From 40669777a5f74617fdd80dea3ff5a45a9e9a1aa4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 May 2002 03:43:52 +0000 Subject: Move the authenticaion subsystem over to the same 'module:options' syntax that the passdb code now uses. Similarly, move the 'pluggable' stuff over from passdb as well, allowing runtime loading of new authenticaion modules. (NOTE: The interfaces here can *and do* change - module writers are not assured source-level compatibilty, and certainly not binary compatibility). (This used to be commit 3897cf5e048f50be91ae434f636affc6d539d0d1) --- source3/auth/auth.c | 23 ++++++++++++++--- source3/auth/auth_builtin.c | 63 ++++++++++++++++++++++++++++++++++++++++----- source3/auth/auth_domain.c | 12 ++++----- source3/auth/auth_rhosts.c | 12 ++++----- source3/auth/auth_sam.c | 16 +++++++----- source3/auth/auth_server.c | 6 ++--- source3/auth/auth_unix.c | 6 ++--- source3/auth/auth_winbind.c | 6 ++--- 8 files changed, 106 insertions(+), 38 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth.c b/source3/auth/auth.c index c40cef5519..55695fa9c2 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -25,7 +25,7 @@ /** List of various built-in authenticaion modules */ -const struct auth_init_function builtin_auth_init_functions[] = { +const struct auth_init_function_entry builtin_auth_init_functions[] = { { "guest", auth_init_guest }, { "rhosts", auth_init_rhosts }, { "hostsequiv", auth_init_hostsequiv }, @@ -340,14 +340,31 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, { if (strequal(builtin_auth_init_functions[i].name, *text_list)) { + + char *module_name = smb_xstrdup(*text_list); + char *module_params = NULL; + char *p; + + p = strchr(module_name, ':'); + + if (p) { + *p = 0; + + module_params = p+1; + + trim_string(module_params, " ", " "); + } + + trim_string(module_name, " ", " "); + DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i)); - if (builtin_auth_init_functions[i].init(*auth_context, &t)) { + if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) { DEBUG(5,("auth method %s has a valid init\n", *text_list)); - t->name = builtin_auth_init_functions[i].name; DLIST_ADD_END(list, t, tmp); } else { DEBUG(0,("auth method %s did not correctly init\n", *text_list)); } + SAFE_FREE(module_name); break; } } diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index 0cca6b8e15..d2c60ae64f 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -1,7 +1,8 @@ /* Unix SMB/CIFS implementation. Generic authenticaion types - Copyright (C) Andrew Bartlett 2001 + Copyright (C) Andrew Bartlett 2001-2002 + Copyright (C) Jelmer Vernooij 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -52,14 +53,15 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, } /* Guest modules initialisation */ -BOOL auth_init_guest(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_guest_security; - return True; + (*auth_method)->name = "guest"; + return NT_STATUS_OK; } /** @@ -102,13 +104,60 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ } /** Module initailisation function */ -BOOL auth_init_name_to_ntstatus(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_name_to_ntstatus_security; - return True; + (*auth_method)->name = "name_to_ntstatus"; + return NT_STATUS_OK; } +/** + * Outsorce an auth module to an external loadable .so + * + * Only works on systems with dlopen() etc. + **/ + +/* Plugin modules initialisation */ +NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method) +{ + void * dl_handle; + char *plugin_param, *plugin_name, *p; + auth_init_function plugin_init; + + if (param == NULL) { + DEBUG(0, ("The plugin module needs an argument!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_name = smb_xstrdup(param); + p = strchr(plugin_name, ':'); + if (p) { + *p = 0; + plugin_param = p+1; + trim_string(plugin_param, " ", " "); + } else plugin_param = NULL; + + trim_string(plugin_name, " ", " "); + + DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name)); + dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL ); + if (!dl_handle) { + DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + plugin_init = sys_dlsym(dl_handle, "auth_init"); + if (!plugin_init){ + DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)")); + return plugin_init(auth_context, plugin_param, auth_method); +} + + diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index d520dabbb2..91c111b557 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -511,14 +511,14 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_ntdomain_security; - return True; + return NT_STATUS_OK; } @@ -598,12 +598,12 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte } /* module initialisation */ -BOOL auth_init_trustdomain(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_trustdomain_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c index 7730f50a3c..4ed0e6bbc4 100644 --- a/source3/auth/auth_rhosts.c +++ b/source3/auth/auth_rhosts.c @@ -179,14 +179,14 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex } /* module initialisation */ -BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_hostsequiv_security; - return True; + return NT_STATUS_OK; } @@ -223,12 +223,12 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_rhosts_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 7e0cd513da..76579150ce 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -404,14 +404,15 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } - (*auth_method)->auth = check_sam_security; - return True; + (*auth_method)->auth = check_sam_security; + (*auth_method)->name = "sam"; + return NT_STATUS_OK; } @@ -442,14 +443,15 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context } /* module initialisation */ -BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_samstrict(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_samstrict_security; - return True; + (*auth_method)->name = "samstrict"; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index bcb7d5059b..0d366a4c0d 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -357,14 +357,14 @@ use this machine as the password server.\n")); return(nt_status); } -BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_smbserver_security; (*auth_method)->get_chal = auth_get_challenge_server; (*auth_method)->send_keepalive = send_server_keepalive; (*auth_method)->free_private_data = free_server_private_data; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index d624cb1261..9f85bf11fe 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -119,12 +119,12 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_unix(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_unix_security; - return True; + return NT_STATUS_OK; } diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index 1a72c2df0f..2d214c7aca 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -103,12 +103,12 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, } /* module initialisation */ -BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method) +NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { if (!make_auth_methods(auth_context, auth_method)) { - return False; + return NT_STATUS_NO_MEMORY; } (*auth_method)->auth = check_winbind_security; - return True; + return NT_STATUS_OK; } -- cgit