From 272e49e85c47d88ef0a84bce88e6f8d984f2eae4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 4 May 2010 16:44:08 +1000 Subject: s4:auth Move struct auth_usersupplied_info to a common location This also changes the calling convention slightly - we should always allocate this with talloc_zero() to allow some elements to be optional. Some elements may only make sense in Samba3, which I hope will use this common structure. Andrew Bartlett --- auth/common_auth.h | 63 +++++++++++++++++++++++++++ source4/auth/auth.h | 43 +----------------- source4/auth/ntlm/auth_simple.c | 2 +- source4/auth/ntlm/auth_util.c | 6 +-- source4/auth/ntlmssp/ntlmssp_server.c | 2 +- source4/rpc_server/netlogon/dcerpc_netlogon.c | 6 +-- source4/smb_server/smb/sesssetup.c | 4 +- 7 files changed, 72 insertions(+), 54 deletions(-) create mode 100644 auth/common_auth.h diff --git a/auth/common_auth.h b/auth/common_auth.h new file mode 100644 index 0000000000..5bade6915f --- /dev/null +++ b/auth/common_auth.h @@ -0,0 +1,63 @@ +/* + Unix SMB/CIFS implementation. + Standardised Authentication types + Copyright (C) Andrew Bartlett 2001-2010 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "librpc/gen_ndr/krb5pac.h" + +#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ +#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ +#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */ +#define USER_INFO_INTERACTIVE_LOGON 0x08 /* don't check unix account status */ + +enum auth_password_state { + AUTH_PASSWORD_RESPONSE, + AUTH_PASSWORD_HASH, + AUTH_PASSWORD_PLAIN +}; + +struct auth_usersupplied_info +{ + const char *workstation_name; + const struct tsocket_address *remote_host; + + uint32_t logon_parameters; + + bool mapped_state; + bool was_mapped; + /* the values the client gives us */ + struct { + const char *account_name; + const char *domain_name; + } client, mapped; + + enum auth_password_state password_state; + + struct { + struct { + DATA_BLOB lanman; + DATA_BLOB nt; + } response; + struct { + struct samr_Password *lanman; + struct samr_Password *nt; + } hash; + + char *plaintext; + } password; + uint32_t flags; +}; diff --git a/source4/auth/auth.h b/source4/auth/auth.h index 9ce338c8ae..ce583c871c 100644 --- a/source4/auth/auth.h +++ b/source4/auth/auth.h @@ -22,6 +22,7 @@ #define _SAMBA_AUTH_H #include "librpc/gen_ndr/ndr_krb5pac.h" +#include "../auth/common_auth.h" extern const char *krbtgt_attrs[]; extern const char *server_attrs[]; @@ -43,52 +44,10 @@ struct loadparm_context; /* version 0 - till samba4 is stable - metze */ #define AUTH_INTERFACE_VERSION 0 -#define USER_INFO_CASE_INSENSITIVE_USERNAME 0x01 /* username may be in any case */ -#define USER_INFO_CASE_INSENSITIVE_PASSWORD 0x02 /* password may be in any case */ -#define USER_INFO_DONT_CHECK_UNIX_ACCOUNT 0x04 /* don't check unix account status */ -#define USER_INFO_INTERACTIVE_LOGON 0x08 /* don't check unix account status */ - #define AUTH_SESSION_INFO_DEFAULT_GROUPS 0x01 /* Add the user to the default world and network groups */ #define AUTH_SESSION_INFO_AUTHENTICATED 0x02 /* Add the user to the 'authenticated users' group */ #define AUTH_SESSION_INFO_ENTERPRISE_DC 0x04 /* Add the user to the 'enterprise DC' group */ -enum auth_password_state { - AUTH_PASSWORD_RESPONSE, - AUTH_PASSWORD_HASH, - AUTH_PASSWORD_PLAIN -}; - -struct auth_usersupplied_info -{ - const char *workstation_name; - const struct tsocket_address *remote_host; - - uint32_t logon_parameters; - - bool mapped_state; - /* the values the client gives us */ - struct { - const char *account_name; - const char *domain_name; - } client, mapped; - - enum auth_password_state password_state; - - union { - struct { - DATA_BLOB lanman; - DATA_BLOB nt; - } response; - struct { - struct samr_Password *lanman; - struct samr_Password *nt; - } hash; - - char *plaintext; - } password; - uint32_t flags; -}; - struct auth_serversupplied_info { struct dom_sid *account_sid; diff --git a/source4/auth/ntlm/auth_simple.c b/source4/auth/ntlm/auth_simple.c index 9c8f7f64ac..65a08cd92b 100644 --- a/source4/auth/ntlm/auth_simple.c +++ b/source4/auth/ntlm/auth_simple.c @@ -56,7 +56,7 @@ _PUBLIC_ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx, return nt_status; } - user_info = talloc(tmp_ctx, struct auth_usersupplied_info); + user_info = talloc_zero(tmp_ctx, struct auth_usersupplied_info); if (!user_info) { talloc_free(tmp_ctx); return NT_STATUS_NO_MEMORY; diff --git a/source4/auth/ntlm/auth_util.c b/source4/auth/ntlm/auth_util.c index 7da68a248b..605cd980c6 100644 --- a/source4/auth/ntlm/auth_util.c +++ b/source4/auth/ntlm/auth_util.c @@ -74,7 +74,7 @@ NTSTATUS map_user_info(TALLOC_CTX *mem_ctx, domain = default_domain; } - *user_info_mapped = talloc(mem_ctx, struct auth_usersupplied_info); + *user_info_mapped = talloc_zero(mem_ctx, struct auth_usersupplied_info); if (!*user_info_mapped) { return NT_STATUS_NO_MEMORY; } @@ -124,7 +124,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex { uint8_t chal[8]; DATA_BLOB chall_blob; - user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info); + user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info); if (!user_info_temp) { return NT_STATUS_NO_MEMORY; } @@ -190,7 +190,7 @@ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_contex struct samr_Password lanman; struct samr_Password nt; - user_info_temp = talloc(mem_ctx, struct auth_usersupplied_info); + user_info_temp = talloc_zero(mem_ctx, struct auth_usersupplied_info); if (!user_info_temp) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/auth/ntlmssp/ntlmssp_server.c b/source4/auth/ntlmssp/ntlmssp_server.c index 352f8754d6..6e3cf8a8ff 100644 --- a/source4/auth/ntlmssp/ntlmssp_server.c +++ b/source4/auth/ntlmssp/ntlmssp_server.c @@ -158,7 +158,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, NTSTATUS nt_status; struct auth_usersupplied_info *user_info; - user_info = talloc(ntlmssp_state, struct auth_usersupplied_info); + user_info = talloc_zero(ntlmssp_state, struct auth_usersupplied_info); if (!user_info) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 226a0640bb..9d8195aaad 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -491,13 +491,9 @@ static NTSTATUS dcesrv_netr_LogonSamLogon_base(struct dcesrv_call_state *dce_cal struct netr_SamInfo3 *sam3; struct netr_SamInfo6 *sam6; - user_info = talloc(mem_ctx, struct auth_usersupplied_info); + user_info = talloc_zero(mem_ctx, struct auth_usersupplied_info); NT_STATUS_HAVE_NO_MEMORY(user_info); - user_info->flags = 0; - user_info->mapped_state = false; - user_info->remote_host = NULL; - switch (r->in.logon_level) { case NetlogonInteractiveInformation: case NetlogonServiceInformation: diff --git a/source4/smb_server/smb/sesssetup.c b/source4/smb_server/smb/sesssetup.c index 7372347e9a..419a8cbf79 100644 --- a/source4/smb_server/smb/sesssetup.c +++ b/source4/smb_server/smb/sesssetup.c @@ -144,7 +144,7 @@ static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess) if (!remote_machine) goto nomem; } - user_info = talloc(req, struct auth_usersupplied_info); + user_info = talloc_zero(req, struct auth_usersupplied_info); if (!user_info) goto nomem; user_info->mapped_state = false; @@ -319,7 +319,7 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess) if (!remote_machine) goto nomem; } - user_info = talloc(req, struct auth_usersupplied_info); + user_info = talloc_zero(req, struct auth_usersupplied_info); if (!user_info) goto nomem; user_info->mapped_state = false; -- cgit