[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Mon Jul 4 04:25:02 MDT 2011


The branch, master has been updated
       via  0ac4f64 s3-build link passdb modules against libpassdb
       via  6b97a3b s3-build allow_undefined_symbols=False is the default now
       via  5d4b197 s3-auth libauth no longer requires undefined symbols
       via  c599d07 s3-lib Move event_add_idle() to source3/lib/events.c
       via  b8b504a s3-samr Send IP address only to PAM remote hostname hook on password set
       via  2a01842 s3: RIP 'struct client_address'.
       via  2bcbeea s3-rpc_server: Remove client_id and server_id from pipes struct.
       via  aee04ef s3-smbd: Remove client_address from smbd_server_connection struct.
       via  b2511a2 s3-smbd: Remove obsolete smbd_set_server_fd().
       via  cbec251 s3-vfs: Replace client_id in exand msdfs.
       via  c0f1c17 s3-vfs: Replace client_id in smbta.
       via  2f92ffb s3-smbd: Replace client_id in smbd session setup.
       via  ea2917c s3-smbd: Replace client_id in smbd session.
       via  73d2891 s3-smbd: Replace client_id in smbd service.
       via  ae05a7a s3-smbd: Replace client_id in smbd reply.
       via  ad0f765 s3-smbd: Exit cleanly if we can't create an address string.
       via  d99acd2 s3-smbd: Replace client_id in smbd connection.
       via  a513086 s3-smbd: Replace client_id in smbd process.
       via  726b6c6 s3-epmapper: Replace server_id in the epmapper.
       via  784035f s3-spoolss: Replace client_id in the spoolss server.
       via  5f228ff s3-samr: Replace client_id in samr server.
       via  f036192 s3-rpc_server: Replace client_id in dcerpc gssapi server.
       via  7acaf40 s3-rpc_server: Remove unused client_id in srv_pipe.c.
       via  66badc1 s3-auth: Remove global smbd_server_conn from auth_unix.c.
       via  7e46a84 s3-auth: Pass the remote_address down to user_info.
       via  45f70db s3-auth: Added remote_address to ntlmssp server.
       via  541f3cf s3-rpc_server: Migrate rpc function to tsocket_address.
       via  6ac68a8 s3-rpc_server: Add local and remote address to pipes struct.
       via  c663dff s3-util: Add a get_remote_hostname() function.
       via  6b86590 s3-auth: Only reload the config file.
      from  8083849 s3: Make cli_cm_open return NTSTATUS

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0ac4f6492803b58bff1d49a4b94524bc33750cd7
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 4 19:07:40 2011 +1000

    s3-build link passdb modules against libpassdb
    
    This ensures that they don't include a duplicate copy of
    pdb_interface.c functions, because they will instead link the library.
    
    Andrew Bartlett
    
    Autobuild-User: Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date: Mon Jul  4 12:24:50 CEST 2011 on sn-devel-104

commit 6b97a3b1ff6a81df954e45befb72cb1af602e2c9
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 4 19:03:52 2011 +1000

    s3-build allow_undefined_symbols=False is the default now

commit 5d4b197418f9365d3d30bec14337fe57f56c13ff
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 4 18:30:25 2011 +1000

    s3-auth libauth no longer requires undefined symbols

commit c599d075cb9d8b843dcc40a34c37ad5392bca767
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 4 18:52:47 2011 +1000

    s3-lib Move event_add_idle() to source3/lib/events.c
    
    This allows libauth not to depend on smbd_base.
    
    Andrew Bartlett

commit b8b504a484043e7f61f32b9621549579701817b7
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon Jul 4 18:09:38 2011 +1000

    s3-samr Send IP address only to PAM remote hostname hook on password set
    
    The previous behaviour was to attempt to do a reverse hostname lookup,
    where enabled.  This new behaviour matches the new behaviour in the
    modules called by auth stack.
    
    Andrew Bartlett

commit 2a01842da814a716464f4d6f344f615820744bec
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:13:01 2011 +0200

    s3: RIP 'struct client_address'.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 2bcbeea05ec4b831d587f83795029dfbe5476c79
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:12:07 2011 +0200

    s3-rpc_server: Remove client_id and server_id from pipes struct.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit aee04ef3306da989fe50c192425d4de755fb9a7e
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:09:07 2011 +0200

    s3-smbd: Remove client_address from smbd_server_connection struct.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit b2511a280aa9449123376fd3cbb495dcd1a87dee
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:08:09 2011 +0200

    s3-smbd: Remove obsolete smbd_set_server_fd().
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit cbec251f9aa39ad5791570d349df8d265d7211d7
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 14:23:54 2011 +0200

    s3-vfs: Replace client_id in exand msdfs.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit c0f1c179b9ea1394b8273cbd12a84276585c3636
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 14:20:21 2011 +0200

    s3-vfs: Replace client_id in smbta.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 2f92ffb1a41731ef7bfc7a3f38d54c1bffba2f34
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:03:03 2011 +0200

    s3-smbd: Replace client_id in smbd session setup.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit ea2917c7a2cab1605da6fcd9e0b4aa3476b1ff68
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 15:57:48 2011 +0200

    s3-smbd: Replace client_id in smbd session.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 73d28912a4ff8393c655e239eb3d011cf67ad005
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 15:49:41 2011 +0200

    s3-smbd: Replace client_id in smbd service.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit ae05a7aec62d9ffcb02ee17d0f5f18e1e7ab1803
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 15:45:18 2011 +0200

    s3-smbd: Replace client_id in smbd reply.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit ad0f765a096015f223fbb45ed96c19b821e0bb44
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 15:32:00 2011 +0200

    s3-smbd: Exit cleanly if we can't create an address string.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit d99acd26a2ecee17edf8739990dd67ef659182b1
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 14:29:36 2011 +0200

    s3-smbd: Replace client_id in smbd connection.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit a513086c2a231f1e6b2e74dd007e7158a07e47a6
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 15:39:25 2011 +0200

    s3-smbd: Replace client_id in smbd process.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 726b6c6e528112dca3caa1316ad0acf716736aa2
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 16:22:49 2011 +0200

    s3-epmapper: Replace server_id in the epmapper.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 784035fd5301bbe5c611e0ed3c21d4e795da9d17
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Jun 16 14:46:26 2011 +0200

    s3-spoolss: Replace client_id in the spoolss server.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 5f228fff2a9c4ee240978aefa4c8f900bcd40fd1
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 15 18:03:30 2011 +0200

    s3-samr: Replace client_id in samr server.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit f0361924fb9ed71affde66bc476490b9368b4079
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 15 17:55:27 2011 +0200

    s3-rpc_server: Replace client_id in dcerpc gssapi server.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 7acaf405e473f5ebc49b2da3c3ce2e71b6e0882f
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 15 18:08:13 2011 +0200

    s3-rpc_server: Remove unused client_id in srv_pipe.c.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 66badc1740619eccac26bda720284bab6475f0b5
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 15 11:32:12 2011 +0200

    s3-auth: Remove global smbd_server_conn from auth_unix.c.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 7e46a84bb769c2e781e2650b4227b05ee3cb9635
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 8 18:55:37 2011 +0200

    s3-auth: Pass the remote_address down to user_info.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 45f70db01070cfb0cdfb6ae0e8ee64da2bf42fc0
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 15 11:15:06 2011 +0200

    s3-auth: Added remote_address to ntlmssp server.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 541f3cf639699d23b9a96e6c615027a5be4581a9
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Jun 7 17:21:28 2011 +0200

    s3-rpc_server: Migrate rpc function to tsocket_address.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 6ac68a803e79984e8d3c065b7b366da0bdd495d6
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Jun 7 17:03:13 2011 +0200

    s3-rpc_server: Add local and remote address to pipes struct.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit c663dfff880634865c4b9f8bad0fa8599899e66a
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Jun 8 14:50:20 2011 +0200

    s3-util: Add a get_remote_hostname() function.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit 6b86590342799f3fd35700a1cd1f5fd2aba3547c
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jun 6 16:07:23 2011 +0200

    s3-auth: Only reload the config file.
    
    We only need to reload the config file. This removes a dependency to
    smbd.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 source3/Makefile.in                           |   10 +-
 source3/auth/auth.c                           |   16 +++-
 source3/auth/auth_compat.c                    |   45 ++++++++--
 source3/auth/auth_ntlmssp.c                   |   17 +++-
 source3/auth/auth_unix.c                      |   12 ++-
 source3/auth/auth_util.c                      |   19 +++-
 source3/auth/proto.h                          |   19 +++-
 source3/auth/user_info.c                      |    5 +
 source3/auth/wscript_build                    |    5 +-
 source3/include/event.h                       |   10 ++-
 source3/include/ntdomain.h                    |    6 +-
 source3/include/ntlmssp_wrap.h                |    1 +
 source3/include/proto.h                       |    8 ++-
 source3/include/smb.h                         |    5 -
 source3/lib/events.c                          |   82 ++++++++++++++++-
 source3/lib/util_sock.c                       |  108 ++++++++++++++++++++++
 source3/librpc/crypto/spnego.h                |    2 +
 source3/librpc/rpc/dcerpc_ep.c                |   18 +++-
 source3/modules/vfs_expand_msdfs.c            |   10 ++-
 source3/modules/vfs_smb_traffic_analyzer.c    |   14 ++-
 source3/pam_smbpass/wscript_build             |    1 -
 source3/passdb/wscript_build                  |   18 +---
 source3/printing/printspoolss.c               |    4 +-
 source3/rpc_client/cli_winreg_int.c           |   16 +++-
 source3/rpc_server/dcesrv_gssapi.c            |   25 +++++-
 source3/rpc_server/dcesrv_gssapi.h            |    2 +-
 source3/rpc_server/dcesrv_ntlmssp.c           |    3 +-
 source3/rpc_server/dcesrv_ntlmssp.h           |    1 +
 source3/rpc_server/dcesrv_spnego.c            |   16 +++-
 source3/rpc_server/dcesrv_spnego.h            |    1 +
 source3/rpc_server/epmapper/srv_epmapper.c    |   21 ++++-
 source3/rpc_server/netlogon/srv_netlog_nt.c   |   38 ++++++--
 source3/rpc_server/rpc_ncacn_np.c             |   53 +++++++----
 source3/rpc_server/rpc_ncacn_np.h             |    6 +-
 source3/rpc_server/rpc_server.c               |   53 ++---------
 source3/rpc_server/samr/srv_samr_nt.c         |   47 ++++++++--
 source3/rpc_server/spoolss/srv_spoolss_nt.c   |   71 +++++++++++++--
 source3/rpc_server/spoolss/srv_spoolss_util.c |   16 +++-
 source3/rpc_server/srv_pipe.c                 |   13 +--
 source3/rpc_server/srv_pipe_hnd.c             |    3 +-
 source3/rpc_server/srv_pipe_hnd.h             |    1 -
 source3/smbd/connection.c                     |   10 ++-
 source3/smbd/globals.c                        |   29 ------
 source3/smbd/globals.h                        |    2 +-
 source3/smbd/lanman.c                         |   36 ++++----
 source3/smbd/password.c                       |   16 +++-
 source3/smbd/pipes.c                          |    1 -
 source3/smbd/process.c                        |  122 +++++++------------------
 source3/smbd/proto.h                          |    7 --
 source3/smbd/reply.c                          |   13 ++-
 source3/smbd/seal.c                           |   50 ++++++++--
 source3/smbd/server.c                         |   13 +--
 source3/smbd/service.c                        |   27 ++++-
 source3/smbd/session.c                        |   16 ++--
 source3/smbd/sesssetup.c                      |   23 +++--
 source3/smbd/smb2_sesssetup.c                 |   12 ++-
 source3/winbindd/winbindd_pam.c               |   15 +++-
 source3/wscript_build                         |    6 +-
 58 files changed, 837 insertions(+), 382 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/Makefile.in b/source3/Makefile.in
index aaea79d..f674500 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -436,7 +436,7 @@ CRYPTO_OBJ = ../lib/crypto/crc32.o ../lib/crypto/md5.o \
 			 ../lib/crypto/sha256.o ../lib/crypto/hmacsha256.o \
 			 ../lib/crypto/aes.o ../lib/crypto/rijndael-alg-fst.o
 
-LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) \
+LIB_OBJ = $(LIBSAMBAUTIL_OBJ) $(UTIL_OBJ) $(CRYPTO_OBJ) $(LIBTSOCKET_OBJ) \
 	  lib/messages.o librpc/gen_ndr/ndr_messaging.o lib/messages_local.o \
 	  lib/messages_ctdbd.o lib/ctdb_packet.o lib/ctdbd_conn.o \
 	  ../lib/socket/interfaces.o lib/memcache.o \
@@ -576,7 +576,7 @@ LIBTSOCKET_OBJ = ../lib/tsocket/tsocket.o \
 CLDAP_OBJ = libads/cldap.o \
 	../libcli/cldap/cldap.o \
 	../lib/util/idtree.o \
-	$(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ) $(LIBTSOCKET_OBJ)
+	$(LIBCLI_LDAP_MESSAGE_OBJ) $(LIBCLI_LDAP_NDR_OBJ)
 
 TLDAP_OBJ = lib/tldap.o lib/tldap_util.o lib/util_tsock.o
 
@@ -1038,7 +1038,7 @@ SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \
 		rpc_client/init_lsa.o
 
 PDBEDIT_OBJ = utils/pdbedit.o $(PASSWD_UTIL_OBJ) $(PARAM_OBJ) $(PASSDB_OBJ) \
-		$(LIBSAMBA_OBJ) $(LIBTSOCKET_OBJ) \
+		$(LIBSAMBA_OBJ) \
 		$(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) \
 		$(LIBCLI_LDAP_NDR_OBJ) \
 		$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
@@ -1327,7 +1327,7 @@ PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
 PAM_SMBPASS_OBJ = $(PAM_SMBPASS_OBJ_0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
 		$(SMBLDAP_OBJ) $(LIBSAMBA_OBJ) \
 		$(DRSUAPI_OBJ) $(LIBNDR_GEN_OBJ0) \
-		$(LIBTSOCKET_OBJ) $(PAM_ERRORS_OBJ)
+		$(PAM_ERRORS_OBJ)
 
 IDMAP_RW_OBJ = winbindd/idmap_rw.o
 
@@ -1505,7 +1505,7 @@ NTLM_AUTH_OBJ = ${NTLM_AUTH_OBJ1} $(LIBSAMBA_OBJ) $(POPT_LIB_OBJ) \
 		../lib/util/asn1.o ../libcli/auth/spnego_parse.o libsmb/clikrb5.o ../libcli/auth/krb5_wrap.o libads/kerberos.o \
 		libsmb/samlogon_cache.o \
 		$(LIBADS_SERVER_OBJ) \
-		$(PASSDB_OBJ) $(LIBTSOCKET_OBJ) $(GROUPDB_OBJ) \
+		$(PASSDB_OBJ) $(GROUPDB_OBJ) \
 		$(SMBLDAP_OBJ) $(LIBNMB_OBJ) \
 		$(WBCOMMON_OBJ) \
 		$(LIBCLI_LDAP_NDR_OBJ) \
diff --git a/source3/auth/auth.c b/source3/auth/auth.c
index dbe337f..0f661a9 100644
--- a/source3/auth/auth.c
+++ b/source3/auth/auth.c
@@ -19,7 +19,7 @@
 
 #include "includes.h"
 #include "auth.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -284,11 +284,19 @@ static NTSTATUS check_ntlm_password(const struct auth_context *auth_context,
 	if (NT_STATUS_IS_OK(nt_status)) {
 		unix_username = (*server_info)->unix_name;
 		if (!(*server_info)->guest) {
+			char *rhost;
+			int rc;
+
+			rhost = tsocket_address_inet_addr_string(user_info->remote_host,
+								 talloc_tos());
+			if (rhost == NULL) {
+				return NT_STATUS_NO_MEMORY;
+			}
+
 			/* We might not be root if we are an RPC call */
 			become_root();
-			nt_status = smb_pam_accountcheck(
-				unix_username,
-				smbd_server_conn->client_id.name);
+			nt_status = smb_pam_accountcheck(unix_username,
+							 rhost);
 			unbecome_root();
 
 			if (NT_STATUS_IS_OK(nt_status)) {
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 0ae712a..e7225a2 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -19,6 +19,7 @@
 
 #include "includes.h"
 #include "auth.h"
+#include "../lib/tsocket/tsocket.h"
 
 extern struct auth_context *negprot_global_auth_context;
 extern bool global_encrypted_passwords_negotiated;
@@ -36,6 +37,7 @@ return True if the password is correct, False otherwise
 ****************************************************************************/
 
 NTSTATUS check_plaintext_password(const char *smb_name,
+				  const struct tsocket_address *remote_address,
 				  DATA_BLOB plaintext_blob,
 				  struct auth_serversupplied_info **server_info)
 {
@@ -54,7 +56,9 @@ NTSTATUS check_plaintext_password(const char *smb_name,
 						   chal);
 
 	if (!make_user_info_for_reply(&user_info, 
-				      smb_name, lp_workgroup(), chal,
+				      smb_name, lp_workgroup(),
+				      remote_address,
+				      chal,
 				      plaintext_blob)) {
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -70,6 +74,7 @@ NTSTATUS check_plaintext_password(const char *smb_name,
 static NTSTATUS pass_check_smb(struct auth_context *actx,
 			       const char *smb_name,
 			       const char *domain, 
+			       const struct tsocket_address *remote_address,
 			       DATA_BLOB lm_pwd,
 			       DATA_BLOB nt_pwd)
 
@@ -82,6 +87,7 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
 	}
 	make_user_info_for_reply_enc(&user_info, smb_name,
 				     domain,
+				     remote_address,
 				     lm_pwd,
 				     nt_pwd);
 	nt_status = actx->check_ntlm_password(actx, user_info, &server_info);
@@ -97,7 +103,9 @@ return True if the password is correct, False otherwise
 
 bool password_ok(struct auth_context *actx, bool global_encrypted,
 		 const char *session_workgroup,
-		 const char *smb_name, DATA_BLOB password_blob)
+		 const char *smb_name,
+		 const struct tsocket_address *remote_address,
+		 DATA_BLOB password_blob)
 {
 
 	DATA_BLOB null_password = data_blob_null;
@@ -110,24 +118,47 @@ bool password_ok(struct auth_context *actx, bool global_encrypted,
 		 * Vista sends NTLMv2 here - we need to try the client given workgroup.
 		 */
 		if (session_workgroup) {
-			if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, null_password, password_blob))) {
+			if (NT_STATUS_IS_OK(pass_check_smb(actx,
+							   smb_name,
+							   session_workgroup,
+							   remote_address,
+							   null_password,
+							   password_blob))) {
 				return True;
 			}
-			if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, session_workgroup, password_blob, null_password))) {
+			if (NT_STATUS_IS_OK(pass_check_smb(actx,
+							   smb_name,
+							   session_workgroup,
+							   remote_address,
+							   password_blob,
+							   null_password))) {
 				return True;
 			}
 		}
 
-		if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), null_password, password_blob))) {
+		if (NT_STATUS_IS_OK(pass_check_smb(actx,
+						   smb_name,
+						   lp_workgroup(),
+						   remote_address,
+						   null_password,
+						   password_blob))) {
 			return True;
 		}
 
-		if (NT_STATUS_IS_OK(pass_check_smb(actx, smb_name, lp_workgroup(), password_blob, null_password))) {
+		if (NT_STATUS_IS_OK(pass_check_smb(actx,
+						   smb_name,
+						   lp_workgroup(),
+						   remote_address,
+						   password_blob,
+						   null_password))) {
 			return True;
 		}
 	} else {
 		struct auth_serversupplied_info *server_info = NULL;
-		NTSTATUS nt_status = check_plaintext_password(smb_name, password_blob, &server_info);
+		NTSTATUS nt_status = check_plaintext_password(smb_name,
+							      remote_address,
+							      password_blob,
+							      &server_info);
 		TALLOC_FREE(server_info);
 		if (NT_STATUS_IS_OK(nt_status)) {
 			return True;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 1fecc09..2d1aef1 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -25,7 +25,7 @@
 #include "../libcli/auth/ntlmssp.h"
 #include "ntlmssp_wrap.h"
 #include "../librpc/gen_ndr/netlogon.h"
-#include "smbd/smbd.h"
+#include "../lib/tsocket/tsocket.h"
 
 NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
 					struct auth_ntlmssp_state *auth_ntlmssp_state,
@@ -119,12 +119,13 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 	/* sub_set_smb_name checks for weird internally */
 	sub_set_smb_name(auth_ntlmssp_state->ntlmssp_state->user);
 
-	reload_services(smbd_messaging_context(), -1, True);
+	lp_load(get_dyn_CONFIGFILE(), false, false, true, true);
 
-	nt_status = make_user_info_map(&user_info, 
+	nt_status = make_user_info_map(&user_info,
 				       auth_ntlmssp_state->ntlmssp_state->user, 
 				       auth_ntlmssp_state->ntlmssp_state->domain, 
 				       auth_ntlmssp_state->ntlmssp_state->client.netbios_name,
+				       auth_ntlmssp_state->remote_address,
 	                               auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL, 
 	                               auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL, 
 				       NULL, NULL, NULL,
@@ -173,7 +174,8 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
 
 static int auth_ntlmssp_state_destructor(void *ptr);
 
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+			    struct auth_ntlmssp_state **auth_ntlmssp_state)
 {
 	NTSTATUS nt_status;
 	bool is_standalone;
@@ -205,6 +207,12 @@ NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state)
 		return NT_STATUS_NO_MEMORY;
 	}
 
+	ans->remote_address = tsocket_address_copy(remote_address, ans);
+	if (ans->remote_address == NULL) {
+		DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	nt_status = ntlmssp_server_start(ans,
 					 is_standalone,
 					 netbios_name,
@@ -240,6 +248,7 @@ static int auth_ntlmssp_state_destructor(void *ptr)
 
 	ans = talloc_get_type(ptr, struct auth_ntlmssp_state);
 
+	TALLOC_FREE(ans->remote_address);
 	TALLOC_FREE(ans->server_info);
 	TALLOC_FREE(ans->ntlmssp_state);
 	return 0;
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 3695698..f0a5215 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -20,7 +20,7 @@
 #include "includes.h"
 #include "auth.h"
 #include "system/passwd.h"
-#include "smbd/globals.h"
+#include "../lib/tsocket/tsocket.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -39,9 +39,17 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 {
 	NTSTATUS nt_status;
 	struct passwd *pass = NULL;
+	char *rhost;
+	int rc;
 
 	DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
+	rhost = tsocket_address_inet_addr_string(user_info->remote_host,
+						 talloc_tos());
+	if (rhost == NULL) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
 	become_root();
 	pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
 
@@ -49,7 +57,7 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
 	    done.  We may need to revisit this **/
 	nt_status = pass_check(pass,
 				pass ? pass->pw_name : user_info->mapped.account_name,
-			       smbd_server_conn->client_id.name,
+				rhost,
 				user_info->password.plaintext,
 				true);
 
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 64c290e..dd12692 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -89,6 +89,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 			    const char *smb_name,
 			    const char *client_domain,
 			    const char *workstation_name,
+			    const struct tsocket_address *remote_address,
 			    DATA_BLOB *lm_pwd,
 			    DATA_BLOB *nt_pwd,
 			    const struct samr_Password *lm_interactive_pwd,
@@ -137,7 +138,7 @@ NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 
 	result = make_user_info(user_info, smb_name, internal_username,
 			      client_domain, domain, workstation_name,
-			      lm_pwd, nt_pwd,
+			      remote_address, lm_pwd, nt_pwd,
 			      lm_interactive_pwd, nt_interactive_pwd,
 			      plaintext, password_state);
 	if (NT_STATUS_IS_OK(result)) {
@@ -158,6 +159,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
 				     const char *smb_name, 
 				     const char *client_domain, 
 				     const char *workstation_name,
+				     const struct tsocket_address *remote_address,
 				     uint32 logon_parameters,
 				     const uchar *lm_network_pwd,
 				     int lm_pwd_len,
@@ -172,6 +174,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
 	status = make_user_info_map(user_info,
 				    smb_name, client_domain, 
 				    workstation_name,
+				    remote_address,
 				    lm_pwd_len ? &lm_blob : NULL, 
 				    nt_pwd_len ? &nt_blob : NULL,
 				    NULL, NULL, NULL,
@@ -196,6 +199,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
 					 const char *smb_name, 
 					 const char *client_domain, 
 					 const char *workstation_name,
+					 const struct tsocket_address *remote_address,
 					 uint32 logon_parameters,
 					 const uchar chal[8], 
 					 const uchar lm_interactive_pwd[16], 
@@ -271,6 +275,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
 		nt_status = make_user_info_map(
 			user_info, 
 			smb_name, client_domain, workstation_name,
+			remote_address,
 			lm_interactive_pwd ? &local_lm_blob : NULL,
 			nt_interactive_pwd ? &local_nt_blob : NULL,
 			lm_interactive_pwd ? &lm_pwd : NULL,
@@ -296,6 +301,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
 bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
 			      const char *smb_name, 
 			      const char *client_domain,
+			      const struct tsocket_address *remote_address,
 			      const uint8 chal[8],
 			      DATA_BLOB plaintext_password)
 {
@@ -342,6 +348,7 @@ bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
 	ret = make_user_info_map(
 		user_info, smb_name, client_domain, 
 		get_remote_machine_name(),
+		remote_address,
 		local_lm_blob.data ? &local_lm_blob : NULL,
 		local_nt_blob.data ? &local_nt_blob : NULL,
 		NULL, NULL,
@@ -363,12 +370,14 @@ bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
 
 NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
-                                      const char *client_domain, 
+                                      const char *client_domain,
+				      const struct tsocket_address *remote_address,
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp)
 {
 	return make_user_info_map(user_info, smb_name, 
 				  client_domain, 
-				  get_remote_machine_name(), 
+				  get_remote_machine_name(),
+				  remote_address,
 				  lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL,
 				  nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL,
 				  NULL, NULL, NULL,
@@ -379,7 +388,8 @@ NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
  Create a guest user_info blob, for anonymous authenticaion.
 ****************************************************************************/
 
-bool make_user_info_guest(struct auth_usersupplied_info **user_info)
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+			  struct auth_usersupplied_info **user_info)
 {
 	NTSTATUS nt_status;
 
@@ -387,6 +397,7 @@ bool make_user_info_guest(struct auth_usersupplied_info **user_info)
 				   "","", 
 				   "","", 
 				   "", 
+				   remote_address,
 				   NULL, NULL, 
 				   NULL, NULL, 
 				   NULL,
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 46846ac..2839793 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -51,11 +51,14 @@ NTSTATUS auth_builtin_init(void);
 /* The following definitions come from auth/auth_compat.c  */
 
 NTSTATUS check_plaintext_password(const char *smb_name,
+				  const struct tsocket_address *remote_address,
 				  DATA_BLOB plaintext_password,
 				  struct auth_serversupplied_info **server_info);
 bool password_ok(struct auth_context *actx, bool global_encrypted,
 		 const char *session_workgroup,
-		 const char *smb_name, DATA_BLOB password_blob);
+		 const char *smb_name,
+		 const struct tsocket_address *remote_address,
+		 DATA_BLOB password_blob);
 
 /* The following definitions come from auth/auth_domain.c  */
 
@@ -69,7 +72,8 @@ NTSTATUS auth_netlogond_init(void);
 NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
 				struct auth_ntlmssp_state *auth_ntlmssp_state,
 				struct auth_serversupplied_info **session_info);
-NTSTATUS auth_ntlmssp_start(struct auth_ntlmssp_state **auth_ntlmssp_state);
+NTSTATUS auth_ntlmssp_start(const struct tsocket_address *remote_address,
+			    struct auth_ntlmssp_state **auth_ntlmssp_state);
 
 
 /* The following definitions come from auth/auth_sam.c  */
@@ -93,11 +97,13 @@ NTSTATUS auth_server_init(void);
 NTSTATUS auth_unix_init(void);
 
 /* The following definitions come from auth/auth_util.c  */
+struct tsocket_address;
 
 NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
 			    const char *smb_name,
 			    const char *client_domain,
 			    const char *workstation_name,
+			    const struct tsocket_address *remote_address,
 			    DATA_BLOB *lm_pwd,
 			    DATA_BLOB *nt_pwd,
 			    const struct samr_Password *lm_interactive_pwd,
@@ -108,6 +114,7 @@ bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
 				     const char *smb_name,
 				     const char *client_domain,
 				     const char *workstation_name,
+				     const struct tsocket_address *remote_address,
 				     uint32 logon_parameters,
 				     const uchar *lm_network_pwd,
 				     int lm_pwd_len,
@@ -117,6 +124,7 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
 					 const char *smb_name,
 					 const char *client_domain,
 					 const char *workstation_name,
+					 const struct tsocket_address *remote_address,
 					 uint32 logon_parameters,
 					 const uchar chal[8],
 					 const uchar lm_interactive_pwd[16],
@@ -125,13 +133,17 @@ bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_in
 bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
 			      const char *smb_name,
 			      const char *client_domain,
+			      const struct tsocket_address *remote_address,
 			      const uint8 chal[8],
 			      DATA_BLOB plaintext_password);
 NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
                                       const char *smb_name,
                                       const char *client_domain,
+				      const struct tsocket_address *remote_address,
                                       DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+bool make_user_info_guest(const struct tsocket_address *remote_address,
+			  struct auth_usersupplied_info **user_info);
+
 struct samu;
 NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
 			      struct samu *sampass);
@@ -191,6 +203,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,
 			const char *client_domain,
 			const char *domain,
 			const char *workstation_name,
+			const struct tsocket_address *remote_address,
 			const DATA_BLOB *lm_pwd,
 			const DATA_BLOB *nt_pwd,
 			const struct samr_Password *lm_interactive_pwd,
diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c
index 606381b..6b98412 100644
--- a/source3/auth/user_info.c
+++ b/source3/auth/user_info.c
@@ -20,6 +20,7 @@
 #include "includes.h"
 #include "auth.h"
 #include "librpc/gen_ndr/samr.h"
+#include "../lib/tsocket/tsocket.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -46,6 +47,7 @@ NTSTATUS make_user_info(struct auth_usersupplied_info **ret_user_info,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list