summaryrefslogtreecommitdiff
path: root/source3/auth
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2002-12-11 23:54:40 +0000
committerJeremy Allison <jra@samba.org>2002-12-11 23:54:40 +0000
commit39c78bf516f4db59fd3c218f67d13dd658daf558 (patch)
tree6ae1bf309e022605c3256546c2960f4a10295e4b /source3/auth
parentf2def025e277081ac86d68060fed3e10994eaa44 (diff)
downloadsamba-39c78bf516f4db59fd3c218f67d13dd658daf558.tar.gz
samba-39c78bf516f4db59fd3c218f67d13dd658daf558.tar.bz2
samba-39c78bf516f4db59fd3c218f67d13dd658daf558.zip
Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.
Jeremy. (This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
Diffstat (limited to 'source3/auth')
-rw-r--r--source3/auth/auth.c99
-rw-r--r--source3/auth/auth_builtin.c27
2 files changed, 58 insertions, 68 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 232d401a24..d730e39f44 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -61,8 +61,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
return auth_context->challenge.data;
}
- for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next)
- {
+ for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) {
if (auth_method->get_chal == NULL) {
DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
continue;
@@ -183,18 +182,18 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
auth_methods *auth_method;
TALLOC_CTX *mem_ctx;
- if (!user_info || !auth_context || !server_info) {
+ if (!user_info || !auth_context || !server_info)
return NT_STATUS_LOGON_FAILURE;
- }
- DEBUG(3, ("check_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
+ DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str));
- DEBUG(3, ("check_password: mapped user is: [%s]\\[%s]@[%s]\n",
+ DEBUG(3, ("check_ntlm_password: mapped user is: [%s]\\[%s]@[%s]\n",
user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str));
- if (auth_context->challenge_set_by) {
- DEBUG(10, ("auth_context challenge created by %s\n", auth_context->challenge_set_by));
- }
+ if (auth_context->challenge_set_by)
+ DEBUG(10, ("check_ntlm_password: auth_context challenge created by %s\n",
+ auth_context->challenge_set_by));
+
DEBUG(10, ("challenge is: \n"));
dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
@@ -208,37 +207,33 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
#endif
/* This needs to be sorted: If it doesn't match, what should we do? */
- if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) {
+ if (!check_domain_match(user_info->smb_name.str, user_info->domain.str))
return NT_STATUS_LOGON_FAILURE;
- }
- for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next)
- {
+ for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
mem_ctx = talloc_init_named("%s authentication for user %s\\%s", auth_method->name,
user_info->domain.str, user_info->smb_name.str);
nt_status = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3, ("check_password: %s authentication for user [%s] suceeded\n",
+ DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] suceeded\n",
auth_method->name, user_info->smb_name.str));
} else {
- DEBUG(5, ("check_password: %s authentication for user [%s] FAILED with error %s\n",
+ DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n",
auth_method->name, user_info->smb_name.str, nt_errstr(nt_status)));
}
talloc_destroy(mem_ctx);
- if (NT_STATUS_IS_OK(nt_status)) {
+ if (NT_STATUS_IS_OK(nt_status))
break;
- }
}
/* This is one of the few places the *relies* (rather than just sets defaults
on the value of lp_security(). This needs to change. A new paramater
perhaps? */
- if (lp_security() >= SEC_SERVER) {
+ if (lp_security() >= SEC_SERVER)
smb_user_control(user_info, *server_info, nt_status);
- }
if (NT_STATUS_IS_OK(nt_status)) {
pdb_username = pdb_get_username((*server_info)->sam_account);
@@ -249,17 +244,17 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
unbecome_root();
if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5, ("check_password: PAM Account for user [%s] suceeded\n",
+ DEBUG(5, ("check_ntlm_password: PAM Account for user [%s] suceeded\n",
pdb_username));
} else {
- DEBUG(3, ("check_password: PAM Account for user [%s] FAILED with error %s\n",
+ DEBUG(3, ("check_ntlm_password: PAM Account for user [%s] FAILED with error %s\n",
pdb_username, nt_errstr(nt_status)));
}
}
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG((*server_info)->guest ? 5 : 2,
- ("check_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n",
+ ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n",
(*server_info)->guest ? "guest " : "",
user_info->smb_name.str,
user_info->internal_username.str,
@@ -268,7 +263,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
}
if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(2, ("check_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
+ DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
user_info->smb_name.str, user_info->internal_username.str,
nt_errstr(nt_status)));
ZERO_STRUCTP(server_info);
@@ -282,9 +277,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
static void free_auth_context(struct auth_context **auth_context)
{
- if (*auth_context != NULL) {
+ if (*auth_context != NULL)
talloc_destroy((*auth_context)->mem_ctx);
- }
*auth_context = NULL;
}
@@ -327,48 +321,43 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
NTSTATUS nt_status;
if (!text_list) {
- DEBUG(2,("No auth method list!?\n"));
+ DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) {
+ if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
return nt_status;
- }
- for (;*text_list; text_list++)
- {
- DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list));
- for (i = 0; builtin_auth_init_functions[i].name; i++)
- {
- if (strequal(builtin_auth_init_functions[i].name, *text_list))
- {
-
- char *module_name = smb_xstrdup(*text_list);
- char *module_params = NULL;
- char *p;
-
- p = strchr(module_name, ':');
-
- if (p) {
- *p = 0;
-
- module_params = p+1;
-
- trim_string(module_params, " ", " ");
- }
-
- trim_string(module_name, " ", " ");
+ for (;*text_list; text_list++) {
+ DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n",
+ *text_list));
+ for (i = 0; builtin_auth_init_functions[i].name; i++) {
+ char *module_name = smb_xstrdup(*text_list);
+ char *module_params = NULL;
+ char *p;
+
+ p = strchr(module_name, ':');
+ if (p) {
+ *p = 0;
+ module_params = p+1;
+ trim_string(module_params, " ", " ");
+ }
+
+ trim_string(module_name, " ", " ");
- DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i));
+ if (strequal(builtin_auth_init_functions[i].name, module_name)) {
+ DEBUG(5,("make_auth_context_text_list: Found auth method %s (at pos %d)\n", *text_list, i));
if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) {
- DEBUG(5,("auth method %s has a valid init\n", *text_list));
+ DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
+ *text_list));
DLIST_ADD_END(list, t, tmp);
} else {
- DEBUG(0,("auth method %s did not correctly init\n", *text_list));
+ DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
+ *text_list));
}
- SAFE_FREE(module_name);
break;
}
+ SAFE_FREE(module_name);
}
}
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index f55f662a40..32f39311dc 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -49,11 +49,11 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
}
/* Guest modules initialisation */
+
NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ if (!make_auth_methods(auth_context, auth_method))
return NT_STATUS_NO_MEMORY;
- }
(*auth_method)->auth = check_guest_security;
(*auth_method)->name = "guest";
@@ -92,7 +92,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
strlower(user);
error_num = strtoul(user, NULL, 16);
- DEBUG(5,("Error for user %s was %lx\n", user, error_num));
+ DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
nt_status = NT_STATUS(error_num);
@@ -100,11 +100,11 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
}
/** Module initailisation function */
+
NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ if (!make_auth_methods(auth_context, auth_method))
return NT_STATUS_NO_MEMORY;
- }
(*auth_method)->auth = check_name_to_ntstatus_security;
(*auth_method)->name = "name_to_ntstatus";
@@ -149,11 +149,11 @@ static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_contex
/** Module initailisation function */
+
NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ if (!make_auth_methods(auth_context, auth_method))
return NT_STATUS_NO_MEMORY;
- }
(*auth_method)->auth = check_fixed_challenge_security;
(*auth_method)->get_chal = auth_get_fixed_challenge;
@@ -168,6 +168,7 @@ NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char
**/
/* Plugin modules initialisation */
+
NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
void * dl_handle;
@@ -175,7 +176,7 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
auth_init_function plugin_init;
if (param == NULL) {
- DEBUG(0, ("The plugin module needs an argument!\n"));
+ DEBUG(0, ("auth_init_plugin: The plugin module needs an argument!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
@@ -189,21 +190,21 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
trim_string(plugin_name, " ", " ");
- DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name));
+ DEBUG(5, ("auth_init_plugin: Trying to load auth plugin %s\n", plugin_name));
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
if (!dl_handle) {
- DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
+ DEBUG(0, ("auth_init_plugin: Failed to load auth plugin %s using sys_dlopen (%s)\n",
+ plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_init = sys_dlsym(dl_handle, "auth_init");
if (!plugin_init){
- DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
+ DEBUG(0, ("Failed to find function 'auth_init' using sys_dlsym in sam plugin %s (%s)\n",
+ plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)"));
return plugin_init(auth_context, plugin_param, auth_method);
}
-
-