auth3: Simplify the logic in auth_check_ntlm_password

Move everything but the strict loop logic outside. This makes the
loop exit condition clearer to me: Anything but NOT_IMPLEMENTED breaks
the loop.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index ff41404f770e2df67968a8f08867668bfec9bda2..fddb6b906f3687878a652af877054cd62d28162a 100644 (file)
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -166,6 +166,7 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
                                  struct auth_serversupplied_info **pserver_info)
 {
        TALLOC_CTX *frame;
+       const char *auth_method_name = "";
        /* if all the modules say 'not for me' this is reasonable */
        NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
        const char *unix_username;
@@ -214,51 +215,50 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx,
        }
 
        for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) {
-               NTSTATUS result;
+
+               auth_method_name = auth_method->name;
 
                if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY
                    && !(auth_method->flags & AUTH_METHOD_LOCAL_SAM)) {
                        continue;
                }
 
-               result = auth_method->auth(auth_context,
-                                          auth_method->private_data,
-                                          talloc_tos(),
-                                          user_info,
-                                          &server_info);
-
-               /* check if the module did anything */
-               if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
-                       DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name));
-                       if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY) {
-                               /* we don't expose the NT_STATUS_NOT_IMPLEMENTED
-                                * internals, except when the caller is only probing
-                                * one method, as they may do the fallback 
-                                */
-                               nt_status = result;
-                       }
-                       continue;
-               }
-
-               nt_status = result;
+               nt_status = auth_method->auth(auth_context,
+                                             auth_method->private_data,
+                                             talloc_tos(),
+                                             user_info,
+                                             &server_info);
 
-               if (NT_STATUS_IS_OK(nt_status)) {
-                       DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n", 
-                                 auth_method->name, user_info->client.account_name));
-               } else {
-                       DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n", 
-                                 auth_method->name, user_info->client.account_name, nt_errstr(nt_status)));
+               if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) {
+                       break;
                }
 
-               break;
+               DBG_DEBUG("%s had nothing to say\n", auth_method->name);
        }
 
-       /* successful authentication */
+       /* check if the module did anything */
+       if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED) &&
+           ((user_info->flags & USER_INFO_LOCAL_SAM_ONLY) == 0)) {
+               /*
+                * we don't expose the NT_STATUS_NOT_IMPLEMENTED
+                * internals, except when the caller is only probing
+                * one method, as they may do the fallback
+                */
+               nt_status = NT_STATUS_NO_SUCH_USER;
+       }
 
        if (!NT_STATUS_IS_OK(nt_status)) {
+               DBG_INFO("%s authentication for user [%s] FAILED with "
+                        "error %s\n",
+                        auth_method_name,
+                        user_info->client.account_name,
+                        nt_errstr(nt_status));
                goto fail;
        }
 
+       DBG_NOTICE("%s authentication for user [%s] succeeded\n",
+                  auth_method_name, user_info->client.account_name);
+
        unix_username = server_info->unix_name;
 
        /* We skip doing this step if the caller asked us not to */