This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
+static_decl_auth;
+
static struct auth_init_function_entry *backends = NULL;
static struct auth_init_function_entry *auth_find_backend_entry(const char *name);
static const uint8 *get_ntlm_challenge(struct auth_context *auth_context)
{
- DATA_BLOB challenge = data_blob(NULL, 0);
+ DATA_BLOB challenge = data_blob_null;
const char *challenge_set_by = NULL;
auth_methods *auth_method;
TALLOC_CTX *mem_ctx;
DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by));
DEBUG(5, ("challenge is: \n"));
- dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length);
+ dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
SMB_ASSERT(auth_context->challenge.length == 8);
* function auth_get_challenge().
*
* @param server_info If successful, contains information about the authentication,
- * including a SAM_ACCOUNT struct describing the user.
+ * including a struct samu struct describing the user.
*
* @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
*
return NT_STATUS_LOGON_FAILURE;
DEBUG(3, ("check_ntlm_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n",
- user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str));
+ user_info->client_domain, user_info->smb_name, user_info->wksta_name));
DEBUG(3, ("check_ntlm_password: mapped user is: [%s]\\[%s]@[%s]\n",
- user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str));
+ user_info->domain, user_info->internal_username, user_info->wksta_name));
if (auth_context->challenge.length != 8) {
DEBUG(0, ("check_ntlm_password: Invalid challenge stored for this auth context - cannot continue\n"));
auth_context->challenge_set_by));
DEBUG(10, ("challenge is: \n"));
- dump_data(5, (const char *)auth_context->challenge.data, auth_context->challenge.length);
+ dump_data(5, auth_context->challenge.data, auth_context->challenge.length);
#ifdef DEBUG_PASSWORD
DEBUG(100, ("user_info has passwords of length %d and %d\n",
- user_info->lm_resp.length, user_info->nt_resp.length));
+ (int)user_info->lm_resp.length, (int)user_info->nt_resp.length));
DEBUG(100, ("lm:\n"));
dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length);
DEBUG(100, ("nt:\n"));
#endif
/* This needs to be sorted: If it doesn't match, what should we do? */
- if (!check_domain_match(user_info->smb_name.str, user_info->domain.str))
+ if (!check_domain_match(user_info->smb_name, user_info->domain))
return NT_STATUS_LOGON_FAILURE;
for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
NTSTATUS result;
mem_ctx = talloc_init("%s authentication for user %s\\%s", auth_method->name,
- user_info->domain.str, user_info->smb_name.str);
+ user_info->domain, user_info->smb_name);
result = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info);
if (NT_STATUS_IS_OK(nt_status)) {
DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n",
- auth_method->name, user_info->smb_name.str));
+ auth_method->name, user_info->smb_name));
} else {
DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n",
- auth_method->name, user_info->smb_name.str, nt_errstr(nt_status)));
+ auth_method->name, user_info->smb_name, nt_errstr(nt_status)));
}
talloc_destroy(mem_ctx);
}
}
+ /* successful authentication */
+
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
DEBUG((*server_info)->guest ? 5 : 2,
("check_ntlm_password: %sauthentication for user [%s] -> [%s] -> [%s] succeeded\n",
(*server_info)->guest ? "guest " : "",
- user_info->smb_name.str,
- user_info->internal_username.str,
+ user_info->smb_name,
+ user_info->internal_username,
unix_username));
}
+
+ return nt_status;
}
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
- user_info->smb_name.str, user_info->internal_username.str,
- nt_errstr(nt_status)));
- ZERO_STRUCTP(server_info);
- }
+
+ /* failed authentication; check for guest lapping */
+
+ DEBUG(2, ("check_ntlm_password: Authentication for user [%s] -> [%s] FAILED with error %s\n",
+ user_info->smb_name, user_info->internal_username,
+ nt_errstr(nt_status)));
+ ZERO_STRUCTP(server_info);
+
return nt_status;
}
if (*auth_context) {
/* Free private data of context's authentication methods */
for (auth_method = (*auth_context)->auth_method_list; auth_method; auth_method = auth_method->next) {
- if (auth_method->free_private_data) {
- auth_method->free_private_data (&auth_method->private_data);
- auth_method->private_data = NULL;
- }
+ TALLOC_FREE(auth_method->private_data);
}
talloc_destroy((*auth_context)->mem_ctx);
{
auth_methods *list = NULL;
auth_methods *t = NULL;
- auth_methods *tmp;
NTSTATUS nt_status;
if (!text_list) {
for (;*text_list; text_list++) {
if (load_auth_module(*auth_context, *text_list, &t)) {
- DLIST_ADD_END(list, t, tmp);
+ DLIST_ADD_END(list, t, auth_methods *);
}
}