diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2005-07-22 04:10:07 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:29:55 -0500 |
| commit | b16362fab65d0700bd6a8cf6569a9e21c7e6b069 (patch) | |
| tree | cd68807d497dac925038d03c3786308825b02e10 /source4/auth/auth.c | |
| parent | 176c0d1b771d0e81167a12eb81eddb40732b074a (diff) | |
| download | samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.gz samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.tar.bz2 samba-b16362fab65d0700bd6a8cf6569a9e21c7e6b069.zip | |
r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the
user_info strcture in auth/
This moves it to a pattern much like that found in ntvfs, with
functions to migrate between PAIN, HASH and RESPONSE passwords.
Instead of make_user_info*() functions, we simply fill in the control
block in the callers, per recent dicussions on the lists. This
removed a lot of data copies as well as error paths, as we can grab
much of it with talloc.
Andrew Bartlett
(This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88)
Diffstat (limited to 'source4/auth/auth.c')
| -rw-r--r-- | source4/auth/auth.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c index d05aa54e50..db1a0a1c71 100644 --- a/source4/auth/auth.c +++ b/source4/auth/auth.c @@ -113,7 +113,6 @@ NTSTATUS auth_get_challenge(struct auth_context *auth_ctx, const uint8_t **_chal * of that structure is undefined. * * @param user_info Contains the user supplied components, including the passwords. - * Must be created with make_user_info() or one of its wrappers. * * @param auth_context Supplies the challenges and some other data. * Must be created with make_auth_context(), and the challenges should be @@ -133,16 +132,25 @@ NTSTATUS auth_check_password(struct auth_context *auth_ctx, struct auth_serversupplied_info **server_info) { /* if all the modules say 'not for me' this is reasonable */ - NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; + NTSTATUS nt_status; struct auth_method_context *method; const char *method_name = "NO METHOD"; const uint8_t *challenge; + struct auth_usersupplied_info *user_info_tmp; DEBUG(3, ("auth_check_password: Checking password for unmapped user [%s]\\[%s]@[%s]\n", user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name)); + if (!user_info->mapped_state) { + nt_status = map_user_info(mem_ctx, user_info, &user_info_tmp); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + user_info = user_info_tmp; + } + DEBUGADD(3,("auth_check_password: mapped user is: [%s]\\[%s]@[%s]\n", - user_info->domain_name, user_info->account_name, user_info->workstation_name)); + user_info->mapped.domain_name, user_info->mapped.account_name, user_info->workstation_name)); nt_status = auth_get_challenge(auth_ctx, &challenge); @@ -160,15 +168,7 @@ NTSTATUS auth_check_password(struct auth_context *auth_ctx, DEBUG(10, ("challenge is: \n")); dump_data(5, auth_ctx->challenge.data.data, auth_ctx->challenge.data.length); -#ifdef DEBUG_PASSWORD - DEBUG(100, ("user_info has passwords of length %d and %d\n", - user_info->lm_resp.length, user_info->nt_resp.length)); - DEBUG(100, ("lm:\n")); - dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length); - DEBUG(100, ("nt:\n")); - dump_data(100, user_info->nt_resp.data, user_info->nt_resp.length); -#endif - + nt_status = NT_STATUS_NO_SUCH_USER; /* If all the modules say 'not for me', then this is reasonable */ for (method = auth_ctx->methods; method; method = method->next) { NTSTATUS result; @@ -186,7 +186,7 @@ NTSTATUS auth_check_password(struct auth_context *auth_ctx, if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(2,("auth_check_password: %s authentication for user [%s\\%s] FAILED with error %s\n", - method_name, user_info->domain_name, user_info->account_name, + method_name, user_info->mapped.domain_name, user_info->mapped.account_name, nt_errstr(nt_status))); return nt_status; } |