#include "includes.h"
#include "auth.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
if (NT_STATUS_IS_OK(nt_status)) {
unix_username = (*server_info)->unix_name;
if (!(*server_info)->guest) {
+ char *rhost;
+ int rc;
+
+ rhost = tsocket_address_inet_addr_string(user_info->remote_host,
+ talloc_tos());
+ if (rhost == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
/* We might not be root if we are an RPC call */
become_root();
- nt_status = smb_pam_accountcheck(
- unix_username,
- smbd_server_conn->client_id.name);
+ nt_status = smb_pam_accountcheck(unix_username,
+ rhost);
unbecome_root();
if (NT_STATUS_IS_OK(nt_status)) {
#include "includes.h"
#include "auth.h"
+#include "../lib/tsocket/tsocket.h"
extern struct auth_context *negprot_global_auth_context;
extern bool global_encrypted_passwords_negotiated;
****************************************************************************/
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_blob,
struct auth_serversupplied_info **server_info)
{
chal);
if (!make_user_info_for_reply(&user_info,
- smb_name, lp_workgroup(), chal,
+ smb_name, lp_workgroup(),
+ remote_address,
+ chal,
plaintext_blob)) {
return NT_STATUS_NO_MEMORY;
}
static NTSTATUS pass_check_smb(struct auth_context *actx,
const char *smb_name,
const char *domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_pwd,
DATA_BLOB nt_pwd)
}
make_user_info_for_reply_enc(&user_info, smb_name,
domain,
+ remote_address,
lm_pwd,
nt_pwd);
nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob)
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob)
{
DATA_BLOB null_password = data_blob_null;
* Vista sends NTLMv2 here - we need to try the client given workgroup.
*/
if (session_workgroup) {
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ session_workgroup,
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ null_password,
+ password_blob))) {
return True;
}
- if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password))) {
+ if (NT_STATUS_IS_OK(pass_check_smb(actx,
+ smb_name,
+ lp_workgroup(),
+ remote_address,
+ password_blob,
+ null_password))) {
return True;
}
} else {
struct auth_serversupplied_info *server_info = NULL;
- NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info);
+ NTSTATUS nt_status = check_plaintext_password(smb_name,
+ remote_address,
+ password_blob,
+ &server_info);
TALLOC_FREE(server_info);
if (NT_STATUS_IS_OK(nt_status)) {
return True;
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "../librpc/gen_ndr/netlogon.h"
-#include "smbd/smbd.h"
#include "../lib/tsocket/tsocket.h"
NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
- nt_status = make_user_info_map(&user_info,
+ nt_status = make_user_info_map(&user_info,
auth_ntlmssp_state->ntlmssp_state->user,
auth_ntlmssp_state->ntlmssp_state->domain,
auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+ auth_ntlmssp_state->remote_address,
auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL,
auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL,
NULL, NULL, NULL,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
result = make_user_info(user_info, smb_name, internal_username,
client_domain, domain, workstation_name,
- lm_pwd, nt_pwd,
+ remote_address, lm_pwd, nt_pwd,
lm_interactive_pwd, nt_interactive_pwd,
plaintext, password_state);
if (NT_STATUS_IS_OK(result)) {
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
status = make_user_info_map(user_info,
smb_name, client_domain,
workstation_name,
+ remote_address,
lm_pwd_len ? &lm_blob : NULL,
nt_pwd_len ? &nt_blob : NULL,
NULL, NULL, NULL,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
nt_status = make_user_info_map(
user_info,
smb_name, client_domain, workstation_name,
+ remote_address,
lm_interactive_pwd ? &local_lm_blob : NULL,
nt_interactive_pwd ? &local_nt_blob : NULL,
lm_interactive_pwd ? &lm_pwd : NULL,
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password)
{
ret = make_user_info_map(
user_info, smb_name, client_domain,
get_remote_machine_name(),
+ remote_address,
local_lm_blob.data ? &local_lm_blob : NULL,
local_nt_blob.data ? &local_nt_blob : NULL,
NULL, NULL,
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
- const char *client_domain,
+ const char *client_domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
{
return make_user_info_map(user_info, smb_name,
client_domain,
- get_remote_machine_name(),
+ get_remote_machine_name(),
+ remote_address,
lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL,
nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL,
NULL, NULL, NULL,
Create a guest user_info blob, for anonymous authenticaion.
****************************************************************************/
-bool make_user_info_guest(struct auth_usersupplied_info **user_info)
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info)
{
NTSTATUS nt_status;
"","",
"","",
"",
+ remote_address,
NULL, NULL,
NULL, NULL,
NULL,
/* The following definitions come from auth/auth_compat.c */
NTSTATUS check_plaintext_password(const char *smb_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB plaintext_password,
struct auth_serversupplied_info **server_info);
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
- const char *smb_name, DATA_BLOB password_blob);
+ const char *smb_name,
+ const struct tsocket_address *remote_address,
+ DATA_BLOB password_blob);
/* The following definitions come from auth/auth_domain.c */
NTSTATUS auth_unix_init(void);
/* The following definitions come from auth/auth_util.c */
+struct tsocket_address;
NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
DATA_BLOB *lm_pwd,
DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar *lm_network_pwd,
int lm_pwd_len,
const char *smb_name,
const char *client_domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
uint32 logon_parameters,
const uchar chal[8],
const uchar lm_interactive_pwd[16],
bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
const uint8 chal[8],
DATA_BLOB plaintext_password);
NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
+ const struct tsocket_address *remote_address,
DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+ struct auth_usersupplied_info **user_info);
+
struct samu;
NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass);
const char *client_domain,
const char *domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
const DATA_BLOB *lm_pwd,
const DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
#include "includes.h"
#include "auth.h"
#include "librpc/gen_ndr/samr.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
const char *client_domain,
const char *domain,
const char *workstation_name,
+ const struct tsocket_address *remote_address,
const DATA_BLOB *lm_pwd,
const DATA_BLOB *nt_pwd,
const struct samr_Password *lm_interactive_pwd,
user_info->workstation_name = talloc_strdup(user_info, workstation_name);
NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info->workstation_name, user_info);
+ user_info->remote_host = tsocket_address_copy(remote_address, user_info);
+ NT_STATUS_HAVE_NO_MEMORY_AND_FREE(user_info->remote_host, user_info);
+
DEBUG(5,("making blobs for %s's user_info struct\n", internal_username));
if (lm_pwd && lm_pwd->data) {
if (!make_user_info_netlogon_network(&user_info,
nt_username, nt_domain,
wksname,
+ p->remote_address,
logon->network->identity_info.parameter_control,
logon->network->lm.data,
logon->network->lm.length,
if (!make_user_info_netlogon_interactive(&user_info,
nt_username, nt_domain,
nt_workstation,
+ p->remote_address,
logon->password->identity_info.parameter_control,
chal,
logon->password->lmpassword.hash,
if (user_ok(user, snum) &&
password_ok(actx, enc,
get_session_workgroup(sconn),
- user,password)) {
+ user,
+ sconn->remote_address,
+ password)) {
endnetgrent();
return(user);
}
if (user_ok(member,snum) &&
password_ok(actx, enc,
get_session_workgroup(sconn),
- member,password)) {
+ member,
+ sconn->remote_address,
+ password)) {
char *name = talloc_strdup(talloc_tos(),
member);
SAFE_FREE(member_list);
if (password_ok(actx, enc,
get_session_workgroup(sconn),
- user2,password)) {
+ user2,
+ sconn->remote_address,
+ password)) {
ok = True;
strlcpy(user,user2,sizeof(fstring));
DEBUG(3,("authorise_login: ACCEPTED: session "
if (user_ok(user2,snum) &&
password_ok(actx, enc,
get_session_workgroup(sconn),
- user2,password)) {
+ user2,
+ sconn->remote_address,
+ password)) {
ok = True;
strlcpy(user,user2,sizeof(fstring));
DEBUG(3,("authorise_login: ACCEPTED: "
Do a 'guest' logon, getting back the
****************************************************************************/
-static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info)
+static NTSTATUS check_guest_password(const struct tsocket_address *remote_address,
+ struct auth_serversupplied_info **server_info)
{
struct auth_context *auth_context;
struct auth_usersupplied_info *user_info = NULL;
return nt_status;
}
- if (!make_user_info_guest(&user_info)) {
+ if (!make_user_info_guest(remote_address, &user_info)) {
TALLOC_FREE(auth_context);
return NT_STATUS_NO_MEMORY;
}
if (!*user) {
- nt_status = check_guest_password(&server_info);
+ nt_status = check_guest_password(sconn->remote_address, &server_info);
} else if (doencrypt) {
struct auth_context *negprot_auth_context = NULL;
}
nt_status = make_user_info_for_reply_enc(&user_info, user,
domain,
+ sconn->remote_address,
lm_resp, nt_resp);
if (NT_STATUS_IS_OK(nt_status)) {
nt_status = negprot_auth_context->check_ntlm_password(
plaintext_auth_context, chal);
if (!make_user_info_for_reply(&user_info,
- user, domain, chal,
+ user, domain,
+ sconn->remote_address,
+ chal,
plaintext_password)) {
nt_status = NT_STATUS_NO_MEMORY;
}
#include "../librpc/gen_ndr/krb5pac.h"
#include "passdb/machine_sid.h"
#include "auth.h"
+#include "../lib/tsocket/tsocket.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
struct netr_SamInfo3 **pinfo3)
{
struct auth_usersupplied_info *user_info = NULL;
+ struct tsocket_address *local;
NTSTATUS status;
-
+ int rc;
+
+ rc = tsocket_address_inet_from_strings(mem_ctx,
+ "ip",
+ "127.0.0.1",
+ 0,
+ &local);
+ if (rc < 0) {
+ return NT_STATUS_NO_MEMORY;
+ }
status = make_user_info(&user_info, user, user, domain, domain,
- lp_netbios_name(), lm_resp, nt_resp, NULL, NULL,
+ lp_netbios_name(), local, lm_resp, nt_resp, NULL, NULL,
NULL, AUTH_PASSWORD_RESPONSE);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("make_user_info failed: %s\n", nt_errstr(status)));