diff options
author | Volker Lendecke <vl@samba.org> | 2017-02-11 15:44:01 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2017-03-24 11:57:08 +0100 |
commit | 51056c2cefe6b2c4ef5b8583ec145fb0664de714 (patch) | |
tree | 16459c6e6dda05dc7b02ff9792986504cda234ee /source3/auth | |
parent | c98614152cad7a463d4008064f140134cc5b8441 (diff) | |
download | samba-51056c2cefe6b2c4ef5b8583ec145fb0664de714.tar.gz |
auth3: Simplify the logic in auth_check_ntlm_password
Move everything but the strict loop logic outside. This makes the
loop exit condition clearer to me: Anything but NOT_IMPLEMENTED breaks
the loop.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Diffstat (limited to 'source3/auth')
-rw-r--r-- | source3/auth/auth.c | 58 |
1 files changed, 29 insertions, 29 deletions
diff --git a/source3/auth/auth.c b/source3/auth/auth.c index ff41404f770..fddb6b906f3 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -166,6 +166,7 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **pserver_info) { TALLOC_CTX *frame; + const char *auth_method_name = ""; /* if all the modules say 'not for me' this is reasonable */ NTSTATUS nt_status = NT_STATUS_NO_SUCH_USER; const char *unix_username; @@ -214,51 +215,50 @@ NTSTATUS auth_check_ntlm_password(TALLOC_CTX *mem_ctx, } for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) { - NTSTATUS result; + + auth_method_name = auth_method->name; if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY && !(auth_method->flags & AUTH_METHOD_LOCAL_SAM)) { continue; } - result = auth_method->auth(auth_context, - auth_method->private_data, - talloc_tos(), - user_info, - &server_info); - - /* check if the module did anything */ - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) { - DEBUG(10,("check_ntlm_password: %s had nothing to say\n", auth_method->name)); - if (user_info->flags & USER_INFO_LOCAL_SAM_ONLY) { - /* we don't expose the NT_STATUS_NOT_IMPLEMENTED - * internals, except when the caller is only probing - * one method, as they may do the fallback - */ - nt_status = result; - } - continue; - } - - nt_status = result; + nt_status = auth_method->auth(auth_context, + auth_method->private_data, + talloc_tos(), + user_info, + &server_info); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(3, ("check_ntlm_password: %s authentication for user [%s] succeeded\n", - auth_method->name, user_info->client.account_name)); - } else { - DEBUG(5, ("check_ntlm_password: %s authentication for user [%s] FAILED with error %s\n", - auth_method->name, user_info->client.account_name, nt_errstr(nt_status))); + if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED)) { + break; } - break; + DBG_DEBUG("%s had nothing to say\n", auth_method->name); } - /* successful authentication */ + /* check if the module did anything */ + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NOT_IMPLEMENTED) && + ((user_info->flags & USER_INFO_LOCAL_SAM_ONLY) == 0)) { + /* + * we don't expose the NT_STATUS_NOT_IMPLEMENTED + * internals, except when the caller is only probing + * one method, as they may do the fallback + */ + nt_status = NT_STATUS_NO_SUCH_USER; + } if (!NT_STATUS_IS_OK(nt_status)) { + DBG_INFO("%s authentication for user [%s] FAILED with " + "error %s\n", + auth_method_name, + user_info->client.account_name, + nt_errstr(nt_status)); goto fail; } + DBG_NOTICE("%s authentication for user [%s] succeeded\n", + auth_method_name, user_info->client.account_name); + unix_username = server_info->unix_name; /* We skip doing this step if the caller asked us not to */ |