From eba87995145b0e14672c1f6993f7aa3422d62541 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Sat, 30 Jun 2012 18:30:57 +1000
Subject: auth: Remove .get_challenge (only used for security=server)

With NTLMSSP, for NTLM2 we need to be able to set the effective challenge,
so if we ever did use a module that needed this functionlity, we would
downgrade to just NTLM.

Now that security=server has been removed, we have no such module.

This will make it easier to make the auth subsystem async, as we will
not need to consider making .get_challenge async.

Andrew Bartlett
---
 source3/auth/auth.c         | 54 +++++---------------------------------------
 source3/auth/auth_builtin.c | 55 ---------------------------------------------
 source3/auth/auth_generic.c |  1 -
 source3/auth/auth_ntlmssp.c | 12 ----------
 4 files changed, 6 insertions(+), 116 deletions(-)

(limited to 'source3/auth')

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 671319347f..c3797cf604 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -81,9 +81,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
 NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
 				 uint8_t chal[8])
 {
-	DATA_BLOB challenge = data_blob_null;
-	const char *challenge_set_by = NULL;
-	auth_methods *auth_method;
+	uchar tmp[8];
+
 
 	if (auth_context->challenge.length) {
 		DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge by module %s (normal)\n", 
@@ -92,52 +91,11 @@ NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
 		return NT_STATUS_OK;
 	}
 
-	auth_context->challenge_may_be_modified = False;
-
-	for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) {
-		if (auth_method->get_chal == NULL) {
-			DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
-			continue;
-		}
-
-		DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name));
-		if (challenge_set_by != NULL) {
-			DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authentication method %s has already specified a challenge.  Challenge by %s ignored.\n", 
-				  challenge_set_by, auth_method->name));
-			continue;
-		}
-
-		challenge = auth_method->get_chal(auth_context, &auth_method->private_data,
-						  auth_context);
-		if (!challenge.length) {
-			DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n", 
-				  auth_method->name));
-		} else {
-			DEBUG(5, ("auth_get_challenge: successfully got challenge from module %s\n", auth_method->name));
-			auth_context->challenge = challenge;
-			challenge_set_by = auth_method->name;
-			auth_context->challenge_set_method = auth_method;
-		}
-	}
-
-	if (!challenge_set_by) {
-		uchar tmp[8];
-
-		generate_random_buffer(tmp, sizeof(tmp));
-		auth_context->challenge = data_blob_talloc(auth_context,
-							   tmp, sizeof(tmp));
-
-		challenge_set_by = "random";
-		auth_context->challenge_may_be_modified = True;
-	} 
-
-	DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
-	DEBUG(5, ("challenge is: \n"));
-	dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
-
-	SMB_ASSERT(auth_context->challenge.length == 8);
+	generate_random_buffer(tmp, sizeof(tmp));
+	auth_context->challenge = data_blob_talloc(auth_context,
+						   tmp, sizeof(tmp));
 
-	auth_context->challenge_set_by=challenge_set_by;
+	auth_context->challenge_set_by = "random";
 
 	memcpy(chal, auth_context->challenge.data, 8);
 	return NT_STATUS_OK;
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index cfe89495a0..b757894a7c 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -128,67 +128,12 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co
 	return NT_STATUS_OK;
 }
 
-/** 
- * Return a 'fixed' challenge instead of a variable one.
- *
- * The idea of this function is to make packet snifs consistant
- * with a fixed challenge, so as to aid debugging.
- *
- * This module is of no value to end-users.
- *
- * This module does not actually authenticate the user, but
- * just pretenteds to need a specified challenge.  
- * This module removes *all* security from the challenge-response system
- *
- * @return NT_STATUS_UNSUCCESSFUL
- **/
-
-static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
-					       void *my_private_data, 
-					       TALLOC_CTX *mem_ctx,
-					       const struct auth_usersupplied_info *user_info,
-					       struct auth_serversupplied_info **server_info)
-{
-	return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-/****************************************************************************
- Get the challenge out of a password server.
-****************************************************************************/
-
-static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_context,
-					  void **my_private_data, 
-					  TALLOC_CTX *mem_ctx)
-{
-	const char *challenge = "I am a teapot";   
-	return data_blob(challenge, 8);
-}
-
-
-/** Module initialisation function */
-
-static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) 
-{
-	struct auth_methods *result;
-
-	result = talloc_zero(auth_context, struct auth_methods);
-	if (result == NULL) {
-		return NT_STATUS_NO_MEMORY;
-	}
-	result->auth = check_fixed_challenge_security;
-	result->get_chal = auth_get_fixed_challenge;
-	result->name = "fixed_challenge";
-
-	*auth_method = result;
-	return NT_STATUS_OK;
-}
 #endif /* DEVELOPER */
 
 NTSTATUS auth_builtin_init(void)
 {
 	smb_register_auth(AUTH_INTERFACE_VERSION, "guest", auth_init_guest);
 #ifdef DEVELOPER
-	smb_register_auth(AUTH_INTERFACE_VERSION, "fixed_challenge", auth_init_fixed_challenge);
 	smb_register_auth(AUTH_INTERFACE_VERSION, "name_to_ntstatus", auth_init_name_to_ntstatus);
 #endif
 	return NT_STATUS_OK;
diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index e941ab9a0e..82b376feb6 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -165,7 +165,6 @@ static struct auth4_context *make_auth4_context_s3(TALLOC_CTX *mem_ctx, struct a
 	auth4_context->generate_session_info = auth3_generate_session_info;
 	auth4_context->get_ntlm_challenge = auth3_get_challenge;
 	auth4_context->set_ntlm_challenge = auth3_set_challenge;
-	auth4_context->challenge_may_be_modified = auth3_may_set_challenge;
 	auth4_context->check_ntlm_password = auth3_check_password;
 	auth4_context->private_data = talloc_steal(auth4_context, auth_context);
 	return auth4_context;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 3437dbfb83..f99bd44d7e 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -63,18 +63,6 @@ NTSTATUS auth3_get_challenge(struct auth4_context *auth4_context,
 	return NT_STATUS_OK;
 }
 
-/**
- * Some authentication methods 'fix' the challenge, so we may not be able to set it
- *
- * @return If the effective challenge used by the auth subsystem may be modified
- */
-bool auth3_may_set_challenge(struct auth4_context *auth4_context)
-{
-	struct auth_context *auth_context = talloc_get_type_abort(auth4_context->private_data,
-								  struct auth_context);
-	return auth_context->challenge_may_be_modified;
-}
-
 /**
  * NTLM2 authentication modifies the effective challenge, 
  * @param challenge The new challenge value
-- 
cgit