I've decided to move the auth code around a bit more...

The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
author: Andrew Bartlett <abartlet@samba.org> 2002-01-05 04:55:41 +0000
committer: Andrew Bartlett <abartlet@samba.org> 2002-01-05 04:55:41 +0000
commit: 2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 (patch)
tree: 257e7ba36de49aca7039b32a8611fc8b6dea9555 /source3/auth/auth_sam.c
parent: 5a9c2f74ab0285859a6942bbc06d9e726cc69d19 (diff)
download: samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.gz
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.bz2
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.zip
1 files changed, 30 insertions, 28 deletions
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index c8b5386f7a..f1bcae461e 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -27,9 +27,9 @@
 core of smb password checking routine.
 ****************************************************************************/
 static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
-				const uchar *part_passwd,
-				DATA_BLOB sec_blob,
-				uint8 user_sess_key[16])
+				 const uchar *part_passwd,
+				 DATA_BLOB sec_blob,
+				 uint8 user_sess_key[16])
 {
 	/* Finish the encryption of part_passwd. */
 	uchar p24[24];
@@ -75,10 +75,10 @@ static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response,
 core of smb password checking routine.
 ****************************************************************************/
 static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
-				const uchar *part_passwd,
-				const DATA_BLOB sec_blob,
-				const char *user, const char *domain,
-				uint8 user_sess_key[16])
+				 const uchar *part_passwd,
+				 const DATA_BLOB sec_blob,
+				 const char *user, const char *domain,
+				 uint8 user_sess_key[16])
 {
 	/* Finish the encryption of part_passwd. */
 	uchar kr[16];
@@ -132,10 +132,10 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response,
  Do a specific test for an smb password being correct, given a smb_password and
  the lanman and NT responses.
 ****************************************************************************/
-static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
+static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
+				TALLOC_CTX *mem_ctx,
 				SAM_ACCOUNT *sampass, 
 				const auth_usersupplied_info *user_info, 
-				const auth_authsupplied_info *auth_info,
 				uint8 user_sess_key[16])
 {
 	uint16 acct_ctrl;
@@ -175,7 +175,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 		*/
 		DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n"));
 		if (smb_pwd_check_ntlmv2( user_info->nt_resp, 
-					  nt_pw, auth_info->challenge, 
+					  nt_pw, auth_context->challenge, 
 					  user_info->smb_name.str, 
 					  user_info->client_domain.str,
 					  user_sess_key))
@@ -192,7 +192,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 			*/
 			DEBUG(4,("sam_password_ok: Checking NT MD4 password\n"));
 			if (smb_pwd_check_ntlmv1(user_info->nt_resp, 
-						 nt_pw, auth_info->challenge,
+						 nt_pw, auth_context->challenge,
 						 user_sess_key)) 
 			{
 				return NT_STATUS_OK;
@@ -225,7 +225,7 @@ static NTSTATUS sam_password_ok(TALLOC_CTX *mem_ctx,
 		
 		DEBUG(4,("sam_password_ok: Checking LM password\n"));
 		if (smb_pwd_check_ntlmv1(user_info->lm_resp, 
-					 lm_pw, auth_info->challenge,
+					 lm_pw, auth_context->challenge,
 					 user_sess_key)) 
 		{
 			return NT_STATUS_OK;
@@ -337,10 +337,10 @@ SMB hash supplied in the user_info structure
 return an NT_STATUS constant.
 ****************************************************************************/
 
-static NTSTATUS check_sam_security(void *my_private_data,
+static NTSTATUS check_sam_security(const struct auth_context *auth_context,
+				   void *my_private_data, 
 				   TALLOC_CTX *mem_ctx,
 				   const auth_usersupplied_info *user_info, 
-				   const auth_authsupplied_info *auth_info,
 				   auth_serversupplied_info **server_info)
 {
 	SAM_ACCOUNT *sampass=NULL;
@@ -349,8 +349,8 @@ static NTSTATUS check_sam_security(void *my_private_data,
 	uint8 user_sess_key[16];
 	const uint8* lm_hash;
 
-	if (!user_info || !auth_info) {
-		return NT_STATUS_LOGON_FAILURE;
+	if (!user_info || !auth_context) {
+		return NT_STATUS_UNSUCCESSFUL;
 	}
 
 	if (!pdb_init_sam(&sampass)) {
@@ -370,7 +370,7 @@ static NTSTATUS check_sam_security(void *my_private_data,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 
-	nt_status = sam_password_ok(mem_ctx, sampass, user_info, auth_info, user_sess_key);
+	nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
 		pdb_free_sam(&sampass);
@@ -399,9 +399,10 @@ static NTSTATUS check_sam_security(void *my_private_data,
 	return nt_status;
 }
 
-BOOL auth_init_sam(auth_methods **auth_method) 
+/* module initialisation */
+BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method) 
 {
-	if (!make_auth_methods(auth_method)) {
+	if (!make_auth_methods(auth_context, auth_method)) {
 		return False;
 	}
 
@@ -409,20 +410,19 @@ BOOL auth_init_sam(auth_methods **auth_method)
 	return True;
 }
 
+
 /****************************************************************************
-check if a username/password is OK assuming the password is a 24 byte
-SMB hash supplied in the user_info structure
-return an NT_STATUS constant.
+Check SAM security (above) but with a few extra checks.
 ****************************************************************************/
 
-static NTSTATUS check_samstrict_security(void *my_private_data,
+static NTSTATUS check_samstrict_security(const struct auth_context *auth_context,
+					 void *my_private_data, 
 					 TALLOC_CTX *mem_ctx,
 					 const auth_usersupplied_info *user_info, 
-					 const auth_authsupplied_info *auth_info,
 					 auth_serversupplied_info **server_info)
 {
 
-	if (!user_info || !auth_info) {
+	if (!user_info || !auth_context) {
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
@@ -434,12 +434,13 @@ static NTSTATUS check_samstrict_security(void *my_private_data,
 		return NT_STATUS_NO_SUCH_USER;
 	}
 	
-	return check_sam_security(my_private_data, mem_ctx, user_info, auth_info, server_info);
+	return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info);
 }
 
-BOOL auth_init_samstrict(auth_methods **auth_method) 
+/* module initialisation */
+BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method) 
 {
-	if (!make_auth_methods(auth_method)) {
+	if (!make_auth_methods(auth_context, auth_method)) {
 		return False;
 	}
 
@@ -447,3 +448,4 @@ BOOL auth_init_samstrict(auth_methods **auth_method)
 	return True;
 }
 
+
author	Andrew Bartlett <abartlet@samba.org>	2002-01-05 04:55:41 +0000
committer	Andrew Bartlett <abartlet@samba.org>	2002-01-05 04:55:41 +0000
commit	2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 (patch)
tree	257e7ba36de49aca7039b32a8611fc8b6dea9555 /source3/auth/auth_sam.c
parent	5a9c2f74ab0285859a6942bbc06d9e726cc69d19 (diff)
download	samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.gz samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.bz2 samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.zip