The branch, master has been updated
via b0d65f8... s3: Use talloc_stackframe() in user_in_group
via 9655f63... s3: Use talloc_stackframe() in user_in_group_sid
via 9cf448a... s3: Use talloc_stackframe() in create_token_from_username
via 3c169c0... s3: Fix a memleak in user_in_group_sid
via a2d1e5e... s3: Remove the make_auth_methods routine
via bc61958... s3: Fix a typo
via c5c40f2... s3: Make "auth_context" its own talloc parent
via e35a2f8... s3: Fix some nonempty lines
from 568ca24... s4:samdb_server_site_dn - free unused DNs in the right
way
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b0d65f827e2314e907b5fd4768c55ae4c816e8da
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:53:00 2010 +0200
s3: Use talloc_stackframe() in user_in_group
commit 9655f63642e9ad3b8b25fcd2beb8bc49fdb9d4e5
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:47:28 2010 +0200
s3: Use talloc_stackframe() in user_in_group_sid
commit 9cf448a30efc73392f267547ef48b7ab19790900
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:47:13 2010 +0200
s3: Use talloc_stackframe() in create_token_from_username
commit 3c169c0475bc4f69c81b93a66884cc3cd9ba19dc
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:44:01 2010 +0200
s3: Fix a memleak in user_in_group_sid
commit a2d1e5e0f77220f912cacb821a928c5e5a952e47
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:37:48 2010 +0200
s3: Remove the make_auth_methods routine
This was just TALLOC_ZERO_P
commit bc619586f210dad5ed01859e21b5f657a34052bf
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:24:07 2010 +0200
s3: Fix a typo
commit c5c40f26482696aca9ee67d170e827f450d59a8b
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 12:20:24 2010 +0200
s3: Make "auth_context" its own talloc parent
Remove "mem_ctx" from "struct auth_context"
commit e35a2f89b27b49f57d73c2461e0cecd2bbd46fa8
Author: Volker Lendecke <v...@samba.org>
Date: Sun Apr 11 11:50:55 2010 +0200
s3: Fix some nonempty lines
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth.c | 18 ++++---------
source3/auth/auth_builtin.c | 49 +++++++++++++++++++++++++-------------
source3/auth/auth_domain.c | 42 +++++++++++++++++++-------------
source3/auth/auth_netlogond.c | 10 +++++--
source3/auth/auth_ntlmssp.c | 2 +-
source3/auth/auth_sam.c | 20 +++++++++++----
source3/auth/auth_script.c | 20 +++++++++------
source3/auth/auth_server.c | 27 ++++++++++++--------
source3/auth/auth_unix.c | 23 ++++++++++--------
source3/auth/auth_util.c | 52 +++-------------------------------------
source3/auth/auth_wbc.c | 11 +++++---
source3/auth/auth_winbind.c | 20 +++++++++------
source3/include/auth.h | 1 -
13 files changed, 149 insertions(+), 146 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index ce8722a..317fe30 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -106,7 +106,7 @@ static void get_ntlm_challenge(struct auth_context
*auth_context,
}
challenge = auth_method->get_chal(auth_context,
&auth_method->private_data,
- auth_context->mem_ctx);
+ auth_context);
if (!challenge.length) {
DEBUG(3, ("auth_get_challenge: getting challenge from
authentication method %s FAILED.\n",
auth_method->name));
@@ -122,7 +122,7 @@ static void get_ntlm_challenge(struct auth_context
*auth_context,
uchar tmp[8];
generate_random_buffer(tmp, sizeof(tmp));
- auth_context->challenge =
data_blob_talloc(auth_context->mem_ctx,
+ auth_context->challenge = data_blob_talloc(auth_context,
tmp, sizeof(tmp));
challenge_set_by = "random";
@@ -331,7 +331,7 @@ static void free_auth_context(struct auth_context
**auth_context)
TALLOC_FREE(auth_method->private_data);
}
- talloc_destroy((*auth_context)->mem_ctx);
+ talloc_destroy(*auth_context);
*auth_context = NULL;
}
}
@@ -342,19 +342,13 @@ static void free_auth_context(struct auth_context
**auth_context)
static NTSTATUS make_auth_context(struct auth_context **auth_context)
{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("authentication context");
-
- *auth_context = TALLOC_P(mem_ctx, struct auth_context);
+ *auth_context = TALLOC_ZERO_P(talloc_autofree_context(),
+ struct auth_context);
if (!*auth_context) {
DEBUG(0,("make_auth_context: talloc failed!\n"));
- talloc_destroy(mem_ctx);
return NT_STATUS_NO_MEMORY;
}
- ZERO_STRUCTP(*auth_context);
- (*auth_context)->mem_ctx = mem_ctx;
(*auth_context)->check_ntlm_password = check_ntlm_password;
(*auth_context)->get_ntlm_challenge = get_ntlm_challenge;
(*auth_context)->free = free_auth_context;
@@ -538,7 +532,7 @@ NTSTATUS make_auth_context_fixed(struct auth_context
**auth_context, uchar chal[
return nt_status;
}
- (*auth_context)->challenge = data_blob_talloc((*auth_context)->mem_ctx,
chal, 8);
+ (*auth_context)->challenge = data_blob_talloc(*auth_context, chal, 8);
(*auth_context)->challenge_set_by = "fixed";
return nt_status;
}
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index f8f048a..e2ad848 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -3,17 +3,17 @@
Generic authentication types
Copyright (C) Andrew Bartlett 2001-2002
Copyright (C) Jelmer Vernooij 2002
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -52,11 +52,16 @@ static NTSTATUS check_guest_security(const struct
auth_context *auth_context,
static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char
*options, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method))
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
+ result->auth = check_guest_security;
+ result->name = "guest";
- (*auth_method)->auth = check_guest_security;
- (*auth_method)->name = "guest";
+ *auth_method = result;
return NT_STATUS_OK;
}
@@ -84,7 +89,7 @@ static NTSTATUS check_name_to_ntstatus_security(const struct
auth_context *auth_
fstring user;
long error_num;
fstrcpy(user, user_info->smb_name);
-
+
if (strnequal("NT_STATUS", user, strlen("NT_STATUS"))) {
strupper_m(user);
return nt_status_string_to_code(user);
@@ -92,11 +97,11 @@ static NTSTATUS check_name_to_ntstatus_security(const
struct auth_context *auth_
strlower_m(user);
error_num = strtoul(user, NULL, 16);
-
+
DEBUG(5,("check_name_to_ntstatus_security: Error for user %s was
%lx\n", user, error_num));
nt_status = NT_STATUS(error_num);
-
+
return nt_status;
}
@@ -104,11 +109,16 @@ static NTSTATUS check_name_to_ntstatus_security(const
struct auth_context *auth_
static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context,
const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method))
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
+ result->auth = check_name_to_ntstatus_security;
+ result->name = "name_to_ntstatus";
- (*auth_method)->auth = check_name_to_ntstatus_security;
- (*auth_method)->name = "name_to_ntstatus";
+ *auth_method = result;
return NT_STATUS_OK;
}
@@ -149,16 +159,21 @@ static DATA_BLOB auth_get_fixed_challenge(const struct
auth_context *auth_contex
}
-/** Module initailisation function */
+/** Module initialisation function */
static NTSTATUS auth_init_fixed_challenge(struct auth_context *auth_context,
const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method))
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
+ }
+ result->auth = check_fixed_challenge_security;
+ result->get_chal = auth_get_fixed_challenge;
+ result->name = "fixed_challenge";
- (*auth_method)->auth = check_fixed_challenge_security;
- (*auth_method)->get_chal = auth_get_fixed_challenge;
- (*auth_method)->name = "fixed_challenge";
+ *auth_method = result;
return NT_STATUS_OK;
}
#endif /* DEVELOPER */
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index a07aa61..3a9da2c 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -3,17 +3,17 @@
Authenticate against a remote domain
Copyright (C) Andrew Tridgell 1992-1998
Copyright (C) Andrew Bartlett 2001
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -138,7 +138,7 @@ static NTSTATUS connect_to_domain_password_server(struct
cli_state **cli,
if (mutex == NULL) {
return NT_STATUS_NO_LOGON_SERVERS;
}
-
+
/* Attempt connection */
*retry = True;
result = cli_full_connection(cli, global_myname(), dc_name, dc_ss, 0,
@@ -275,7 +275,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
*/
/* rety loop for robustness */
-
+
for (i = 0; !NT_STATUS_IS_OK(nt_status) && retry && (i < 3); i++) {
nt_status = connect_to_domain_password_server(&cli,
domain,
@@ -316,7 +316,7 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
/* Let go as soon as possible so we avoid any potential deadlocks
with winbind lookup up users or groups. */
-
+
TALLOC_FREE(mutex);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -409,7 +409,7 @@ static NTSTATUS check_ntdomain_security(const struct
auth_context *auth_context,
user_info->domain));
return NT_STATUS_NO_LOGON_SERVERS;
}
-
+
nt_status = domain_client_validate(mem_ctx,
user_info,
domain,
@@ -417,19 +417,23 @@ static NTSTATUS check_ntdomain_security(const struct
auth_context *auth_context,
server_info,
dc_name,
&dc_ss);
-
+
return nt_status;
}
/* module initialisation */
static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const
char* param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->name = "ntdomain";
+ result->auth = check_ntdomain_security;
- (*auth_method)->name = "ntdomain";
- (*auth_method)->auth = check_ntdomain_security;
+ *auth_method = result;
return NT_STATUS_OK;
}
@@ -469,7 +473,7 @@ static NTSTATUS check_trustdomain_security(const struct
auth_context *auth_conte
This return makes "map to guest = bad user" work again.
The logic is that if we know nothing about the domain, that
user is not known to us and does not exist */
-
+
if ( !is_trusted_domain( user_info->domain ) )
return NT_STATUS_NOT_IMPLEMENTED;
@@ -503,13 +507,13 @@ static NTSTATUS check_trustdomain_security(const struct
auth_context *auth_conte
/* use get_dc_name() for consistency even through we know that it will
be
a netbios name */
-
+
if ( !get_dc_name(user_info->domain, NULL, dc_name, &dc_ss) ) {
DEBUG(5,("check_trustdomain_security: unable to locate a DC for
domain %s\n",
user_info->domain));
return NT_STATUS_NO_LOGON_SERVERS;
}
-
+
nt_status = domain_client_validate(mem_ctx,
user_info,
user_info->domain,
@@ -524,12 +528,16 @@ static NTSTATUS check_trustdomain_security(const struct
auth_context *auth_conte
/* module initialisation */
static NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const
char* param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->name = "trustdomain";
+ result->auth = check_trustdomain_security;
- (*auth_method)->name = "trustdomain";
- (*auth_method)->auth = check_trustdomain_security;
+ *auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index bfd1228..5e05f1b 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -299,12 +299,16 @@ static NTSTATUS auth_init_netlogond(struct auth_context
*auth_context,
const char *param,
auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->name = "netlogond";
+ result->auth = check_netlogond_security;
- (*auth_method)->name = "netlogond";
- (*auth_method)->auth = check_netlogond_security;
+ *auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index a62d429..7624117 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -64,7 +64,7 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct
ntlmssp_state *ntlmssp_state,
SMB_ASSERT(challenge->length == 8);
- auth_context->challenge = data_blob_talloc(auth_context->mem_ctx,
+ auth_context->challenge = data_blob_talloc(auth_context,
challenge->data,
challenge->length);
auth_context->challenge_set_by = "NTLMSSP callback (NTLM2)";
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 01b2517..cf121d1 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -517,12 +517,16 @@ done:
/* module initialisation */
static NTSTATUS auth_init_sam_ignoredomain(struct auth_context *auth_context,
const char *param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->auth = check_sam_security;
+ result->name = "sam_ignoredomain";
- (*auth_method)->auth = check_sam_security;
- (*auth_method)->name = "sam_ignoredomain";
+ *auth_method = result;
return NT_STATUS_OK;
}
@@ -574,12 +578,16 @@ static NTSTATUS check_samstrict_security(const struct
auth_context *auth_context
/* module initialisation */
static NTSTATUS auth_init_sam(struct auth_context *auth_context, const char
*param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ result->auth = check_samstrict_security;
+ result->name = "sam";
- (*auth_method)->auth = check_samstrict_security;
- (*auth_method)->name = "sam";
+ *auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index be1ae81..81c80eb 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -4,17 +4,17 @@
Call out to a shell script for an authentication check.
Copyright (C) Jeremy Allison 2005.
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -121,12 +121,14 @@ static NTSTATUS script_check_user_credentials(const
struct auth_context *auth_co
/* module initialisation */
static NTSTATUS auth_init_script(struct auth_context *auth_context, const char
*param, auth_methods **auth_method)
{
- if (!make_auth_methods(auth_context, auth_method)) {
+ struct auth_methods *result;
+
+ result = TALLOC_ZERO_P(auth_context, struct auth_methods);
+ if (result == NULL) {
return NT_STATUS_NO_MEMORY;
}
-
- (*auth_method)->name = "script";
- (*auth_method)->auth = script_check_user_credentials;
+ result->name = "script";
+ result->auth = script_check_user_credentials;
if (param && *param) {
/* we load the 'fallback' module - if script isn't here, call
this
@@ -135,8 +137,10 @@ static NTSTATUS auth_init_script(struct auth_context
*auth_context, const char *
if (!load_auth_module(auth_context, param, &priv)) {
return NT_STATUS_UNSUCCESSFUL;
}
- (*auth_method)->private_data = (void *)priv;
+ result->private_data = (void *)priv;
}
+
+ *auth_method = result;
return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index ec92787..4bcb796 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -8,12 +8,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -228,7 +228,7 @@ static DATA_BLOB auth_get_challenge_server(const struct
auth_context *auth_conte
TALLOC_CTX *mem_ctx)
{
struct cli_state *cli = server_cryptkey(mem_ctx);
-
+
if (cli) {
DEBUG(3,("using password server validation\n"));
@@ -236,7 +236,7 @@ static DATA_BLOB auth_get_challenge_server(const struct
auth_context *auth_conte
/* We can't work with unencrypted password servers
unless 'encrypt passwords = no' */
DEBUG(5,("make_auth_info_server: Server is unencrypted,
no challenge available..\n"));
-
+
/* However, it is still a perfectly fine connection
to pass that unencrypted password over */
*my_private_data =
@@ -255,7 +255,7 @@ static DATA_BLOB auth_get_challenge_server(const struct
auth_context *auth_conte
/* The return must be allocated on the caller's mem_ctx, as our
own will be
destoyed just after the call. */
- return data_blob_talloc(auth_context->mem_ctx,
cli->secblob.data,8);
+ return data_blob_talloc((TALLOC_CTX *)auth_context,
cli->secblob.data,8);
} else {
return data_blob_null;
}
@@ -282,7 +282,7 @@ static NTSTATUS check_smbserver_security(const struct
auth_context *auth_context
bool locally_made_cli = False;
cli = state->cli;
-
+
--
Samba Shared Repository
