summaryrefslogtreecommitdiffstats
path: root/source3
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-05-24 03:43:52 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-05-24 03:43:52 +0000
commit40669777a5f74617fdd80dea3ff5a45a9e9a1aa4 (patch)
tree5b9f16db2a15723ae6623b7bd5cacd91f25d21b5 /source3
parentb270d2d3ababe0b84e3e7f05573bf673082ba6b8 (diff)
downloadsamba-40669777a5f74617fdd80dea3ff5a45a9e9a1aa4.tar.gz
samba-40669777a5f74617fdd80dea3ff5a45a9e9a1aa4.tar.xz
samba-40669777a5f74617fdd80dea3ff5a45a9e9a1aa4.zip
Move the authenticaion subsystem over to the same 'module:options' syntax
that the passdb code now uses. Similarly, move the 'pluggable' stuff over from passdb as well, allowing runtime loading of new authenticaion modules. (NOTE: The interfaces here can *and do* change - module writers are not assured source-level compatibilty, and certainly not binary compatibility). (This used to be commit 3897cf5e048f50be91ae434f636affc6d539d0d1)
Diffstat (limited to 'source3')
-rw-r--r--source3/auth/auth.c23
-rw-r--r--source3/auth/auth_builtin.c63
-rw-r--r--source3/auth/auth_domain.c12
-rw-r--r--source3/auth/auth_rhosts.c12
-rw-r--r--source3/auth/auth_sam.c16
-rw-r--r--source3/auth/auth_server.c6
-rw-r--r--source3/auth/auth_unix.c6
-rw-r--r--source3/auth/auth_winbind.c6
-rw-r--r--source3/include/auth.h9
9 files changed, 111 insertions, 42 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index c40cef5519..55695fa9c2 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -25,7 +25,7 @@
/** List of various built-in authenticaion modules */
-const struct auth_init_function builtin_auth_init_functions[] = {
+const struct auth_init_function_entry builtin_auth_init_functions[] = {
{ "guest", auth_init_guest },
{ "rhosts", auth_init_rhosts },
{ "hostsequiv", auth_init_hostsequiv },
@@ -340,14 +340,31 @@ static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context,
{
if (strequal(builtin_auth_init_functions[i].name, *text_list))
{
+
+ char *module_name = smb_xstrdup(*text_list);
+ char *module_params = NULL;
+ char *p;
+
+ p = strchr(module_name, ':');
+
+ if (p) {
+ *p = 0;
+
+ module_params = p+1;
+
+ trim_string(module_params, " ", " ");
+ }
+
+ trim_string(module_name, " ", " ");
+
DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i));
- if (builtin_auth_init_functions[i].init(*auth_context, &t)) {
+ if (NT_STATUS_IS_OK(builtin_auth_init_functions[i].init(*auth_context, module_params, &t))) {
DEBUG(5,("auth method %s has a valid init\n", *text_list));
- t->name = builtin_auth_init_functions[i].name;
DLIST_ADD_END(list, t, tmp);
} else {
DEBUG(0,("auth method %s did not correctly init\n", *text_list));
}
+ SAFE_FREE(module_name);
break;
}
}
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index 0cca6b8e15..d2c60ae64f 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -1,7 +1,8 @@
/*
Unix SMB/CIFS implementation.
Generic authenticaion types
- Copyright (C) Andrew Bartlett 2001
+ Copyright (C) Andrew Bartlett 2001-2002
+ Copyright (C) Jelmer Vernooij 2002
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -52,14 +53,15 @@ static NTSTATUS check_guest_security(const struct auth_context *auth_context,
}
/* Guest modules initialisation */
-BOOL auth_init_guest(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *options, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_guest_security;
- return True;
+ (*auth_method)->name = "guest";
+ return NT_STATUS_OK;
}
/**
@@ -102,13 +104,60 @@ static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_
}
/** Module initailisation function */
-BOOL auth_init_name_to_ntstatus(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_name_to_ntstatus_security;
- return True;
+ (*auth_method)->name = "name_to_ntstatus";
+ return NT_STATUS_OK;
}
+/**
+ * Outsorce an auth module to an external loadable .so
+ *
+ * Only works on systems with dlopen() etc.
+ **/
+
+/* Plugin modules initialisation */
+NTSTATUS auth_init_plugin(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
+{
+ void * dl_handle;
+ char *plugin_param, *plugin_name, *p;
+ auth_init_function plugin_init;
+
+ if (param == NULL) {
+ DEBUG(0, ("The plugin module needs an argument!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ plugin_name = smb_xstrdup(param);
+ p = strchr(plugin_name, ':');
+ if (p) {
+ *p = 0;
+ plugin_param = p+1;
+ trim_string(plugin_param, " ", " ");
+ } else plugin_param = NULL;
+
+ trim_string(plugin_name, " ", " ");
+
+ DEBUG(5, ("Trying to load auth plugin %s\n", plugin_name));
+ dl_handle = sys_dlopen(plugin_name, RTLD_NOW | RTLD_GLOBAL );
+ if (!dl_handle) {
+ DEBUG(0, ("Failed to load auth plugin %s using sys_dlopen (%s)\n", plugin_name, sys_dlerror()));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ plugin_init = sys_dlsym(dl_handle, "auth_init");
+ if (!plugin_init){
+ DEBUG(0, ("Failed to find function 'pdb_init' using sys_dlsym in sam plugin %s (%s)\n", plugin_name, sys_dlerror()));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(5, ("Starting sam plugin %s with paramater %s\n", plugin_name, plugin_param?plugin_param:"(null)"));
+ return plugin_init(auth_context, plugin_param, auth_method);
+}
+
+
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index d520dabbb2..91c111b557 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -511,14 +511,14 @@ static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
}
/* module initialisation */
-BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_ntdomain_security;
- return True;
+ return NT_STATUS_OK;
}
@@ -598,12 +598,12 @@ static NTSTATUS check_trustdomain_security(const struct auth_context *auth_conte
}
/* module initialisation */
-BOOL auth_init_trustdomain(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_trustdomain(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_trustdomain_security;
- return True;
+ return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c
index 7730f50a3c..4ed0e6bbc4 100644
--- a/source3/auth/auth_rhosts.c
+++ b/source3/auth/auth_rhosts.c
@@ -179,14 +179,14 @@ static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_contex
}
/* module initialisation */
-BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_hostsequiv(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_hostsequiv_security;
- return True;
+ return NT_STATUS_OK;
}
@@ -223,12 +223,12 @@ static NTSTATUS check_rhosts_security(const struct auth_context *auth_context,
}
/* module initialisation */
-BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_rhosts(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_rhosts_security;
- return True;
+ return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index 7e0cd513da..76579150ce 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -404,14 +404,15 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
}
/* module initialisation */
-BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_sam(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
- (*auth_method)->auth = check_sam_security;
- return True;
+ (*auth_method)->auth = check_sam_security;
+ (*auth_method)->name = "sam";
+ return NT_STATUS_OK;
}
@@ -442,14 +443,15 @@ static NTSTATUS check_samstrict_security(const struct auth_context *auth_context
}
/* module initialisation */
-BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_samstrict(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_samstrict_security;
- return True;
+ (*auth_method)->name = "samstrict";
+ return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index bcb7d5059b..0d366a4c0d 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -357,14 +357,14 @@ use this machine as the password server.\n"));
return(nt_status);
}
-BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_smbserver(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_smbserver_security;
(*auth_method)->get_chal = auth_get_challenge_server;
(*auth_method)->send_keepalive = send_server_keepalive;
(*auth_method)->free_private_data = free_server_private_data;
- return True;
+ return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index d624cb1261..9f85bf11fe 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -119,12 +119,12 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
}
/* module initialisation */
-BOOL auth_init_unix(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_unix(struct auth_context *auth_context, const char* param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_unix_security;
- return True;
+ return NT_STATUS_OK;
}
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index 1a72c2df0f..2d214c7aca 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -103,12 +103,12 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
}
/* module initialisation */
-BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method)
+NTSTATUS auth_init_winbind(struct auth_context *auth_context, const char *param, auth_methods **auth_method)
{
if (!make_auth_methods(auth_context, auth_method)) {
- return False;
+ return NT_STATUS_NO_MEMORY;
}
(*auth_method)->auth = check_winbind_security;
- return True;
+ return NT_STATUS_OK;
}
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 5c8bc8edfe..66b317d643 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -141,11 +141,12 @@ typedef struct auth_methods
} auth_methods;
-struct auth_init_function {
+typedef NTSTATUS (*auth_init_function)(struct auth_context *, const char *, struct auth_methods **);
+
+struct auth_init_function_entry {
char *name;
/* Function to create a member of the authmethods list */
- BOOL (*init)(struct auth_context *auth_context, struct auth_methods **auth_method);
-};
-
+ auth_init_function init;
+};
#endif /* _SMBAUTH_H_ */