From 2e28f8ff0e3bb50ac5b2742c7678c39cb65bcd95 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jan 2002 04:55:41 +0000 Subject: I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) --- source3/rpc_server/srv_netlog_nt.c | 62 +++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 27 deletions(-) (limited to 'source3/rpc_server/srv_netlog_nt.c') diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 634e2540fa..fbab46022c 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -568,19 +568,24 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * switch (ctr->switch_value) { case NET_LOGON_TYPE: { - auth_authsupplied_info *auth_info = NULL; - make_auth_info_fixed(&auth_info, ctr->auth.id2.lm_chal); + struct auth_context *auth_context = NULL; + if (!NT_STATUS_IS_OK(status = make_auth_context_fixed(&auth_context, ctr->auth.id2.lm_chal))) { + return status; + } + /* Standard challenge/response authenticaion */ - make_user_info_netlogon_network(&user_info, - nt_username, nt_domain, - nt_workstation, - ctr->auth.id2.lm_chal_resp.buffer, - ctr->auth.id2.lm_chal_resp.str_str_len, - ctr->auth.id2.nt_chal_resp.buffer, - ctr->auth.id2.nt_chal_resp.str_str_len); - - status = check_password(user_info, auth_info, &server_info); - free_auth_info(&auth_info); + if (!make_user_info_netlogon_network(&user_info, + nt_username, nt_domain, + nt_workstation, + ctr->auth.id2.lm_chal_resp.buffer, + ctr->auth.id2.lm_chal_resp.str_str_len, + ctr->auth.id2.nt_chal_resp.buffer, + ctr->auth.id2.nt_chal_resp.str_str_len)) { + status = NT_STATUS_NO_MEMORY; + } else { + status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); + } + auth_context->free(&auth_context); break; } @@ -590,23 +595,26 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * convert this to chellange/responce for the auth subsystem to chew on */ { - auth_authsupplied_info *auth_info = NULL; - DATA_BLOB chal; - if (!make_auth_info_subsystem(&auth_info)) { - return NT_STATUS_NO_MEMORY; + struct auth_context *auth_context = NULL; + const uint8 *chal; + if (!NT_STATUS_IS_OK(status = make_auth_context_subsystem(&auth_context))) { + return status; } - chal = auth_get_challenge(auth_info); - - make_user_info_netlogon_interactive(&user_info, - nt_username, nt_domain, - nt_workstation, chal.data, - ctr->auth.id1.lm_owf.data, - ctr->auth.id1.nt_owf.data, - p->dc.sess_key); - status = check_password(user_info, auth_info, &server_info); - data_blob_free(&chal); - free_auth_info(&auth_info); + chal = auth_context->get_ntlm_challenge(auth_context); + + if (!make_user_info_netlogon_interactive(&user_info, + nt_username, nt_domain, + nt_workstation, chal, + ctr->auth.id1.lm_owf.data, + ctr->auth.id1.nt_owf.data, + p->dc.sess_key)) { + status = NT_STATUS_NO_MEMORY; + } else { + status = auth_context->check_ntlm_password(auth_context, user_info, &server_info); + } + + auth_context->free(&auth_context); break; } -- cgit