diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-01-05 04:55:41 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-05 04:55:41 +0000 |
commit | 2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 (patch) | |
tree | 257e7ba36de49aca7039b32a8611fc8b6dea9555 /source3/auth/auth_server.c | |
parent | 5a9c2f74ab0285859a6942bbc06d9e726cc69d19 (diff) | |
download | samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.gz samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.bz2 samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.zip |
I've decided to move the auth code around a bit more...
The auth_authsupplied_info typedef is now just a plain struct - auth_context,
but it has been modified to contain the function pointers to the rest
of the auth subsystem's components.
(Who needs non-static functions anyway?)
In working all this mess out, I fixed a number of memory leaks and moved the
entire auth subsystem over to talloc().
Note that the TALLOC_CTX attached to the auth_context can be rather long-lived,
it is provided for things that are intended to live as long. (The
global_negprot_auth_context lasts the whole life of the smbd).
I've also adjusted a few things in auth_domain.c, mainly passing the domain as
a paramater to a few functions instead of looking up lp_workgroup(). I'm
hopign to make this entire thing a bit more trusted domains (as PDC) freindly
in the near future.
Other than that, I moved a bit of the code around, hence the rather messy diff.
Andrew Bartlett
(This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
Diffstat (limited to 'source3/auth/auth_server.c')
-rw-r--r-- | source3/auth/auth_server.c | 22 |
1 files changed, 12 insertions, 10 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7178e3147c..c83230b716 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -134,9 +134,9 @@ static void send_server_keepalive(void **private_data_pointer) Get the challenge out of a password server. ****************************************************************************/ -static DATA_BLOB auth_get_challenge_server(void **my_private_data, - TALLOC_CTX *mem_ctx, - const struct authsupplied_info *auth_info) +static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx) { struct cli_state *cli = server_cryptkey(mem_ctx); @@ -161,8 +161,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, } *my_private_data = (void *)cli; - - return data_blob(cli->secblob.data,8); + + /* The return must be allocated on the caller's mem_ctx, as our own will be + destoyed just after the call. */ + return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); } else { return data_blob(NULL, 0); } @@ -174,10 +176,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, - Validate a password with the password server. ****************************************************************************/ -static NTSTATUS check_smbserver_security(void *my_private_data, +static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, + void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, - const auth_authsupplied_info *auth_info, auth_serversupplied_info **server_info) { struct cli_state *cli; @@ -218,7 +220,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, return NT_STATUS_LOGON_FAILURE; } } else { - if (memcmp(cli->secblob.data, auth_info->challenge.data, 8) != 0) { + if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) { DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } @@ -353,9 +355,9 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(auth_methods **auth_method) +BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) { - if (!make_auth_methods(auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) { return False; } (*auth_method)->auth = check_smbserver_security; |