
}
2005-01-09 12:55:25 +00:00
nt_status = samdb_result_passwords ( mem_ctx , msgs [ 0 ] , & lm_pwd , & nt_pwd ) ;
NT_STATUS_NOT_OK_RETURN ( nt_status ) ;
2004-05-13 15:34:56 +00:00
2005-01-09 12:55:25 +00:00
nt_status = authsam_password_ok ( auth_context , mem_ctx ,
acct_flags , lm_pwd , nt_pwd ,
user_info , user_sess_key , lm_sess_key ) ;
NT_STATUS_NOT_OK_RETURN ( nt_status ) ;
2003-08-13 01:53:07 +00:00
2005-11-05 21:26:28 +00:00
nt_status = authsam_account_ok ( mem_ctx , sam_ctx ,
2005-10-28 08:54:37 +00:00
user_info - > logon_parameters ,
2005-11-07 02:29:37 +00:00
msgs [ 0 ] ,
msgs_domain_ref [ 0 ] ,
2005-11-06 14:16:34 +00:00
user_info - > workstation_name ,
user_info - > mapped . account_name ) ;
2003-08-13 01:53:07 +00:00
2004-10-25 04:25:29 +00:00
return nt_status ;
}
2005-11-05 21:26:28 +00:00
2004-10-25 04:25:29 +00:00
2005-01-09 12:55:25 +00:00
static NTSTATUS authsam_check_password_internals ( struct auth_method_context * ctx ,
TALLOC_CTX * mem_ctx ,
const char * domain ,
const struct auth_usersupplied_info * user_info ,
struct auth_serversupplied_info * * server_info )
2004-10-25 04:25:29 +00:00
{
2005-01-09 12:55:25 +00:00
NTSTATUS nt_status ;
2005-07-22 04:10:07 +00:00
const char * account_name = user_info - > mapped . account_name ;
2004-10-25 04:25:29 +00:00
struct ldb_message * * msgs ;
2005-10-26 23:38:37 +00:00
struct ldb_message * * domain_ref_msgs ;
2005-06-05 13:41:32 +00:00
struct ldb_context * sam_ctx ;
2004-10-25 04:25:29 +00:00
DATA_BLOB user_sess_key , lm_sess_key ;
2006-01-31 03:15:16 +00:00
TALLOC_CTX * tmp_ctx ;
2004-10-25 04:25:29 +00:00
2005-01-09 12:55:25 +00:00
if ( ! account_name | | ! * account_name ) {
/* 'not for me' */
return NT_STATUS_NOT_IMPLEMENTED ;
2004-12-23 03:00:55 +00:00
}
2006-01-31 03:15:16 +00:00
tmp_ctx = talloc_new ( mem_ctx ) ;
if ( ! tmp_ctx ) {
return NT_STATUS_NO_MEMORY ;
}
2008-04-17 12:23:44 +02:00
sam_ctx = samdb_connect ( tmp_ctx , ctx - > auth_ctx - > event_ctx , ctx - > auth_ctx - > lp_ctx , system_session ( mem_ctx , ctx - > auth_ctx - > lp_ctx ) ) ;
2004-10-25 04:25:29 +00:00
if ( sam_ctx = = NULL ) {
2006-01-31 03:15:16 +00:00
talloc_free ( tmp_ctx ) ;
2004-10-25 04:25:29 +00:00
return NT_STATUS_INVALID_SYSTEM_SERVICE ;
}
2006-01-31 03:15:16 +00:00
nt_status = authsam_search_account ( tmp_ctx , sam_ctx , account_name , domain , & msgs , & domain_ref_msgs ) ;
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( tmp_ctx ) ;
return nt_status ;
}
2004-10-25 04:25:29 +00:00
2006-01-31 03:15:16 +00:00
nt_status = authsam_authenticate ( ctx - > auth_ctx , tmp_ctx , sam_ctx , msgs , domain_ref_msgs , user_info ,
2005-01-09 12:55:25 +00:00
& user_sess_key , & lm_sess_key ) ;
2006-01-31 03:15:16 +00:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( tmp_ctx ) ;
return nt_status ;
}
2004-10-25 04:25:29 +00:00
2007-12-03 15:53:28 +01:00
nt_status = authsam_make_server_info ( tmp_ctx , sam_ctx , lp_netbios_name ( ctx - > auth_ctx - > lp_ctx ) ,
msgs [ 0 ] , domain_ref_msgs [ 0 ] ,
2005-01-09 12:55:25 +00:00
user_sess_key , lm_sess_key ,
server_info ) ;
2006-01-31 03:15:16 +00:00
if ( ! NT_STATUS_IS_OK ( nt_status ) ) {
talloc_free ( tmp_ctx ) ;
return nt_status ;
}
2004-10-25 04:25:29 +00:00
2006-01-31 03:15:16 +00:00
talloc_steal ( mem_ctx , * server_info ) ;
talloc_free ( tmp_ctx ) ;
2005-01-24 02:19:57 +00:00
2004-10-25 04:25:29 +00:00
return NT_STATUS_OK ;
}
2006-07-27 11:24:18 +00:00
static NTSTATUS authsam_ignoredomain_want_check ( struct auth_method_context * ctx ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info )
{
if ( ! user_info - > mapped . account_name | | ! * user_info - > mapped . account_name ) {
return NT_STATUS_NOT_IMPLEMENTED ;
}
return NT_STATUS_OK ;
}
2005-01-09 12:55:25 +00:00
static NTSTATUS authsam_ignoredomain_check_password ( struct auth_method_context * ctx ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
struct auth_serversupplied_info * * server_info )
2004-10-25 04:25:29 +00:00
{
2005-01-09 12:55:25 +00:00
return authsam_check_password_internals ( ctx , mem_ctx , NULL , user_info , server_info ) ;
2004-10-25 04:25:29 +00:00
}
2003-08-13 01:53:07 +00:00
/****************************************************************************
Check SAM security ( above ) but with a few extra checks .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2006-07-27 11:24:18 +00:00
static NTSTATUS authsam_want_check ( struct auth_method_context * ctx ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info )
2003-08-13 01:53:07 +00:00
{
2007-10-01 18:52:55 +00:00
bool is_local_name , is_my_domain ;
2003-08-13 01:53:07 +00:00
2006-07-27 11:24:18 +00:00
if ( ! user_info - > mapped . account_name | | ! * user_info - > mapped . account_name ) {
return NT_STATUS_NOT_IMPLEMENTED ;
}
2007-12-02 17:56:09 +01:00
is_local_name = lp_is_myname ( ctx - > auth_ctx - > lp_ctx ,
2007-10-01 18:52:55 +00:00
user_info - > mapped . domain_name ) ;
2007-12-02 17:56:09 +01:00
is_my_domain = lp_is_mydomain ( ctx - > auth_ctx - > lp_ctx ,
2007-10-01 18:52:55 +00:00
user_info - > mapped . domain_name ) ;
2004-10-25 04:25:29 +00:00
/* check whether or not we service this domain/workgroup name */
2007-12-02 17:56:09 +01:00
switch ( lp_server_role ( ctx - > auth_ctx - > lp_ctx ) ) {
2004-10-25 04:25:29 +00:00
case ROLE_STANDALONE :
2006-07-27 11:24:18 +00:00
return NT_STATUS_OK ;
2004-10-25 04:25:29 +00:00
case ROLE_DOMAIN_MEMBER :
2005-01-09 12:55:25 +00:00
if ( ! is_local_name ) {
2006-07-27 11:24:18 +00:00
DEBUG ( 6 , ( " authsam_check_password: %s is not one of my local names (DOMAIN_MEMBER) \n " ,
user_info - > mapped . domain_name ) ) ;
2004-10-25 04:25:29 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-07-27 11:24:18 +00:00
return NT_STATUS_OK ;
2006-12-13 11:19:51 +00:00
case ROLE_DOMAIN_CONTROLLER :
2005-01-09 12:55:25 +00:00
if ( ! is_local_name & & ! is_my_domain ) {
DEBUG ( 6 , ( " authsam_check_password: %s is not one of my local names or domain name (DC) \n " ,
2005-07-22 04:10:07 +00:00
user_info - > mapped . domain_name ) ) ;
2004-10-25 04:25:29 +00:00
return NT_STATUS_NOT_IMPLEMENTED ;
}
2006-07-27 11:24:18 +00:00
return NT_STATUS_OK ;
}
DEBUG ( 6 , ( " authsam_check_password: lp_server_role() has an undefined value \n " ) ) ;
return NT_STATUS_NOT_IMPLEMENTED ;
}
/****************************************************************************
Check SAM security ( above ) but with a few extra checks .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static NTSTATUS authsam_check_password ( struct auth_method_context * ctx ,
TALLOC_CTX * mem_ctx ,
const struct auth_usersupplied_info * user_info ,
struct auth_serversupplied_info * * server_info )
{
const char * domain ;
/* check whether or not we service this domain/workgroup name */
2007-12-02 17:56:09 +01:00
switch ( lp_server_role ( ctx - > auth_ctx - > lp_ctx ) ) {
2006-07-27 11:24:18 +00:00
case ROLE_STANDALONE :
case ROLE_DOMAIN_MEMBER :
2007-12-02 17:56:09 +01:00
domain = lp_netbios_name ( ctx - > auth_ctx - > lp_ctx ) ;
2006-07-27 11:24:18 +00:00
break ;
2006-12-13 11:19:51 +00:00
case ROLE_DOMAIN_CONTROLLER :
2007-12-02 17:56:09 +01:00
domain = lp_workgroup ( ctx - > auth_ctx - > lp_ctx ) ;
2004-10-25 04:25:29 +00:00
break ;
2006-07-27 11:24:18 +00:00
2005-01-09 12:55:25 +00:00
default :
2006-07-27 11:24:18 +00:00
return NT_STATUS_NO_SUCH_USER ;
2003-08-13 01:53:07 +00:00
}
2005-01-09 12:55:25 +00:00
return authsam_check_password_internals ( ctx , mem_ctx , domain , user_info , server_info ) ;
2003-08-13 01:53:07 +00:00
}
2005-01-09 12:55:25 +00:00
static const struct auth_operations sam_ignoredomain_ops = {
. name = " sam_ignoredomain " ,
. get_challenge = auth_get_challenge_not_implemented ,
2006-07-27 11:24:18 +00:00
. want_check = authsam_ignoredomain_want_check ,
2005-01-09 12:55:25 +00:00
. check_password = authsam_ignoredomain_check_password
} ;
2003-08-13 01:53:07 +00:00
2005-01-09 12:55:25 +00:00
static const struct auth_operations sam_ops = {
. name = " sam " ,
. get_challenge = auth_get_challenge_not_implemented ,
2006-07-27 11:24:18 +00:00
. want_check = authsam_want_check ,
2005-01-09 12:55:25 +00:00
. check_password = authsam_check_password
} ;
2004-02-03 11:10:56 +00:00
2008-02-20 19:34:45 +01:00
_PUBLIC_ NTSTATUS auth_sam_init ( void )
2004-02-03 11:10:56 +00:00
{
NTSTATUS ret ;
2005-01-09 12:55:25 +00:00
ret = auth_register ( & sam_ops ) ;
2004-02-03 11:10:56 +00:00
if ( ! NT_STATUS_IS_OK ( ret ) ) {
2005-01-09 12:55:25 +00:00
DEBUG ( 0 , ( " Failed to register 'sam' auth backend! \n " ) ) ;
2004-02-03 11:10:56 +00:00
return ret ;
}
2005-01-09 12:55:25 +00:00
ret = auth_register ( & sam_ignoredomain_ops ) ;
2004-02-03 11:10:56 +00:00
if ( ! NT_STATUS_IS_OK ( ret ) ) {
2005-01-09 12:55:25 +00:00
DEBUG ( 0 , ( " Failed to register 'sam_ignoredomain' auth backend! \n " ) ) ;
2004-02-03 11:10:56 +00:00
return ret ;
}
return ret ;
}
