From 2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jan 2002 04:55:41 +0000 Subject: I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) --- source3/auth/auth_server.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source3/auth/auth_server.c') diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index 7178e3147c..c83230b716 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -134,9 +134,9 @@ static void send_server_keepalive(void **private_data_pointer) Get the challenge out of a password server. ****************************************************************************/ -static DATA_BLOB auth_get_challenge_server(void **my_private_data, - TALLOC_CTX *mem_ctx, - const struct authsupplied_info *auth_info) +static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx) { struct cli_state *cli = server_cryptkey(mem_ctx); @@ -161,8 +161,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, } *my_private_data = (void *)cli; - - return data_blob(cli->secblob.data,8); + + /* The return must be allocated on the caller's mem_ctx, as our own will be + destoyed just after the call. */ + return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); } else { return data_blob(NULL, 0); } @@ -174,10 +176,10 @@ static DATA_BLOB auth_get_challenge_server(void **my_private_data, - Validate a password with the password server. ****************************************************************************/ -static NTSTATUS check_smbserver_security(void *my_private_data, +static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, + void *my_private_data, TALLOC_CTX *mem_ctx, const auth_usersupplied_info *user_info, - const auth_authsupplied_info *auth_info, auth_serversupplied_info **server_info) { struct cli_state *cli; @@ -218,7 +220,7 @@ static NTSTATUS check_smbserver_security(void *my_private_data, return NT_STATUS_LOGON_FAILURE; } } else { - if (memcmp(cli->secblob.data, auth_info->challenge.data, 8) != 0) { + if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) { DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); return NT_STATUS_LOGON_FAILURE; } @@ -353,9 +355,9 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(auth_methods **auth_method) +BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) { - if (!make_auth_methods(auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) { return False; } (*auth_method)->auth = check_smbserver_security; -- cgit