Changeset 740 for vendor/current/source3/auth/auth.c

Timestamp:

Nov 14, 2012, 12:59:34 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server: update vendor to 3.6.0

File:

• vendor/current/source3/auth/auth.c (modified) (24 diffs)

vendor/current/source3/auth/auth.c

@@ -19 +19 @@
 
 #include "includes.h"
+#include "auth.h"
+#include "smbd/globals.h"
 
 #undef DBGC_CLASS
@@ -25 +27 @@
 static_decl_auth;
 
-static struct auth_init_function_entry *backends = NULL;
+static struct auth_init_function_entry *auth_backends = NULL;
 
 static struct auth_init_function_entry *auth_find_backend_entry(const char *name);
@@ -31 +33 @@
 NTSTATUS smb_register_auth(int version, const char *name, auth_init_function init)
 {
-        struct auth_init_function_entry *entry = backends;
+        struct auth_init_function_entry *entry = auth_backends;
 
         if (version != AUTH_INTERFACE_VERSION) {
@@ -55 +57 @@
         entry->init = init;
 
-        DLIST_ADD(backends, entry);
+        DLIST_ADD(auth_backends, entry);
         DEBUG(5,("Successfully added auth method '%s'\n", name));
         return NT_STATUS_OK;
@@ -62 +64 @@
 static struct auth_init_function_entry *auth_find_backend_entry(const char *name)
 {
-        struct auth_init_function_entry *entry = backends;
+        struct auth_init_function_entry *entry = auth_backends;
 
         while(entry) {
@@ -77 +79 @@
 ****************************************************************************/
 
-static void get_ntlm_challenge(struct auth_context *auth_context,
+static NTSTATUS get_ntlm_challenge(struct auth_context *auth_context,
                                uint8_t chal[8])
 {
@@ -88 +90 @@
                           auth_context->challenge_set_by));
                 memcpy(chal, auth_context->challenge.data, 8);
-                return;
+                return NT_STATUS_OK;
         }
 
@@ -107 +109 @@
 
                 challenge = auth_method->get_chal(auth_context, &auth_method->private_data,
-                                        auth_context->mem_ctx);
+                                                  auth_context);
                 if (!challenge.length) {
                         DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n", 
@@ -123 +125 @@
 
                 generate_random_buffer(tmp, sizeof(tmp));
-                auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, 
+                auth_context->challenge = data_blob_talloc(auth_context,
                                                            tmp, sizeof(tmp));
 
@@ -139 +141 @@
 
         memcpy(chal, auth_context->challenge.data, 8);
+        return NT_STATUS_OK;
 }
 
@@ -214 +217 @@
 
         DEBUG(3, ("check_ntlm_password:  Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", 
-                  user_info->client_domain, user_info->smb_name, user_info->wksta_name));
+                  user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
 
         DEBUG(3, ("check_ntlm_password:  mapped user is: [%s]\\[%s]@[%s]\n", 
-                  user_info->domain, user_info->internal_username, user_info->wksta_name));
+                  user_info->mapped.domain_name, user_info->mapped.account_name, user_info->workstation_name));
 
         if (auth_context->challenge.length != 8) {
@@ -233 +236 @@
 #ifdef DEBUG_PASSWORD
         DEBUG(100, ("user_info has passwords of length %d and %d\n", 
-                    (int)user_info->lm_resp.length, (int)user_info->nt_resp.length));
+                    (int)user_info->password.response.lanman.length, (int)user_info->password.response.nt.length));
         DEBUG(100, ("lm:\n"));
-        dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length);
+        dump_data(100, user_info->password.response.lanman.data, user_info->password.response.lanman.length);
         DEBUG(100, ("nt:\n"));
-        dump_data(100, user_info->nt_resp.data, user_info->nt_resp.length);
+        dump_data(100, user_info->password.response.nt.data, user_info->password.response.nt.length);
 #endif
 
         /* This needs to be sorted:  If it doesn't match, what should we do? */
-        if (!check_domain_match(user_info->smb_name, user_info->domain))
+        if (!check_domain_match(user_info->client.account_name, user_info->mapped.domain_name))
                 return NT_STATUS_LOGON_FAILURE;
 
@@ -247 +250 @@
                 NTSTATUS result;
 
-                mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name, 
-                                            user_info->domain, user_info->smb_name);
+                mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
+                                      user_info->mapped.domain_name, user_info->client.account_name);
 
                 result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
@@ -263 +266 @@
                 if (NT_STATUS_IS_OK(nt_status)) {
                         DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n", 
-                                  auth_method->name, user_info->smb_name));
+                                  auth_method->name, user_info->client.account_name));
                 } else {
                         DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n", 
-                                  auth_method->name, user_info->smb_name, nt_errstr(nt_status)));
+                                  auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
                 }
 
@@ -284 +287 @@
                         /* We might not be root if we are an RPC call */
                         become_root();
-                        nt_status = smb_pam_accountcheck(unix_username);
+                        nt_status = smb_pam_accountcheck(
+                                unix_username,
+                                smbd_server_conn->client_id.name);
                         unbecome_root();
 
@@ -298 +303 @@
                 if (NT_STATUS_IS_OK(nt_status)) {
                         DEBUG((*server_info)->guest ? 5 : 2, 
-                              ("check_ntlm_password:  %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n", 
-                               (*server_info)->guest ? "guest " : "", 
-                               user_info->smb_name, 
-                               user_info->internal_username, 
+                              ("check_ntlm_password:  %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
+                               (*server_info)->guest ? "guest " : "",
+                               user_info->client.account_name,
+                               user_info->mapped.account_name,
                                unix_username));
                 }
@@ -310 +315 @@
         /* failed authentication; check for guest lapping */
 
-        DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n", 
-                  user_info->smb_name, user_info->internal_username, 
+        DEBUG(2, ("check_ntlm_password:  Authentication for user [%s] -> [%s] FAILED with error %s\n",
+                  user_info->client.account_name, user_info->mapped.account_name,
                   nt_errstr(nt_status)));
-        ZERO_STRUCTP(server_info); 
+        ZERO_STRUCTP(server_info);
 
         return nt_status;
@@ -322 +327 @@
 ***************************************************************************/
 
-static void free_auth_context(struct auth_context **auth_context)
-{
-        auth_methods *auth_method;
-
-        if (*auth_context) {
-                /* Free private data of context's authentication methods */
-                for (auth_method = (*auth_context)->auth_method_list; auth_method; auth_method = auth_method->next) {
-                        TALLOC_FREE(auth_method->private_data);
-                }
-
-                talloc_destroy((*auth_context)->mem_ctx);
-                *auth_context = NULL;
-        }
+static int auth_context_destructor(void *ptr)
+{
+        struct auth_context *ctx = talloc_get_type(ptr, struct auth_context);
+        struct auth_methods *am;
+
+
+        /* Free private data of context's authentication methods */
+        for (am = ctx->auth_method_list; am; am = am->next) {
+                TALLOC_FREE(am->private_data);
+        }
+
+        return 0;
 }
 
@@ -341 +345 @@
 ***************************************************************************/
 
-static NTSTATUS make_auth_context(struct auth_context **auth_context) 
-{
-        TALLOC_CTX *mem_ctx;
-
-        mem_ctx = talloc_init("authentication context");
-
-        *auth_context = TALLOC_P(mem_ctx, struct auth_context);
-        if (!*auth_context) {
+static NTSTATUS make_auth_context(TALLOC_CTX *mem_ctx,
+                                  struct auth_context **auth_context)
+{
+        struct auth_context *ctx;
+
+        ctx = talloc_zero(mem_ctx, struct auth_context);
+        if (!ctx) {
                 DEBUG(0,("make_auth_context: talloc failed!\n"));
-                talloc_destroy(mem_ctx);
                 return NT_STATUS_NO_MEMORY;
         }
-        ZERO_STRUCTP(*auth_context);
-
-        (*auth_context)->mem_ctx = mem_ctx;
-        (*auth_context)->check_ntlm_password = check_ntlm_password;
-        (*auth_context)->get_ntlm_challenge = get_ntlm_challenge;
-        (*auth_context)->free = free_auth_context;
-
+
+        ctx->check_ntlm_password = check_ntlm_password;
+        ctx->get_ntlm_challenge = get_ntlm_challenge;
+
+        talloc_set_destructor((TALLOC_CTX *)ctx, auth_context_destructor);
+
+        *auth_context = ctx;
         return NT_STATUS_OK;
 }
@@ -421 +423 @@
 ***************************************************************************/
 
-static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, char **text_list) 
+static NTSTATUS make_auth_context_text_list(TALLOC_CTX *mem_ctx,
+                                            struct auth_context **auth_context,
+                                            char **text_list)
 {
         auth_methods *list = NULL;
@@ -432 +436 @@
         }
 
-        if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
+        nt_status = make_auth_context(mem_ctx, auth_context);
+
+        if (!NT_STATUS_IS_OK(nt_status)) {
                 return nt_status;
+        }
 
         for (;*text_list; text_list++) { 
@@ -450 +457 @@
 ***************************************************************************/
 
-NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) 
+NTSTATUS make_auth_context_subsystem(TALLOC_CTX *mem_ctx,
+                                     struct auth_context **auth_context)
 {
         char **auth_method_list = NULL; 
@@ -521 +529 @@
         }
 
-        nt_status = make_auth_context_text_list(auth_context,
+        nt_status = make_auth_context_text_list(mem_ctx, auth_context,
                                                 auth_method_list);
 
@@ -532 +540 @@
 ***************************************************************************/
 
-NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[8]) 
+NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
+                                 struct auth_context **auth_context,
+                                 uchar chal[8])
 {
         NTSTATUS nt_status;
-        if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) {
+        nt_status = make_auth_context_subsystem(mem_ctx, auth_context);
+        if (!NT_STATUS_IS_OK(nt_status)) {
                 return nt_status;
         }
 
-        (*auth_context)->challenge = data_blob_talloc((*auth_context)->mem_ctx, chal, 8);
+        (*auth_context)->challenge = data_blob_talloc(*auth_context, chal, 8);
         (*auth_context)->challenge_set_by = "fixed";
         return nt_status;