sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-26 21:57:41 +03:00
Code

s4:auth: change auth_check_password_send/recv to tevent_req

Browse Source 
metze
This commit is contained in:
Stefan Metzmacher 2009-12-23 09:09:37 +01:00
parent 577857d351
commit 078482ad0e
4 changed files with 170 additions and 127 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source4/auth/auth.h
View File

@ -275,14 +275,16 @@ NTSTATUS authenticate_username_pw(TALLOC_CTX *mem_ctx,
const char *nt4_username,
const char *password,
struct auth_session_info **session_info);
NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info);
NTSTATUS auth_check_password_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info);
void auth_check_password_send(struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info,
void (*callback)(struct auth_check_password_request *req, void *private_data),
void *private_data);
NTSTATUS auth_context_set_challenge(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
NTSTATUS samba_server_gensec_start(TALLOC_CTX *mem_ctx,

244
source4/auth/ntlm/auth.c
View File

@ -19,10 +19,11 @@
*/
#include "includes.h"
#include <tevent.h>
#include "../lib/util/tevent_ntstatus.h"
#include "../lib/util/dlinklist.h"
#include "auth/auth.h"
#include "auth/ntlm/auth_proto.h"
#include "lib/events/events.h"
#include "param/param.h"
/***************************************************************************
@ -124,22 +125,6 @@ _PUBLIC_ NTSTATUS auth_get_server_info_principal(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
struct auth_check_password_sync_state {
bool finished;
NTSTATUS status;
struct auth_serversupplied_info *server_info;
};
static void auth_check_password_sync_callback(struct auth_check_password_request *req,
void *private_data)
{
struct auth_check_password_sync_state *s = talloc_get_type(private_data,
struct auth_check_password_sync_state);
s->finished = true;
s->status = auth_check_password_recv(req, s, &s->server_info);
}
/**
* Check a user's Plaintext, LM or NTLM password.
* (sync version)
@ -172,48 +157,43 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info)
{
struct auth_check_password_sync_state *sync_state;
struct tevent_req *subreq;
struct tevent_context *ev;
bool ok;
NTSTATUS status;
sync_state = talloc_zero(auth_ctx, struct auth_check_password_sync_state);
NT_STATUS_HAVE_NO_MEMORY(sync_state);
/*TODO: create a new event context here! */
ev = auth_ctx->event_ctx;
auth_check_password_send(auth_ctx, user_info, auth_check_password_sync_callback, sync_state);
while (!sync_state->finished) {
event_loop_once(auth_ctx->event_ctx);
subreq = auth_check_password_send(mem_ctx,
ev,
auth_ctx,
user_info);
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
status = sync_state->status;
if (NT_STATUS_IS_OK(status)) {
*server_info = talloc_steal(mem_ctx, sync_state->server_info);
ok = tevent_req_poll(subreq, ev);
if (!ok) {
return NT_STATUS_INTERNAL_ERROR;
}
talloc_free(sync_state);
status = auth_check_password_recv(subreq, mem_ctx, server_info);
TALLOC_FREE(subreq);
return status;
}
struct auth_check_password_request {
struct auth_check_password_state {
struct auth_context *auth_ctx;
const struct auth_usersupplied_info *user_info;
struct auth_serversupplied_info *server_info;
struct auth_method_context *method;
NTSTATUS status;
struct {
void (*fn)(struct auth_check_password_request *req, void *private_data);
void *private_data;
} callback;
};
static void auth_check_password_async_timed_handler(struct tevent_context *ev, struct tevent_timer *te,
struct timeval t, void *ptr)
{
struct auth_check_password_request *req = talloc_get_type(ptr, struct auth_check_password_request);
req->status = req->method->ops->check_password(req->method, req, req->user_info, &req->server_info);
req->callback.fn(req, req->callback.private_data);
}
static void auth_check_password_async_trigger(struct tevent_context *ev,
struct tevent_immediate *im,
void *private_data);
/**
* Check a user's Plaintext, LM or NTLM password.
* async send hook
@ -225,6 +205,10 @@ static void auth_check_password_async_timed_handler(struct tevent_context *ev, s
* struct. When the return is other than NT_STATUS_OK the contents
* of that structure is undefined.
*
* @param mem_ctx The memory context the request should operate on
*
* @param ev The tevent context the request should operate on
*
* @param auth_ctx Supplies the challenges and some other data.
* Must be created with make_auth_context(), and the challenges should be
* filled in, either at creation or by calling the challenge geneation
@ -232,93 +216,131 @@ static void auth_check_password_async_timed_handler(struct tevent_context *ev, s
*
* @param user_info Contains the user supplied components, including the passwords.
*
* @param callback A callback function which will be called when the operation is finished.
* The callback function needs to call auth_check_password_recv() to get the return values
*
* @param private_data A private pointer which will ba passed to the callback function
* @return The request handle or NULL on no memory error.
*
**/
_PUBLIC_ void auth_check_password_send(struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info,
void (*callback)(struct auth_check_password_request *req, void *private_data),
void *private_data)
_PUBLIC_ struct tevent_req *auth_check_password_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct auth_context *auth_ctx,
const struct auth_usersupplied_info *user_info)
{
struct tevent_req *req;
struct auth_check_password_state *state;
/* if all the modules say 'not for me' this is reasonable */
NTSTATUS nt_status;
struct auth_method_context *method;
uint8_t chal[8];
struct auth_usersupplied_info *user_info_tmp;
struct auth_check_password_request *req = NULL;
struct tevent_immediate *im;
DEBUG(3, ("auth_check_password_send: Checking password for unmapped user [%s]\\[%s]@[%s]\n",
user_info->client.domain_name, user_info->client.account_name, user_info->workstation_name));
DEBUG(3,("auth_check_password_send: "
"Checking password for unmapped user [%s]\\[%s]@[%s]\n",
user_info->client.domain_name, user_info->client.account_name,
user_info->workstation_name));
req = talloc_zero(auth_ctx, struct auth_check_password_request);
if (!req) {
callback(NULL, private_data);
return;
req = tevent_req_create(mem_ctx, &state,
struct auth_check_password_state);
if (req == NULL) {
return NULL;
}
req->auth_ctx = auth_ctx;
req->user_info = user_info;
req->callback.fn = callback;
req->callback.private_data = private_data;
state->auth_ctx = auth_ctx;
state->user_info = user_info;
state->method = NULL;
if (!user_info->mapped_state) {
nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx), user_info, &user_info_tmp);
if (!NT_STATUS_IS_OK(nt_status)) goto failed;
nt_status = map_user_info(req, lp_workgroup(auth_ctx->lp_ctx),
user_info, &user_info_tmp);
if (tevent_req_nterror(req, nt_status)) {
return tevent_req_post(req, ev);
}
user_info = user_info_tmp;
req->user_info = user_info_tmp;
state->user_info = user_info_tmp;
}
DEBUGADD(3,("auth_check_password_send: mapped user is: [%s]\\[%s]@[%s]\n",
user_info->mapped.domain_name, user_info->mapped.account_name, user_info->workstation_name));
DEBUGADD(3,("auth_check_password_send: "
"mapped user is: [%s]\\[%s]@[%s]\n",
user_info->mapped.domain_name,
user_info->mapped.account_name,
user_info->workstation_name));
nt_status = auth_get_challenge(auth_ctx, chal);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("auth_check_password_send: Invalid challenge (length %u) stored for this auth context set_by %s - cannot continue: %s\n",
(unsigned)auth_ctx->challenge.data.length, auth_ctx->challenge.set_by, nt_errstr(nt_status)));
goto failed;
if (tevent_req_nterror(req, nt_status)) {
DEBUG(0,("auth_check_password_send: "
"Invalid challenge (length %u) stored for "
"this auth context set_by %s - cannot continue: %s\n",
(unsigned)auth_ctx->challenge.data.length,
auth_ctx->challenge.set_by,
nt_errstr(nt_status)));
return tevent_req_post(req, ev);
}
if (auth_ctx->challenge.set_by) {
DEBUG(10, ("auth_check_password_send: auth_context challenge created by %s\n",
auth_ctx->challenge.set_by));
DEBUG(10,("auth_check_password_send: "
"auth_context challenge created by %s\n",
auth_ctx->challenge.set_by));
}
DEBUG(10, ("auth_check_password_send: challenge is: \n"));
dump_data(5, auth_ctx->challenge.data.data, auth_ctx->challenge.data.length);
dump_data(5, auth_ctx->challenge.data.data,
auth_ctx->challenge.data.length);
im = tevent_create_immediate(state);
if (tevent_req_nomem(im, req)) {
return tevent_req_post(req, ev);
}
nt_status = NT_STATUS_NO_SUCH_USER; /* If all the modules say 'not for me', then this is reasonable */
for (method = auth_ctx->methods; method; method = method->next) {
NTSTATUS result;
struct tevent_timer *te = NULL;
/* check if the module wants to chek the password */
result = method->ops->want_check(method, req, user_info);
if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
DEBUG(11,("auth_check_password_send: %s had nothing to say\n", method->ops->name));
DEBUG(11,("auth_check_password_send: "
"%s had nothing to say\n",
method->ops->name));
continue;
}
nt_status = result;
req->method = method;
state->method = method;
if (!NT_STATUS_IS_OK(nt_status)) break;
te = event_add_timed(auth_ctx->event_ctx, req,
timeval_zero(),
auth_check_password_async_timed_handler, req);
if (!te) {
nt_status = NT_STATUS_NO_MEMORY;
goto failed;
if (tevent_req_nterror(req, result)) {
return tevent_req_post(req, ev);
}
tevent_schedule_immediate(im,
auth_ctx->event_ctx,
auth_check_password_async_trigger,
req);
return req;
}
/* If all the modules say 'not for me', then this is reasonable */
tevent_req_nterror(req, NT_STATUS_NO_SUCH_USER);
return tevent_req_post(req, ev);
}
static void auth_check_password_async_trigger(struct tevent_context *ev,
struct tevent_immediate *im,
void *private_data)
{
struct tevent_req *req =
talloc_get_type_abort(private_data, struct tevent_req);
struct auth_check_password_state *state =
tevent_req_data(req, struct auth_check_password_state);
NTSTATUS status;
status = state->method->ops->check_password(state->method,
state,
state->user_info,
&state->server_info);
if (tevent_req_nterror(req, status)) {
return;
}
failed:
req->status = nt_status;
req->callback.fn(req, req->callback.private_data);
tevent_req_done(req);
}
/**
@ -330,7 +352,7 @@ failed:
* of that structure is undefined.
*
*
* @param req The async auth_check_password state, passes to the callers callback function
* @param req The async request state
*
* @param mem_ctx The parent memory context for the server_info structure
*
@ -341,30 +363,36 @@ failed:
*
**/
_PUBLIC_ NTSTATUS auth_check_password_recv(struct auth_check_password_request *req,
_PUBLIC_ NTSTATUS auth_check_password_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info **server_info)
{
struct auth_check_password_state *state =
tevent_req_data(req, struct auth_check_password_state);
NTSTATUS status;
NT_STATUS_HAVE_NO_MEMORY(req);
if (NT_STATUS_IS_OK(req->status)) {
DEBUG(5,("auth_check_password_recv: %s authentication for user [%s\\%s] succeeded\n",
req->method->ops->name, req->server_info->domain_name, req->server_info->account_name));
*server_info = talloc_steal(mem_ctx, req->server_info);
} else {
DEBUG(2,("auth_check_password_recv: %s authentication for user [%s\\%s] FAILED with error %s\n",
(req->method ? req->method->ops->name : "NO_METHOD"),
req->user_info->mapped.domain_name,
req->user_info->mapped.account_name,
nt_errstr(req->status)));
if (tevent_req_is_nterror(req, &status)) {
DEBUG(2,("auth_check_password_recv: "
"%s authentication for user [%s\\%s]"
"FAILED with error %s\n",
(state->method ? state->method->ops->name : "NO_METHOD"),
state->user_info->mapped.domain_name,
state->user_info->mapped.account_name,
nt_errstr(status)));
tevent_req_received(req);
return status;
}
status = req->status;
talloc_free(req);
return status;
DEBUG(5,("auth_check_password_recv: "
"%s authentication for user [%s\\%s] succeeded\n",
state->method->ops->name,
state->server_info->domain_name,
state->server_info->account_name));
*server_info = talloc_move(mem_ctx, &state->server_info);
tevent_req_received(req);
return NT_STATUS_OK;
}
/***************************************************************************

2
source4/auth/ntlm/config.mk
View File

@ -71,7 +71,7 @@ PAM_ERRORS_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, pam_errors.o)
INIT_FUNCTION = server_service_auth_init
SUBSYSTEM = service
OUTPUT_TYPE = MERGED_OBJ
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS
PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBSECURITY SAMDB CREDENTIALS UTIL_TEVENT
auth_OBJ_FILES = $(addprefix $(authsrcdir)/ntlm/, auth.o auth_util.o auth_simple.o)
$(eval $(call proto_header_template,$(authsrcdir)/ntlm/auth_proto.h,$(auth_OBJ_FILES:.o=.c)))

39
source4/smb_server/smb/sesssetup.c
View File

@ -56,17 +56,18 @@ static void smbsrv_sesssetup_backend_send(struct smbsrv_request *req,
smbsrv_reply_sesssetup_send(req, sess, status);
}
static void sesssetup_old_send(struct auth_check_password_request *areq,
void *private_data)
static void sesssetup_old_send(struct tevent_req *subreq)
{
struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request);
struct smbsrv_request *req =
tevent_req_callback_data(subreq, struct smbsrv_request);
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info;
struct smbsrv_session *smb_sess;
NTSTATUS status;
status = auth_check_password_recv(areq, req, &server_info);
status = auth_check_password_recv(subreq, req, &server_info);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* This references server_info into session_info */
@ -104,6 +105,7 @@ static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
struct auth_usersupplied_info *user_info = NULL;
struct tsocket_address *remote_address;
const char *remote_machine = NULL;
struct tevent_req *subreq;
sess->old.out.vuid = 0;
sess->old.out.action = 0;
@ -145,25 +147,30 @@ static void sesssetup_old(struct smbsrv_request *req, union smb_sesssetup *sess)
user_info->password.response.lanman.data = talloc_steal(user_info, sess->old.in.password.data);
user_info->password.response.nt = data_blob(NULL, 0);
auth_check_password_send(req->smb_conn->negotiate.auth_context, user_info,
sesssetup_old_send, req);
subreq = auth_check_password_send(req,
req->smb_conn->connection->event.ctx,
req->smb_conn->negotiate.auth_context,
user_info);
if (!subreq) goto nomem;
tevent_req_set_callback(subreq, sesssetup_old_send, req);
return;
nomem:
smbsrv_sesssetup_backend_send(req, sess, NT_STATUS_NO_MEMORY);
}
static void sesssetup_nt1_send(struct auth_check_password_request *areq,
void *private_data)
static void sesssetup_nt1_send(struct tevent_req *subreq)
{
struct smbsrv_request *req = talloc_get_type(private_data, struct smbsrv_request);
struct smbsrv_request *req =
tevent_req_callback_data(subreq, struct smbsrv_request);
union smb_sesssetup *sess = talloc_get_type(req->io_ptr, union smb_sesssetup);
struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info;
struct smbsrv_session *smb_sess;
NTSTATUS status;
status = auth_check_password_recv(areq, req, &server_info);
status = auth_check_password_recv(subreq, req, &server_info);
TALLOC_FREE(subreq);
if (!NT_STATUS_IS_OK(status)) goto failed;
/* This references server_info into session_info */
@ -211,7 +218,8 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
struct auth_usersupplied_info *user_info = NULL;
struct tsocket_address *remote_address;
const char *remote_machine = NULL;
struct tevent_req *subreq;
sess->nt1.out.vuid = 0;
sess->nt1.out.action = 0;
@ -273,8 +281,13 @@ static void sesssetup_nt1(struct smbsrv_request *req, union smb_sesssetup *sess)
user_info->password.response.nt = sess->nt1.in.password2;
user_info->password.response.nt.data = talloc_steal(user_info, sess->nt1.in.password2.data);
auth_check_password_send(auth_context, user_info,
sesssetup_nt1_send, req);
subreq = auth_check_password_send(req,
req->smb_conn->connection->event.ctx,
auth_context,
user_info);
if (!subreq) goto nomem;
tevent_req_set_callback(subreq, sesssetup_nt1_send, req);
return;
nomem: