[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Mar 8 03:54:02 MST 2012
The branch, master has been updated
via 9a11f2e auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
via 5b372d7 auth/kerberos: Ensure we do not print invalid memory in failure case
via 1102acb wintest: continue turning over VMs...
via 1a8e715 dlz_bind9: Log Samba DEBUG() messages to the bind9 logs
via bc66af5 lib/util: Add a callback facility for debug messages
via 77602d8 s3-auth: Remove single-implementation plugin layer
via 50547a9 s3-auth: Follow auth_ntlmssp and use auth4_context for Session Setup
via 79753ec selftest: add more tests for different authentication codepaths
from cff40ed autobuild: Enable standalone tdb2 tests
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9a11f2ea092f046693ee3fbf076b4a3c4be3d8f0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 16:16:12 2012 +1100
auth/kerberos: Fall back to gsskrb5_get_subkey if we did not get the key type
The key type OID is optional, but we require that information to determine if
we should use NEW_SPNEGO.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Thu Mar 8 11:53:57 CET 2012 on sn-devel-104
commit 5b372d7015553a0ab9523999184124fa9d6555e7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 16:15:09 2012 +1100
auth/kerberos: Ensure we do not print invalid memory in failure case
This codeblock may not have any set->elements, so we should not print them. Copy&paste in the original code.
Andrew Bartlett
commit 1102acbbb685ea2eb95d903fd095f05f20710bf2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 14:57:07 2012 +1100
wintest: continue turning over VMs...
commit 1a8e7157e56322b458414e52004862b0b1d34cfe
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 12:21:56 2012 +1100
dlz_bind9: Log Samba DEBUG() messages to the bind9 logs
commit bc66af50ffdffe39ba6c6e3d4dc03e095a89134c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 12:21:26 2012 +1100
lib/util: Add a callback facility for debug messages
This will allow dlz_bind9 to put log messages somewhere useful, which
may make it easier to debug.
Andrew Bartlett
commit 77602d877e755b2672b136704b039d85797fe305
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 3 21:58:44 2012 +1100
s3-auth: Remove single-implementation plugin layer
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value. Make it easier to follow by
just calling the function directly.
Andrew Bartlett
commit 50547a9950062311a4952846960b15e1d6cdfdf5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 3 17:09:37 2012 +1100
s3-auth: Follow auth_ntlmssp and use auth4_context for Session Setup
This patch ensures consistency in behaviour between NTLMSSP and NTLM
session setup handlers. By calling the same layer that auth_ntlmssp
calls, we can not only allow redirection of all authentication to the
AD DC, we ensure that map to guest and username map handling is
consistent, even in the file server alone.
Andrew Bartlett
commit 79753ec02c8315a55557c418f3a802fd2631878f
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 8 15:37:29 2012 +1100
selftest: add more tests for different authentication codepaths
-----------------------------------------------------------------------
Summary of changes:
auth/kerberos/gssapi_pac.c | 32 ++++++++++---
lib/util/debug.c | 57 +++++++++++++++++++------
lib/util/debug.h | 9 +++-
source3/auth/auth.c | 13 ++---
source3/auth/auth_ntlmssp.c | 6 +-
source3/auth/auth_util.c | 20 ++++----
source3/auth/proto.h | 40 +++++++++++++++++
source3/include/auth.h | 6 ---
source3/rpc_server/netlogon/srv_netlog_nt.c | 4 +-
source3/selftest/tests.py | 4 ++
source3/smbd/globals.h | 2 +-
source3/smbd/negprot.c | 2 +-
source3/smbd/sesssetup.c | 63 ++++++++------------------
source4/dns_server/dlz_bind9.c | 31 ++++++++++++-
source4/selftest/tests.py | 1 +
wintest/conf/abartlet.conf | 8 ++--
16 files changed, 196 insertions(+), 102 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index d0de11e..1a9d6aa 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -209,10 +209,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
return NT_STATUS_OK;
#else
- DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown "
- "OID for data in results:\n"));
- dump_data(1, (uint8_t *)set->elements[1].value,
- set->elements[1].length);
+ DEBUG(0, ("gss_inquire_sec_context_by_oid didn't return any session key (and no alternative method available)\n"));
return NT_STATUS_NO_USER_SESSION_KEY;
#endif
}
@@ -226,10 +223,29 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
char *oid;
char *p, *q = NULL;
- if (set->count < 2
- || memcmp(set->elements[1].value,
- gse_sesskeytype_oid.elements,
- gse_sesskeytype_oid.length) != 0) {
+ if (set->count < 2) {
+
+#ifdef HAVE_GSSKRB5_GET_SUBKEY
+ krb5_keyblock *subkey;
+ gss_maj = gsskrb5_get_subkey(&gss_min,
+ gssapi_context,
+ &subkey);
+ if (gss_maj == 0) {
+ *keytype = KRB5_KEY_TYPE(subkey);
+ krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
+ } else
+#else
+ {
+ *keytype = 0;
+ }
+#endif
+ gss_maj = gss_release_buffer_set(&gss_min, &set);
+
+ return NT_STATUS_OK;
+
+ } else if (memcmp(set->elements[1].value,
+ gse_sesskeytype_oid.elements,
+ gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
*keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);
diff --git a/lib/util/debug.c b/lib/util/debug.c
index a7e2a0f..52abd79 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -88,6 +88,8 @@ static struct {
struct debug_settings settings;
char *debugf;
+ debug_callback_fn callback;
+ void *callback_private;
} state = {
.settings = {
.timestamp_logs = true
@@ -125,7 +127,7 @@ int *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial);
* debug_count - Number of debug messages that have been output.
* Used to check log size.
*
- * syslog_level - Internal copy of the message debug level. Written by
+ * current_msg_level - Internal copy of the message debug level. Written by
* dbghdr() and read by Debug1().
*
* format_bufr - Used to format debug messages. The dbgtext() function
@@ -143,9 +145,7 @@ int *DEBUGLEVEL_CLASS = discard_const_p(int, debug_class_list_initial);
*/
static int debug_count = 0;
-#ifdef WITH_SYSLOG
-static int syslog_level = 0;
-#endif
+static int current_msg_level = 0;
static char *format_bufr = NULL;
static size_t format_pos = 0;
static bool log_overflow = false;
@@ -519,6 +519,20 @@ bool debug_get_output_is_stdout(void)
return (state.logtype == DEBUG_DEFAULT_STDOUT) || (state.logtype == DEBUG_STDOUT);
}
+void debug_set_callback(void *private_ptr, debug_callback_fn fn)
+{
+ debug_init();
+ if (fn) {
+ state.logtype = DEBUG_CALLBACK;
+ state.callback_private = private_ptr;
+ state.callback = fn;
+ } else {
+ state.logtype = DEBUG_DEFAULT_STDERR;
+ state.callback_private = NULL;
+ state.callback = NULL;
+ }
+}
+
/**************************************************************************
reopen the log files
note that we now do this unconditionally
@@ -546,6 +560,8 @@ bool reopen_logs_internal(void)
state.schedule_reopen_logs = false;
switch (state.logtype) {
+ case DEBUG_CALLBACK:
+ return true;
case DEBUG_STDOUT:
case DEBUG_DEFAULT_STDOUT:
debug_close_fd(state.fd);
@@ -735,7 +751,23 @@ void check_log_size( void )
debug_count++;
- if ( state.logtype != DEBUG_FILE ) {
+ if (state.logtype == DEBUG_CALLBACK) {
+ char *msg;
+ int ret;
+ va_start( ap, format_str );
+ ret = vasprintf( &msg, format_str, ap );
+ if (ret != -1) {
+ if (msg[ret - 1] == '\n') {
+ msg[ret - 1] = '\0';
+ }
+ state.callback(state.callback_private, current_msg_level, msg);
+ free(msg);
+ }
+ va_end( ap );
+
+ goto done;
+
+ } else if ( state.logtype != DEBUG_FILE ) {
va_start( ap, format_str );
if (state.fd > 0)
(void)vdprintf( state.fd, format_str, ap );
@@ -760,8 +792,9 @@ void check_log_size( void )
}
}
+
#ifdef WITH_SYSLOG
- if( syslog_level < state.settings.syslog ) {
+ if( current_msg_level < state.settings.syslog ) {
/* map debug levels to syslog() priorities
* note that not all DEBUG(0, ...) calls are
* necessarily errors */
@@ -775,10 +808,10 @@ void check_log_size( void )
char *msgbuf = NULL;
int ret;
- if( syslog_level >= ARRAY_SIZE(priority_map) || syslog_level < 0)
+ if( current_msg_level >= ARRAY_SIZE(priority_map) || current_msg_level < 0)
priority = LOG_DEBUG;
else
- priority = priority_map[syslog_level];
+ priority = priority_map[current_msg_level];
/*
* Specify the facility to interoperate with other syslog
@@ -913,7 +946,7 @@ void dbgflush( void )
in a macro, since the function can be called as part of a test.
Eg: ( (level <= DEBUGLEVEL) && (dbghdr(level,"",line)) )
- Notes: This function takes care of setting syslog_level.
+ Notes: This function takes care of setting current_msg_level.
****************************************************************************/
@@ -935,10 +968,8 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func)
return( true );
}
-#ifdef WITH_SYSLOG
- /* Set syslog_level. */
- syslog_level = level;
-#endif
+ /* Set current_msg_level. */
+ current_msg_level = level;
/* Don't print a header if we're logging to stdout. */
if ( state.logtype != DEBUG_FILE ) {
diff --git a/lib/util/debug.h b/lib/util/debug.h
index c61a2c5..b3647a3 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -197,7 +197,7 @@ extern int *DEBUGLEVEL_CLASS;
* for example. This makes it easy to override for debug to stderr on
* the command line, as the smb.conf cannot reset it back to
* file-based logging */
-enum debug_logtype {DEBUG_DEFAULT_STDERR = 0, DEBUG_DEFAULT_STDOUT = 1, DEBUG_FILE = 2, DEBUG_STDOUT = 3, DEBUG_STDERR = 4};
+enum debug_logtype {DEBUG_DEFAULT_STDERR = 0, DEBUG_DEFAULT_STDOUT = 1, DEBUG_FILE = 2, DEBUG_STDOUT = 3, DEBUG_STDERR = 4, DEBUG_CALLBACK = 5};
struct debug_settings {
size_t max_log_size;
@@ -233,6 +233,13 @@ bool debug_get_output_is_stdout(void);
void debug_schedule_reopen_logs(void);
char *debug_list_class_names_and_levels(void);
+typedef void (*debug_callback_fn)(void *private_ptr, int level, const char *msg);
+
+/**
+ Set a callback for all debug messages. Use in dlz_bind9 to push output to the bind logs
+ */
+void debug_set_callback(void *private_ptr, debug_callback_fn fn);
+
/**
log suspicious usage - print comments and backtrace
*/
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index 0c91065..4b075a6 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -78,8 +78,8 @@ static struct auth_init_function_entry *auth_find_backend_entry(const char *name
Returns a const char of length 8 bytes.
****************************************************************************/
-static NTSTATUS get_ntlm_challenge(struct auth_context *auth_context,
- uint8_t chal[8])
+NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ uint8_t chal[8])
{
DATA_BLOB challenge = data_blob_null;
const char *challenge_set_by = NULL;
@@ -202,9 +202,9 @@ static bool check_domain_match(const char *user, const char *domain)
*
**/
-static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
+NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
/* if all the modules say 'not for me' this is reasonable */
NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER;
@@ -366,9 +366,6 @@ static NTSTATUS make_auth_context(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- ctx->check_ntlm_password = check_ntlm_password;
- ctx->get_ntlm_challenge = get_ntlm_challenge;
-
talloc_set_destructor((TALLOC_CTX *)ctx, auth_context_destructor);
*auth_context = ctx;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 582c8dc..3437dbf 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -59,7 +59,7 @@ NTSTATUS auth3_get_challenge(struct auth4_context *auth4_context,
{
struct auth_context *auth_context = talloc_get_type_abort(auth4_context->private_data,
struct auth_context);
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
return NT_STATUS_OK;
}
@@ -146,8 +146,8 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context,
mapped_user_info->flags = user_info->flags;
- nt_status = auth_context->check_ntlm_password(auth_context,
- mapped_user_info, &server_info);
+ nt_status = auth_check_ntlm_password(auth_context,
+ mapped_user_info, &server_info);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(5,("Checking NTLMSSP password for %s\\%s failed: %s\n",
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 06aa9c5..21a8642 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -347,8 +347,8 @@ bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
return false;
}
- ret = make_user_info_map(
- user_info, smb_name, client_domain,
+ ret = make_user_info(
+ user_info, smb_name, smb_name, client_domain, client_domain,
get_remote_machine_name(),
remote_address,
local_lm_blob.data ? &local_lm_blob : NULL,
@@ -376,14 +376,14 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const struct tsocket_address *remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
- return make_user_info_map(user_info, smb_name,
- client_domain,
- get_remote_machine_name(),
- remote_address,
- lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL,
- nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL,
- NULL, NULL, NULL,
- AUTH_PASSWORD_RESPONSE);
+ return make_user_info(user_info, smb_name, smb_name,
+ client_domain, client_domain,
+ get_remote_machine_name(),
+ remote_address,
+ lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL,
+ nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL,
+ NULL, NULL, NULL,
+ AUTH_PASSWORD_RESPONSE);
}
/****************************************************************************
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 04f94ae..01e2934 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -44,6 +44,46 @@ NTSTATUS make_auth_context_fixed(TALLOC_CTX *mem_ctx,
struct auth_context **auth_context,
uchar chal[8]) ;
+/****************************************************************************
+ Try to get a challenge out of the various authentication modules.
+ Returns a const char of length 8 bytes.
+****************************************************************************/
+
+NTSTATUS auth_get_ntlm_challenge(struct auth_context *auth_context,
+ uint8_t chal[8]);
+
+/**
+ * Check a user's Plaintext, LM or NTLM password.
+ *
+ * Check a user's password, as given in the user_info struct and return various
+ * interesting details in the server_info struct.
+ *
+ * This function does NOT need to be in a become_root()/unbecome_root() pair
+ * as it makes the calls itself when needed.
+ *
+ * The return value takes precedence over the contents of the server_info
+ * struct. When the return is other than NT_STATUS_OK the contents
+ * of that structure is undefined.
+ *
+ * @param user_info Contains the user supplied components, including the passwords.
+ * Must be created with make_user_info() or one of its wrappers.
+ *
+ * @param auth_context Supplies the challenges and some other data.
+ * Must be created with make_auth_context(), and the challenges should be
+ * filled in, either at creation or by calling the challenge geneation
+ * function auth_get_challenge().
+ *
+ * @param server_info If successful, contains information about the authentication,
+ * including a struct samu struct describing the user.
+ *
+ * @return An NTSTATUS with NT_STATUS_OK or an appropriate error.
+ *
+ **/
+
+NTSTATUS auth_check_ntlm_password(const struct auth_context *auth_context,
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info);
+
/* The following definitions come from auth/auth_builtin.c */
NTSTATUS auth_builtin_init(void);
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 894b7df..7f2c3e5 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -84,12 +84,6 @@ struct auth_context {
/* What order are the various methods in? Try to stop it changing under us */
struct auth_methods *auth_method_list;
- NTSTATUS (*get_ntlm_challenge)(struct auth_context *auth_context,
- uint8_t chal[8]);
- NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info);
-
prepare_gensec_fn prepare_gensec;
make_auth4_context_fn make_auth4_context;
};
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index fdbe937..00d64a8 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -1584,7 +1584,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
return status;
}
- auth_context->get_ntlm_challenge(auth_context, chal);
+ auth_get_ntlm_challenge(auth_context, chal);
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
@@ -1605,7 +1605,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p,
} /* end switch */
if ( NT_STATUS_IS_OK(status) ) {
- status = auth_context->check_ntlm_password(auth_context,
+ status = auth_check_ntlm_password(auth_context,
user_info, &server_info);
}
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 591a351..f0e1003 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -127,6 +127,10 @@ tests=["--ping", "--separator",
"--allocate-uid",
"--allocate-gid"]
+for options in ["--option=clientusespnego=no", " --option=clientntlmv2auth=no --option=clientlanmanauth=yes --max-protocol=LANMAN2", ""]:
+ env = "s3dc"
+ plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) %s" % (env, options), env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', binpath('smbclient3'), configuration])
+
for env in ["s3dc", "member", "s3member"]:
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s)" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', binpath('smbclient3'), configuration])
plantestsuite("samba3.blackbox.smbclient_auth.plain (%s) member creds" % env, env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$SERVER\\\\$USERNAME', '$PASSWORD', binpath('smbclient3'), configuration])
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index bfa649b..5b65711 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -509,7 +509,7 @@ struct smbd_server_connection {
struct {
bool encrypted_passwords;
bool spnego;
- struct auth_context *auth_context;
+ struct auth4_context *auth_context;
bool done;
/*
* Size of the data we can receive. Set by us.
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 8a6b509..e44ac5c 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -44,7 +44,7 @@ static void get_challenge(struct smbd_server_connection *sconn, uint8 buff[8])
}
DEBUG(10, ("get challenge: creating negprot_global_auth_context\n"));
- nt_status = make_auth_context_subsystem(
+ nt_status = make_auth4_context(
sconn, &sconn->smb1.negprot.auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0, ("make_auth_context_subsystem returned %s",
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index da306b9..b2e1f24 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -77,31 +77,33 @@ static int push_signature(uint8 **outbuf)
****************************************************************************/
static NTSTATUS check_guest_password(const struct tsocket_address *remote_address,
- struct auth_serversupplied_info **server_info)
+ TALLOC_CTX *mem_ctx,
+ struct auth_session_info **session_info)
{
- struct auth_context *auth_context;
+ struct auth4_context *auth_context;
struct auth_usersupplied_info *user_info = NULL;
-
+ uint8_t chal[8];
NTSTATUS nt_status;
- static unsigned char chal[8] = { 0, };
DEBUG(3,("Got anonymous request\n"));
- nt_status = make_auth_context_fixed(talloc_tos(), &auth_context, chal);
+ nt_status = make_auth4_context(talloc_tos(), &auth_context);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
+ auth_context->get_ntlm_challenge(auth_context,
+ chal);
+
if (!make_user_info_guest(remote_address, &user_info)) {
TALLOC_FREE(auth_context);
return NT_STATUS_NO_MEMORY;
}
- nt_status = auth_context->check_ntlm_password(auth_context,
- user_info,
- server_info);
- TALLOC_FREE(auth_context);
+ nt_status = auth_check_password_session_info(auth_context,
+ mem_ctx, user_info, session_info);
free_user_info(&user_info);
+ TALLOC_FREE(auth_context);
return nt_status;
}
@@ -396,7 +398,6 @@ void reply_sesssetup_and_X(struct smb_request *req)
const char *native_lanman;
const char *primary_domain;
struct auth_usersupplied_info *user_info = NULL;
- struct auth_serversupplied_info *server_info = NULL;
struct auth_session_info *session_info = NULL;
uint16 smb_flag2 = req->flags2;
@@ -671,10 +672,10 @@ void reply_sesssetup_and_X(struct smb_request *req)
if (!*user) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list