The branch, master has been updated
via 959d13a s3-auth: Remove duplicate check for
NT_STATUS_IS_OK(nt_status)
via 3ddb983 gensec: inline gensec_generate_session_info() into only
caller
via fc035af s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge
cannot be obtained
via a647df4 auth: Make check_password and generate_session_info hook
generic
from 7c6713e tdb2: make --enable-tdb2 the default.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 959d13ac204db88613e1b81eff72575c5a8f8edb
Author: Andrew Bartlett <[email protected]>
Date: Mon Jan 30 14:00:58 2012 +1100
s3-auth: Remove duplicate check for NT_STATUS_IS_OK(nt_status)
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Mon Jan 30 09:38:47 CET 2012 on sn-devel-104
commit 3ddb983c10aab6ad8eb2a766accfccb2b3671a3a
Author: Andrew Bartlett <[email protected]>
Date: Mon Jan 30 11:53:04 2012 +1100
gensec: inline gensec_generate_session_info() into only caller
This avoids casting to and from the struct auth_user_info_dc *user_info_dc
to to this, the
if (user_info_dc->info->authenticated)
is moved into auth_generate_session_info_wrapper(), which is the
function that gensec_security->auth_context->generate_session_info
points to.
Andrew Bartlett
commit fc035afb6ecdb54e6183be511e886ac07727cc0b
Author: Andrew Bartlett <[email protected]>
Date: Mon Jan 30 11:49:23 2012 +1100
s4-auth: Return NT_STATUS_NOT_IMPLEMENTED if the challenge cannot be
obtained
commit a647df4607cb6d916cd689f92cd27995ca0f9ab4
Author: Andrew Bartlett <[email protected]>
Date: Mon Jan 30 11:17:44 2012 +1100
auth: Make check_password and generate_session_info hook generic
gensec_ntlmssp does not need to know the internal form of the
struct user_info_dc or auth_serversupplied_info. This will allow the
calling logic to be put in common.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
auth/common_auth.h | 5 ++-
auth/gensec/gensec.h | 5 ---
auth/gensec/gensec_util.c | 29 ------------------
auth/ntlmssp/ntlmssp.h | 5 +--
source3/auth/auth_ntlmssp.c | 37 ++++++++++++-----------
source4/auth/auth.h | 8 ++++-
source4/auth/ntlm/auth.c | 51 +++++++++++++++++++++++++++++----
source4/auth/ntlmssp/ntlmssp_server.c | 43 +++++++++++++++-------------
8 files changed, 98 insertions(+), 85 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/common_auth.h b/auth/common_auth.h
index 3991c40..453c0c9 100644
--- a/auth/common_auth.h
+++ b/auth/common_auth.h
@@ -108,7 +108,8 @@ struct auth4_context {
NTSTATUS (*check_password)(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info
*user_info,
- struct auth_user_info_dc **user_info_dc);
+ void **server_returned_info,
+ DATA_BLOB *nt_session_key, DATA_BLOB
*lm_session_key);
NTSTATUS (*get_challenge)(struct auth4_context *auth_ctx, uint8_t
chal[8]);
@@ -118,7 +119,7 @@ struct auth4_context {
NTSTATUS (*generate_session_info)(TALLOC_CTX *mem_ctx,
struct auth4_context *auth_context,
- struct auth_user_info_dc
*user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info
**session_info);
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index b03bcd8..c52eecb 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -336,11 +336,6 @@ bool gensec_setting_bool(struct gensec_settings *settings,
const char *mechanism
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security,
const char *principal);
const char *gensec_get_target_principal(struct gensec_security
*gensec_security);
-NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
- struct gensec_security *gensec_security,
- struct auth_user_info_dc *user_info_dc,
- struct auth_session_info **session_info);
-
NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
struct gensec_security
*gensec_security,
struct smb_krb5_context
*smb_krb5_context,
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index feff3c3..cdd615f 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -24,35 +24,6 @@
#include "auth/gensec/gensec.h"
#include "auth/common_auth.h"
-NTSTATUS gensec_generate_session_info(TALLOC_CTX *mem_ctx,
- struct gensec_security *gensec_security,
- struct auth_user_info_dc *user_info_dc,
- struct auth_session_info **session_info)
-{
- NTSTATUS nt_status;
- uint32_t session_info_flags = 0;
-
- if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
- session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
- }
-
- session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
- if (user_info_dc->info->authenticated) {
- session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
- }
-
- if (gensec_security->auth_context &&
gensec_security->auth_context->generate_session_info) {
- nt_status =
gensec_security->auth_context->generate_session_info(mem_ctx,
gensec_security->auth_context,
-
user_info_dc,
-
session_info_flags,
-
session_info);
- } else {
- DEBUG(0, ("Cannot generate a session_info without the
auth_context\n"));
- return NT_STATUS_INTERNAL_ERROR;
- }
- return nt_status;
-}
-
NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
struct gensec_security
*gensec_security,
struct smb_krb5_context
*smb_krb5_context,
diff --git a/auth/ntlmssp/ntlmssp.h b/auth/ntlmssp/ntlmssp.h
index 9801b14..54d3e53 100644
--- a/auth/ntlmssp/ntlmssp.h
+++ b/auth/ntlmssp/ntlmssp.h
@@ -34,13 +34,10 @@ struct ntlmssp_state;
struct gensec_ntlmssp_context {
/* used only by s3 server implementation */
struct auth_context *auth_context;
- struct auth_serversupplied_info *server_info;
-
- /* Used by the s4 server implementation */
- struct auth_user_info_dc *user_info_dc;
/* For GENSEC users */
struct gensec_security *gensec_security;
+ void *server_returned_info;
/* used by both client and server implementation */
struct ntlmssp_state *ntlmssp_state;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 7a23a92..00a99c3 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -37,10 +37,12 @@ static NTSTATUS gensec_ntlmssp3_server_session_info(struct
gensec_security *gens
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
+ struct auth_serversupplied_info *server_info =
talloc_get_type_abort(gensec_ntlmssp->server_returned_info,
+
struct auth_serversupplied_info);
NTSTATUS nt_status;
nt_status = create_local_token(mem_ctx,
- gensec_ntlmssp->server_info,
+ server_info,
&gensec_ntlmssp->ntlmssp_state->session_key,
gensec_ntlmssp->ntlmssp_state->user,
session_info);
@@ -137,6 +139,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
struct gensec_ntlmssp_context *gensec_ntlmssp =
(struct gensec_ntlmssp_context
*)ntlmssp_state->callback_private;
struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info;
NTSTATUS nt_status;
bool username_was_mapped;
@@ -168,7 +171,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
user_info->logon_parameters = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
nt_status =
gensec_ntlmssp->auth_context->check_ntlm_password(gensec_ntlmssp->auth_context,
-
user_info, &gensec_ntlmssp->server_info);
+
user_info, &server_info);
username_was_mapped = user_info->was_mapped;
@@ -176,36 +179,34 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
if (!NT_STATUS_IS_OK(nt_status)) {
nt_status = do_map_to_guest_server_info(nt_status,
-
&gensec_ntlmssp->server_info,
+ &server_info,
gensec_ntlmssp->ntlmssp_state->user,
gensec_ntlmssp->ntlmssp_state->domain);
+ gensec_ntlmssp->server_returned_info = server_info;
return nt_status;
}
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- gensec_ntlmssp->server_info->nss_token |= username_was_mapped;
+ server_info->nss_token |= username_was_mapped;
/* Clear out the session keys, and pass them to the caller.
* They will not be used in this form again - instead the
* NTLMSSP code will decide on the final correct session key,
* and supply it to create_local_token() */
- if (gensec_ntlmssp->server_info->session_key.length) {
+ if (server_info->session_key.length) {
DEBUG(10, ("Got NT session key of length %u\n",
- (unsigned
int)gensec_ntlmssp->server_info->session_key.length));
- *session_key = gensec_ntlmssp->server_info->session_key;
- talloc_steal(mem_ctx,
gensec_ntlmssp->server_info->session_key.data);
- gensec_ntlmssp->server_info->session_key = data_blob_null;
+ (unsigned int)server_info->session_key.length));
+ *session_key = server_info->session_key;
+ talloc_steal(mem_ctx, server_info->session_key.data);
+ server_info->session_key = data_blob_null;
}
- if (gensec_ntlmssp->server_info->lm_session_key.length) {
+ if (server_info->lm_session_key.length) {
DEBUG(10, ("Got LM session key of length %u\n",
- (unsigned
int)gensec_ntlmssp->server_info->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp->server_info->lm_session_key;
- talloc_steal(mem_ctx,
gensec_ntlmssp->server_info->lm_session_key.data);
- gensec_ntlmssp->server_info->lm_session_key = data_blob_null;
+ (unsigned int)server_info->lm_session_key.length));
+ *lm_session_key = server_info->lm_session_key;
+ talloc_steal(mem_ctx, server_info->lm_session_key.data);
+ server_info->lm_session_key = data_blob_null;
}
+ gensec_ntlmssp->server_returned_info = server_info;
return nt_status;
}
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index a7fc413..1b22701 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -152,9 +152,15 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct auth4_context **auth_ctx);
+NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct auth_usersupplied_info *user_info,
+ void **server_returned_info,
+ DATA_BLOB *user_session_key, DATA_BLOB
*lm_session_key);
+
NTSTATUS auth_check_password(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **user_info_dc);
NTSTATUS auth4_init(void);
NTSTATUS auth_register(const struct auth_operations *ops);
diff --git a/source4/auth/ntlm/auth.c b/source4/auth/ntlm/auth.c
index 95bdd84..6dd82e4 100644
--- a/source4/auth/ntlm/auth.c
+++ b/source4/auth/ntlm/auth.c
@@ -35,7 +35,7 @@
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context
*auth_context,
- struct auth_user_info_dc
*user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info
**session_info);
@@ -208,6 +208,38 @@ _PUBLIC_ NTSTATUS auth_check_password(struct auth4_context
*auth_ctx,
return status;
}
+_PUBLIC_ NTSTATUS auth_check_password_wrapper(struct auth4_context *auth_ctx,
+ TALLOC_CTX *mem_ctx,
+ const struct
auth_usersupplied_info *user_info,
+ void **server_returned_info,
+ DATA_BLOB *user_session_key,
DATA_BLOB *lm_session_key)
+{
+ struct auth_user_info_dc *user_info_dc;
+ NTSTATUS status = auth_check_password(auth_ctx, mem_ctx, user_info,
&user_info_dc);
+
+ if (NT_STATUS_IS_OK(status)) {
+ *server_returned_info = user_info_dc;
+
+ if (user_session_key) {
+ DEBUG(10, ("Got NT session key of length %u\n",
+
(unsigned)user_info_dc->user_session_key.length));
+ *user_session_key = user_info_dc->user_session_key;
+ talloc_steal(mem_ctx, user_session_key->data);
+ user_info_dc->user_session_key = data_blob_null;
+ }
+
+ if (lm_session_key) {
+ DEBUG(10, ("Got LM session key of length %u\n",
+
(unsigned)user_info_dc->lm_session_key.length));
+ *lm_session_key = user_info_dc->lm_session_key;
+ talloc_steal(mem_ctx, lm_session_key->data);
+ user_info_dc->lm_session_key = data_blob_null;
+ }
+ }
+
+ return status;
+}
+
struct auth_check_password_state {
struct auth4_context *auth_ctx;
const struct auth_usersupplied_info *user_info;
@@ -433,13 +465,20 @@ _PUBLIC_ NTSTATUS auth_check_password_recv(struct
tevent_req *req,
* generation of unix tokens via IRPC */
static NTSTATUS auth_generate_session_info_wrapper(TALLOC_CTX *mem_ctx,
struct auth4_context
*auth_context,
- struct auth_user_info_dc
*user_info_dc,
+ void *server_returned_info,
uint32_t session_info_flags,
struct auth_session_info
**session_info)
{
- NTSTATUS status = auth_generate_session_info(mem_ctx,
auth_context->lp_ctx,
- auth_context->sam_ctx,
user_info_dc,
- session_info_flags,
session_info);
+ NTSTATUS status;
+ struct auth_user_info_dc *user_info_dc =
talloc_get_type_abort(server_returned_info, struct auth_user_info_dc);
+
+ if (user_info_dc->info->authenticated) {
+ session_info_flags |= AUTH_SESSION_INFO_AUTHENTICATED;
+ }
+
+ status = auth_generate_session_info(mem_ctx, auth_context->lp_ctx,
+ auth_context->sam_ctx, user_info_dc,
+ session_info_flags, session_info);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -562,7 +601,7 @@ _PUBLIC_ NTSTATUS auth_context_create_methods(TALLOC_CTX
*mem_ctx, const char **
DLIST_ADD_END(ctx->methods, method, struct auth_method_context
*);
}
- ctx->check_password = auth_check_password;
+ ctx->check_password = auth_check_password_wrapper;
ctx->get_challenge = auth_get_challenge;
ctx->set_challenge = auth_context_set_challenge;
ctx->challenge_may_be_modified = auth_challenge_may_be_modified;
diff --git a/source4/auth/ntlmssp/ntlmssp_server.c
b/source4/auth/ntlmssp/ntlmssp_server.c
index dcd6123..f463859 100644
--- a/source4/auth/ntlmssp/ntlmssp_server.c
+++ b/source4/auth/ntlmssp/ntlmssp_server.c
@@ -101,7 +101,7 @@ static NTSTATUS auth_ntlmssp_get_challenge(const struct
ntlmssp_state *ntlmssp_s
}
}
- return NT_STATUS_OK;
+ return status;
}
/**
@@ -189,25 +189,15 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
nt_status = auth_context->check_password(auth_context,
gensec_ntlmssp,
user_info,
-
&gensec_ntlmssp->user_info_dc);
+
&gensec_ntlmssp->server_returned_info,
+ user_session_key,
lm_session_key);
}
talloc_free(user_info);
NT_STATUS_NOT_OK_RETURN(nt_status);
- if (gensec_ntlmssp->user_info_dc->user_session_key.length) {
- DEBUG(10, ("Got NT session key of length %u\n",
-
(unsigned)gensec_ntlmssp->user_info_dc->user_session_key.length));
- *user_session_key =
gensec_ntlmssp->user_info_dc->user_session_key;
- talloc_steal(mem_ctx, user_session_key->data);
- gensec_ntlmssp->user_info_dc->user_session_key = data_blob_null;
- }
- if (gensec_ntlmssp->user_info_dc->lm_session_key.length) {
- DEBUG(10, ("Got LM session key of length %u\n",
-
(unsigned)gensec_ntlmssp->user_info_dc->lm_session_key.length));
- *lm_session_key = gensec_ntlmssp->user_info_dc->lm_session_key;
- talloc_steal(mem_ctx, lm_session_key->data);
- gensec_ntlmssp->user_info_dc->lm_session_key = data_blob_null;
- }
+ talloc_steal(mem_ctx, user_session_key->data);
+ talloc_steal(mem_ctx, lm_session_key->data);
+
return nt_status;
}
@@ -229,11 +219,24 @@ NTSTATUS gensec_ntlmssp_session_info(struct
gensec_security *gensec_security,
struct gensec_ntlmssp_context *gensec_ntlmssp =
talloc_get_type_abort(gensec_security->private_data,
struct gensec_ntlmssp_context);
+ uint32_t session_info_flags = 0;
+
+ if (gensec_security->want_features & GENSEC_FEATURE_UNIX_TOKEN) {
+ session_info_flags |= AUTH_SESSION_INFO_UNIX_TOKEN;
+ }
+
+ session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
- nt_status = gensec_generate_session_info(mem_ctx,
- gensec_security,
- gensec_ntlmssp->user_info_dc,
- session_info);
+ if (gensec_security->auth_context &&
gensec_security->auth_context->generate_session_info) {
+ nt_status =
gensec_security->auth_context->generate_session_info(mem_ctx,
gensec_security->auth_context,
+
gensec_ntlmssp->server_returned_info,
+
session_info_flags,
+
session_info);
+ } else {
+ DEBUG(0, ("Cannot generate a session_info without the
auth_context\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
NT_STATUS_NOT_OK_RETURN(nt_status);
return gensec_ntlmssp_session_key(gensec_security, *session_info,
--
Samba Shared Repository
