mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
c98614152c
So far if any kind of error has happened, we just tried further auth modules. An auth module should have the chance to definitely say "no, this is a valid error, no further attempts anywhere else". The protocol so far was for an auth module to return NT_STATUS_NOT_IMPLEMENTED if it wanted to pass on to other modules, but any error led to the next auth modules also being given a try. This patch makes any auth module return code except NOT_IMPLEMENTED to terminate the loop, such that every module has to explicitly request to pass on to the next module via NOT_IMPLEMENTED. All modules we reference in make_auth_context_subsystem() have code to explicitly say "not for me please" with NOT_IMPLEMENTED. This *might* break existing setups which fail in for example "guest" or "winbind" due to other reasons. I prefer it this way though, because adding another parameter like "This is a real authoritative failure, don't go looking somewhere else" will only add to the mess. But it's more a theoretical than a practical change with the default auth backends. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> |
||
|---|---|---|
| .. | ||
| auth_builtin.c | ||
| auth_domain.c | ||
| auth_generic.c | ||
| auth_ntlmssp.c | ||
| auth_sam.c | ||
| auth_samba4.c | ||
| auth_script.c | ||
| auth_unix.c | ||
| auth_util.c | ||
| auth_winbind.c | ||
| auth.c | ||
| check_samsec.c | ||
| pampass.c | ||
| pass_check.c | ||
| proto.h | ||
| server_info_sam.c | ||
| server_info.c | ||
| token_util.c | ||
| user_info.c | ||
| user_krb5.c | ||
| user_util.c | ||
| wscript_build | ||