summaryrefslogtreecommitdiff
path: root/source3/auth/auth_info.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-05 04:55:41 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-05 04:55:41 +0000
commit2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 (patch)
tree257e7ba36de49aca7039b32a8611fc8b6dea9555 /source3/auth/auth_info.c
parent5a9c2f74ab0285859a6942bbc06d9e726cc69d19 (diff)
downloadsamba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.gz
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.bz2
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.zip
I've decided to move the auth code around a bit more...
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
Diffstat (limited to 'source3/auth/auth_info.c')
-rw-r--r--source3/auth/auth_info.c313
1 files changed, 0 insertions, 313 deletions
diff --git a/source3/auth/auth_info.c b/source3/auth/auth_info.c
deleted file mode 100644
index 9d399a88eb..0000000000
--- a/source3/auth/auth_info.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/*
- Unix SMB/Netbios implementation.
- Version 3.0.
- Authentication utility functions
- Copyright (C) Andrew Bartlett 2001
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/** List of various built-in authenticaion modules */
-
-const struct auth_init_function builtin_auth_init_functions[] = {
- { "guest", auth_init_guest },
- { "rhosts", auth_init_rhosts },
- { "hostsequiv", auth_init_hostsequiv },
- { "sam", auth_init_sam },
- { "samstrict", auth_init_samstrict },
- { "unix", auth_init_unix },
- { "smbserver", auth_init_smbserver },
- { "ntdomain", auth_init_ntdomain },
- { "winbind", auth_init_winbind },
-#ifdef DEVELOPER
- { "name_to_ntstatus", auth_init_name_to_ntstatus },
-#endif
- { NULL, NULL}
-};
-
-/***************************************************************************
- Free a linked list of auth methods
-***************************************************************************/
-
-static void free_auth_methods_list(auth_methods **list)
-{
- if (list != NULL) {
- while (*list) {
- auth_methods *old_head = *list;
- if ((*list)->free_private_data) {
- (*list)->free_private_data(&((*list)->private_data));
- }
- DLIST_REMOVE(*list, *list);
- SAFE_FREE(old_head);
- }
-
- }
-}
-
-/***************************************************************************
- Make a auth_info struct
-***************************************************************************/
-
-static BOOL make_auth_info(auth_authsupplied_info **auth_info)
-{
- *auth_info = malloc(sizeof(**auth_info));
- if (!*auth_info) {
- DEBUG(0,("make_auth_info: malloc failed!\n"));
- return False;
- }
- ZERO_STRUCTP(*auth_info);
-
- return True;
-}
-
-/***************************************************************************
- Make a auth_info struct with a specified list.
-***************************************************************************/
-
-BOOL make_auth_info_list(auth_authsupplied_info **auth_info, auth_methods *list)
-{
- if (!make_auth_info(auth_info)) {
- return False;
- }
-
- (*auth_info)->auth_method_list = list;
-
- return True;
-}
-
-/***************************************************************************
- Make a auth_info struct for the auth subsystem
-***************************************************************************/
-
-static BOOL make_auth_info_text_list(auth_authsupplied_info **auth_info, char **text_list)
-{
- auth_methods *list = NULL;
- auth_methods *t = NULL;
- auth_methods *tmp;
- int i;
-
- if (!text_list) {
- DEBUG(2,("No auth method list!?\n"));
- return False;
- }
-
- for (;*text_list; text_list++)
- {
- DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list));
- for (i = 0; builtin_auth_init_functions[i].name; i++)
- {
- if (strequal(builtin_auth_init_functions[i].name, *text_list))
- {
- DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i));
- if (builtin_auth_init_functions[i].init(&t)) {
- DEBUG(5,("auth method %s has a valid init\n", *text_list));
- t->name = builtin_auth_init_functions[i].name;
- DLIST_ADD_END(list, t, tmp);
- } else {
- DEBUG(5,("auth method %s DOES NOT have a valid init\n", *text_list));
- }
- break;
- }
- }
- }
-
- if (!make_auth_info_list(auth_info, list)) {
- free_auth_methods_list(&list);
- return False;
- }
-
- return True;
-}
-
-/***************************************************************************
- Make a auth_info struct for the auth subsystem
-***************************************************************************/
-
-BOOL make_auth_info_subsystem(auth_authsupplied_info **auth_info)
-{
- char **auth_method_list = NULL;
-
- if (lp_auth_methods() && !lp_list_copy(&auth_method_list, lp_auth_methods())) {
- return False;
- }
-
- if (auth_method_list == NULL) {
- switch (lp_security())
- {
- case SEC_DOMAIN:
- DEBUG(5,("Making default auth method list for security=domain\n"));
- auth_method_list = lp_list_make("guest samstrict ntdomain");
- break;
- case SEC_SERVER:
- DEBUG(5,("Making default auth method list for security=server\n"));
- auth_method_list = lp_list_make("guest samstrict smbserver");
- break;
- case SEC_USER:
- if (lp_encrypted_passwords()) {
- DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n"));
- auth_method_list = lp_list_make("guest sam");
- } else {
- DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n"));
- auth_method_list = lp_list_make("guest unix");
- }
- break;
- case SEC_SHARE:
- if (lp_encrypted_passwords()) {
- DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n"));
- auth_method_list = lp_list_make("guest sam");
- } else {
- DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n"));
- auth_method_list = lp_list_make("guest unix");
- }
- break;
- case SEC_ADS:
- DEBUG(5,("Making default auth method list for security=ADS\n"));
- auth_method_list = lp_list_make("guest samstrict ads ntdomain");
- break;
- default:
- DEBUG(5,("Unknown auth method!\n"));
- return False;
- }
- } else {
- DEBUG(5,("Using specified auth order\n"));
- }
-
- if (!make_auth_info_text_list(auth_info, auth_method_list)) {
- lp_list_free(&auth_method_list);
- return False;
- }
-
- lp_list_free(&auth_method_list);
- return True;
-}
-
-/***************************************************************************
- Make a auth_info struct with a random challenge
-***************************************************************************/
-
-BOOL make_auth_info_random(auth_authsupplied_info **auth_info)
-{
- uchar chal[8];
- if (!make_auth_info_subsystem(auth_info)) {
- return False;
- }
-
- generate_random_buffer(chal, sizeof(chal), False);
- (*auth_info)->challenge = data_blob(chal, sizeof(chal));
-
- (*auth_info)->challenge_set_by = "random";
-
- return True;
-}
-
-/***************************************************************************
- Make a auth_info struct with a fixed challenge
-***************************************************************************/
-
-BOOL make_auth_info_fixed(auth_authsupplied_info **auth_info, uchar chal[8])
-{
- if (!make_auth_info_subsystem(auth_info)) {
- return False;
- }
-
- (*auth_info)->challenge = data_blob(chal, 8);
- return True;
-}
-
-/***************************************************************************
- Clear out a auth_info struct that has been allocated
-***************************************************************************/
-
-void free_auth_info(auth_authsupplied_info **auth_info)
-{
- if (*auth_info != NULL) {
- free_auth_methods_list(&(*auth_info)->auth_method_list);
-
- data_blob_free(&(*auth_info)->challenge);
- ZERO_STRUCT(**auth_info);
- }
- SAFE_FREE(*auth_info);
-}
-
-/****************************************************************************
- Try to get a challenge out of the various authenticaion modules.
- It is up to the caller to free it.
-****************************************************************************/
-
-DATA_BLOB auth_get_challenge(auth_authsupplied_info *auth_info)
-{
- DATA_BLOB challenge = data_blob(NULL, 0);
- char *challenge_set_by = NULL;
- auth_methods *auth_method;
- TALLOC_CTX *mem_ctx;
-
- if (auth_info->challenge.length) {
- DEBUG(5, ("auth_get_challenge: returning previous challenge (normal)\n"));
- return data_blob(auth_info->challenge.data, auth_info->challenge.length);
- }
-
- for (auth_method = auth_info->auth_method_list; auth_method; auth_method = auth_method->next)
- {
- if (auth_method->get_chal) {
- DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name));
- if (challenge_set_by) {
- DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authenticaion method %s has already specified a challenge. Challenge by %s ignored.\n",
- challenge_set_by, auth_method->name));
- } else {
- mem_ctx = talloc_init_named("auth_get_challange for module %s", auth_method->name);
- if (!mem_ctx) {
- smb_panic("talloc_init_named() failed!");
- }
-
- challenge = auth_method->get_chal(&auth_method->private_data, mem_ctx, auth_info);
- if (challenge.length) {
- DEBUG(5, ("auth_get_challenge: sucessfully got challenge from module %s\n", auth_method->name));
- auth_info->challenge = challenge;
- challenge_set_by = auth_method->name;
- auth_info->challenge_set_method = auth_method;
- } else {
- DEBUG(3, ("auth_get_challenge: getting challenge from authenticaion method %s FAILED.\n",
- auth_method->name));
- }
- talloc_destroy(mem_ctx);
- }
- } else {
- DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
- }
- }
-
- if (!challenge_set_by) {
- uchar chal[8];
-
- generate_random_buffer(chal, sizeof(chal), False);
- auth_info->challenge = data_blob(chal, sizeof(chal));
-
- challenge_set_by = "random";
- }
-
- DEBUG(5, ("auth_info challenge created by %s\n", challenge_set_by));
- DEBUG(5, ("challenge is: \n"));
- dump_data(5, auth_info->challenge.data, (auth_info)->challenge.length);
-
- SMB_ASSERT(auth_info->challenge.length == 8);
-
- auth_info->challenge_set_by=challenge_set_by;
-
- return data_blob(auth_info->challenge.data, auth_info->challenge.length);
-}
-
-