samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00

124 lines

4.1 KiB

C

Raw Normal View History

I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`/*`
Removed version number from file header. Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa) 2002-01-30 09:08:46 +03:00			`Unix SMB/CIFS implementation.`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`Password and authentication handling`
			`Copyright (C) Andrew Bartlett 2001-2002`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.`
			`*/`

			`#include "includes.h"`

r6225: get rid of warnings from my compiler about nested externs (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da) 2005-04-06 20:28:04 +04:00			`extern struct auth_context *negprot_global_auth_context;`
			`extern BOOL global_encrypted_passwords_negotiated;`

updated the 3.0 branch from the head branch - ready for alpha18 (This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce) 2002-07-15 14:35:28 +04:00			`#undef DBGC_CLASS`
			`#define DBGC_CLASS DBGC_AUTH`

I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`/****************************************************************************`
Spelling. (This used to be commit 423985ed569ac9692f3cb5872a15c74f983121b6) 2002-04-08 03:41:55 +04:00			`COMPATIBILITY INTERFACES:`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`***************************************************************************/`

			`/****************************************************************************`
			`check if a username/password is OK assuming the password is a 24 byte`
			`SMB hash`
			`return True if the password is correct, False otherwise`
			`****************************************************************************/`

Add a touch of 'const' to some auth components, and move the simple plaintext password check into its own helper funciton. (This will allow it to be called from other places). Andrew Bartlett (This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35) 2002-01-20 11:58:21 +03:00			`NTSTATUS check_plaintext_password(const char smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info *server_info)`
			`{`
			`struct auth_context *plaintext_auth_context = NULL;`
			`auth_usersupplied_info *user_info = NULL;`
			`const uint8 *chal;`
			`NTSTATUS nt_status;`
			`if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {`
			`return nt_status;`
			`}`

			`chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context);`

			`if (!make_user_info_for_reply(&user_info,`
			`smb_name, lp_workgroup(), chal,`
			`plaintext_password)) {`
			`return NT_STATUS_NO_MEMORY;`
			`}`

			`nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context,`
			`user_info, server_info);`

			`(plaintext_auth_context->free)(&plaintext_auth_context);`
			`free_user_info(&user_info);`
			`return nt_status;`
			`}`

			`static NTSTATUS pass_check_smb(const char *smb_name,`
			`const char *domain,`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`DATA_BLOB lm_pwd,`
			`DATA_BLOB nt_pwd,`
			`DATA_BLOB plaintext_password,`
			`BOOL encrypted)`

			`{`
			`NTSTATUS nt_status;`
			`auth_serversupplied_info *server_info = NULL;`
			`if (encrypted) {`
Add a touch of 'const' to some auth components, and move the simple plaintext password check into its own helper funciton. (This will allow it to be called from other places). Andrew Bartlett (This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35) 2002-01-20 11:58:21 +03:00			`auth_usersupplied_info *user_info = NULL;`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`make_user_info_for_reply_enc(&user_info, smb_name,`
			`domain,`
			`lm_pwd,`
			`nt_pwd);`
			`nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context,`
			`user_info, &server_info);`
Add a touch of 'const' to some auth components, and move the simple plaintext password check into its own helper funciton. (This will allow it to be called from other places). Andrew Bartlett (This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35) 2002-01-20 11:58:21 +03:00			`free_user_info(&user_info);`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`} else {`
Add a touch of 'const' to some auth components, and move the simple plaintext password check into its own helper funciton. (This will allow it to be called from other places). Andrew Bartlett (This used to be commit 9e96f438057da21254f40facdd9a31dd20652f35) 2002-01-20 11:58:21 +03:00			`nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info);`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`}`
r13571: Replace all calls to talloc_free() with thye TALLOC_FREE() macro which sets the freed pointer to NULL. (This used to be commit b65be8874a2efe5a4b167448960a4fcf6bd995e2) 2006-02-20 20:59:58 +03:00			`TALLOC_FREE(server_info);`
I've decided to move the auth code around a bit more... The auth_authsupplied_info typedef is now just a plain struct - auth_context, but it has been modified to contain the function pointers to the rest of the auth subsystem's components. (Who needs non-static functions anyway?) In working all this mess out, I fixed a number of memory leaks and moved the entire auth subsystem over to talloc(). Note that the TALLOC_CTX attached to the auth_context can be rather long-lived, it is provided for things that are intended to live as long. (The global_negprot_auth_context lasts the whole life of the smbd). I've also adjusted a few things in auth_domain.c, mainly passing the domain as a paramater to a few functions instead of looking up lp_workgroup(). I'm hopign to make this entire thing a bit more trusted domains (as PDC) freindly in the near future. Other than that, I moved a bit of the code around, hence the rather messy diff. Andrew Bartlett (This used to be commit 12f5515f556cf39fea98134fe3e2ac4540501048) 2002-01-05 07:55:41 +03:00			`return nt_status;`
			`}`

			`/****************************************************************************`
			`check if a username/password pair is ok via the auth subsystem.`
			`return True if the password is correct, False otherwise`
			`****************************************************************************/`
			`BOOL password_ok(char *smb_name, DATA_BLOB password_blob)`
			`{`

			`DATA_BLOB null_password = data_blob(NULL, 0);`
			`BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24);`

			`if (encrypted) {`
			`/*`
			`* The password could be either NTLM or plain LM. Try NTLM first,`
			`* but fall-through as required.`
			`* NTLMv2 makes no sense here.`
			`*/`
			`if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) {`
			`return True;`
			`}`

			`if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) {`
			`return True;`
			`}`
			`} else {`
			`if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) {`
			`return True;`
			`}`
			`}`

			`return False;`
			`}`

124 lines 4.1 KiB C Raw Normal View History Unescape Escape

124 lines

4.1 KiB

C

Raw Normal View History