auth: Remove .get_challenge (only used for security=server)

With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett

7 files changed, 0 insertions, 97 deletions

diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 1b22701499..503bae9d4a 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -55,13 +55,6 @@ struct smb_krb5_context;
 struct auth_operations {
 	const char *name;
 
-	/* If you are using this interface, then you are probably
-	 * getting something wrong.  This interface is only for
-	 * security=server, and makes a number of compromises to allow
-	 * that.  It is not compatible with being a PDC.  */
-
-	NTSTATUS (*get_challenge)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8]);
-
 	/* Given the user supplied info, check if this backend want to handle the password checking */
 
 	NTSTATUS (*want_check)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index d0ff50afc6..263dc8031d 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -54,22 +54,12 @@ _PUBLIC_ NTSTATUS auth_context_set_challenge(struct auth4_context *auth_ctx, con
 	return NT_STATUS_OK;
 }
 
-/***************************************************************************
- Set a fixed challenge
-***************************************************************************/
-_PUBLIC_ bool auth_challenge_may_be_modified(struct auth4_context *auth_ctx)
-{
-	return auth_ctx->challenge.may_be_modified;
-}
-
 /****************************************************************************
  Try to get a challenge out of the various authentication modules.
  Returns a const char of length 8 bytes.
 ****************************************************************************/
 _PUBLIC_ NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t chal[8])
 {
-	NTSTATUS nt_status;
-	struct auth_method_context *method;
 
 	if (auth_ctx->challenge.data.length == 8) {
 		DEBUG(5, ("auth_get_challenge: returning previous challenge by module %s (normal)\n", 
@@ -78,29 +68,12 @@ _PUBLIC_ NTSTATUS auth_get_challenge(struct auth4_context *auth_ctx, uint8_t cha
 		return NT_STATUS_OK;
 	}
 
-	for (method = auth_ctx->methods; method; method = method->next) {
-		nt_status = method->ops->get_challenge(method, auth_ctx, chal);
-		if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
-			continue;
-		}
-
-		NT_STATUS_NOT_OK_RETURN(nt_status);
-
-		auth_ctx->challenge.data	= data_blob_talloc(auth_ctx, chal, 8);
-		NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data);
-		auth_ctx->challenge.set_by	= method->ops->name;
-
-		break;
-	}
-
 	if (!auth_ctx->challenge.set_by) {
 		generate_random_buffer(chal, 8);
 
 		auth_ctx->challenge.data		= data_blob_talloc(auth_ctx, chal, 8);
 		NT_STATUS_HAVE_NO_MEMORY(auth_ctx->challenge.data.data);
 		auth_ctx->challenge.set_by		= "random";
-
-		auth_ctx->challenge.may_be_modified	= true;
 	}
 
 	DEBUG(10,("auth_get_challenge: challenge set by %s\n",
@@ -574,8 +547,6 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
 
 	ctx = talloc_zero(mem_ctx, struct auth4_context);
 	NT_STATUS_HAVE_NO_MEMORY(ctx);
-	ctx->challenge.set_by		= NULL;
-	ctx->challenge.may_be_modified	= false;
 	ctx->challenge.data		= data_blob(NULL, 0);
 	ctx->methods			= NULL;
 	ctx->event_ctx			= ev;
@@ -608,7 +579,6 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **
 	ctx->check_ntlm_password = auth_check_password_wrapper;
 	ctx->get_ntlm_challenge = auth_get_challenge;
 	ctx->set_ntlm_challenge = auth_context_set_challenge;
-	ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
 	ctx->generate_session_info = auth_generate_session_info_wrapper;
 	ctx->generate_session_info_pac = auth_generate_session_info_pac;
 
diff --git a/source4/auth/ntlm/auth_anonymous.c b/source4/auth/ntlm/auth_anonymous.c
index 4b0fff03cc..28cbfe831e 100644
--- a/source4/auth/ntlm/auth_anonymous.c
+++ b/source4/auth/ntlm/auth_anonymous.c
@@ -61,7 +61,6 @@ static NTSTATUS anonymous_check_password(struct auth_method_context *ctx,
 
 static const struct auth_operations anonymous_auth_ops = {
 	.name		= "anonymous",
-	.get_challenge	= auth_get_challenge_not_implemented,
 	.want_check	= anonymous_want_check,
 	.check_password	= anonymous_check_password
 };
diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index bc27f27fa2..58ccc2db28 100644
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -133,58 +133,10 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
 
 static const struct auth_operations name_to_ntstatus_auth_ops = {
 	.name		= "name_to_ntstatus",
-	.get_challenge	= auth_get_challenge_not_implemented,
 	.want_check	= name_to_ntstatus_want_check,
 	.check_password	= name_to_ntstatus_check_password
 };
 
-/** 
- * Return a 'fixed' challenge instead of a variable one.
- *
- * The idea of this function is to make packet snifs consistant
- * with a fixed challenge, so as to aid debugging.
- *
- * This module is of no value to end-users.
- *
- * This module does not actually authenticate the user, but
- * just pretenteds to need a specified challenge.  
- * This module removes *all* security from the challenge-response system
- *
- * @return NT_STATUS_UNSUCCESSFUL
- **/
-static NTSTATUS fixed_challenge_get_challenge(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx, uint8_t chal[8])
-{
-	const char *challenge = "I am a teapot";
-
-	memcpy(chal, challenge, 8);
-
-	return NT_STATUS_OK;
-}
-
-static NTSTATUS fixed_challenge_want_check(struct auth_method_context *ctx,
-			      		   TALLOC_CTX *mem_ctx,
-					   const struct auth_usersupplied_info *user_info)
-{
-	/* don't handle any users */
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS fixed_challenge_check_password(struct auth_method_context *ctx,
-			      		       TALLOC_CTX *mem_ctx,
-					       const struct auth_usersupplied_info *user_info,
-					       struct auth_user_info_dc **_user_info_dc)
-{
-	/* don't handle any users */
-	return NT_STATUS_NO_SUCH_USER;
-}
-
-static const struct auth_operations fixed_challenge_auth_ops = {
-	.name		= "fixed_challenge",
-	.get_challenge	= fixed_challenge_get_challenge,
-	.want_check	= fixed_challenge_want_check,
-	.check_password	= fixed_challenge_check_password
-};
-
 _PUBLIC_ NTSTATUS auth4_developer_init(void)
 {
 	NTSTATUS ret;
@@ -195,11 +147,5 @@ _PUBLIC_ NTSTATUS auth4_developer_init(void)
 		return ret;
 	}
 
-	ret = auth_register(&fixed_challenge_auth_ops);
-	if (!NT_STATUS_IS_OK(ret)) {
-		DEBUG(0,("Failed to register 'fixed_challenge' auth backend!\n"));
-		return ret;
-	}
-
 	return ret;
 }
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 4a4307c895..f234f7229c 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -367,7 +367,6 @@ static NTSTATUS authsam_get_user_info_dc_principal_wrapper(TALLOC_CTX *mem_ctx,
 }
 static const struct auth_operations sam_ignoredomain_ops = {
 	.name		           = "sam_ignoredomain",
-	.get_challenge	           = auth_get_challenge_not_implemented,
 	.want_check	           = authsam_ignoredomain_want_check,
 	.check_password	           = authsam_check_password_internals,
 	.get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper
@@ -375,7 +374,6 @@ static const struct auth_operations sam_ignoredomain_ops = {
 
 static const struct auth_operations sam_ops = {
 	.name		           = "sam",
-	.get_challenge	           = auth_get_challenge_not_implemented,
 	.want_check	           = authsam_want_check,
 	.check_password	           = authsam_check_password_internals,
 	.get_user_info_dc_principal = authsam_get_user_info_dc_principal_wrapper
diff --git a/source4/auth/ntlm/auth_unix.c b/source4/auth/ntlm/auth_unix.c
index d79ebc1772..57bca6cc5b 100644
--- a/source4/auth/ntlm/auth_unix.c
+++ b/source4/auth/ntlm/auth_unix.c
@@ -797,7 +797,6 @@ static NTSTATUS authunix_check_password(struct auth_method_context *ctx,
 
 static const struct auth_operations unix_ops = {
 	.name		= "unix",
-	.get_challenge	= auth_get_challenge_not_implemented,
 	.want_check	= authunix_want_check,
 	.check_password	= authunix_check_password
 };
diff --git a/source4/auth/ntlm/auth_winbind.c b/source4/auth/ntlm/auth_winbind.c
index 34fe6f870c..dba90ab039 100644
--- a/source4/auth/ntlm/auth_winbind.c
+++ b/source4/auth/ntlm/auth_winbind.c
@@ -319,14 +319,12 @@ static NTSTATUS winbind_check_password_wbclient(struct auth_method_context *ctx,
 
 static const struct auth_operations winbind_ops = {
 	.name		= "winbind",
-	.get_challenge	= auth_get_challenge_not_implemented,
 	.want_check	= winbind_want_check,
 	.check_password	= winbind_check_password
 };
 
 static const struct auth_operations winbind_wbclient_ops = {
 	.name		= "winbind_wbclient",
-	.get_challenge	= auth_get_challenge_not_implemented,
 	.want_check	= winbind_want_check,
 	.check_password	= winbind_check_password_wbclient
 };