sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-31 17:18:04 +03:00
Code

- Add support to auth/ for the new modules system

Browse Source 
- Quite some small fixes (also fixes the build)
This commit is contained in:
Jelmer Vernooij 0001-01-01 00:00:00 +00:00
parent 898a246c16
commit 3defbd5e06
12 changed files with 128 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
source/Makefile.in
View File

@ -55,6 +55,7 @@ VFSLIBDIR = $(LIBDIR)/vfs
PDBLIBDIR = $(LIBDIR)/pdb
RPCLIBDIR = $(LIBDIR)/rpc
CHARSETLIBDIR = $(LIBDIR)/charset
AUTHLIBDIR = $(LIBDIR)/auth
CONFIGDIR = @configdir@
VARDIR = @localstatedir@
MANDIR = @mandir@
@ -140,7 +141,8 @@ VFS_MODULES = bin/vfs_audit.@SHLIBEXT@ bin/vfs_extd_audit.@SHLIBEXT@ bin/vfs_rec
PDB_MODULES = @PDB_MODULES@
RPC_MODULES = @RPC_MODULES@
CHARSET_MODULES = @CHARSET_MODULES@
MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(CHARSET_MODULES)
AUTH_MODULES = @AUTH_MODULES@
MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES)
######################################################################
# object file lists
@ -1058,11 +1060,12 @@ installbin: all installdirs
@$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(BINDIR) $(DESTDIR)$(LIBDIR) $(DESTDIR)$(VARDIR) $(BIN_PROGS)
installmodules: all installdirs
installmodules: all modules installdirs
@$(SHELL) $(srcdir)/script/installmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(VFSLIBDIR) $(VFS_MODULES)
@$(SHELL) $(srcdir)/script/installmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(PDBLIBDIR) $(PDB_MODULES)
@$(SHELL) $(srcdir)/script/installmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(RPCLIBDIR) $(RPC_MODULES)
@$(SHEEL) $(srcdir)/script/installmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(CHARSETLIBDIR) $(CHARSET_MODULES)
@$(SHEEL) $(srcdir)/script/installmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(AUTHLIBDIR) $(AUTH_MODULES)
installscripts: installdirs
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)
@ -1138,6 +1141,7 @@ uninstallmodules:
@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(PDBLIBDIR) $(DESTDIR)$(PDB_MODULES)
@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(RPCLIBDIR) $(DESTDIR)$(RPC_MODULES)
@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(CHARSETLIBDIR) $(DESTDIR)$(CHARSET_MODULES)
@$(SHELL) $(srcdir)/script/uninstallmodules.sh $(INSTALLPERMS) $(DESTDIR)$(BASEDIR) $(DESTDIR)$(AUTHLIBDIR) $(DESTDIR)$(AUTH_MODULES)
uninstallscripts:
@$(SHELL) $(srcdir)/script/uninstallscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)

4
source/aclocal.m4 vendored
View File

@ -51,11 +51,11 @@ AC_DEFUN(SMB_MODULE,
if test x"$DEST" = xSHARED; then
AC_DEFINE([$1][_init], [init_module], [Whether to build $1 as shared module])
$5_MODULES="$$4_MODULES $3"
$4_MODULES="$$4_MODULES $3"
AC_MSG_RESULT([shared])
elif test x"$DEST" = xSTATIC; then
[init_static_modules_]translit([$4], [A-Z], [a-z])="$[init_static_modules_]translit([$4], [A-Z], [a-z]) $1_init();"
$5_STATIC="$$4_STATIC $2"
$4_STATIC="$$4_STATIC $2"
AC_SUBST($4_STATIC)
AC_MSG_RESULT([static])
else

92
source/auth/auth.c
View File

@ -23,27 +23,45 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
/** List of various built-in authentication modules */
static struct auth_init_function_entry *backends = NULL;
static const struct auth_init_function_entry builtin_auth_init_functions[] = {
{ "guest", auth_init_guest },
{ "rhosts", auth_init_rhosts },
{ "hostsequiv", auth_init_hostsequiv },
{ "sam", auth_init_sam },
{ "samstrict", auth_init_samstrict },
{ "samstrict_dc", auth_init_samstrict_dc },
{ "unix", auth_init_unix },
{ "smbserver", auth_init_smbserver },
{ "ntdomain", auth_init_ntdomain },
{ "trustdomain", auth_init_trustdomain },
{ "winbind", auth_init_winbind },
#ifdef DEVELOPER
{ "name_to_ntstatus", auth_init_name_to_ntstatus },
{ "fixed_challenge", auth_init_fixed_challenge },
#endif
{ "plugin", auth_init_plugin },
{ NULL, NULL}
};
BOOL smb_register_auth(const char *name, auth_init_function init, int version)
{
struct auth_init_function_entry *entry = backends;
if(version != AUTH_INTERFACE_VERSION)
return False;
DEBUG(5,("Attempting to register auth backend %s\n", name));
while(entry) {
if (strequal(name, entry->name)) {
DEBUG(0,("There already is an auth backend registered with the name %s!\n", name));
return False;
}
entry = entry->next;
}
entry = smb_xmalloc(sizeof(struct auth_init_function_entry));
entry->name = smb_xstrdup(name);
entry->init = init;
DLIST_ADD(backends, entry);
DEBUG(5,("Successfully added auth backend '%s'\n", name));
return True;
}
static struct auth_init_function_entry *auth_find_backend_entry(const char *name)
{
struct auth_init_function_entry *entry = backends;
while(entry) {
if (strequal(entry->name, name)) return entry;
entry = entry->next;
}
return NULL;
}
/****************************************************************************
Try to get a challenge out of the various authentication modules.
@ -325,8 +343,8 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
auth_methods *list = NULL;
auth_methods *t = NULL;
auth_methods *tmp;
int i;
NTSTATUS nt_status;
static BOOL initialised_static_modules = False;
if (!text_list) {
DEBUG(2,("make_auth_context_text_list: No auth method list!?\n"));
@ -335,11 +353,17 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context)))
return nt_status;
/* Initialise static modules if not done so yet */
if(!initialised_static_modules) {
static_init_auth;
initialised_static_modules = True;
}
for (;*text_list; text_list++) {
DEBUG(5,("make_auth_context_text_list: Attempting to find an auth method to match %s\n",
*text_list));
for (i = 0; builtin_auth_init_functions[i].name; i++) {
struct auth_init_function_entry *entry;
char *module_name = smb_xstrdup(*text_list);
char *module_params = NULL;
char *p;
@ -353,20 +377,20 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
trim_string(module_name, " ", " ");
if (strequal(builtin_auth_init_functions[i].name, module_name)) {
DEBUG(5,("make_auth_context_text_list: Found auth method %s (at pos %d)\n", *text_list, i));
if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) {
DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
*text_list));
DLIST_ADD_END(list, t, tmp);
} else {
DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
*text_list));
}
break;
entry = auth_find_backend_entry(module_name);
if(!(entry = auth_find_backend_entry(module_name)) && !smb_probe_module("auth", module_name) &&
!(entry = auth_find_backend_entry(module_name))) {
DEBUG(0,("make_auth_context_text_list: can't find auth method %s!\n", module_name));
} else if (!NT_STATUS_IS_OK(entry->init(*auth_context, module_params, &t))) {
DEBUG(0,("make_auth_context_text_list: auth method %s did not correctly init\n",
*text_list));
} else {
DEBUG(5,("make_auth_context_text_list: auth method %s has a valid init\n",
*text_list));
DLIST_ADD_END(list, t, tmp);
}
SAFE_FREE(module_name);
}
}
(*auth_context)->auth_method_list = list;

54
source/auth/auth_builtin.c
View File

@ -1,6 +1,6 @@
/*
Unix SMB/CIFS implementation.
Generic authenticaion types
Generic authentication types
Copyright (C) Andrew Bartlett 2001-2002
Copyright (C) Jelmer Vernooij 2002
@ -161,50 +161,12 @@ NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char
return NT_STATUS_OK;
}
/**
* Outsorce an auth module to an external loadable .so
*
* Only works on systems with dlopen() etc.
**/
/* Plugin modules initialisation */
NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
int auth_builtin_init(void)
{
void * dl_handle;
char *plugin_param, *plugin_name, *p;
auth_init_function plugin_init;
if (param == NULL) {
DEBUG(0, ("auth_init_plugin: The plugin module needs an argument!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_name = smb_xstrdup(param);
p = strchr(plugin_name, ':');
if (p) {
*p = 0;
plugin_param = p+1;
trim_string(plugin_param, " ", " ");
} else plugin_param = NULL;
trim_string(plugin_name, " ", " ");
DEBUG(5, ("auth_init_plugin: Trying to load auth plugin %s\n", plugin_name));
dl_handle = sys_dlopen(plugin_name, RTLD_NOW );
if (!dl_handle) {
DEBUG(0, ("auth_init_plugin: Failed to load auth plugin %s using sys_dlopen (%s)\n",
plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
plugin_init = sys_dlsym(dl_handle, "auth_init");
if (!plugin_init){
DEBUG(0, ("Failed to find function 'auth_init' using sys_dlsym in sam plugin %s (%s)\n",
plugin_name, sys_dlerror()));
return NT_STATUS_UNSUCCESSFUL;
}
DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)"));
return plugin_init(auth_context, plugin_param, auth_method);
smb_register_auth("guest", auth_init_guest, AUTH_INTERFACE_VERSION);
#ifdef DEVELOPER
smb_register_auth("fixed_challenge", auth_init_fixed_challenge, AUTH_INTERFACE_VERSION);
smb_register_auth("name_to_ntstatus", auth_init_name_to_ntstatus, AUTH_INTERFACE_VERSION);
#endif
return True;
}

7
source/auth/auth_domain.c
View File

@ -545,3 +545,10 @@ NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const char* pa
(*auth_method)->auth = check_trustdomain_security;
return NT_STATUS_OK;
}
int auth_domain_init(void)
{
smb_register_auth("trustdomain", auth_init_trustdomain, AUTH_INTERFACE_VERSION);
smb_register_auth("ntdomain", auth_init_ntdomain, AUTH_INTERFACE_VERSION);
return True;
}

7
source/auth/auth_rhosts.c
View File

@ -242,3 +242,10 @@ NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param,
(*auth_method)->name = "rhosts";
return NT_STATUS_OK;
}
int auth_rhosts_init(void)
{
smb_register_auth("rhosts", auth_init_rhosts, AUTH_INTERFACE_VERSION);
smb_register_auth("hostsequiv", auth_init_hostsequiv, AUTH_INTERFACE_VERSION);
return True;
}

8
source/auth/auth_sam.c
View File

@ -562,3 +562,11 @@ NTSTATUS auth_init_samstrict_dc(struct auth_context *auth_context, const char *p
(*auth_method)->name = "samstrict_dc";
return NT_STATUS_OK;
}
int auth_sam_init(void)
{
smb_register_auth("samstrict_dc", auth_init_samstrict_dc, AUTH_INTERFACE_VERSION);
smb_register_auth("samstrict", auth_init_samstrict, AUTH_INTERFACE_VERSION);
smb_register_auth("sam", auth_init_sam, AUTH_INTERFACE_VERSION);
return True;
}

5
source/auth/auth_server.c
View File

@ -400,3 +400,8 @@ NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* para
(*auth_method)->free_private_data = free_server_private_data;
return NT_STATUS_OK;
}
int auth_server_init(void)
{
return smb_register_auth("smbserver", auth_init_smbserver, AUTH_INTERFACE_VERSION);
}

4
source/auth/auth_unix.c
View File

@ -130,3 +130,7 @@ NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, au
return NT_STATUS_OK;
}
int auth_unix_init(void)
{
return smb_register_auth("unix", auth_init_unix, AUTH_INTERFACE_VERSION);
}

5
source/auth/auth_winbind.c
View File

@ -134,3 +134,8 @@ NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param,
(*auth_method)->auth = check_winbind_security;
return NT_STATUS_OK;
}
int auth_winbind_init(void)
{
return smb_register_auth("winbind", auth_init_winbind, AUTH_INTERFACE_VERSION);
}

19
source/configure.in
View File

@ -239,7 +239,7 @@ AC_VALIDATE_CACHE_SYSTEM_TYPE
DYNEXP=
dnl Add modules that have to be built by default here
default_modules="pdb_smbpasswd pdb_tdbsam pdb_unix rpc_lsa rpc_samr rpc_reg rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss"
default_modules="pdb_smbpasswd pdb_tdbsam pdb_unix rpc_lsa rpc_samr rpc_reg rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
#
# Config CPPFLAG settings for strange OS's that must be set
@ -3377,10 +3377,10 @@ SMB_MODULE(pdb_guest, passdb/pdb_guest.o, bin/guest.so, PDB)
SMB_SUBSYSTEM(PDB)
SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), bin/librpc_lsarpc.so, RPC)
SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), bin/librpc_reg.so, RPC)
SMB_MODULE(rpc_wks, \$(RPC_WKS_OBJ), bin/librpc_wks.so, RPC)
SMB_MODULE(rpc_net, \$(RPC_NETLOG_OBJ), bin/librpc_netlog.so, RPC)
SMB_MODULE(rpc_dfs, \$(RPC_DFS_OBJ), bin/librpc_dfs.so, RPC)
SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), bin/librpc_winreg.so, RPC)
SMB_MODULE(rpc_wks, \$(RPC_WKS_OBJ), bin/librpc_wkssvc.so, RPC)
SMB_MODULE(rpc_net, \$(RPC_NETLOG_OBJ), bin/librpc_NETLOGON.so, RPC)
SMB_MODULE(rpc_dfs, \$(RPC_DFS_OBJ), bin/librpc_netdfs.so, RPC)
SMB_MODULE(rpc_srv, \$(RPC_SVC_OBJ), bin/librpc_srvsvc.so, RPC)
SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), bin/librpc_spoolss.so, RPC)
SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), bin/librpc_samr.so, RPC)
@ -3389,6 +3389,15 @@ SMB_SUBSYSTEM(RPC)
SMB_MODULE(charset_weird, modules/developer.o, bin/developer.so, CHARSET)
SMB_SUBSYSTEM(CHARSET)
SMB_MODULE(auth_rhosts, auth/auth_rhosts.o, bin/rhosts.so, AUTH)
SMB_MODULE(auth_sam, auth/auth_sam.o, bin/sam.so, AUTH)
SMB_MODULE(auth_unix, auth/auth_unix.o, bin/unix.so, AUTH)
SMB_MODULE(auth_winbind, auth/auth_winbind.o, bin/winbind.so, AUTH)
SMB_MODULE(auth_server, auth/auth_server.o, bin/server.so, AUTH)
SMB_MODULE(auth_domain, auth/auth_domain.o, bin/domain.so, AUTH)
SMB_MODULE(auth_builtin, auth/auth_builtin.o, bin/builtin.so, AUTH)
SMB_SUBSYSTEM(AUTH)
#################################################
# do extra things if we are running insure

4
source/include/auth.h
View File

@ -148,6 +148,8 @@ struct auth_init_function_entry {
/* Function to create a member of the authmethods list */
auth_init_function init;
struct auth_init_function_entry *prev, *next;
};
typedef struct auth_ntlmssp_state
@ -158,4 +160,6 @@ typedef struct auth_ntlmssp_state
struct ntlmssp_state *ntlmssp_state;
} AUTH_NTLMSSP_STATE;
#define AUTH_INTERFACE_VERSION 1
#endif /* _SMBAUTH_H_ */