summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-05 04:55:41 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-05 04:55:41 +0000
commit2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 (patch)
tree257e7ba36de49aca7039b32a8611fc8b6dea9555 /source3/rpc_server
parent5a9c2f74ab0285859a6942bbc06d9e726cc69d19 (diff)
downloadsamba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.gz
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.tar.bz2
samba-2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95.zip
I've decided to move the auth code around a bit more...
The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_netlog_nt.c62
-rw-r--r--source3/rpc_server/srv_pipe.c8
2 files changed, 39 insertions, 31 deletions
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 634e2540fa..fbab46022c 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -568,19 +568,24 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
switch (ctr->switch_value) {
case NET_LOGON_TYPE:
{
- auth_authsupplied_info *auth_info = NULL;
- make_auth_info_fixed(&auth_info, ctr->auth.id2.lm_chal);
+ struct auth_context *auth_context = NULL;
+ if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) {
+ return status;
+ }
+
/* Standard challenge/response authenticaion */
- make_user_info_netlogon_network(&user_info,
- nt_username, nt_domain,
- nt_workstation,
- ctr->auth.id2.lm_chal_resp.buffer,
- ctr->auth.id2.lm_chal_resp.str_str_len,
- ctr->auth.id2.nt_chal_resp.buffer,
- ctr->auth.id2.nt_chal_resp.str_str_len);
-
- status = check_password(user_info, auth_info, &server_info);
- free_auth_info(&auth_info);
+ if (!make_user_info_netlogon_network(&user_info,
+ nt_username, nt_domain,
+ nt_workstation,
+ ctr->auth.id2.lm_chal_resp.buffer,
+ ctr->auth.id2.lm_chal_resp.str_str_len,
+ ctr->auth.id2.nt_chal_resp.buffer,
+ ctr->auth.id2.nt_chal_resp.str_str_len)) {
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
+ }
+ auth_context->free(&auth_context);
break;
}
@@ -590,23 +595,26 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON *
convert this to chellange/responce for the auth
subsystem to chew on */
{
- auth_authsupplied_info *auth_info = NULL;
- DATA_BLOB chal;
- if (!make_auth_info_subsystem(&auth_info)) {
- return NT_STATUS_NO_MEMORY;
+ struct auth_context *auth_context = NULL;
+ const uint8 *chal;
+ if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) {
+ return status;
}
- chal = auth_get_challenge(auth_info);
-
- make_user_info_netlogon_interactive(&user_info,
- nt_username, nt_domain,
- nt_workstation, chal.data,
- ctr->auth.id1.lm_owf.data,
- ctr->auth.id1.nt_owf.data,
- p->dc.sess_key);
- status = check_password(user_info, auth_info, &server_info);
- data_blob_free(&chal);
- free_auth_info(&auth_info);
+ chal = auth_context->get_ntlm_challenge(auth_context);
+
+ if (!make_user_info_netlogon_interactive(&user_info,
+ nt_username, nt_domain,
+ nt_workstation, chal,
+ ctr->auth.id1.lm_owf.data,
+ ctr->auth.id1.nt_owf.data,
+ p->dc.sess_key)) {
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
+ }
+
+ auth_context->free(&auth_context);
break;
}
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index c97619c4b6..36ca7e0686 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -270,8 +270,8 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
NTSTATUS nt_status;
+ struct auth_context *auth_context = NULL;
auth_usersupplied_info *user_info = NULL;
- auth_authsupplied_info *auth_info = NULL;
auth_serversupplied_info *server_info = NULL;
uid_t uid;
@@ -345,7 +345,7 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
}
- make_auth_info_fixed(&auth_info, (uchar*)p->challenge);
+ make_auth_context_fixed(&auth_context, (uchar*)p->challenge);
if (!make_user_info_netlogon_network(&user_info,
user_name, domain, wks,
@@ -355,9 +355,9 @@ static BOOL api_pipe_ntlmssp_verify(pipes_struct *p, RPC_AUTH_NTLMSSP_RESP *ntlm
return False;
}
- nt_status = check_password(user_info, auth_info, &server_info);
+ nt_status = auth_context->check_ntlm_password(auth_context, user_info, &server_info);
- free_auth_info(&auth_info);
+ auth_context->free(&auth_context);
free_user_info(&user_info);
p->ntlmssp_auth_validated = NT_STATUS_IS_OK(nt_status);