From b2f84fef133fb4c59e78fd0cf861f553efcbc1ef Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 10 Jul 2005 23:25:42 +0000 Subject: r8296: - split out the ejs auth functions into a separate file - got rid of the one line ejs_returnlist() (This used to be commit 6961fe29058cffd8e69d9ce7e7d3902f973411c0) --- source4/scripting/ejs/smbcalls_auth.c | 144 ++++++++++++++++++++++++++++++++++ 1 file changed, 144 insertions(+) create mode 100644 source4/scripting/ejs/smbcalls_auth.c (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c new file mode 100644 index 0000000000..8e72f68fc1 --- /dev/null +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -0,0 +1,144 @@ +/* + Unix SMB/CIFS implementation. + + ejs auth functions + + Copyright (C) Simo Sorce 2005 + Copyright (C) Andrew Tridgell 2005 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "lib/ejs/ejs.h" +#include "auth/auth.h" +#include "scripting/ejs/smbcalls.h" + +static int ejs_systemAuth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *remote_host) +{ + struct auth_usersupplied_info *user_info = NULL; + struct auth_serversupplied_info *server_info = NULL; + struct auth_context *auth_context; + const char *auth_unix[] = { "unix", NULL }; + NTSTATUS nt_status; + DATA_BLOB pw_blob; + + /* + darn, we need some way to get the right event_context here + */ + nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context, NULL); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "report", mprCreateStringVar("Auth System Failure", 1)); + goto done; + } + + pw_blob = data_blob(password, strlen(password)+1), + make_user_info(tmp_ctx, username, username, + domain, domain, + remote_host, remote_host, + NULL, NULL, + NULL, NULL, + &pw_blob, False, + USER_INFO_CASE_INSENSITIVE_USERNAME | + USER_INFO_DONT_CHECK_UNIX_ACCOUNT, + &user_info); + nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "report", mprCreateStringVar("Login Failed", 1)); + goto done; + } + + mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated)); + mprSetPropertyValue(auth, "username", mprCreateStringVar(server_info->account_name, 1)); + mprSetPropertyValue(auth, "domain", mprCreateStringVar(server_info->domain_name, 1)); + +done: + return 0; +} + +/* + perform user authentication, returning an array of results + + syntax: + var authinfo = new Object(); + authinfo.username = myname; + authinfo.password = mypass; + authinfo.domain = mydom; + authinfo.rhost = request['REMOTE_HOST']; + auth = userAuth(authinfo); +*/ +static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) +{ + TALLOC_CTX *tmp_ctx; + const char *username; + const char *password; + const char *domain; + const char *remote_host; + struct MprVar auth; + + if (argc != 1 || argv[0]->type != MPR_TYPE_OBJECT) { + ejsSetErrorMsg(eid, "userAuth invalid arguments, this function requires an object."); + return -1; + } + + username = mprToString(mprGetProperty(argv[0], "username", NULL)); + password = mprToString(mprGetProperty(argv[0], "password", NULL)); + domain = mprToString(mprGetProperty(argv[0], "domain", NULL)); + remote_host = mprToString(mprGetProperty(argv[0], "rhost", NULL)); + + tmp_ctx = talloc_new(mprMemCtx()); + auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE); + + if (domain && strcmp("System User", domain) == 0) { + + ejs_systemAuth(tmp_ctx, &auth, username, password, domain, remote_host); + } else { + + mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 1)); + } + + mpr_Return(eid, auth); + talloc_free(tmp_ctx); + return 0; +} + +static int ejs_domain_list(MprVarHandle eid, int argc, char **argv) +{ + struct MprVar list; + + if (argc != 0) { + ejsSetErrorMsg(eid, "domList invalid arguments"); + return -1; + } + + list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE); + mprSetVar(&list, "0", mprCreateStringVar("System User", 1)); + + mpr_Return(eid, list); + + return 0; +} + +/* + setup C functions that be called from ejs +*/ +void smb_setup_ejs_auth(void) +{ + ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE); + ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE); +} -- cgit From 887461327a93e1677de44438a5e4a1abd5b91f11 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 11 Jul 2005 10:18:26 +0000 Subject: r8320: make sure all our returned objects are full objects, which means they have the toString() and valueOf() default attributes this allows all our returned objects to be used in logical expressions (This used to be commit 570f071b1544b497d5f480b8ad50df097fe4c843) --- source4/scripting/ejs/smbcalls_auth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 8e72f68fc1..089d4b6bea 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -101,7 +101,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) remote_host = mprToString(mprGetProperty(argv[0], "rhost", NULL)); tmp_ctx = talloc_new(mprMemCtx()); - auth = mprCreateObjVar("auth", MPR_DEFAULT_HASH_SIZE); + auth = mprObject("auth"); if (domain && strcmp("System User", domain) == 0) { @@ -126,7 +126,7 @@ static int ejs_domain_list(MprVarHandle eid, int argc, char **argv) return -1; } - list = mprCreateObjVar("list", MPR_DEFAULT_HASH_SIZE); + list = mprObject("list"); mprSetVar(&list, "0", mprCreateStringVar("System User", 1)); mpr_Return(eid, list); -- cgit From 9f86e202865807ed898eff684d7cf3be7daae0fc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 12 Jul 2005 05:53:51 +0000 Subject: r8340: - added sys_gmtime() - added sys_unlink() - added sys_file_load() and sys_file_save() - use mprString() instead of mprCreateStringVar() to cope with NULL strings - removed smbcalls_irpc.c as its not needed any more - allow ldbAdd() and ldbModify() to take multiple ldif records - added a sprintf() function to ejs. Quite complex, but very useful! (This used to be commit 625628a3f6e78349d2240ebcc79081f350672070) --- source4/scripting/ejs/smbcalls_auth.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 089d4b6bea..81a7ee1bac 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -41,7 +41,7 @@ static int ejs_systemAuth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char * nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context, NULL); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); - mprSetPropertyValue(auth, "report", mprCreateStringVar("Auth System Failure", 1)); + mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); goto done; } @@ -58,13 +58,13 @@ static int ejs_systemAuth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char * nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); - mprSetPropertyValue(auth, "report", mprCreateStringVar("Login Failed", 1)); + mprSetPropertyValue(auth, "report", mprString("Login Failed")); goto done; } mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated)); - mprSetPropertyValue(auth, "username", mprCreateStringVar(server_info->account_name, 1)); - mprSetPropertyValue(auth, "domain", mprCreateStringVar(server_info->domain_name, 1)); + mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); + mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); done: return 0; @@ -109,7 +109,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) } else { mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); - mprSetPropertyValue(&auth, "report", mprCreateStringVar("Unknown Domain", 1)); + mprSetPropertyValue(&auth, "report", mprString("Unknown Domain")); } mpr_Return(eid, auth); @@ -127,7 +127,7 @@ static int ejs_domain_list(MprVarHandle eid, int argc, char **argv) } list = mprObject("list"); - mprSetVar(&list, "0", mprCreateStringVar("System User", 1)); + mprSetVar(&list, "0", mprString("System User")); mpr_Return(eid, list); -- cgit From adbb1612c12d03fa94e4ee23fbc2fa96c09d9dcd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 13 Jul 2005 00:06:38 +0000 Subject: r8399: move the ejs and esp code closer to the directory layout used by the upstream sources. This makes it much easier to keep it up to date. I will separate out the mpr code into lib/appweb/mpr next (This used to be commit 52db7a052baeb0f11361ed69b71cb790039e3cc9) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 81a7ee1bac..10c63fb4dd 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -22,7 +22,7 @@ */ #include "includes.h" -#include "lib/ejs/ejs.h" +#include "lib/appweb/ejs/ejs.h" #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" -- cgit From e9c925f8727a8fa01935129ba8209183d111bd86 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Jul 2005 04:27:09 +0000 Subject: r8629: - moved the getDomainList() call out of smbcalls_auth.c and into libjs/auth.js - tried to make the ejs_userAuth() call work for the sam, not just for unix auth. I didn't get this working. Andrew, when you get a chance can you see what I'm doing wrong? I suspect its because we aren't supplying a challenge, but a challenge doesn't really make sense in a 'is this username/password' correct call. (This used to be commit 9e07c08a71908e99c2f44efc40a3249facd6850f) --- source4/scripting/ejs/smbcalls_auth.c | 35 ++++++++--------------------------- 1 file changed, 8 insertions(+), 27 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 10c63fb4dd..4739922e38 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -26,19 +26,21 @@ #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" -static int ejs_systemAuth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *remote_host) +static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, + const char *password, const char *domain, const char *remote_host, + const char *authtype) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; struct auth_context *auth_context; - const char *auth_unix[] = { "unix", NULL }; + const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; DATA_BLOB pw_blob; /* darn, we need some way to get the right event_context here */ - nt_status = auth_context_create(tmp_ctx, auth_unix, &auth_context, NULL); + nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, NULL); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); @@ -104,12 +106,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); if (domain && strcmp("System User", domain) == 0) { - - ejs_systemAuth(tmp_ctx, &auth, username, password, domain, remote_host); - } else { - - mprSetPropertyValue(&auth, "result", mprCreateBoolVar(False)); - mprSetPropertyValue(&auth, "report", mprString("Unknown Domain")); + ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "unix"); + } else { + ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "sam"); } mpr_Return(eid, auth); @@ -117,28 +116,10 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) return 0; } -static int ejs_domain_list(MprVarHandle eid, int argc, char **argv) -{ - struct MprVar list; - - if (argc != 0) { - ejsSetErrorMsg(eid, "domList invalid arguments"); - return -1; - } - - list = mprObject("list"); - mprSetVar(&list, "0", mprString("System User")); - - mpr_Return(eid, list); - - return 0; -} - /* setup C functions that be called from ejs */ void smb_setup_ejs_auth(void) { - ejsDefineStringCFunction(-1, "getDomainList", ejs_domain_list, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE); } -- cgit From d6c20a5c8a50338535efcf41fb8cb1f8dcf87757 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 20 Jul 2005 05:41:29 +0000 Subject: r8633: check for valid input to ejs_userAuth() (This used to be commit 8e788ae3094220e5ea195cdf85abb6763a834abd) --- source4/scripting/ejs/smbcalls_auth.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 4739922e38..87d5327e04 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -102,6 +102,11 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) domain = mprToString(mprGetProperty(argv[0], "domain", NULL)); remote_host = mprToString(mprGetProperty(argv[0], "rhost", NULL)); + if (username == NULL || password == NULL || domain == NULL) { + mpr_Return(eid, mprCreateUndefinedVar()); + return 0; + } + tmp_ctx = talloc_new(mprMemCtx()); auth = mprObject("auth"); -- cgit From b16362fab65d0700bd6a8cf6569a9e21c7e6b069 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 22 Jul 2005 04:10:07 +0000 Subject: r8700: Propmted by tridge's need to do plaintext auth in ejs, rework the user_info strcture in auth/ This moves it to a pattern much like that found in ntvfs, with functions to migrate between PAIN, HASH and RESPONSE passwords. Instead of make_user_info*() functions, we simply fill in the control block in the callers, per recent dicussions on the lists. This removed a lot of data copies as well as error paths, as we can grab much of it with talloc. Andrew Bartlett (This used to be commit ecbd2235a3e2be937440fa1dc0aecc5a047eda88) --- source4/scripting/ejs/smbcalls_auth.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 87d5327e04..4b3534b4cc 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -47,16 +47,31 @@ static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *user goto done; } - pw_blob = data_blob(password, strlen(password)+1), - make_user_info(tmp_ctx, username, username, - domain, domain, - remote_host, remote_host, - NULL, NULL, - NULL, NULL, - &pw_blob, False, - USER_INFO_CASE_INSENSITIVE_USERNAME | - USER_INFO_DONT_CHECK_UNIX_ACCOUNT, - &user_info); + pw_blob = data_blob(password, strlen(password)+1); + + user_info = talloc(tmp_ctx, struct auth_usersupplied_info); + if (!user_info) { + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "report", mprString("talloc failed")); + goto done; + } + + user_info->mapped_state = True; + user_info->client.account_name = username; + user_info->mapped.account_name = username; + user_info->client.domain_name = domain; + user_info->mapped.domain_name = domain; + + user_info->workstation_name = remote_host; + + user_info->remote_host = remote_host; + + user_info->password_state = AUTH_PASSWORD_PLAIN; + user_info->password.plaintext = talloc_strdup(user_info, password); + + user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME | + USER_INFO_DONT_CHECK_UNIX_ACCOUNT; + nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); -- cgit From 55e746ad560d4406821bc2d721cbb929b79a7a0a Mon Sep 17 00:00:00 2001 From: Rafal Szczesniak Date: Mon, 22 Aug 2005 14:32:58 +0000 Subject: r9477: Convert popt options to an ejs object. Doesn't seem to break anything except of popt help (-h) option (unexpected ?). rafal (This used to be commit 1990793b23d6198a85ce1bdf6ad43e12015db203) --- source4/scripting/ejs/smbcalls_auth.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 4b3534b4cc..37ac9543cc 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -105,16 +105,19 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) const char *password; const char *domain; const char *remote_host; - struct MprVar auth; + struct MprVar auth, *creds_obj; + struct cli_credentials *creds; if (argc != 1 || argv[0]->type != MPR_TYPE_OBJECT) { ejsSetErrorMsg(eid, "userAuth invalid arguments, this function requires an object."); return -1; } - username = mprToString(mprGetProperty(argv[0], "username", NULL)); - password = mprToString(mprGetProperty(argv[0], "password", NULL)); - domain = mprToString(mprGetProperty(argv[0], "domain", NULL)); + /* get credential values from credentials object */ + creds = mprGetPtr(argv[0], "creds"); + username = cli_credentials_get_username(creds); + password = cli_credentials_get_password(creds); + domain = cli_credentials_get_domain(creds); remote_host = mprToString(mprGetProperty(argv[0], "rhost", NULL)); if (username == NULL || password == NULL || domain == NULL) { -- cgit From 185adae2f90ed187c7c4e0d415defb35b9c78722 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 Aug 2005 02:05:53 +0000 Subject: r9499: added error checking to the userAuth() call. SWAT is still failing, but at least it now tells us why (This used to be commit 4afb16d7b24b1d1ed359048a89950924b363e44a) --- source4/scripting/ejs/smbcalls_auth.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 37ac9543cc..06d17ed01a 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -105,7 +105,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) const char *password; const char *domain; const char *remote_host; - struct MprVar auth, *creds_obj; + struct MprVar auth; struct cli_credentials *creds; if (argc != 1 || argv[0]->type != MPR_TYPE_OBJECT) { @@ -115,6 +115,10 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) /* get credential values from credentials object */ creds = mprGetPtr(argv[0], "creds"); + if (creds == NULL) { + ejsSetErrorMsg(eid, "userAuth requires a 'creds' element"); + return -1; + } username = cli_credentials_get_username(creds); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); -- cgit From d857d1a9650efdf26b49e3939721dfc6fc0a1edb Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 Aug 2005 02:11:49 +0000 Subject: r9500: userAuth() takes a creds object, not a general object now ... (This used to be commit 57e6eb9c66ba539a593524d8cfd8836a840ac1ba) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 06d17ed01a..ef3b86a8b4 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -122,7 +122,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) username = cli_credentials_get_username(creds); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); - remote_host = mprToString(mprGetProperty(argv[0], "rhost", NULL)); + remote_host = cli_credentials_get_workstation(creds); if (username == NULL || password == NULL || domain == NULL) { mpr_Return(eid, mprCreateUndefinedVar()); -- cgit From 24186a80eb4887b5fb3e72e4b877b456cbe8e35f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Aug 2005 04:30:22 +0000 Subject: r9728: A *major* update to the credentials system, to incorporate the Kerberos CCACHE into the system. This again allows the use of the system ccache when no username is specified, and brings more code in common between gensec_krb5 and gensec_gssapi. It also has a side-effect that may (or may not) be expected: If there is a ccache, even if it is not used (perhaps the remote server didn't want kerberos), it will change the default username. Andrew Bartlett (This used to be commit 6202267f6ec1446d6bd11d1d37d05a977bc8d315) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index ef3b86a8b4..8df69cf087 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -119,7 +119,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) ejsSetErrorMsg(eid, "userAuth requires a 'creds' element"); return -1; } - username = cli_credentials_get_username(creds); + username = cli_credentials_get_username(creds, tmp_ctx); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); remote_host = cli_credentials_get_workstation(creds); -- cgit From d4f22109ee5b939d34fe11ad4cef29d22fd82cc8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Aug 2005 19:08:18 +0000 Subject: r9755: Fix crash bug in SWAT login (This used to be commit 6e3e964fb4529260c2fcb09b41eda1a100e690eb) --- source4/scripting/ejs/smbcalls_auth.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 8df69cf087..e3b48490f6 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -119,6 +119,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) ejsSetErrorMsg(eid, "userAuth requires a 'creds' element"); return -1; } + + tmp_ctx = talloc_new(mprMemCtx()); + username = cli_credentials_get_username(creds, tmp_ctx); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); @@ -126,10 +129,10 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) if (username == NULL || password == NULL || domain == NULL) { mpr_Return(eid, mprCreateUndefinedVar()); + talloc_free(tmp_ctx); return 0; } - tmp_ctx = talloc_new(mprMemCtx()); auth = mprObject("auth"); if (domain && strcmp("System User", domain) == 0) { -- cgit From 51cbc188df03f9ee38599fe5a87ec2608117a845 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 22 Sep 2005 01:50:58 +0000 Subject: r10402: Make the RPC-SAMLOGON test pass against Win2k3 SP0 again. I still have issues with Win2k3 SP1, and Samba4 doesn't pass it's own test for the moment, but I'm working on these issues :-) This required a change to the credentials API, so that the special case for NTLM logins using a principal was indeed handled as a special, not general case. Also don't set the realm from a ccache, as then it overrides --option=realm=. Andrew Bartlett (This used to be commit 194e8f07c0cb4685797c5a7a074577c62dfdebe3) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index e3b48490f6..672694bbc5 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -122,7 +122,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) tmp_ctx = talloc_new(mprMemCtx()); - username = cli_credentials_get_username(creds, tmp_ctx); + username = cli_credentials_get_username(creds); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); remote_host = cli_credentials_get_workstation(creds); -- cgit From 4e052d1fe472d8a60c76988c17d291c958ceb46d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 1 Nov 2005 13:32:09 +0000 Subject: r11439: Make presedence on strcmp comparison clear, and fill in logon_parameters for the auth subsystem. Andrew Bartlett (This used to be commit 767c5ca7bec3737d1261e209cd895d1300354f25) --- source4/scripting/ejs/smbcalls_auth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 672694bbc5..ba20332aaa 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -72,6 +72,8 @@ static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *user user_info->flags = USER_INFO_CASE_INSENSITIVE_USERNAME | USER_INFO_DONT_CHECK_UNIX_ACCOUNT; + user_info->logon_parameters = 0; + nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); @@ -135,7 +137,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); - if (domain && strcmp("System User", domain) == 0) { + if (domain && (strcmp("System User", domain) == 0)) { ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "unix"); } else { ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "sam"); -- cgit From a1827a1deba04e0b4b2a508dc4e4e66603a46d16 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Dec 2005 07:22:25 +0000 Subject: r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldb backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b) --- source4/scripting/ejs/smbcalls_auth.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index ba20332aaa..80089f75a7 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -26,12 +26,14 @@ #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" -static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, +static int ejs_doauth(MprVarHandle eid, + TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *remote_host, const char *authtype) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; + struct auth_session_info *session_info = NULL; struct auth_context *auth_context; const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; @@ -76,11 +78,21 @@ static int ejs_doauth(TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *user nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Login Failed")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + goto done; + } + + nt_status = auth_generate_session_info(tmp_ctx, server_info, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); goto done; } + talloc_steal(mprMemCtx(), session_info); + mprSetThisPtr(eid, "session_info", session_info); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated)); mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); @@ -138,9 +150,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); if (domain && (strcmp("System User", domain) == 0)) { - ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "unix"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "unix"); } else { - ejs_doauth(tmp_ctx, &auth, username, password, domain, remote_host, "sam"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "sam"); } mpr_Return(eid, auth); -- cgit From 02c8c376d57e91c27b7afb9cb3eab26794d0be59 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 30 Dec 2005 06:48:56 +0000 Subject: r12596: This variable is unused. Andrew Bartlett (This used to be commit 2853ccfc8ad58c6af751e01487b8a9e7e68a01e7) --- source4/scripting/ejs/smbcalls_auth.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 80089f75a7..8ef04bec97 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -37,7 +37,6 @@ static int ejs_doauth(MprVarHandle eid, struct auth_context *auth_context; const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; - DATA_BLOB pw_blob; /* darn, we need some way to get the right event_context here @@ -49,8 +48,6 @@ static int ejs_doauth(MprVarHandle eid, goto done; } - pw_blob = data_blob(password, strlen(password)+1); - user_info = talloc(tmp_ctx, struct auth_usersupplied_info); if (!user_info) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); -- cgit From a8eec313549905724a8186a1a4c14480658e2967 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 6 Jan 2006 21:04:32 +0000 Subject: r12746: An initial version of the kludge_acls module. This should be replaced with real ACLs, which tridge is working on. In the meantime, the rules are very simple: - SYSTEM and Administrators can read all. - Users and anonymous cannot read passwords, can read everything else - list of 'password' attributes is hard-coded Most of the difficult work in this was fighting with the C/js interface to add a system_session() all, as it still doesn't get on with me :-) Andrew Bartlett (This used to be commit be9d0cae8989429ef47a713d8f0a82f12966fc78) --- source4/scripting/ejs/smbcalls_auth.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 8ef04bec97..3ec376f4fe 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -157,10 +157,27 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) return 0; } +/* + initialise credentials ejs object +*/ +static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv) +{ + struct MprVar *obj = mprInitObject(eid, "session_info", argc, argv); + struct auth_session_info *session_info = system_session(mprMemCtx()); + + if (session_info == NULL) { + return -1; + } + + mprSetPtrChild(obj, "session_info", session_info); + return 0; +} + /* setup C functions that be called from ejs */ void smb_setup_ejs_auth(void) { ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE); + ejsDefineCFunction(-1, "system_session", ejs_system_session, NULL, MPR_VAR_SCRIPT_HANDLE); } -- cgit From f55ea8bb3dca868e21663cd90eaea7a35cd7886c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 9 Jan 2006 22:12:53 +0000 Subject: r12804: This patch reworks the Samba4 sockets layer to use a socket_address structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2) --- source4/scripting/ejs/smbcalls_auth.c | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 3ec376f4fe..c79f2af0ac 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -28,7 +28,7 @@ static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, - const char *password, const char *domain, const char *remote_host, + const char *password, const char *domain, const char *workstation, const char *authtype) { struct auth_usersupplied_info *user_info = NULL; @@ -61,9 +61,9 @@ static int ejs_doauth(MprVarHandle eid, user_info->client.domain_name = domain; user_info->mapped.domain_name = domain; - user_info->workstation_name = remote_host; + user_info->workstation_name = workstation; - user_info->remote_host = remote_host; + user_info->remote_host = NULL; user_info->password_state = AUTH_PASSWORD_PLAIN; user_info->password.plaintext = talloc_strdup(user_info, password); @@ -101,13 +101,6 @@ done: /* perform user authentication, returning an array of results - syntax: - var authinfo = new Object(); - authinfo.username = myname; - authinfo.password = mypass; - authinfo.domain = mydom; - authinfo.rhost = request['REMOTE_HOST']; - auth = userAuth(authinfo); */ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) { @@ -115,7 +108,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) const char *username; const char *password; const char *domain; - const char *remote_host; + const char *workstation; struct MprVar auth; struct cli_credentials *creds; @@ -136,7 +129,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) username = cli_credentials_get_username(creds); password = cli_credentials_get_password(creds); domain = cli_credentials_get_domain(creds); - remote_host = cli_credentials_get_workstation(creds); + workstation = cli_credentials_get_workstation(creds); if (username == NULL || password == NULL || domain == NULL) { mpr_Return(eid, mprCreateUndefinedVar()); @@ -147,9 +140,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); if (domain && (strcmp("System User", domain) == 0)) { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "unix"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, "unix"); } else { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, remote_host, "sam"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, "sam"); } mpr_Return(eid, auth); -- cgit From 8f86ddcd930e5f9214777e5b761e6eb1748b8e74 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jan 2006 09:21:13 +0000 Subject: r12819: Fix swat authentication again. We need to pass the socket_address structure around, so the auth code knows where the request came from. Andrew Bartlett (This used to be commit 7a7b2668c00d4d22bcf8aa3ba256af88f70c38c4) --- source4/scripting/ejs/smbcalls_auth.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index c79f2af0ac..a1310ded9c 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -29,7 +29,7 @@ static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *workstation, - const char *authtype) + struct socket_address *remote_host, const char *authtype) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; @@ -63,7 +63,7 @@ static int ejs_doauth(MprVarHandle eid, user_info->workstation_name = workstation; - user_info->remote_host = NULL; + user_info->remote_host = remote_host; user_info->password_state = AUTH_PASSWORD_PLAIN; user_info->password.plaintext = talloc_strdup(user_info, password); @@ -75,7 +75,9 @@ static int ejs_doauth(MprVarHandle eid, nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); if (!NT_STATUS_IS_OK(nt_status)) { - mprSetPropertyValue(auth, "report", mprString("Login Failed")); + mprSetPropertyValue(auth, "report", + mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s", + get_friendly_nt_error_msg(nt_status)))); mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); goto done; } @@ -111,8 +113,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) const char *workstation; struct MprVar auth; struct cli_credentials *creds; + struct socket_address *remote_host; - if (argc != 1 || argv[0]->type != MPR_TYPE_OBJECT) { + if (argc != 2 || argv[0]->type != MPR_TYPE_OBJECT || argv[1]->type != MPR_TYPE_OBJECT) { ejsSetErrorMsg(eid, "userAuth invalid arguments, this function requires an object."); return -1; } @@ -120,7 +123,13 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) /* get credential values from credentials object */ creds = mprGetPtr(argv[0], "creds"); if (creds == NULL) { - ejsSetErrorMsg(eid, "userAuth requires a 'creds' element"); + ejsSetErrorMsg(eid, "userAuth requires a 'creds' first parameter"); + return -1; + } + + remote_host = mprGetPtr(argv[1], "socket_address"); + if (remote_host == NULL) { + ejsSetErrorMsg(eid, "userAuth requires a socket address second parameter"); return -1; } @@ -139,10 +148,10 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); - if (domain && (strcmp("System User", domain) == 0)) { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, "unix"); + if (domain && (strcmp("SYSTEM USER", domain) == 0)) { + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, "unix"); } else { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, "sam"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, "sam"); } mpr_Return(eid, auth); -- cgit From 75ef0ba513489a85557cb486135d80286d620809 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 10 Jan 2006 10:35:47 +0000 Subject: r12823: Fix up the provison and newuser code in SWAT. This also cleans up the main provision script a bit, as the argument list was getting out of control. (It has been replaced in part with an object). This also returns the session_info from the auth code into ejs. We still need access control allowing only root to re-provision. Andrew Bartlett (This used to be commit 002cdcf3cab6563909d31edc5d825e857dc0a732) --- source4/scripting/ejs/smbcalls_auth.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index a1310ded9c..5c70b6908b 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -35,6 +35,7 @@ static int ejs_doauth(MprVarHandle eid, struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info = NULL; struct auth_context *auth_context; + struct MprVar *session_info_obj; const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; @@ -89,9 +90,12 @@ static int ejs_doauth(MprVarHandle eid, goto done; } + session_info_obj = mprInitObject(eid, "session_info", 0, NULL); + + mprSetPtrChild(session_info_obj, "session_info", session_info); talloc_steal(mprMemCtx(), session_info); - mprSetThisPtr(eid, "session_info", session_info); + mprSetProperty(auth, "session_info", session_info_obj); mprSetPropertyValue(auth, "result", mprCreateBoolVar(server_info->authenticated)); mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); -- cgit From 5d9f51064444f6d41f4e4c3766afdd77cd96b9e3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 13 Jan 2006 22:55:23 +0000 Subject: r12918: Don't tell the user the difference between 'no such user' and 'wrong password'. Andrew Bartlett (This used to be commit e13cb0ab175069eb670c8b2f57379ababacfcce3) --- source4/scripting/ejs/smbcalls_auth.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 5c70b6908b..4c943e6fb3 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -75,6 +75,11 @@ static int ejs_doauth(MprVarHandle eid, user_info->logon_parameters = 0; nt_status = auth_check_password(auth_context, tmp_ctx, user_info, &server_info); + + /* Don't give the game away (any difference between no such + * user and wrong password) */ + nt_status = auth_nt_status_squash(nt_status); + if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s", -- cgit From 2bb3a50c7ea48730a3305d86f2e1e92ce206bdd3 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 14 Jan 2006 07:46:04 +0000 Subject: r12931: Remove some prefixes. We have: Login failed: Login Failed: Logon failure - please try again In SWAT currently... Andrew Bartlett (This used to be commit 51eded818093320e7d6b9e95ad11fa21a81c3f93) --- source4/scripting/ejs/smbcalls_auth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 4c943e6fb3..9b71314d3f 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -82,8 +82,7 @@ static int ejs_doauth(MprVarHandle eid, if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", - mprString(talloc_asprintf(mprMemCtx(), "Login Failed: %s", - get_friendly_nt_error_msg(nt_status)))); + mprString(talloc_strdup(mprMemCtx(), get_friendly_nt_error_msg(nt_status)))); mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); goto done; } -- cgit From ba8406fd3fb753deba9c3d5f8179dc70a200375d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 18 Jan 2006 11:25:30 +0000 Subject: r12997: Feed the right event context to libnet in ejsnet and the auth code. This should give better behaviour in SWAT. Fix authentication as Samba, rather than System, users in SWAT. Andrew Bartlett (This used to be commit 498d72c4ad4d57d10f43ca58830d6ee8292a55f4) --- source4/scripting/ejs/smbcalls_auth.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 9b71314d3f..ea9aaf9739 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -25,24 +25,24 @@ #include "lib/appweb/ejs/ejs.h" #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" +#include "lib/events/events.h" static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, const char *password, const char *domain, const char *workstation, - struct socket_address *remote_host, const char *authtype) + struct socket_address *remote_host, const char **auth_types) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; struct auth_session_info *session_info = NULL; struct auth_context *auth_context; struct MprVar *session_info_obj; - const char *auth_types[] = { authtype, NULL }; NTSTATUS nt_status; - /* - darn, we need some way to get the right event_context here - */ - nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, NULL); + /* Hope we can find the event context somewhere up there... */ + struct event_context *ev = event_context_find(tmp_ctx); + + nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); @@ -122,6 +122,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) struct MprVar auth; struct cli_credentials *creds; struct socket_address *remote_host; + const char *auth_types_unix[] = { "unix", NULL }; if (argc != 2 || argv[0]->type != MPR_TYPE_OBJECT || argv[1]->type != MPR_TYPE_OBJECT) { ejsSetErrorMsg(eid, "userAuth invalid arguments, this function requires an object."); @@ -157,9 +158,9 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) auth = mprObject("auth"); if (domain && (strcmp("SYSTEM USER", domain) == 0)) { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, "unix"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, auth_types_unix); } else { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, "sam"); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, lp_auth_methods()); } mpr_Return(eid, auth); -- cgit From 0dcecc314899b6f36e9215e0b3881220062ba4f9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sat, 20 May 2006 03:08:44 +0000 Subject: r15731: module init functions should return NTSTATUS, not void (This used to be commit c6d20c22454b87b4dea3527f0efcecd373679848) --- source4/scripting/ejs/smbcalls_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index ea9aaf9739..568b24713c 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -187,8 +187,9 @@ static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv) /* setup C functions that be called from ejs */ -void smb_setup_ejs_auth(void) +NTSTATUS smb_setup_ejs_auth(void) { ejsDefineCFunction(-1, "userAuth", ejs_userAuth, NULL, MPR_VAR_SCRIPT_HANDLE); ejsDefineCFunction(-1, "system_session", ejs_system_session, NULL, MPR_VAR_SCRIPT_HANDLE); + return NT_STATUS_OK; } -- cgit From 9b6f35edbf439fec4a0d32104ee8475bf1e313c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 31 Jul 2006 13:34:00 +0000 Subject: r17339: pass the event context and messaging context together to the smb ejs functions metze (This used to be commit 0397911b414518d54f6dba2a8c81a5872b90a034) --- source4/scripting/ejs/smbcalls_auth.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 568b24713c..678d3c6a7f 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -39,8 +39,17 @@ static int ejs_doauth(MprVarHandle eid, struct MprVar *session_info_obj; NTSTATUS nt_status; - /* Hope we can find the event context somewhere up there... */ - struct event_context *ev = event_context_find(tmp_ctx); + struct smbcalls_context *c; + struct event_context *ev; + + /* Hope we can find an smbcalls_context somewhere up there... */ + c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context); + if (c) { + ev = c->event_ctx; + } else { + /* Hope we can find the event context somewhere up there... */ + ev = event_context_find(tmp_ctx); + } nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev); if (!NT_STATUS_IS_OK(nt_status)) { -- cgit From 7a845bcb0141a895d5685afcef1ffe7f93428d0f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 31 Jul 2006 14:05:08 +0000 Subject: r17341: pass a messaging context to auth_context_create() and gensec_server_start(). calling them with NULL for event context or messaging context is no longer allowed! metze (This used to be commit 679ac74e71b111344f1097ab389c0b83a9247710) --- source4/scripting/ejs/smbcalls_auth.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 678d3c6a7f..281f35bb20 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -26,6 +26,7 @@ #include "auth/auth.h" #include "scripting/ejs/smbcalls.h" #include "lib/events/events.h" +#include "lib/messaging/irpc.h" static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, @@ -41,17 +42,20 @@ static int ejs_doauth(MprVarHandle eid, struct smbcalls_context *c; struct event_context *ev; + struct messaging_context *msg; /* Hope we can find an smbcalls_context somewhere up there... */ c = talloc_find_parent_bytype(tmp_ctx, struct smbcalls_context); if (c) { ev = c->event_ctx; + msg = c->msg_ctx; } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); + msg = messaging_client_init(tmp_ctx, ev); } - nt_status = auth_context_create(tmp_ctx, auth_types, &auth_context, ev); + nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); -- cgit From 13dbee3ffea6065a826f010e50c9b4eb2c6ad109 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Nov 2006 00:48:36 +0000 Subject: r19598: Ahead of a merge to current lorikeet-heimdal: Break up auth/auth.h not to include the world. Add credentials_krb5.h with the kerberos dependent prototypes. Andrew Bartlett (This used to be commit 2b569c42e0fbb596ea82484d0e1cb22e193037b9) --- source4/scripting/ejs/smbcalls_auth.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 281f35bb20..7b9fe2fc17 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -24,6 +24,7 @@ #include "includes.h" #include "lib/appweb/ejs/ejs.h" #include "auth/auth.h" +#include "auth/credentials/credentials.h" #include "scripting/ejs/smbcalls.h" #include "lib/events/events.h" #include "lib/messaging/irpc.h" -- cgit From 222c6dd7818c729540079cc480ee56812681854e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 3 Jul 2007 08:05:55 +0000 Subject: r23680: Make it easier to setup a domain member server - the 'server role' will now control the auth methods, but an override is still available, ex: auth methods:domain controller = Andrew Bartlett (This used to be commit b7e727186ed8eda6a68c873e089f655dc24fe8ae) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 7b9fe2fc17..5509e78357 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -56,7 +56,7 @@ static int ejs_doauth(MprVarHandle eid, msg = messaging_client_init(tmp_ctx, ev); } - nt_status = auth_context_create(tmp_ctx, auth_types, ev, msg, &auth_context); + nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); -- cgit From 0479a2f1cbae51fcd8dbdc3c148c808421fb4d25 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 02:07:03 +0000 Subject: r23792: convert Samba4 to GPLv3 There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa) --- source4/scripting/ejs/smbcalls_auth.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 5509e78357..dfca4ffac0 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -8,7 +8,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, @@ -17,8 +17,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From a21ea3351af893618c0356c49b5033bf7509044d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 12 Jul 2007 04:56:33 +0000 Subject: r23848: Thanks to derrell for pointing out that I had not finished my patch to split out the auth methods. This caused all SWAT logins to fail, except when using local system authentication. Andrew Bartlett (This used to be commit b5a9d507a37cd46bd325ff3118c08b4362f267f2) --- source4/scripting/ejs/smbcalls_auth.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index dfca4ffac0..94a74e8e2a 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -55,7 +55,11 @@ static int ejs_doauth(MprVarHandle eid, msg = messaging_client_init(tmp_ctx, ev); } - nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); + if (auth_types) { + nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); + } else { + nt_status = auth_context_create(tmp_ctx, ev, msg, &auth_context); + } if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); @@ -173,7 +177,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) if (domain && (strcmp("SYSTEM USER", domain) == 0)) { ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, auth_types_unix); } else { - ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, lp_auth_methods()); + ejs_doauth(eid, tmp_ctx, &auth, username, password, domain, workstation, remote_host, NULL); } mpr_Return(eid, auth); -- cgit From 3a1b90ec755d89d9d7a358c0f477e51b217218ea Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 19 Jul 2007 07:48:26 +0000 Subject: r23966: It isn't great, but at least now we have some access control in SWAT This patch prevents non-root and non-administrator users from running the provision, upgrade and vampire pages. *I think* the rest of SWAT is LDB operations, or otherwise authenticated, so we should now be secure. I wish I had a better way to 'prove' we got this right, but this is better than nothing, and moves us closer to an alpha. Andrew Bartlett (This used to be commit d61061052dc4711f886199e49bc303002c8f9b11) --- source4/scripting/ejs/smbcalls_auth.c | 45 +++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 94a74e8e2a..33d7f2cf0e 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -27,6 +27,7 @@ #include "scripting/ejs/smbcalls.h" #include "lib/events/events.h" #include "lib/messaging/irpc.h" +#include "libcli/security/security.h" static int ejs_doauth(MprVarHandle eid, TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, @@ -39,6 +40,7 @@ static int ejs_doauth(MprVarHandle eid, struct auth_context *auth_context; struct MprVar *session_info_obj; NTSTATUS nt_status; + bool set; struct smbcalls_context *c; struct event_context *ev; @@ -111,6 +113,32 @@ static int ejs_doauth(MprVarHandle eid, goto done; } + if (security_token_has_nt_authenticated_users(session_info->security_token)) { + mprSetPropertyValue(auth, "user_class", mprString("USER")); + set = true; + } + + if (security_token_has_builtin_administrators(session_info->security_token)) { + mprSetPropertyValue(auth, "user_class", mprString("ADMINISTRATOR")); + set = true; + } + + if (security_token_is_system(session_info->security_token)) { + mprSetPropertyValue(auth, "user_class", mprString("SYSTEM")); + set = true; + } + + if (security_token_is_anonymous(session_info->security_token)) { + mprSetPropertyValue(auth, "report", mprString("Anonymous login not permitted")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + goto done; + } + + if (!set) { + mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + } + session_info_obj = mprInitObject(eid, "session_info", 0, NULL); mprSetPtrChild(session_info_obj, "session_info", session_info); @@ -121,6 +149,23 @@ static int ejs_doauth(MprVarHandle eid, mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); + if (security_token_is_system(session_info->security_token)) { + mprSetPropertyValue(auth, "report", mprString("SYSTEM")); + } + + if (security_token_is_anonymous(session_info->security_token)) { + mprSetPropertyValue(auth, "report", mprString("ANONYMOUS")); + } + + if (security_token_has_builtin_administrators(session_info->security_token)) { + mprSetPropertyValue(auth, "report", mprString("ADMINISTRATOR")); + } + + if (security_token_has_nt_authenticated_users(session_info->security_token)) { + mprSetPropertyValue(auth, "report", mprString("USER")); + } + + done: return 0; } -- cgit From a7416c08945c5eae5ef5e896439119fb3379f482 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 24 Jul 2007 06:03:03 +0000 Subject: r24012: Remove duplicate code block (from bad merge). Andrew Bartlett (This used to be commit 68bdbd732fc02ce5a8ef8eb0107459ff3b7eb723) --- source4/scripting/ejs/smbcalls_auth.c | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 33d7f2cf0e..2624084f02 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -149,23 +149,6 @@ static int ejs_doauth(MprVarHandle eid, mprSetPropertyValue(auth, "username", mprString(server_info->account_name)); mprSetPropertyValue(auth, "domain", mprString(server_info->domain_name)); - if (security_token_is_system(session_info->security_token)) { - mprSetPropertyValue(auth, "report", mprString("SYSTEM")); - } - - if (security_token_is_anonymous(session_info->security_token)) { - mprSetPropertyValue(auth, "report", mprString("ANONYMOUS")); - } - - if (security_token_has_builtin_administrators(session_info->security_token)) { - mprSetPropertyValue(auth, "report", mprString("ADMINISTRATOR")); - } - - if (security_token_has_nt_authenticated_users(session_info->security_token)) { - mprSetPropertyValue(auth, "report", mprString("USER")); - } - - done: return 0; } -- cgit From dccf3f99e45137b6cd18c1de1c79808ad67130d1 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 8 Sep 2007 13:27:14 +0000 Subject: r25027: Fix more warnings. (This used to be commit 5085c53fcfade614e83d21fc2c1a5bc43bb2a729) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 2624084f02..dcb0f73909 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -181,7 +181,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) return -1; } - remote_host = mprGetPtr(argv[1], "socket_address"); + remote_host = (struct socket_address *)mprGetPtr(argv[1], "socket_address"); if (remote_host == NULL) { ejsSetErrorMsg(eid, "userAuth requires a socket address second parameter"); return -1; -- cgit From 2f3551ca7cee59d4d053cceb87abdf1da1b3a1ad Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 1 Oct 2007 18:52:55 +0000 Subject: r25446: Merge some changes I made on the way home from SFO: 2007-09-29 More higher-level passing around of lp_ctx. 2007-09-29 Fix warning. 2007-09-29 Pass loadparm contexts on a higher level. 2007-09-29 Avoid using global loadparm context. (This used to be commit 3468952e771ab31f90b6c374ade01c5550810f42) --- source4/scripting/ejs/smbcalls_auth.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index dcb0f73909..e5b1aab3c2 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -30,9 +30,11 @@ #include "libcli/security/security.h" static int ejs_doauth(MprVarHandle eid, - TALLOC_CTX *tmp_ctx, struct MprVar *auth, const char *username, - const char *password, const char *domain, const char *workstation, - struct socket_address *remote_host, const char **auth_types) + TALLOC_CTX *tmp_ctx, struct MprVar *auth, + const char *username, const char *password, + const char *domain, const char *workstation, + struct socket_address *remote_host, + const char **auth_types) { struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; @@ -54,7 +56,7 @@ static int ejs_doauth(MprVarHandle eid, } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); - msg = messaging_client_init(tmp_ctx, ev); + msg = messaging_client_init(tmp_ctx, global_loadparm, ev); } if (auth_types) { -- cgit From 55a7440a07396e31b6647b79576fb16e54cc183a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 5 Oct 2007 21:54:34 +0000 Subject: r25536: Fix path for messaging - this code path doesn't appear to have a test, otherwise it would've caused a crash in the testsuite earlier... (This used to be commit 89c8fd8c02830051e0199e234cc3e3b15e8c9879) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index e5b1aab3c2..44059d7537 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -56,7 +56,7 @@ static int ejs_doauth(MprVarHandle eid, } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); - msg = messaging_client_init(tmp_ctx, global_loadparm, ev); + msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, global_loadparm), ev); } if (auth_types) { -- cgit From 2151cde58014ea2e822c13d2f8a369b45dc19ca8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sat, 6 Oct 2007 22:28:14 +0000 Subject: r25554: Convert last instances of BOOL, True and False to the standard types. (This used to be commit 566aa14139510788548a874e9213d91317f83ca9) --- source4/scripting/ejs/smbcalls_auth.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 44059d7537..b4848d4323 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -65,19 +65,19 @@ static int ejs_doauth(MprVarHandle eid, nt_status = auth_context_create(tmp_ctx, ev, msg, &auth_context); } if (!NT_STATUS_IS_OK(nt_status)) { - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); mprSetPropertyValue(auth, "report", mprString("Auth System Failure")); goto done; } user_info = talloc(tmp_ctx, struct auth_usersupplied_info); if (!user_info) { - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); mprSetPropertyValue(auth, "report", mprString("talloc failed")); goto done; } - user_info->mapped_state = True; + user_info->mapped_state = true; user_info->client.account_name = username; user_info->mapped.account_name = username; user_info->client.domain_name = domain; @@ -104,14 +104,14 @@ static int ejs_doauth(MprVarHandle eid, if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString(talloc_strdup(mprMemCtx(), get_friendly_nt_error_msg(nt_status)))); - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); goto done; } nt_status = auth_generate_session_info(tmp_ctx, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); goto done; } @@ -132,13 +132,13 @@ static int ejs_doauth(MprVarHandle eid, if (security_token_is_anonymous(session_info->security_token)) { mprSetPropertyValue(auth, "report", mprString("Anonymous login not permitted")); - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); goto done; } if (!set) { mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); - mprSetPropertyValue(auth, "result", mprCreateBoolVar(False)); + mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); } session_info_obj = mprInitObject(eid, "session_info", 0, NULL); -- cgit From 181aab56d528c3a270ff9f349c8e91ecb402142b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 16:20:18 +0100 Subject: r26221: Add loadparm_context parameter to auth_context_create. (This used to be commit a9a9634df8f3137ecb308adb90a755f12af94972) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index b4848d4323..6ddb049788 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -62,7 +62,7 @@ static int ejs_doauth(MprVarHandle eid, if (auth_types) { nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); } else { - nt_status = auth_context_create(tmp_ctx, ev, msg, &auth_context); + nt_status = auth_context_create(tmp_ctx, ev, msg, global_loadparm, &auth_context); } if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); -- cgit From 51db4c3f3d81d1ed03beae6426786c843ac59807 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 2 Dec 2007 17:56:09 +0100 Subject: r26228: Store loadparm context in auth context, move more loadparm_contexts up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 6ddb049788..39e84d7f2c 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -60,7 +60,7 @@ static int ejs_doauth(MprVarHandle eid, } if (auth_types) { - nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, &auth_context); + nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, global_loadparm, &auth_context); } else { nt_status = auth_context_create(tmp_ctx, ev, msg, global_loadparm, &auth_context); } -- cgit From 43696d2752e2faad34fb3ed2a7dbf01d40ffdc46 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 15:53:28 +0100 Subject: r26252: Specify loadparm_context explicitly when creating sessions. (This used to be commit 7280c1e9415daabb2712db1372e23f9846272ede) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 39e84d7f2c..236edbd64d 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -221,7 +221,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv) { struct MprVar *obj = mprInitObject(eid, "session_info", argc, argv); - struct auth_session_info *session_info = system_session(mprMemCtx()); + struct auth_session_info *session_info = system_session(mprMemCtx(), global_loadparm); if (session_info == NULL) { return -1; -- cgit From 1fbdd6ef1dfb8704de0524fc6f5c33e1418858cd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 3 Dec 2007 18:47:35 +0100 Subject: r26264: pass name resolve order explicitly, use torture context for settings in dssync tests. (This used to be commit c7eae1c7842f9ff8b70cce9e5d6f3ebbbe78e83b) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 236edbd64d..7747bb14c6 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -108,7 +108,7 @@ static int ejs_doauth(MprVarHandle eid, goto done; } - nt_status = auth_generate_session_info(tmp_ctx, server_info, &session_info); + nt_status = auth_generate_session_info(tmp_ctx, global_loadparm, server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); -- cgit From 84b476394713d4f2b84782c59dcc084a25af360f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 13 Dec 2007 23:23:25 +0100 Subject: r26441: Remove global_loadparm uses. (This used to be commit 32007c6277efa46341da7741b749a98633d71640) --- source4/scripting/ejs/smbcalls_auth.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 7747bb14c6..89370890c8 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -56,7 +56,8 @@ static int ejs_doauth(MprVarHandle eid, } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); - msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, global_loadparm), ev); + msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, global_loadparm), + lp_iconv_convenience(global_loadparm), ev); } if (auth_types) { -- cgit From e11c61bc5cd487dce06fc38bb0ee8c4e24b04e8c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 21 Feb 2008 18:21:44 +0100 Subject: Introduce mprLpCtx() similar to mprMemCtx() for loadparm_context used by all EJS code. (This used to be commit 184988866fe8e740f58e3683eefcaa70f8b51d11) --- source4/scripting/ejs/smbcalls_auth.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 89370890c8..908a009159 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -56,14 +56,14 @@ static int ejs_doauth(MprVarHandle eid, } else { /* Hope we can find the event context somewhere up there... */ ev = event_context_find(tmp_ctx); - msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, global_loadparm), - lp_iconv_convenience(global_loadparm), ev); + msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, mprLpCtx()), + lp_iconv_convenience(mprLpCtx()), ev); } if (auth_types) { - nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, global_loadparm, &auth_context); + nt_status = auth_context_create_methods(tmp_ctx, auth_types, ev, msg, mprLpCtx(), &auth_context); } else { - nt_status = auth_context_create(tmp_ctx, ev, msg, global_loadparm, &auth_context); + nt_status = auth_context_create(tmp_ctx, ev, msg, mprLpCtx(), &auth_context); } if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); @@ -109,7 +109,7 @@ static int ejs_doauth(MprVarHandle eid, goto done; } - nt_status = auth_generate_session_info(tmp_ctx, global_loadparm, server_info, &session_info); + nt_status = auth_generate_session_info(tmp_ctx, mprLpCtx(), server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); @@ -222,7 +222,7 @@ static int ejs_userAuth(MprVarHandle eid, int argc, struct MprVar **argv) static int ejs_system_session(MprVarHandle eid, int argc, struct MprVar **argv) { struct MprVar *obj = mprInitObject(eid, "session_info", argc, argv); - struct auth_session_info *session_info = system_session(mprMemCtx(), global_loadparm); + struct auth_session_info *session_info = system_session(mprMemCtx(), mprLpCtx()); if (session_info == NULL) { return -1; -- cgit From bbb826bdac54e3fec3426fe6d8e23790abbbc44f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 01:37:42 +0200 Subject: Add convenience function for getting at event context from ejs code. (This used to be commit b659e83cd6b627dd0ae04064bccff7220a5bd1ce) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 908a009159..8e464a5021 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -55,7 +55,7 @@ static int ejs_doauth(MprVarHandle eid, msg = c->msg_ctx; } else { /* Hope we can find the event context somewhere up there... */ - ev = event_context_find(tmp_ctx); + ev = mprEventCtx(); msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, mprLpCtx()), lp_iconv_convenience(mprLpCtx()), ev); } -- cgit From 21fc7673780aa1d7c0caab7b17ff9171238913ba Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Thu, 17 Apr 2008 12:23:44 +0200 Subject: Specify event_context to ldb_wrap_connect explicitly. (This used to be commit b4e1ae07a284c044704322446c94351c2decff91) --- source4/scripting/ejs/smbcalls_auth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source4/scripting/ejs/smbcalls_auth.c') diff --git a/source4/scripting/ejs/smbcalls_auth.c b/source4/scripting/ejs/smbcalls_auth.c index 8e464a5021..b67bb7ed5b 100644 --- a/source4/scripting/ejs/smbcalls_auth.c +++ b/source4/scripting/ejs/smbcalls_auth.c @@ -109,7 +109,7 @@ static int ejs_doauth(MprVarHandle eid, goto done; } - nt_status = auth_generate_session_info(tmp_ctx, mprLpCtx(), server_info, &session_info); + nt_status = auth_generate_session_info(tmp_ctx, mprEventCtx(), mprLpCtx(), server_info, &session_info); if (!NT_STATUS_IS_OK(nt_status)) { mprSetPropertyValue(auth, "report", mprString("Session Info generation failed")); mprSetPropertyValue(auth, "result", mprCreateBoolVar(false)); -- cgit