The branch, master has been updated via b0d65f8... s3: Use talloc_stackframe() in user_in_group via 9655f63... s3: Use talloc_stackframe() in user_in_group_sid via 9cf448a... s3: Use talloc_stackframe() in create_token_from_username via 3c169c0... s3: Fix a memleak in user_in_group_sid via a2d1e5e... s3: Remove the make_auth_methods routine via bc61958... s3: Fix a typo via c5c40f2... s3: Make "auth_context" its own talloc parent via e35a2f8... s3: Fix some nonempty lines from 568ca24... s4:samdb_server_site_dn - free unused DNs in the right way
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit b0d65f827e2314e907b5fd4768c55ae4c816e8da Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:53:00 2010 +0200 s3: Use talloc_stackframe() in user_in_group commit 9655f63642e9ad3b8b25fcd2beb8bc49fdb9d4e5 Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:47:28 2010 +0200 s3: Use talloc_stackframe() in user_in_group_sid commit 9cf448a30efc73392f267547ef48b7ab19790900 Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:47:13 2010 +0200 s3: Use talloc_stackframe() in create_token_from_username commit 3c169c0475bc4f69c81b93a66884cc3cd9ba19dc Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:44:01 2010 +0200 s3: Fix a memleak in user_in_group_sid commit a2d1e5e0f77220f912cacb821a928c5e5a952e47 Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:37:48 2010 +0200 s3: Remove the make_auth_methods routine This was just TALLOC_ZERO_P commit bc619586f210dad5ed01859e21b5f657a34052bf Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:24:07 2010 +0200 s3: Fix a typo commit c5c40f26482696aca9ee67d170e827f450d59a8b Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 12:20:24 2010 +0200 s3: Make "auth_context" its own talloc parent Remove "mem_ctx" from "struct auth_context" commit e35a2f89b27b49f57d73c2461e0cecd2bbd46fa8 Author: Volker Lendecke <v...@samba.org> Date: Sun Apr 11 11:50:55 2010 +0200 s3: Fix some nonempty lines ----------------------------------------------------------------------- Summary of changes: source3/auth/auth.c | 18 ++++--------- source3/auth/auth_builtin.c | 49 +++++++++++++++++++++++++------------- source3/auth/auth_domain.c | 42 +++++++++++++++++++------------- source3/auth/auth_netlogond.c | 10 +++++-- source3/auth/auth_ntlmssp.c | 2 +- source3/auth/auth_sam.c | 20 +++++++++++---- source3/auth/auth_script.c | 20 +++++++++------ source3/auth/auth_server.c | 27 ++++++++++++-------- source3/auth/auth_unix.c | 23 ++++++++++-------- source3/auth/auth_util.c | 52 +++------------------------------------- source3/auth/auth_wbc.c | 11 +++++--- source3/auth/auth_winbind.c | 20 +++++++++------ source3/include/auth.h | 1 - 13 files changed, 149 insertions(+), 146 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/auth/auth.c b/source3/auth/auth.c index ce8722a..317fe30 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -106,7 +106,7 @@ static void get_ntlm_challenge(struct auth_context *auth_context, } challenge = auth_method->get_chal(auth_context, &auth_method->private_data, - auth_context->mem_ctx); + auth_context); if (!challenge.length) { DEBUG(3, ("auth_get_challenge: getting challenge from authentication method %s FAILED.\n", auth_method->name)); @@ -122,7 +122,7 @@ static void get_ntlm_challenge(struct auth_context *auth_context, uchar tmp[8]; generate_random_buffer(tmp, sizeof(tmp)); - auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, + auth_context->challenge = data_blob_talloc(auth_context, tmp, sizeof(tmp)); challenge_set_by = "random"; @@ -331,7 +331,7 @@ static void free_auth_context(struct auth_context **auth_context) TALLOC_FREE(auth_method->private_data); } - talloc_destroy((*auth_context)->mem_ctx); + talloc_destroy(*auth_context); *auth_context = NULL; } } @@ -342,19 +342,13 @@ static void free_auth_context(struct auth_context **auth_context) static NTSTATUS make_auth_context(struct auth_context **auth_context) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("authentication context"); - - *auth_context = TALLOC_P(mem_ctx, struct auth_context); + *auth_context = TALLOC_ZERO_P(talloc_autofree_context(), + struct auth_context); if (!*auth_context) { DEBUG(0,("make_auth_context: talloc failed!\n")); - talloc_destroy(mem_ctx); return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(*auth_context); - (*auth_context)->mem_ctx = mem_ctx; (*auth_context)->check_ntlm_password = check_ntlm_password; (*auth_context)->get_ntlm_challenge = get_ntlm_challenge; (*auth_context)->free = free_auth_context; @@ -538,7 +532,7 @@ NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[ return nt_status; } - (*auth_context)->challenge = data_blob_talloc((*auth_context)->mem_ctx, chal, 8); + (*auth_context)->challenge = data_blob_talloc(*auth_context, chal, 8); (*auth_context)->challenge_set_by = "fixed"; return nt_status; } diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c index f8f048a..e2ad848 100644 --- a/source3/auth/auth_builtin.c +++ b/source3/auth/auth_builtin.c @@ -3,17 +3,17 @@ Generic authentication types Copyright (C) Andrew Bartlett 2001-2002 Copyright (C) Jelmer Vernooij 2002 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -52,11 +52,16 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context, static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; + } + result->auth = check_guest_security; + result->name = "guest"; - (*auth_method)->auth = check_guest_security; - (*auth_method)->name = "guest"; + *auth_method = result; return NT_STATUS_OK; } @@ -84,7 +89,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ fstring user; long error_num; fstrcpy(user, user_info->smb_name); - + if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) { strupper_m(user); return nt_status_string_to_code(user); @@ -92,11 +97,11 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ strlower_m(user); error_num = strtoul(user, NULL, 16); - + DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was %lx\n", user, error_num)); nt_status = NT_STATUS(error_num); - + return nt_status; } @@ -104,11 +109,16 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; + } + result->auth = check_name_to_ntstatus_security; + result->name = "name_to_ntstatus"; - (*auth_method)->auth = check_name_to_ntstatus_security; - (*auth_method)->name = "name_to_ntstatus"; + *auth_method = result; return NT_STATUS_OK; } @@ -149,16 +159,21 @@ static DATA_BLOB auth_get_fixed_challenge(const struct auth_context *auth_contex } -/** Module initailisation function */ +/** Module initialisation function */ static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; + } + result->auth = check_fixed_challenge_security; + result->get_chal = auth_get_fixed_challenge; + result->name = "fixed_challenge"; - (*auth_method)->auth = check_fixed_challenge_security; - (*auth_method)->get_chal = auth_get_fixed_challenge; - (*auth_method)->name = "fixed_challenge"; + *auth_method = result; return NT_STATUS_OK; } #endif /* DEVELOPER */ diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index a07aa61..3a9da2c 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -3,17 +3,17 @@ Authenticate against a remote domain Copyright (C) Andrew Tridgell 1992-1998 Copyright (C) Andrew Bartlett 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -138,7 +138,7 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, if (mutex == NULL) { return NT_STATUS_NO_LOGON_SERVERS; } - + /* Attempt connection */ *retry = True; result = cli_full_connection(cli, global_myname(), dc_name, dc_ss, 0, @@ -275,7 +275,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, */ /* rety loop for robustness */ - + for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++) { nt_status = connect_to_domain_password_server(&cli, domain, @@ -316,7 +316,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, /* Let go as soon as possible so we avoid any potential deadlocks with winbind lookup up users or groups. */ - + TALLOC_FREE(mutex); if (!NT_STATUS_IS_OK(nt_status)) { @@ -409,7 +409,7 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, user_info->domain)); return NT_STATUS_NO_LOGON_SERVERS; } - + nt_status = domain_client_validate(mem_ctx, user_info, domain, @@ -417,19 +417,23 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, server_info, dc_name, &dc_ss); - + return nt_status; } /* module initialisation */ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } + result->name = "ntdomain"; + result->auth = check_ntdomain_security; - (*auth_method)->name = "ntdomain"; - (*auth_method)->auth = check_ntdomain_security; + *auth_method = result; return NT_STATUS_OK; } @@ -469,7 +473,7 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte This return makes "map to guest = bad user" work again. The logic is that if we know nothing about the domain, that user is not known to us and does not exist */ - + if ( !is_trusted_domain( user_info->domain ) ) return NT_STATUS_NOT_IMPLEMENTED; @@ -503,13 +507,13 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte /* use get_dc_name() for consistency even through we know that it will be a netbios name */ - + if ( !get_dc_name(user_info->domain, NULL, dc_name, &dc_ss) ) { DEBUG(5,("check_trustdomain_security: unable to locate a DC for domain %s\n", user_info->domain)); return NT_STATUS_NO_LOGON_SERVERS; } - + nt_status = domain_client_validate(mem_ctx, user_info, user_info->domain, @@ -524,12 +528,16 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte /* module initialisation */ static NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } + result->name = "trustdomain"; + result->auth = check_trustdomain_security; - (*auth_method)->name = "trustdomain"; - (*auth_method)->auth = check_trustdomain_security; + *auth_method = result; return NT_STATUS_OK; } diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c index bfd1228..5e05f1b 100644 --- a/source3/auth/auth_netlogond.c +++ b/source3/auth/auth_netlogond.c @@ -299,12 +299,16 @@ static NTSTATUS auth_init_netlogond(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } + result->name = "netlogond"; + result->auth = check_netlogond_security; - (*auth_method)->name = "netlogond"; - (*auth_method)->auth = check_netlogond_security; + *auth_method = result; return NT_STATUS_OK; } diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index a62d429..7624117 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -64,7 +64,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, SMB_ASSERT(challenge->length == 8); - auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, + auth_context->challenge = data_blob_talloc(auth_context, challenge->data, challenge->length); auth_context->challenge_set_by = "NTLMSSP callback (NTLM2)"; diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c index 01b2517..cf121d1 100644 --- a/source3/auth/auth_sam.c +++ b/source3/auth/auth_sam.c @@ -517,12 +517,16 @@ done: /* module initialisation */ static NTSTATUS auth_init_sam_ignoredomain(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } + result->auth = check_sam_security; + result->name = "sam_ignoredomain"; - (*auth_method)->auth = check_sam_security; - (*auth_method)->name = "sam_ignoredomain"; + *auth_method = result; return NT_STATUS_OK; } @@ -574,12 +578,16 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context /* module initialisation */ static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } + result->auth = check_samstrict_security; + result->name = "sam"; - (*auth_method)->auth = check_samstrict_security; - (*auth_method)->name = "sam"; + *auth_method = result; return NT_STATUS_OK; } diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c index be1ae81..81c80eb 100644 --- a/source3/auth/auth_script.c +++ b/source3/auth/auth_script.c @@ -4,17 +4,17 @@ Call out to a shell script for an authentication check. Copyright (C) Jeremy Allison 2005. - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -121,12 +121,14 @@ static NTSTATUS script_check_user_credentials(const struct auth_context *auth_co /* module initialisation */ static NTSTATUS auth_init_script(struct auth_context *auth_context, const char *param, auth_methods **auth_method) { - if (!make_auth_methods(auth_context, auth_method)) { + struct auth_methods *result; + + result = TALLOC_ZERO_P(auth_context, struct auth_methods); + if (result == NULL) { return NT_STATUS_NO_MEMORY; } - - (*auth_method)->name = "script"; - (*auth_method)->auth = script_check_user_credentials; + result->name = "script"; + result->auth = script_check_user_credentials; if (param && *param) { /* we load the 'fallback' module - if script isn't here, call this @@ -135,8 +137,10 @@ static NTSTATUS auth_init_script(struct auth_context *auth_context, const char * if (!load_auth_module(auth_context, param, &priv)) { return NT_STATUS_UNSUCCESSFUL; } - (*auth_method)->private_data = (void *)priv; + result->private_data = (void *)priv; } + + *auth_method = result; return NT_STATUS_OK; } diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c index ec92787..4bcb796 100644 --- a/source3/auth/auth_server.c +++ b/source3/auth/auth_server.c @@ -8,12 +8,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -228,7 +228,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte TALLOC_CTX *mem_ctx) { struct cli_state *cli = server_cryptkey(mem_ctx); - + if (cli) { DEBUG(3,("using password server validation\n")); @@ -236,7 +236,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* We can't work with unencrypted password servers unless 'encrypt passwords = no' */ DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); - + /* However, it is still a perfectly fine connection to pass that unencrypted password over */ *my_private_data = @@ -255,7 +255,7 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte /* The return must be allocated on the caller's mem_ctx, as our own will be destoyed just after the call. */ - return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); + return data_blob_talloc((TALLOC_CTX *)auth_context, cli->secblob.data,8); } else { return data_blob_null; } @@ -282,7 +282,7 @@ static NTSTATUS check_smbserver_security(const struct auth_context *auth_context bool locally_made_cli = False; cli = state->cli; - + -- Samba Shared Repository