mirror of
https://github.com/samba-team/samba.git
synced 2025-01-26 10:04:02 +03:00
Fixed auth module code. Added VALGRIND defines to reduce spurious warnings.
Jeremy. (This used to be commit ec4ed45563f9d8e25fcfd88840944a90b3139c3e)
This commit is contained in:
Jeremy Allison
parent
f2def025e2
commit
39c78bf516
@ -61,8 +61,7 @@ static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
|
||||
return auth_context->challenge.data;
|
||||
}
|
||||
|
||||
for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next)
|
||||
{
|
||||
for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) {
|
||||
if (auth_method->get_chal == NULL) {
|
||||
DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name));
|
||||
continue;
|
||||
@ -183,18 +182,18 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
|
||||
auth_methods *auth_method;
|
||||
TALLOC_CTX *mem_ctx;
|
||||
|
||||
if (!user_info || !auth_context || !server_info) {
|
||||
if (!user_info || !auth_context || !server_info)
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
DEBUG(3, ("check_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
|
||||
DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
|
||||
user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str));
|
||||
|
||||
DEBUG(3, ("check_password: mapped user is: [%s]\\[%s]@[%s]\n",
|
||||
DEBUG(3, ("check_ntlm_password: mapped user is: [%s]\\[%s]@[%s]\n",
|
||||
user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str));
|
||||
if (auth_context->challenge_set_by) {
|
||||
DEBUG(10, ("auth_context challenge created by %s\n", auth_context->challenge_set_by));
|
||||
}
|
||||
if (auth_context->challenge_set_by)
|
||||
DEBUG(10, ("check_ntlm_password: auth_context challenge created by %s\n",
|
||||
auth_context->challenge_set_by));
|
||||
|
||||
DEBUG(10, ("challenge is: \n"));
|
||||
dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
|
||||
|
||||
@ -208,37 +207,33 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
|
||||
#endif
|
||||
|
||||
/* This needs to be sorted: If it doesn't match, what should we do? */
|
||||
if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) {
|
||||
if (!check_domain_match(user_info->smb_name.str, user_info->domain.str))
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next)
|
||||
{
|
||||
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
|
||||
mem_ctx = talloc_init_named("%s authentication for user %s\\%s", auth_method->name,
|
||||
user_info->domain.str, user_info->smb_name.str);
|
||||
|
||||
nt_status = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(3, ("check_password: %s authentication for user [%s] suceeded\n",
|
||||
DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] suceeded\n",
|
||||
auth_method->name, user_info->smb_name.str));
|
||||
} else {
|
||||
DEBUG(5, ("check_password: %s authentication for user [%s] FAILED with error %s\n",
|
||||
DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n",
|
||||
auth_method->name, user_info->smb_name.str, nt_errstr(nt_status)));
|
||||
}
|
||||
|
||||
talloc_destroy(mem_ctx);
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
if (NT_STATUS_IS_OK(nt_status))
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* This is one of the few places the *relies* (rather than just sets defaults
|
||||
on the value of lp_security(). This needs to change. A new paramater
|
||||
perhaps? */
|
||||
if (lp_security() >= SEC_SERVER) {
|
||||
if (lp_security() >= SEC_SERVER)
|
||||
smb_user_control(user_info, *server_info, nt_status);
|
||||
}
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
pdb_username = pdb_get_username((*server_info)->sam_account);
|
||||
@ -249,17 +244,17 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
|
||||
unbecome_root();
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(5, ("check_password: PAM Account for user [%s] suceeded\n",
|
||||
DEBUG(5, ("check_ntlm_password: PAM Account for user [%s] suceeded\n",
|
||||
pdb_username));
|
||||
} else {
|
||||
DEBUG(3, ("check_password: PAM Account for user [%s] FAILED with error %s\n",
|
||||
DEBUG(3, ("check_ntlm_password: PAM Account for user [%s] FAILED with error %s\n",
|
||||
pdb_username, nt_errstr(nt_status)));
|
||||
}
|
||||
}
|
||||
|
||||
if (NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG((*server_info)->guest ? 5 : 2,
|
||||
("check_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n",
|
||||
("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] suceeded\n",
|
||||
(*server_info)->guest ? "guest " : "",
|
||||
user_info->smb_name.str,
|
||||
user_info->internal_username.str,
|
||||
@ -268,7 +263,7 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status)) {
|
||||
DEBUG(2, ("check_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
|
||||
DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
|
||||
user_info->smb_name.str, user_info->internal_username.str,
|
||||
nt_errstr(nt_status)));
|
||||
ZERO_STRUCTP(server_info);
|
||||
@ -282,9 +277,8 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
|
||||
|
||||
static void free_auth_context(struct auth_context **auth_context)
|
||||
{
|
||||
if (*auth_context != NULL) {
|
||||
if (*auth_context != NULL)
|
||||
talloc_destroy((*auth_context)->mem_ctx);
|
||||
}
|
||||
*auth_context = NULL;
|
||||
}
|
||||
|
||||
@ -327,48 +321,43 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
|
||||
NTSTATUS nt_status;
|
||||
|
||||
if (!text_list) {
|
||||
DEBUG(2,("No auth method list!?\n"));
|
||||
DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) {
|
||||
if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
|
||||
return nt_status;
|
||||
}
|
||||
|
||||
for (;*text_list; text_list++)
|
||||
{
|
||||
DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list));
|
||||
for (i = 0; builtin_auth_init_functions[i].name; i++)
|
||||
{
|
||||
if (strequal(builtin_auth_init_functions[i].name, *text_list))
|
||||
{
|
||||
|
||||
char *module_name = smb_xstrdup(*text_list);
|
||||
char *module_params = NULL;
|
||||
char *p;
|
||||
|
||||
p = strchr(module_name, ':');
|
||||
|
||||
if (p) {
|
||||
*p = 0;
|
||||
|
||||
module_params = p+1;
|
||||
|
||||
trim_string(module_params, " ", " ");
|
||||
}
|
||||
|
||||
trim_string(module_name, " ", " ");
|
||||
for (;*text_list; text_list++) {
|
||||
DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n",
|
||||
*text_list));
|
||||
for (i = 0; builtin_auth_init_functions[i].name; i++) {
|
||||
char *module_name = smb_xstrdup(*text_list);
|
||||
char *module_params = NULL;
|
||||
char *p;
|
||||
|
||||
DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i));
|
||||
p = strchr(module_name, ':');
|
||||
if (p) {
|
||||
*p = 0;
|
||||
module_params = p+1;
|
||||
trim_string(module_params, " ", " ");
|
||||
}
|
||||
|
||||
trim_string(module_name, " ", " ");
|
||||
|
||||
if (strequal(builtin_auth_init_functions[i].name, module_name)) {
|
||||
DEBUG(5,("make_auth_context_text_list: Found auth method %s (at pos %d)\n", *text_list, i));
|
||||
if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) {
|
||||
DEBUG(5,("auth method %s has a valid init\n", *text_list));
|
||||
DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
|
||||
*text_list));
|
||||
DLIST_ADD_END(list, t, tmp);
|
||||
} else {
|
||||
DEBUG(0,("auth method %s did not correctly init\n", *text_list));
|
||||
DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
|
||||
*text_list));
|
||||
}
|
||||
SAFE_FREE(module_name);
|
||||
break;
|
||||
}
|
||||
SAFE_FREE(module_name);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -49,11 +49,11 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
|
||||
}
|
||||
|
||||
/* Guest modules initialisation */
|
||||
|
||||
NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
|
||||
{
|
||||
if (!make_auth_methods(auth_context, auth_method)) {
|
||||
if (!make_auth_methods(auth_context, auth_method))
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*auth_method)->auth = check_guest_security;
|
||||
(*auth_method)->name = "guest";
|
||||
@ -92,7 +92,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
|
||||
strlower(user);
|
||||
error_num = strtoul(user, NULL, 16);
|
||||
|
||||
DEBUG(5,("Error for user %s was %lx\n", user, error_num));
|
||||
DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num));
|
||||
|
||||
nt_status = NT_STATUS(error_num);
|
||||
|
||||
@ -100,11 +100,11 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
|
||||
}
|
||||
|
||||
/** Module initailisation function */
|
||||
|
||||
NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
|
||||
{
|
||||
if (!make_auth_methods(auth_context, auth_method)) {
|
||||
if (!make_auth_methods(auth_context, auth_method))
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*auth_method)->auth = check_name_to_ntstatus_security;
|
||||
(*auth_method)->name = "name_to_ntstatus";
|
||||
@ -149,11 +149,11 @@ static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_contex
|
||||
|
||||
|
||||
/** Module initailisation function */
|
||||
|
||||
NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
|
||||
{
|
||||
if (!make_auth_methods(auth_context, auth_method)) {
|
||||
if (!make_auth_methods(auth_context, auth_method))
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
(*auth_method)->auth = check_fixed_challenge_security;
|
||||
(*auth_method)->get_chal = auth_get_fixed_challenge;
|
||||
@ -168,6 +168,7 @@ NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char
|
||||
**/
|
||||
|
||||
/* Plugin modules initialisation */
|
||||
|
||||
NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
|
||||
{
|
||||
void * dl_handle;
|
||||
@ -175,7 +176,7 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
|
||||
auth_init_function plugin_init;
|
||||
|
||||
if (param == NULL) {
|
||||
DEBUG(0, ("The plugin module needs an argument!\n"));
|
||||
DEBUG(0, ("auth_init_plugin: The plugin module needs an argument!\n"));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
@ -189,21 +190,21 @@ NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param,
|
||||
|
||||
trim_string(plugin_name, " ", " ");
|
||||
|
||||
DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name));
|
||||
DEBUG(5, ("auth_init_plugin: Trying to load auth plugin %s\n", plugin_name));
|
||||
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
|
||||
if (!dl_handle) {
|
||||
DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
|
||||
DEBUG(0, ("auth_init_plugin: Failed to load auth plugin %s using sys_dlopen (%s)\n",
|
||||
plugin_name, sys_dlerror()));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
plugin_init = sys_dlsym(dl_handle, "auth_init");
|
||||
if (!plugin_init){
|
||||
DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
|
||||
DEBUG(0, ("Failed to find function 'auth_init' using sys_dlsym in sam plugin %s (%s)\n",
|
||||
plugin_name, sys_dlerror()));
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
}
|
||||
|
||||
DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)"));
|
||||
return plugin_init(auth_context, plugin_param, auth_method);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -1173,5 +1173,9 @@ int asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3);
|
||||
time_t timegm(struct tm *tm);
|
||||
#endif
|
||||
|
||||
#if defined(VALGRIND)
|
||||
#define strlen(x) valgrind_strlen(x)
|
||||
#endif
|
||||
|
||||
#endif /* _INCLUDES_H */
|
||||
|
||||
|
||||
@ -710,6 +710,7 @@ void make_dir_struct(char *buf,char *mask,char *fname,SMB_OFF_T size,int mode,ti
|
||||
|
||||
void close_low_fds(BOOL stderr_too)
|
||||
{
|
||||
#ifndef VALGRIND
|
||||
int fd;
|
||||
int i;
|
||||
|
||||
@ -737,6 +738,7 @@ void close_low_fds(BOOL stderr_too)
|
||||
return;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/****************************************************************************
|
||||
|
||||
@ -1366,3 +1366,14 @@ BOOL str_list_substitute(char **list, const char *pattern, const char *insert)
|
||||
|
||||
return True;
|
||||
}
|
||||
|
||||
#ifdef VALGRIND
|
||||
size_t valgrind_strlen(const char *s)
|
||||
{
|
||||
size_t count;
|
||||
for(count = 0; *s++; count++)
|
||||
;
|
||||
return count;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
@ -1140,7 +1140,6 @@ static BOOL timeout_processing(int deadtime, int *select_timeout, time_t *last_t
|
||||
{
|
||||
unsigned char trust_passwd_hash[16];
|
||||
time_t lct;
|
||||
pstring remote_machine_list;
|
||||
|
||||
/*
|
||||
* We're in domain level security, and the code that
|
||||
|
||||
@ -303,3 +303,13 @@ static void usage(void)
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef VALGRIND
|
||||
size_t valgrind_strlen(const char *s)
|
||||
{
|
||||
size_t count;
|
||||
for(count = 0; *s++; count++)
|
||||
;
|
||||
return count;
|
||||
}
|
||||
#endif
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user