From 7dd847ba9c10be196b5d02f9593c642666855470 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 11 Dec 2002 23:54:46 +0000 Subject: Fixed auth module code. Added VALGRIND defines to reduce spurious warnings. Jeremy. (This used to be commit ff3a8d37289216a2cb808406044a7abef1e564d0) --- source3/auth/auth.c | 99 ++++++++++++++++++++------------------------- source3/auth/auth_builtin.c | 27 +++++++------ 2 files changed, 58 insertions(+), 68 deletions(-) (limited to 'source3/auth') diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 232d401a24..d730e39f44 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -61,8 +61,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) return auth_context->challenge.data; } - for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) - { + for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) { if (auth_method->get_chal == NULL) { DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name)); continue; @@ -183,18 +182,18 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, auth_methods *auth_method; TALLOC_CTX *mem_ctx; - if (!user_info || !auth_context || !server_info) { + if (!user_info || !auth_context || !server_info) return NT_STATUS_LOGON_FAILURE; - } - DEBUG(3, ("check_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", + DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str)); - DEBUG(3, ("check_password: mapped user is: [%s]\\[%s]@[%s]\n", + DEBUG(3, ("check_ntlm_password: mapped user is: [%s]\\[%s]@[%s]\n", user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str)); - if (auth_context->challenge_set_by) { - DEBUG(10, ("auth_context challenge created by %s\n", auth_context->challenge_set_by)); - } + if (auth_context->challenge_set_by) + DEBUG(10, ("check_ntlm_password: auth_context challenge created by %s\n", + auth_context->challenge_set_by)); + DEBUG(10, ("challenge is: \n")); dump_data(5, auth_context->challenge.data, auth_context->challenge.length); @@ -208,37 +207,33 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, #endif /* This needs to be sorted: If it doesn't match, what should we do? */ - if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) { + if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) return NT_STATUS_LOGON_FAILURE; - } - for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) - { + for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) { mem_ctx = talloc_init_named("%s authentication for user %s\\%s", auth_method->name, user_info->domain.str, user_info->smb_name.str); nt_status = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(3, ("check_password: %s authentication for user [%s] suceeded\n", + DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] suceeded\n", auth_method->name, user_info->smb_name.str)); } else { - DEBUG(5, ("check_password: %s authentication for user [%s] FAILED with error %s\n", + DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n", auth_method->name, user_info->smb_name.str, nt_errstr(nt_status))); } talloc_destroy(mem_ctx); - if (NT_STATUS_IS_OK(nt_status)) { + if (NT_STATUS_IS_OK(nt_status)) break; - } } /* This is one of the few places the *relies* (rather than just sets defaults on the value of lp_security(). This needs to change. A new paramater perhaps? */ - if (lp_security() >= SEC_SERVER) { + if (lp_security() >= SEC_SERVER) smb_user_control(user_info, *server_info, nt_status); - } if (NT_STATUS_IS_OK(nt_status)) { pdb_username = pdb_get_username((*server_info)->sam_account); @@ -249,17 +244,17 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, unbecome_root(); if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5, ("check_password: PAM Account for user [%s] suceeded\n", + DEBUG(5, ("check_ntlm_password: PAM Account for user [%s] suceeded\n", pdb_username)); } else { - DEBUG(3, ("check_password: PAM Account for user [%s] FAILED with error %s\n", + DEBUG(3, ("check_ntlm_password: PAM Account for user [%s] FAILED with error %s\n", pdb_username, nt_errstr(nt_status))); } } if (NT_STATUS_IS_OK(nt_status)) { DEBUG((*server_info)->guest ? 5 : 2, - ("check_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n", + ("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n", (*server_info)->guest ? "guest " : "", user_info->smb_name.str, user_info->internal_username.str, @@ -268,7 +263,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, } if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(2, ("check_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", + DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n", user_info->smb_name.str, user_info->internal_username.str, nt_errstr(nt_status))); ZERO_STRUCTP(server_info); @@ -282,9 +277,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, static void free_auth_context(struct auth_context **auth_context) { - if (*auth_context != NULL) { + if (*auth_context != NULL) talloc_destroy((*auth_context)->mem_ctx); - } *auth_context = NULL; } @@ -327,48 +321,43 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, NTSTATUS nt_status; if (!text_list) { - DEBUG(2,("No auth method list!?\n")); + DEBUG(2,("make_auth_context_text_list: No auth method list!?\n")); return NT_STATUS_UNSUCCESSFUL; } - if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) { + if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) return nt_status; - } - for (;*text_list; text_list++) - { - DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list)); - for (i = 0; builtin_auth_init_functions[i].name; i++) - { - if (strequal(builtin_auth_init_functions[i].name, *text_list)) - { - - char *module_name = smb_xstrdup(*text_list); - char *module_params = NULL; - char *p; - - p = strchr(module_name, ':'); - - if (p) { - *p = 0; - - module_params = p+1; - - trim_string(module_params, " ", " "); - } - - trim_string(module_name, " ", " "); + for (;*text_list; text_list++) { + DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n", + *text_list)); + for (i = 0; builtin_auth_init_functions[i].name; i++) { + char *module_name = smb_xstrdup(*text_list); + char *module_params = NULL; + char *p; + + p = strchr(module_name, ':'); + if (p) { + *p = 0; + module_params = p+1; + trim_string(module_params, " ", " "); + } + + trim_string(module_name, " ", " "); - DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i)); + if (strequal(builtin_auth_init_functions[i].name, module_name)) { + DEBUG(5,("make_auth_context_text_list: Found auth method %s (at pos %d)\n", *text_list, i)); if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) { - DEBUG(5,("auth method %s has a valid init\n", *text_list)); + DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n", + *text_list)); DLIST_ADD_END(list, t, tmp); } else { - DEBUG(0,("auth method %s did not correctly init\n", *text_list)); + DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n", + *text_list)); } - SAFE_FREE(module_name); break; } + SAFE_FREE(module_name); } } diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index f55f662a40..32f39311dc 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -49,11 +49,11 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, } /* Guest modules initialisation */ + NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) return NT_STATUS_NO_MEMORY; - } (*auth_method)->auth = check_guest_security; (*auth_method)->name = "guest"; @@ -92,7 +92,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ strlower(user); error_num = strtoul(user, NULL, 16); - DEBUG(5,("Error for user %s was %lx\n", user, error_num)); + DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num)); nt_status = NT_STATUS(error_num); @@ -100,11 +100,11 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ } /** Module initailisation function */ + NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) return NT_STATUS_NO_MEMORY; - } (*auth_method)->auth = check_name_to_ntstatus_security; (*auth_method)->name = "name_to_ntstatus"; @@ -149,11 +149,11 @@ static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_contex /** Module initailisation function */ + NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + if (!make_auth_methods(auth_context, auth_method)) return NT_STATUS_NO_MEMORY; - } (*auth_method)->auth = check_fixed_challenge_security; (*auth_method)->get_chal = auth_get_fixed_challenge; @@ -168,6 +168,7 @@ NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char **/ /* Plugin modules initialisation */ + NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { void * dl_handle; @@ -175,7 +176,7 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_init_function plugin_init; if (param == NULL) { - DEBUG(0, ("The plugin module needs an argument!\n")); + DEBUG(0, ("auth_init_plugin: The plugin module needs an argument!\n")); return NT_STATUS_UNSUCCESSFUL; } @@ -189,21 +190,21 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, trim_string(plugin_name, " ", " "); - DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name)); + DEBUG(5, ("auth_init_plugin: Trying to load auth plugin %s\n", plugin_name)); dl_handle = sys_dlopen(plugin_name, RTLD_NOW ); if (!dl_handle) { - DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror())); + DEBUG(0, ("auth_init_plugin: Failed to load auth plugin %s using sys_dlopen (%s)\n", + plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } plugin_init = sys_dlsym(dl_handle, "auth_init"); if (!plugin_init){ - DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror())); + DEBUG(0, ("Failed to find function 'auth_init' using sys_dlsym in sam plugin %s (%s)\n", + plugin_name, sys_dlerror())); return NT_STATUS_UNSUCCESSFUL; } DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)")); return plugin_init(auth_context, plugin_param, auth_method); } - - -- cgit