The branch, master has been updated
via 520c5aa s3: Remove smbd_server_conn() from check_unix_security
via 92fd03c s3: Lift smbd_server_fd() from pass_check()
via a3995ef s3: Lift smbd_server_fd() from password_check()
via 2257a0c s3: Fix some nonempty blank lines
from 636d107 s3: Fix smb_pam_passcheck
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 520c5aae40ce882b8c5c020eb728d4198106d6b7
Author: Volker Lendecke <[email protected]>
Date: Sat Aug 21 14:59:14 2010 +0200
s3: Remove smbd_server_conn() from check_unix_security
commit 92fd03c5f08055283af55f5a1dffaf84edb7e9ce
Author: Volker Lendecke <[email protected]>
Date: Sat Aug 21 14:57:16 2010 +0200
s3: Lift smbd_server_fd() from pass_check()
commit a3995ef31cfbd798921bf5fd34721b4251e173be
Author: Volker Lendecke <[email protected]>
Date: Sat Aug 21 14:52:16 2010 +0200
s3: Lift smbd_server_fd() from password_check()
commit 2257a0cd86cf9bf187b08066b21db948709dd95d
Author: Volker Lendecke <[email protected]>
Date: Sat Aug 21 14:42:24 2010 +0200
s3: Fix some nonempty blank lines
-----------------------------------------------------------------------
Summary of changes:
source3/auth/auth_unix.c | 2 +
source3/auth/pass_check.c | 48 ++++++++++++++++++++------------------------
source3/include/proto.h | 5 +++-
source3/web/cgi.c | 8 ++++++-
4 files changed, 35 insertions(+), 28 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index c50ac78..072ad84 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "../librpc/gen_ndr/samr.h"
+#include "smbd/globals.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -47,6 +48,7 @@ static NTSTATUS check_unix_security(const struct auth_context
*auth_context,
done. We may need to revisit this **/
nt_status = pass_check(pass,
pass ? pass->pw_name :
user_info->mapped.account_name,
+ smbd_server_conn->client_id.name,
user_info->password.plaintext,
true);
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index a4bc6b5..c61a10b 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -1,18 +1,18 @@
-/*
+/*
Unix SMB/CIFS implementation.
Password checking
Copyright (C) Andrew Tridgell 1992-1998
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -553,13 +553,7 @@ core of password checking routine
static NTSTATUS password_check(const char *password, void *private_data)
{
#ifdef WITH_PAM
- const char *rhost;
- char addr[INET6_ADDRSTRLEN];
-
- rhost = client_name(smbd_server_fd());
- if (strequal(rhost,"UNKNOWN"))
- rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
-
+ const char *rhost = (const char *)private_data;
return smb_pam_passcheck(get_this_user(), rhost, password);
#else
@@ -576,7 +570,7 @@ static NTSTATUS password_check(const char *password, void
*private_data)
#endif /* WITH_DFS */
#ifdef OSF1_ENH_SEC
-
+
ret = (strcmp(osf1_bigcrypt(password, get_this_salt()),
get_this_crypted()) == 0);
if (!ret) {
@@ -589,9 +583,9 @@ static NTSTATUS password_check(const char *password, void
*private_data)
} else {
return NT_STATUS_WRONG_PASSWORD;
}
-
+
#endif /* OSF1_ENH_SEC */
-
+
#ifdef ULTRIX_AUTH
ret = (strcmp((char *)crypt16(password, get_this_salt()),
get_this_crypted()) == 0);
if (ret) {
@@ -599,9 +593,9 @@ static NTSTATUS password_check(const char *password, void
*private_data)
} else {
return NT_STATUS_WRONG_PASSWORD;
}
-
+
#endif /* ULTRIX_AUTH */
-
+
#ifdef LINUX_BIGCRYPT
ret = (linux_bigcrypt(password, get_this_salt(), get_this_crypted()));
if (ret) {
@@ -610,9 +604,9 @@ static NTSTATUS password_check(const char *password, void
*private_data)
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* LINUX_BIGCRYPT */
-
+
#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) &&
defined(USE_BOTH_CRYPT_CALLS)
-
+
/*
* Some systems have bigcrypt in the C library but might not
* actually use it for the password hashes (HPUX 10.20) is
@@ -630,7 +624,7 @@ static NTSTATUS password_check(const char *password, void
*private_data)
return NT_STATUS_WRONG_PASSWORD;
}
#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */
-
+
#ifdef HAVE_BIGCRYPT
ret = (strcmp(bigcrypt(password, get_this_salt()), get_this_crypted())
== 0);
if (ret) {
@@ -639,7 +633,7 @@ static NTSTATUS password_check(const char *password, void
*private_data)
return NT_STATUS_WRONG_PASSWORD;
}
#endif /* HAVE_BIGCRYPT */
-
+
#ifndef HAVE_CRYPT
DEBUG(1, ("Warning - no crypt available\n"));
return NT_STATUS_LOGON_FAILURE;
@@ -666,6 +660,7 @@ return NT_STATUS_OK on correct match, appropriate error
otherwise
NTSTATUS pass_check(const struct passwd *pass,
const char *user,
+ const char *rhost,
const char *password,
bool run_cracker)
{
@@ -837,7 +832,7 @@ NTSTATUS pass_check(const struct passwd *pass,
#endif /* defined(WITH_PAM) */
/* try it as it came to us */
- nt_status = password_check(password, NULL);
+ nt_status = password_check(password, (void *)rhost);
if NT_STATUS_IS_OK(nt_status) {
return (nt_status);
} else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) {
@@ -865,8 +860,8 @@ NTSTATUS pass_check(const struct passwd *pass,
/* try all lowercase if it's currently all uppercase */
if (strhasupper(pass2)) {
strlower_m(pass2);
- nt_status = password_check(pass2, NULL);
- if NT_STATUS_IS_OK(nt_status) {
+ nt_status = password_check(pass2, (void *)rhost);
+ if (NT_STATUS_IS_OK(nt_status)) {
return (nt_status);
}
}
@@ -878,11 +873,12 @@ NTSTATUS pass_check(const struct passwd *pass,
/* last chance - all combinations of up to level chars upper! */
strlower_m(pass2);
-
- nt_status = string_combinations(pass2, password_check, level, NULL);
+
+ nt_status = string_combinations(pass2, password_check, level,
+ (void *)rhost);
if (NT_STATUS_IS_OK(nt_status)) {
return nt_status;
}
-
+
return NT_STATUS_WRONG_PASSWORD;
}
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e82b1ac..e2d1c94 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -232,7 +232,10 @@ bool smb_pam_close_session(char *in_user, char *tty, char
*rhost);
/* The following definitions come from auth/pass_check.c */
void dfs_unlogin(void);
-NTSTATUS pass_check(const struct passwd *pass, const char *user, const char
*password,
+NTSTATUS pass_check(const struct passwd *pass,
+ const char *user,
+ const char *rhost,
+ const char *password,
bool run_cracker);
/* The following definitions come from auth/token_util.c */
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 9c9a365..794152c 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -339,6 +339,8 @@ static bool cgi_handle_authorization(char *line)
char *p;
fstring user, user_pass;
struct passwd *pass = NULL;
+ const char *rhost;
+ char addr[INET6_ADDRSTRLEN];
if (!strnequal(line,"Basic ", 6)) {
goto err;
@@ -369,11 +371,15 @@ static bool cgi_handle_authorization(char *line)
pass = getpwnam_alloc(talloc_autofree_context(), user);
+ rhost = client_name(1);
+ if (strequal(rhost,"UNKNOWN"))
+ rhost = client_addr(1, addr, sizeof(addr));
+
/*
* Validate the password they have given.
*/
- if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) {
+ if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
if (pass) {
/*
* Password was ok.
--
Samba Shared Repository
