diff options
Diffstat (limited to 'source3/auth/auth.c')
| -rw-r--r-- | source3/auth/auth.c | 82 |
1 files changed, 40 insertions, 42 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 4f7a5c24a0..c7b9fcc1d8 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -20,12 +20,9 @@ #include "includes.h" -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_AUTH +/** List of various built-in authenticaion modules */ -/** List of various built-in authentication modules */ - -const struct auth_init_function_entry builtin_auth_init_functions[] = { +const struct auth_init_function builtin_auth_init_functions[] = { { "guest", auth_init_guest }, { "rhosts", auth_init_rhosts }, { "hostsequiv", auth_init_hostsequiv }, @@ -38,14 +35,12 @@ const struct auth_init_function_entry builtin_auth_init_functions[] = { { "winbind", auth_init_winbind }, #ifdef DEVELOPER { "name_to_ntstatus", auth_init_name_to_ntstatus }, - { "fixed_challenge", auth_init_fixed_challenge }, #endif - { "plugin", auth_init_plugin }, { NULL, NULL} }; /**************************************************************************** - Try to get a challenge out of the various authentication modules. + Try to get a challenge out of the various authenticaion modules. Returns a const char of length 8 bytes. ****************************************************************************/ @@ -70,7 +65,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name)); if (challenge_set_by != NULL) { - DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authentication method %s has already specified a challenge. Challenge by %s ignored.\n", + DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authenticaion method %s has already specified a challenge. Challenge by %s ignored.\n", challenge_set_by, auth_method->name)); continue; } @@ -82,7 +77,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) challenge = auth_method->get_chal(auth_context, &auth_method->private_data, mem_ctx); if (!challenge.length) { - DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n", + DEBUG(3, ("auth_get_challenge: getting challenge from authenticaion method %s FAILED.\n", auth_method->name)); } else { DEBUG(5, ("auth_get_challenge: sucessfully got challenge from module %s\n", auth_method->name)); @@ -166,7 +161,7 @@ static BOOL check_domain_match(const char *user, const char *domain) * filled in, either at creation or by calling the challenge geneation * function auth_get_challenge(). * - * @param server_info If successful, contains information about the authentication, + * @param server_info If successful, contains information about the authenticaion, * including a SAM_ACCOUNT struct describing the user. * * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. @@ -259,7 +254,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, if (NT_STATUS_IS_OK(nt_status)) { DEBUG((*server_info)->guest ? 5 : 2, - ("check_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n", + ("check_password: %sauthenticaion for user [%s] -> [%s] -> [%s] suceeded\n", (*server_info)->guest ? "guest " : "", user_info->smb_name.str, user_info->internal_username.str, @@ -268,7 +263,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(2, ("check_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", + DEBUG(2, ("check_password: Authenticaion for user [%s] -> [%s] FAILED with error %s\n", user_info->smb_name.str, user_info->internal_username.str, nt_errstr(nt_status))); ZERO_STRUCTP(server_info); @@ -342,31 +337,14 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, { if (strequal(builtin_auth_init_functions[i].name, *text_list)) { - - char *module_name = smb_xstrdup(*text_list); - char *module_params = NULL; - char *p; - - p = strchr(module_name, ':'); - - if (p) { - *p = 0; - - module_params = p+1; - - trim_string(module_params, " ", " "); - } - - trim_string(module_name, " ", " "); - DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i)); - if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) { + if (builtin_auth_init_functions[i].init(*auth_context, &t)) { DEBUG(5,("auth method %s has a valid init\n", *text_list)); + t->name = builtin_auth_init_functions[i].name; DLIST_ADD_END(list, t, tmp); } else { DEBUG(0,("auth method %s did not correctly init\n", *text_list)); } - SAFE_FREE(module_name); break; } } @@ -386,7 +364,7 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) char **auth_method_list = NULL; NTSTATUS nt_status; - if (lp_auth_methods() && !str_list_copy(&auth_method_list, lp_auth_methods())) { + if (lp_auth_methods() && !lp_list_copy(&auth_method_list, lp_auth_methods())) { return NT_STATUS_NO_MEMORY; } @@ -395,33 +373,33 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = str_list_make("guest sam ntdomain"); + auth_method_list = lp_list_make("guest samstrict ntdomain"); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = str_list_make("guest sam smbserver"); + auth_method_list = lp_list_make("guest samstrict smbserver"); break; case SEC_USER: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make("guest sam"); + auth_method_list = lp_list_make("guest sam"); } else { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); - auth_method_list = str_list_make("guest unix"); + auth_method_list = lp_list_make("guest unix"); } break; case SEC_SHARE: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = str_list_make("guest sam"); + auth_method_list = lp_list_make("guest sam"); } else { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = str_list_make("guest unix"); + auth_method_list = lp_list_make("guest unix"); } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = str_list_make("guest sam ads ntdomain"); + auth_method_list = lp_list_make("guest samstrict ads ntdomain"); break; default: DEBUG(5,("Unknown auth method!\n")); @@ -432,11 +410,31 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) } if (!NT_STATUS_IS_OK(nt_status = make_auth_context_text_list(auth_context, auth_method_list))) { - str_list_free(&auth_method_list); + lp_list_free(&auth_method_list); return nt_status; } - str_list_free(&auth_method_list); + lp_list_free(&auth_method_list); + return nt_status; +} + +/*************************************************************************** + Make a auth_info struct with a random challenge +***************************************************************************/ + +NTSTATUS make_auth_context_random(struct auth_context **auth_context) +{ + uchar chal[8]; + NTSTATUS nt_status; + if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) { + return nt_status; + } + + generate_random_buffer(chal, sizeof(chal), False); + (*auth_context)->challenge = data_blob(chal, sizeof(chal)); + + (*auth_context)->challenge_set_by = "random"; + return nt_status; } |