The branch, master has been updated
via 0ac4f64 s3-build link passdb modules against libpassdb
via 6b97a3b s3-build allow_undefined_symbols=False is the default now
via 5d4b197 s3-auth libauth no longer requires undefined symbols
via c599d07 s3-lib Move event_add_idle() to source3/lib/events.c
via b8b504a s3-samr Send IP address only to PAM remote hostname hook on
password set
via 2a01842 s3: RIP 'struct client_address'.
via 2bcbeea s3-rpc_server: Remove client_id and server_id from pipes
struct.
via aee04ef s3-smbd: Remove client_address from smbd_server_connection
struct.
via b2511a2 s3-smbd: Remove obsolete smbd_set_server_fd().
via cbec251 s3-vfs: Replace client_id in exand msdfs.
via c0f1c17 s3-vfs: Replace client_id in smbta.
via 2f92ffb s3-smbd: Replace client_id in smbd session setup.
via ea2917c s3-smbd: Replace client_id in smbd session.
via 73d2891 s3-smbd: Replace client_id in smbd service.
via ae05a7a s3-smbd: Replace client_id in smbd reply.
via ad0f765 s3-smbd: Exit cleanly if we can't create an address string.
via d99acd2 s3-smbd: Replace client_id in smbd connection.
via a513086 s3-smbd: Replace client_id in smbd process.
via 726b6c6 s3-epmapper: Replace server_id in the epmapper.
via 784035f s3-spoolss: Replace client_id in the spoolss server.
via 5f228ff s3-samr: Replace client_id in samr server.
via f036192 s3-rpc_server: Replace client_id in dcerpc gssapi server.
via 7acaf40 s3-rpc_server: Remove unused client_id in srv_pipe.c.
via 66badc1 s3-auth: Remove global smbd_server_conn from auth_unix.c.
via 7e46a84 s3-auth: Pass the remote_address down to user_info.
via 45f70db s3-auth: Added remote_address to ntlmssp server.
via 541f3cf s3-rpc_server: Migrate rpc function to tsocket_address.
via 6ac68a8 s3-rpc_server: Add local and remote address to pipes struct.
via c663dff s3-util: Add a get_remote_hostname() function.
via 6b86590 s3-auth: Only reload the config file.
from 8083849 s3: Make cli_cm_open return NTSTATUS
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0ac4f6492803b58bff1d49a4b94524bc33750cd7
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 4 19:07:40 2011 +1000
s3-build link passdb modules against libpassdb
This ensures that they don't include a duplicate copy of
pdb_interface.c functions, because they will instead link the library.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <[email protected]>
Autobuild-Date: Mon Jul 4 12:24:50 CEST 2011 on sn-devel-104
commit 6b97a3b1ff6a81df954e45befb72cb1af602e2c9
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 4 19:03:52 2011 +1000
s3-build allow_undefined_symbols=False is the default now
commit 5d4b197418f9365d3d30bec14337fe57f56c13ff
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 4 18:30:25 2011 +1000
s3-auth libauth no longer requires undefined symbols
commit c599d075cb9d8b843dcc40a34c37ad5392bca767
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 4 18:52:47 2011 +1000
s3-lib Move event_add_idle() to source3/lib/events.c
This allows libauth not to depend on smbd_base.
Andrew Bartlett
commit b8b504a484043e7f61f32b9621549579701817b7
Author: Andrew Bartlett <[email protected]>
Date: Mon Jul 4 18:09:38 2011 +1000
s3-samr Send IP address only to PAM remote hostname hook on password set
The previous behaviour was to attempt to do a reverse hostname lookup,
where enabled. This new behaviour matches the new behaviour in the
modules called by auth stack.
Andrew Bartlett
commit 2a01842da814a716464f4d6f344f615820744bec
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:13:01 2011 +0200
s3: RIP 'struct client_address'.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 2bcbeea05ec4b831d587f83795029dfbe5476c79
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:12:07 2011 +0200
s3-rpc_server: Remove client_id and server_id from pipes struct.
Signed-off-by: Andrew Bartlett <[email protected]>
commit aee04ef3306da989fe50c192425d4de755fb9a7e
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:09:07 2011 +0200
s3-smbd: Remove client_address from smbd_server_connection struct.
Signed-off-by: Andrew Bartlett <[email protected]>
commit b2511a280aa9449123376fd3cbb495dcd1a87dee
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:08:09 2011 +0200
s3-smbd: Remove obsolete smbd_set_server_fd().
Signed-off-by: Andrew Bartlett <[email protected]>
commit cbec251f9aa39ad5791570d349df8d265d7211d7
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 14:23:54 2011 +0200
s3-vfs: Replace client_id in exand msdfs.
Signed-off-by: Andrew Bartlett <[email protected]>
commit c0f1c179b9ea1394b8273cbd12a84276585c3636
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 14:20:21 2011 +0200
s3-vfs: Replace client_id in smbta.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 2f92ffb1a41731ef7bfc7a3f38d54c1bffba2f34
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:03:03 2011 +0200
s3-smbd: Replace client_id in smbd session setup.
Signed-off-by: Andrew Bartlett <[email protected]>
commit ea2917c7a2cab1605da6fcd9e0b4aa3476b1ff68
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 15:57:48 2011 +0200
s3-smbd: Replace client_id in smbd session.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 73d28912a4ff8393c655e239eb3d011cf67ad005
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 15:49:41 2011 +0200
s3-smbd: Replace client_id in smbd service.
Signed-off-by: Andrew Bartlett <[email protected]>
commit ae05a7aec62d9ffcb02ee17d0f5f18e1e7ab1803
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 15:45:18 2011 +0200
s3-smbd: Replace client_id in smbd reply.
Signed-off-by: Andrew Bartlett <[email protected]>
commit ad0f765a096015f223fbb45ed96c19b821e0bb44
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 15:32:00 2011 +0200
s3-smbd: Exit cleanly if we can't create an address string.
Signed-off-by: Andrew Bartlett <[email protected]>
commit d99acd26a2ecee17edf8739990dd67ef659182b1
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 14:29:36 2011 +0200
s3-smbd: Replace client_id in smbd connection.
Signed-off-by: Andrew Bartlett <[email protected]>
commit a513086c2a231f1e6b2e74dd007e7158a07e47a6
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 15:39:25 2011 +0200
s3-smbd: Replace client_id in smbd process.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 726b6c6e528112dca3caa1316ad0acf716736aa2
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 16:22:49 2011 +0200
s3-epmapper: Replace server_id in the epmapper.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 784035fd5301bbe5c611e0ed3c21d4e795da9d17
Author: Andreas Schneider <[email protected]>
Date: Thu Jun 16 14:46:26 2011 +0200
s3-spoolss: Replace client_id in the spoolss server.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 5f228fff2a9c4ee240978aefa4c8f900bcd40fd1
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 15 18:03:30 2011 +0200
s3-samr: Replace client_id in samr server.
Signed-off-by: Andrew Bartlett <[email protected]>
commit f0361924fb9ed71affde66bc476490b9368b4079
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 15 17:55:27 2011 +0200
s3-rpc_server: Replace client_id in dcerpc gssapi server.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 7acaf405e473f5ebc49b2da3c3ce2e71b6e0882f
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 15 18:08:13 2011 +0200
s3-rpc_server: Remove unused client_id in srv_pipe.c.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 66badc1740619eccac26bda720284bab6475f0b5
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 15 11:32:12 2011 +0200
s3-auth: Remove global smbd_server_conn from auth_unix.c.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 7e46a84bb769c2e781e2650b4227b05ee3cb9635
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 8 18:55:37 2011 +0200
s3-auth: Pass the remote_address down to user_info.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 15 11:15:06 2011 +0200
s3-auth: Added remote_address to ntlmssp server.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 541f3cf639699d23b9a96e6c615027a5be4581a9
Author: Andreas Schneider <[email protected]>
Date: Tue Jun 7 17:21:28 2011 +0200
s3-rpc_server: Migrate rpc function to tsocket_address.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 6ac68a803e79984e8d3c065b7b366da0bdd495d6
Author: Andreas Schneider <[email protected]>
Date: Tue Jun 7 17:03:13 2011 +0200
s3-rpc_server: Add local and remote address to pipes struct.
Signed-off-by: Andrew Bartlett <[email protected]>
commit c663dfff880634865c4b9f8bad0fa8599899e66a
Author: Andreas Schneider <[email protected]>
Date: Wed Jun 8 14:50:20 2011 +0200
s3-util: Add a get_remote_hostname() function.
Signed-off-by: Andrew Bartlett <[email protected]>
commit 6b86590342799f3fd35700a1cd1f5fd2aba3547c
Author: Andreas Schneider <[email protected]>
Date: Mon Jun 6 16:07:23 2011 +0200
s3-auth: Only reload the config file.
We only need to reload the config file. This removes a dependency to
smbd.
Signed-off-by: Andrew Bartlett <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 10 +-
source3/auth/auth.c | 16 +++-
source3/auth/auth_compat.c | 45 ++++++++--
source3/auth/auth_ntlmssp.c | 17 +++-
source3/auth/auth_unix.c | 12 ++-
source3/auth/auth_util.c | 19 +++-
source3/auth/proto.h | 19 +++-
source3/auth/user_info.c | 5 +
source3/auth/wscript_build | 5 +-
source3/include/event.h | 10 ++-
source3/include/ntdomain.h | 6 +-
source3/include/ntlmssp_wrap.h | 1 +
source3/include/proto.h | 8 ++-
source3/include/smb.h | 5 -
source3/lib/events.c | 82 ++++++++++++++++-
source3/lib/util_sock.c | 108 ++++++++++++++++++++++
source3/librpc/crypto/spnego.h | 2 +
source3/librpc/rpc/dcerpc_ep.c | 18 +++-
source3/modules/vfs_expand_msdfs.c | 10 ++-
source3/modules/vfs_smb_traffic_analyzer.c | 14 ++-
source3/pam_smbpass/wscript_build | 1 -
source3/passdb/wscript_build | 18 +---
source3/printing/printspoolss.c | 4 +-
source3/rpc_client/cli_winreg_int.c | 16 +++-
source3/rpc_server/dcesrv_gssapi.c | 25 +++++-
source3/rpc_server/dcesrv_gssapi.h | 2 +-
source3/rpc_server/dcesrv_ntlmssp.c | 3 +-
source3/rpc_server/dcesrv_ntlmssp.h | 1 +
source3/rpc_server/dcesrv_spnego.c | 16 +++-
source3/rpc_server/dcesrv_spnego.h | 1 +
source3/rpc_server/epmapper/srv_epmapper.c | 21 ++++-
source3/rpc_server/netlogon/srv_netlog_nt.c | 38 ++++++--
source3/rpc_server/rpc_ncacn_np.c | 53 +++++++----
source3/rpc_server/rpc_ncacn_np.h | 6 +-
source3/rpc_server/rpc_server.c | 53 ++---------
source3/rpc_server/samr/srv_samr_nt.c | 47 ++++++++--
source3/rpc_server/spoolss/srv_spoolss_nt.c | 71 +++++++++++++--
source3/rpc_server/spoolss/srv_spoolss_util.c | 16 +++-
source3/rpc_server/srv_pipe.c | 13 +--
source3/rpc_server/srv_pipe_hnd.c | 3 +-
source3/rpc_server/srv_pipe_hnd.h | 1 -
source3/smbd/connection.c | 10 ++-
source3/smbd/globals.c | 29 ------
source3/smbd/globals.h | 2 +-
source3/smbd/lanman.c | 36 ++++----
source3/smbd/password.c | 16 +++-
source3/smbd/pipes.c | 1 -
source3/smbd/process.c | 122 +++++++------------------
source3/smbd/proto.h | 7 --
source3/smbd/reply.c | 13 ++-
source3/smbd/seal.c | 50 ++++++++--
source3/smbd/server.c | 13 +--
source3/smbd/service.c | 27 ++++-
source3/smbd/session.c | 16 ++--
source3/smbd/sesssetup.c | 23 +++--
source3/smbd/smb2_sesssetup.c | 12 ++-
source3/winbindd/winbindd_pam.c | 15 +++-
source3/wscript_build | 6 +-
58 files changed, 837 insertions(+), 382 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index aaea79d..f674500 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -436,7 +436,7 @@ CRYPTO_OBJ = ../lib/crypto/crc32.o ../lib/crypto/md5.o \
../lib/crypto/sha256.o ../lib/crypto/hmacsha256.o \
../lib/crypto/aes.o ../lib/crypto/rijndael-alg-fst.o
-LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
+LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \
lib/messages.o librpc/gen_ndr/ndr_messaging.o lib/messages_local.o \
lib/messages_ctdbd.o lib/ctdb_packet.o lib/ctdbd_conn.o \
../lib/socket/interfaces.o lib/memcache.o \
@@ -576,7 +576,7 @@ LIBTSOCKET_OBJ = ../lib/tsocket/tsocket.o \
CLDAP_OBJ = libads/cldap.o \
../libcli/cldap/cldap.o \
../lib/util/idtree.o \
- $(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTSOCKET_OBJ)
+ $(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ)
TLDAP_OBJ = lib/tldap.o lib/tldap_util.o lib/util_tsock.o
@@ -1038,7 +1038,7 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ)
$(PASSCHANGE_OBJ) \
rpc_client/init_lsa.o
PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
- $(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
+ $(LIBSAMBA_OBJ) \
$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
@@ -1327,7 +1327,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o
pam_smbpass/pam_smb_passwd.o \
PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ)
$(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
- $(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
+ $(PAM_ERRORS_OBJ)
IDMAP_RW_OBJ = winbindd/idmap_rw.o
@@ -1505,7 +1505,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ)
$(POPT_LIB_OBJ) \
../lib/util/asn1.o ../libcli/auth/spnego_parse.o
libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \
libsmb/samlogon_cache.o \
$(LIBADS_SERVER_OBJ) \
- $(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \
+ $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
$(WBCOMMON_OBJ) \
$(LIBCLI_LDAP_NDR_OBJ) \
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index dbe337f..0f661a9 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -19,7 +19,7 @@
#include "includes.h"
#include "auth.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -284,11 +284,19 @@ static NTSTATUS check_ntlm_password(const struct
auth_context *auth_context,
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
+ char *rhost;
+ int rc;
+
+ rhost =
tsocket_address_inet_addr_string(user_info->remote_host,
+ talloc_tos());
+ if (rhost == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(
- unix_username,
- smbd_server_conn->client_id.name);
+ nt_status = smb_pam_accountcheck(unix_username,
+ rhost);
unbecome_root();
if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 0ae712a..e7225a2 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "auth.h"
+#include "../lib/tsocket/tsocket.h"
extern struct auth_context *negprot_global_auth_context;
extern bool global_encrypted_passwords_negotiated;
@@ -36,6 +37,7 @@ return True if the password is correct, False otherwise
****************************************************************************/
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_blob,
struct auth_serversupplied_info **server_info)
{
@@ -54,7 +56,9 @@ NTSTATUS check_plaintext_password(const char *smb_name,
chal);
if (!make_user_info_for_reply(&user_info,
- smb_name, lp_workgroup(), chal,
+ smb_name, lp_workgroup(),
+ remote_address,
+ chal,
plaintext_blob)) {
return NT_STATUS_NO_MEMORY;
}
@@ -70,6 +74,7 @@ NTSTATUS check_plaintext_password(const char *smb_name,
static NTSTATUS pass_check_smb(struct auth_context *actx,
const char *smb_name,
const char *domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_pwd,
DATA_BLOB nt_pwd)
@@ -82,6 +87,7 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
}
make_user_info_for_reply_enc(&user_info, smb_name,
domain,
+ remote_address,
lm_pwd,
nt_pwd);
nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
@@ -97,7 +103,9 @@ return True if the password is correct, False otherwise
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob)
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob_null;
@@ -110,24 +118,47 @@ bool password_ok(struct auth_context *actx, bool
global_encrypted,
* Vista sends NTLMv2 here - we need to try the client given
workgroup.
*/
if (session_workgroup) {
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name,
session_workgroup, null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name,
session_workgroup, password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name,
lp_workgroup(), null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name,
lp_workgroup(), password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
} else {
struct auth_serversupplied_info *server_info = NULL;
- NTSTATUS nt_status = check_plaintext_password(smb_name,
password_blob, &server_info);
+ NTSTATUS nt_status = check_plaintext_password(smb_name,
+ remote_address,
+ password_blob,
+ &server_info);
TALLOC_FREE(server_info);
if (NT_STATUS_IS_OK(nt_status)) {
return True;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 1fecc09..2d1aef1 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,7 +25,7 @@
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/netlogon.h"
-#include "smbd/smbd.h"
+#include "../lib/tsocket/tsocket.h"
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state
*auth_ntlmssp_state,
@@ -119,12 +119,13 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
/* sub_set_smb_name checks for weird internally */
sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
- reload_services(smbd_messaging_context(), -1, True);
+ lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
- nt_status = make_user_info_map(&user_info,
+ nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->domain,
auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+ auth_ntlmssp_state->remote_address,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ?
&auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ?
&auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
@@ -173,7 +174,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct
ntlmssp_state *ntlmssp_state,
static int auth_ntlmssp_state_destructor(void *ptr);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+ struct auth_ntlmssp_state **auth_ntlmssp_state)
{
NTSTATUS nt_status;
bool is_standalone;
@@ -205,6 +207,12 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state
**auth_ntlmssp_state)
return NT_STATUS_NO_MEMORY;
}
+ ans->remote_address = tsocket_address_copy(remote_address, ans);
+ if (ans->remote_address == NULL) {
+ DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
nt_status = ntlmssp_server_start(ans,
is_standalone,
netbios_name,
@@ -240,6 +248,7 @@ static int auth_ntlmssp_state_destructor(void *ptr)
ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
+ TALLOC_FREE(ans->remote_address);
TALLOC_FREE(ans->server_info);
TALLOC_FREE(ans->ntlmssp_state);
return 0;
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 3695698..f0a5215 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -20,7 +20,7 @@
#include "includes.h"
#include "auth.h"
#include "system/passwd.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -39,9 +39,17 @@ static NTSTATUS check_unix_security(const struct
auth_context *auth_context,
{
NTSTATUS nt_status;
struct passwd *pass = NULL;
+ char *rhost;
+ int rc;
DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
+ rhost = tsocket_address_inet_addr_string(user_info->remote_host,
+ talloc_tos());
+ if (rhost == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
become_root();
pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
@@ -49,7 +57,7 @@ static NTSTATUS check_unix_security(const struct auth_context
*auth_context,
done. We may need to revisit this **/
nt_status = pass_check(pass,
pass ? pass->pw_name :
user_info->mapped.account_name,
- smbd_server_conn->client_id.name,
+ rhost,
user_info->password.plaintext,
true);
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 64c290e..dd12692 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -89,6 +89,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info
**user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
@@ -137,7 +138,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info
**user_info,
result = make_user_info(user_info, smb_name, internal_username,
client_domain, domain, workstation_name,
- lm_pwd, nt_pwd,
+ remote_address, lm_pwd, nt_pwd,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, password_state);
if (NT_STATUS_IS_OK(result)) {
@@ -158,6 +159,7 @@ bool make_user_info_netlogon_network(struct
auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address
*remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
@@ -172,6 +174,7 @@ bool make_user_info_netlogon_network(struct
auth_usersupplied_info **user_info,
status = make_user_info_map(user_info,
smb_name, client_domain,
workstation_name,
+ remote_address,
lm_pwd_len ? &lm_blob : NULL,
nt_pwd_len ? &nt_blob : NULL,
NULL, NULL, NULL,
@@ -196,6 +199,7 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address
*remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
@@ -271,6 +275,7 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
nt_status = make_user_info_map(
user_info,
smb_name, client_domain, workstation_name,
+ remote_address,
lm_interactive_pwd ? &local_lm_blob : NULL,
nt_interactive_pwd ? &local_nt_blob : NULL,
lm_interactive_pwd ? &lm_pwd : NULL,
@@ -296,6 +301,7 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password)
{
@@ -342,6 +348,7 @@ bool make_user_info_for_reply(struct auth_usersupplied_info
**user_info,
ret = make_user_info_map(
user_info, smb_name, client_domain,
get_remote_machine_name(),
+ remote_address,
local_lm_blob.data ? &local_lm_blob : NULL,
local_nt_blob.data ? &local_nt_blob : NULL,
NULL, NULL,
@@ -363,12 +370,14 @@ bool make_user_info_for_reply(struct
auth_usersupplied_info **user_info,
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info
**user_info,
const char *smb_name,
- const char *client_domain,
+ const char *client_domain,
+ const struct tsocket_address
*remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
return make_user_info_map(user_info, smb_name,
client_domain,
- get_remote_machine_name(),
+ get_remote_machine_name(),
+ remote_address,
lm_resp.data && (lm_resp.length > 0) ?
&lm_resp : NULL,
nt_resp.data && (nt_resp.length > 0) ?
&nt_resp : NULL,
NULL, NULL, NULL,
@@ -379,7 +388,8 @@ NTSTATUS make_user_info_for_reply_enc(struct
auth_usersupplied_info **user_info,
Create a guest user_info blob, for anonymous authenticaion.
****************************************************************************/
-bool make_user_info_guest(struct auth_usersupplied_info **user_info)
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info)
{
NTSTATUS nt_status;
@@ -387,6 +397,7 @@ bool make_user_info_guest(struct auth_usersupplied_info
**user_info)
"","",
"","",
"",
+ remote_address,
NULL, NULL,
NULL, NULL,
NULL,
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 46846ac..2839793 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -51,11 +51,14 @@ NTSTATUS auth_builtin_init(void);
/* The following definitions come from auth/auth_compat.c */
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_password,
struct auth_serversupplied_info
**server_info);
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob);
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob);
/* The following definitions come from auth/auth_domain.c */
@@ -69,7 +72,8 @@ NTSTATUS auth_netlogond_init(void);
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
struct auth_ntlmssp_state *auth_ntlmssp_state,
struct auth_serversupplied_info **session_info);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+ struct auth_ntlmssp_state **auth_ntlmssp_state);
/* The following definitions come from auth/auth_sam.c */
@@ -93,11 +97,13 @@ NTSTATUS auth_server_init(void);
NTSTATUS auth_unix_init(void);
/* The following definitions come from auth/auth_util.c */
+struct tsocket_address;
NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
@@ -108,6 +114,7 @@ bool make_user_info_netlogon_network(struct
auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address
*remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
@@ -117,6 +124,7 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address
*remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
@@ -125,13 +133,17 @@ bool make_user_info_netlogon_interactive(struct
auth_usersupplied_info **user_in
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password);
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info
**user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address
*remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info);
+
struct samu;
NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass);
@@ -191,6 +203,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info
**ret_user_info,
const char *client_domain,
const char *domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
const DATA_BLOB *lm_pwd,
const DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c
index 606381b..6b98412 100644
--- a/source3/auth/user_info.c
+++ b/source3/auth/user_info.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "auth.h"
#include "librpc/gen_ndr/samr.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -46,6 +47,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info
**ret_user_info,
--
Samba Shared Repository
