diff options
| author | Gary Lockyer <gary@catalyst.net.nz> | 2017-02-24 13:29:12 +1300 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2017-03-29 02:37:27 +0200 |
| commit | 3bc56854457191ab817bc9a4419b1dee74138b0f (patch) | |
| tree | 41190035afd91a63b2d6856ca2718c76006bac98 /source3 | |
| parent | 85536c1ff3513840728ba281de2b6f003e49f227 (diff) | |
| download | samba-3bc56854457191ab817bc9a4419b1dee74138b0f.tar.gz | |
rpc: Always supply both the remote and local address to the auth subsystem
This ensures that gensec, and then the NTLM auth subsystem under it, always gets the
remote and local address pointers for potential logging.
The local address allows us to know which interface an authentication is on
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/auth/auth_ntlmssp.c | 1 | ||||
| -rw-r--r-- | source3/auth/auth_util.c | 17 | ||||
| -rw-r--r-- | source3/auth/proto.h | 7 | ||||
| -rw-r--r-- | source3/auth/user_info.c | 10 | ||||
| -rw-r--r-- | source3/librpc/rpc/dcerpc_ep.c | 1 | ||||
| -rw-r--r-- | source3/printing/nt_printing_migrate_internal.c | 1 | ||||
| -rw-r--r-- | source3/printing/printspoolss.c | 2 | ||||
| -rw-r--r-- | source3/rpc_client/cli_winreg_int.c | 1 | ||||
| -rw-r--r-- | source3/rpc_server/netlogon/srv_netlog_nt.c | 5 | ||||
| -rw-r--r-- | source3/rpc_server/rpc_ncacn_np.c | 15 | ||||
| -rw-r--r-- | source3/rpc_server/rpc_ncacn_np.h | 4 | ||||
| -rw-r--r-- | source3/rpc_server/rpc_server.c | 48 | ||||
| -rw-r--r-- | source3/rpc_server/spoolss/srv_spoolss_util.c | 1 | ||||
| -rw-r--r-- | source3/smbd/lanman.c | 20 | ||||
| -rw-r--r-- | source3/smbd/reply.c | 1 | ||||
| -rw-r--r-- | source3/smbd/sesssetup.c | 11 | ||||
| -rw-r--r-- | source3/torture/pdbtest.c | 15 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_cm.c | 2 | ||||
| -rw-r--r-- | source3/winbindd/winbindd_pam.c | 2 |
19 files changed, 135 insertions, 29 deletions
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 95749ef7a9f..fd629fd9a03 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -169,6 +169,7 @@ NTSTATUS auth3_check_password(struct auth4_context *auth4_context, user_info->client.domain_name, user_info->workstation_name, user_info->remote_host, + user_info->local_host, user_info->service_description, user_info->password.response.lanman.data ? &user_info->password.response.lanman : NULL, user_info->password.response.nt.data ? &user_info->password.response.nt : NULL, diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index d015165249e..ffd60e0b467 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -97,6 +97,7 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const DATA_BLOB *lm_pwd, const DATA_BLOB *nt_pwd, @@ -151,8 +152,8 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, result = make_user_info(mem_ctx, user_info, smb_name, internal_username, client_domain, domain, workstation_name, - remote_address, service_description, - lm_pwd, nt_pwd, + remote_address, local_address, + service_description, lm_pwd, nt_pwd, lm_interactive_pwd, nt_interactive_pwd, plaintext, password_state); if (NT_STATUS_IS_OK(result)) { @@ -175,6 +176,7 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, uint32_t logon_parameters, const uchar *lm_network_pwd, int lm_pwd_len, @@ -190,6 +192,7 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx, smb_name, client_domain, workstation_name, remote_address, + local_address, "SamLogon", lm_pwd_len ? &lm_blob : NULL, nt_pwd_len ? &nt_blob : NULL, @@ -217,6 +220,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, uint32_t logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], @@ -262,6 +266,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx, user_info, smb_name, client_domain, workstation_name, remote_address, + local_address, "SamLogon", lm_interactive_pwd ? &local_lm_blob : NULL, nt_interactive_pwd ? &local_nt_blob : NULL, @@ -290,6 +295,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx, const char *smb_name, const char *client_domain, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const uint8_t chal[8], DATA_BLOB plaintext_password) @@ -338,6 +344,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx, user_info, smb_name, smb_name, client_domain, client_domain, get_remote_machine_name(), remote_address, + local_address, service_description, local_lm_blob.data ? &local_lm_blob : NULL, local_nt_blob.data ? &local_nt_blob : NULL, @@ -363,6 +370,7 @@ NTSTATUS make_user_info_for_reply_enc(TALLOC_CTX *mem_ctx, const char *smb_name, const char *client_domain, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, DATA_BLOB lm_resp, DATA_BLOB nt_resp) { @@ -382,9 +390,10 @@ NTSTATUS make_user_info_for_reply_enc(TALLOC_CTX *mem_ctx, return make_user_info(mem_ctx, user_info, smb_name, smb_name, - client_domain, client_domain, + client_domain, client_domain, get_remote_machine_name(), remote_address, + local_address, service_description, lm_resp.data && (lm_resp.length > 0) ? &lm_resp : NULL, nt_resp.data && (nt_resp.length > 0) ? &nt_resp : NULL, @@ -398,6 +407,7 @@ NTSTATUS make_user_info_for_reply_enc(TALLOC_CTX *mem_ctx, bool make_user_info_guest(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, struct auth_usersupplied_info **user_info) { @@ -409,6 +419,7 @@ bool make_user_info_guest(TALLOC_CTX *mem_ctx, "","", "", remote_address, + local_address, service_description, NULL, NULL, NULL, NULL, diff --git a/source3/auth/proto.h b/source3/auth/proto.h index 400875f0591..348b882dc76 100644 --- a/source3/auth/proto.h +++ b/source3/auth/proto.h @@ -164,6 +164,7 @@ NTSTATUS make_user_info_map(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const DATA_BLOB *lm_pwd, const DATA_BLOB *nt_pwd, @@ -177,6 +178,7 @@ bool make_user_info_netlogon_network(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, uint32_t logon_parameters, const uchar *lm_network_pwd, int lm_pwd_len, @@ -188,6 +190,7 @@ bool make_user_info_netlogon_interactive(TALLOC_CTX *mem_ctx, const char *client_domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, uint32_t logon_parameters, const uchar chal[8], const uchar lm_interactive_pwd[16], @@ -197,6 +200,7 @@ bool make_user_info_for_reply(TALLOC_CTX *mem_ctx, const char *smb_name, const char *client_domain, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const uint8_t chal[8], DATA_BLOB plaintext_password); @@ -205,10 +209,12 @@ NTSTATUS make_user_info_for_reply_enc(TALLOC_CTX *mem_ctx, const char *smb_name, const char *client_domain, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, DATA_BLOB lm_resp, DATA_BLOB nt_resp); bool make_user_info_guest(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, struct auth_usersupplied_info **user_info); @@ -278,6 +284,7 @@ NTSTATUS make_user_info(TALLOC_CTX *mem_ctx, const char *domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const DATA_BLOB *lm_pwd, const DATA_BLOB *nt_pwd, diff --git a/source3/auth/user_info.c b/source3/auth/user_info.c index c410d222af5..c79cc0c4f35 100644 --- a/source3/auth/user_info.c +++ b/source3/auth/user_info.c @@ -49,6 +49,7 @@ NTSTATUS make_user_info(TALLOC_CTX *mem_ctx, const char *domain, const char *workstation_name, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const char *service_description, const DATA_BLOB *lm_pwd, const DATA_BLOB *nt_pwd, @@ -106,6 +107,15 @@ NTSTATUS make_user_info(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + if (local_address != NULL) { + user_info->local_host = tsocket_address_copy(local_address, + user_info); + if (user_info->local_host == NULL) { + TALLOC_FREE(user_info); + return NT_STATUS_NO_MEMORY; + } + } + user_info->service_description = talloc_strdup(user_info, service_description); if (user_info->service_description == NULL) { TALLOC_FREE(user_info); diff --git a/source3/librpc/rpc/dcerpc_ep.c b/source3/librpc/rpc/dcerpc_ep.c index 0502557a662..da26fab76ae 100644 --- a/source3/librpc/rpc/dcerpc_ep.c +++ b/source3/librpc/rpc/dcerpc_ep.c @@ -382,6 +382,7 @@ static NTSTATUS ep_register(TALLOC_CTX *mem_ctx, status = rpcint_binding_handle(tmp_ctx, &ndr_table_epmapper, local, + NULL, get_session_info_system(), msg_ctx, &h); diff --git a/source3/printing/nt_printing_migrate_internal.c b/source3/printing/nt_printing_migrate_internal.c index 34133b27a58..dd78e69989e 100644 --- a/source3/printing/nt_printing_migrate_internal.c +++ b/source3/printing/nt_printing_migrate_internal.c @@ -227,6 +227,7 @@ bool nt_printing_tdb_migrate(struct messaging_context *msg_ctx) &ndr_table_winreg, session_info, NULL, + NULL, msg_ctx, &winreg_pipe); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/printing/printspoolss.c b/source3/printing/printspoolss.c index e92f4613ba5..60002020351 100644 --- a/source3/printing/printspoolss.c +++ b/source3/printing/printspoolss.c @@ -154,6 +154,7 @@ NTSTATUS print_spool_open(files_struct *fsp, &ndr_table_spoolss, fsp->conn->session_info, fsp->conn->sconn->remote_address, + fsp->conn->sconn->local_address, fsp->conn->sconn->msg_ctx, &fsp->conn->spoolss_pipe); if (!NT_STATUS_IS_OK(status)) { @@ -343,6 +344,7 @@ void print_spool_terminate(struct connection_struct *conn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &conn->spoolss_pipe); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/rpc_client/cli_winreg_int.c b/source3/rpc_client/cli_winreg_int.c index ac04460ae15..3ac8380bf7c 100644 --- a/source3/rpc_client/cli_winreg_int.c +++ b/source3/rpc_client/cli_winreg_int.c @@ -115,6 +115,7 @@ static NTSTATUS _winreg_int_openkey(TALLOC_CTX *mem_ctx, status = rpcint_binding_handle(mem_ctx, &ndr_table_winreg, local, + NULL, session_info, msg_ctx, &binding_handle); diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 38d7bda9822..6a42f345c53 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -423,6 +423,7 @@ NTSTATUS _netr_NetrEnumerateTrustedDomains(struct pipes_struct *p, status = rpcint_binding_handle(p->mem_ctx, &ndr_table_lsarpc, p->remote_address, + p->local_address, p->session_info, p->msg_ctx, &h); @@ -703,6 +704,7 @@ static NTSTATUS get_md4pw(struct samr_Password *md4pw, const char *mach_acct, status = rpcint_binding_handle(mem_ctx, &ndr_table_samr, local, + NULL, session_info, msg_ctx, &h); @@ -1181,6 +1183,7 @@ static NTSTATUS netr_set_machine_account_password(TALLOC_CTX *mem_ctx, status = rpcint_binding_handle(mem_ctx, &ndr_table_samr, local, + NULL, session_info, msg_ctx, &h); @@ -1611,6 +1614,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, nt_username, nt_domain, wksname, p->remote_address, + p->local_address, logon->network->identity_info.parameter_control, logon->network->lm.data, logon->network->lm.length, @@ -1665,6 +1669,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, nt_username, nt_domain, nt_workstation, p->remote_address, + p->local_address, logon->password->identity_info.parameter_control, chal, logon->password->lmpassword.hash, diff --git a/source3/rpc_server/rpc_ncacn_np.c b/source3/rpc_server/rpc_ncacn_np.c index cb3b8e64340..121e776b90c 100644 --- a/source3/rpc_server/rpc_ncacn_np.c +++ b/source3/rpc_server/rpc_ncacn_np.c @@ -183,6 +183,7 @@ out: struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx) { @@ -204,7 +205,7 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, ret = make_base_pipes_struct(mem_ctx, msg_ctx, pipe_name, NCALRPC, RPC_LITTLE_ENDIAN, - remote_address, NULL, &p); + remote_address, local_address, &p); if (ret) { DEBUG(0,("ERROR! no memory for pipes_struct!\n")); return NULL; @@ -492,6 +493,7 @@ static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *abstract_syntax, const struct ndr_interface_table *ndr_table, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx, struct dcerpc_binding_handle **binding_handle) @@ -516,6 +518,7 @@ static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx, hs->p = make_internal_rpc_pipe_p(hs, abstract_syntax, remote_address, + local_address, session_info, msg_ctx); if (hs->p == NULL) { @@ -560,12 +563,14 @@ static NTSTATUS rpcint_binding_handle_ex(TALLOC_CTX *mem_ctx, NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *ndr_table, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx, struct dcerpc_binding_handle **binding_handle) { return rpcint_binding_handle_ex(mem_ctx, NULL, ndr_table, remote_address, - session_info, msg_ctx, binding_handle); + local_address, session_info, + msg_ctx, binding_handle); } /** @@ -596,6 +601,7 @@ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *ndr_table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, struct messaging_context *msg_ctx, struct rpc_pipe_client **presult) { @@ -632,6 +638,7 @@ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, status = rpcint_binding_handle(result, ndr_table, remote_address, + local_address, session_info, msg_ctx, &result->binding_handle); @@ -1033,6 +1040,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, struct messaging_context *msg_ctx, struct rpc_pipe_client **cli_pipe) { @@ -1074,7 +1082,8 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, case RPC_SERVICE_MODE_EMBEDDED: status = rpc_pipe_open_internal(tmp_ctx, table, session_info, - remote_address, msg_ctx, + remote_address, local_address, + msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { goto done; diff --git a/source3/rpc_server/rpc_ncacn_np.h b/source3/rpc_server/rpc_ncacn_np.h index 59b9d5a787e..2ae126dec9e 100644 --- a/source3/rpc_server/rpc_ncacn_np.h +++ b/source3/rpc_server/rpc_ncacn_np.h @@ -65,6 +65,7 @@ struct np_proxy_state { struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, const struct ndr_syntax_id *syntax, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx); struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, @@ -75,6 +76,7 @@ struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, NTSTATUS rpcint_binding_handle(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *ndr_table, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, const struct auth_session_info *session_info, struct messaging_context *msg_ctx, struct dcerpc_binding_handle **binding_handle); @@ -82,6 +84,7 @@ NTSTATUS rpc_pipe_open_interface(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, struct messaging_context *msg_ctx, struct rpc_pipe_client **cli_pipe); @@ -89,6 +92,7 @@ NTSTATUS rpc_pipe_open_internal(TALLOC_CTX *mem_ctx, const struct ndr_interface_table *ndr_table, const struct auth_session_info *session_info, const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, struct messaging_context *msg_ctx, struct rpc_pipe_client **presult); diff --git a/source3/rpc_server/rpc_server.c b/source3/rpc_server/rpc_server.c index 6c988cea7dc..21504c0eeed 100644 --- a/source3/rpc_server/rpc_server.c +++ b/source3/rpc_server/rpc_server.c @@ -872,14 +872,18 @@ static void dcerpc_ncalrpc_listener(struct tevent_context *ev, struct dcerpc_ncacn_listen_state *state = talloc_get_type_abort(private_data, struct dcerpc_ncacn_listen_state); - struct tsocket_address *cli_addr = NULL; + struct tsocket_address *cli_addr = NULL, *srv_addr = NULL; struct sockaddr_un sunaddr; struct sockaddr *addr = (struct sockaddr *)(void *)&sunaddr; socklen_t len = sizeof(sunaddr); + struct sockaddr_un sunaddr_server; + struct sockaddr *addr_server = (struct sockaddr *)(void *)&sunaddr_server; + socklen_t len_server = sizeof(sunaddr_server); int sd = -1; int rc; ZERO_STRUCT(sunaddr); + ZERO_STRUCT(sunaddr_server); sd = accept(state->fd, addr, &len); if (sd == -1) { @@ -897,13 +901,29 @@ static void dcerpc_ncalrpc_listener(struct tevent_context *ev, return; } - DEBUG(10, ("Accepted ncalrpc socket %d\n", sd)); + rc = getsockname(sd, addr_server, &len_server); + if (rc < 0) { + close(sd); + return; + } + + rc = tsocket_address_bsd_from_sockaddr(state, + addr_server, + len_server, + &srv_addr); + if (rc < 0) { + close(sd); + return; + } + + DEBUG(10, ("Accepted ncalrpc socket %s (fd: %d)\n", + sunaddr.sun_path, sd)); dcerpc_ncacn_accept(state->ev_ctx, state->msg_ctx, NCALRPC, state->ep.name, - cli_addr, NULL, sd, + cli_addr, srv_addr, sd, state->disconnect_fn); } @@ -977,7 +997,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, ncacn_conn); } if (ncacn_conn->client_name == NULL) { - DEBUG(0, ("Out of memory!\n")); + DEBUG(0, ("Out of memory obtaining remote socket address as a string!\n")); talloc_free(ncacn_conn); close(s); return; @@ -986,11 +1006,17 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, if (srv_addr != NULL) { ncacn_conn->server = talloc_move(ncacn_conn, &srv_addr); - ncacn_conn->server_name = - tsocket_address_inet_addr_string(ncacn_conn->server, - ncacn_conn); + if (tsocket_address_is_inet(ncacn_conn->server, "ip")) { + ncacn_conn->server_name = + tsocket_address_inet_addr_string(ncacn_conn->server, + ncacn_conn); + } else { + ncacn_conn->server_name = + tsocket_address_unix_path(ncacn_conn->server, + ncacn_conn); + } if (ncacn_conn->server_name == NULL) { - DEBUG(0, ("Out of memory!\n")); + DEBUG(0, ("Out of memory obtaining local socket address as a string!\n")); talloc_free(ncacn_conn); close(s); return; @@ -1021,7 +1047,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, "/root/ncalrpc_as_system", &ncacn_conn->client); if (rc < 0) { - DEBUG(0, ("Out of memory!\n")); + DEBUG(0, ("Out of memory building magic ncalrpc_as_system path!\n")); talloc_free(ncacn_conn); close(s); return; @@ -1031,7 +1057,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, ncacn_conn->client_name = tsocket_address_unix_path(ncacn_conn->client, ncacn_conn); if (ncacn_conn->client == NULL) { - DEBUG(0, ("Out of memory!\n")); + DEBUG(0, ("Out of memory getting magic ncalrpc_as_system string!\n")); talloc_free(ncacn_conn); close(s); return; @@ -1110,7 +1136,7 @@ void dcerpc_ncacn_accept(struct tevent_context *ev_ctx, ncacn_conn->send_queue = tevent_queue_create(ncacn_conn, "dcerpc send queue"); if (ncacn_conn->send_queue == NULL) { - DEBUG(0, ("Out of memory!\n")); + DEBUG(0, ("Out of memory building dcerpc send queue!\n")); talloc_free(ncacn_conn); return; } diff --git a/source3/rpc_server/spoolss/srv_spoolss_util.c b/source3/rpc_server/spoolss/srv_spoolss_util.c index 32f0e274598..17acf515eb9 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_util.c +++ b/source3/rpc_server/spoolss/srv_spoolss_util.c @@ -48,6 +48,7 @@ WERROR winreg_printer_binding_handle(TALLOC_CTX *mem_ctx, status = rpcint_binding_handle(mem_ctx, &ndr_table_winreg, local, + NULL, session_info, msg_ctx, winreg_binding_handle); diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c index 995ed081f62..c3e540ff810 100644 --- a/source3/smbd/lanman.c +++ b/source3/smbd/lanman.c @@ -835,6 +835,7 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -1032,6 +1033,7 @@ static bool api_DosPrintQEnum(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -2266,6 +2268,7 @@ static bool api_RNetShareAdd(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -2377,7 +2380,7 @@ static bool api_RNetGroupEnum(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface( talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, - conn->sconn->msg_ctx, &samr_pipe); + conn->sconn->local_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n", nt_errstr(status))); @@ -2583,7 +2586,7 @@ static bool api_NetUserGetGroups(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface( talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, - conn->sconn->msg_ctx, &samr_pipe); + conn->sconn->local_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n", nt_errstr(status))); @@ -2783,7 +2786,7 @@ static bool api_RNetUserEnum(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface( talloc_tos(), &ndr_table_samr, conn->session_info, conn->sconn->remote_address, - conn->sconn->msg_ctx, &samr_pipe); + conn->sconn->local_address, conn->sconn->msg_ctx, &samr_pipe); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n", nt_errstr(status))); @@ -3047,6 +3050,7 @@ static bool api_SamOEMChangePassword(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -3144,6 +3148,7 @@ static bool api_RDosPrintJobDel(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -3272,6 +3277,7 @@ static bool api_WPrintQueueCtrl(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -3454,6 +3460,7 @@ static bool api_PrintJobInfo(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -3631,6 +3638,7 @@ static bool api_RNetServerGetInfo(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -4067,6 +4075,7 @@ static bool api_RNetUserGetInfo(struct smbd_server_connection *sconn, status = rpc_pipe_open_interface(mem_ctx, &ndr_table_samr, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -4596,6 +4605,7 @@ static bool api_WPrintJobGetInfo(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -4738,6 +4748,7 @@ static bool api_WPrintJobEnumerate(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -4938,6 +4949,7 @@ static bool api_WPrintDestGetInfo(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -5070,6 +5082,7 @@ static bool api_WPrintDestEnum(struct smbd_server_connection *sconn, &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { @@ -5381,6 +5394,7 @@ static bool api_RNetSessionEnum(struct smbd_server_connection *sconn, &ndr_table_srvsvc, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0979e6eb956..030f0111576 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5956,6 +5956,7 @@ void reply_printqueue(struct smb_request *req) &ndr_table_spoolss, conn->session_info, conn->sconn->remote_address, + conn->sconn->local_address, conn->sconn->msg_ctx, &cli); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 3a283b9d575..0cc49d916f8 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -79,6 +79,7 @@ static int push_signature(uint8_t **outbuf) ****************************************************************************/ static NTSTATUS check_guest_password(const struct tsocket_address *remote_address, + const struct tsocket_address *local_address, TALLOC_CTX *mem_ctx, struct auth_session_info **session_info) { @@ -97,8 +98,8 @@ static NTSTATUS check_guest_password(const struct tsocket_address *remote_addres auth_context->get_ntlm_challenge(auth_context, chal); - if (!make_user_info_guest(talloc_tos(), remote_address, "SMB", - &user_info)) { + if (!make_user_info_guest(talloc_tos(), remote_address, local_address, + "SMB", &user_info)) { TALLOC_FREE(auth_context); return NT_STATUS_NO_MEMORY; } @@ -884,7 +885,9 @@ void reply_sesssetup_and_X(struct smb_request *req) if (!*user) { - nt_status = check_guest_password(sconn->remote_address, req, &session_info); + nt_status = check_guest_password(sconn->remote_address, + sconn->local_address, + req, &session_info); } else if (doencrypt) { struct auth4_context *negprot_auth_context = NULL; @@ -901,6 +904,7 @@ void reply_sesssetup_and_X(struct smb_request *req) &user_info, user, domain, sconn->remote_address, + sconn->local_address, "SMB", lm_resp, nt_resp); user_info->auth_description = "bare-NTLM"; @@ -925,6 +929,7 @@ void reply_sesssetup_and_X(struct smb_request *req) &user_info, user, domain, sconn->remote_address, + sconn->local_address, "SMB", chal, plaintext_password)) { diff --git a/source3/torture/pdbtest.c b/source3/torture/pdbtest.c index f794575371e..251dbbfd761 100644 --- a/source3/torture/pdbtest.c +++ b/source3/torture/pdbtest.c @@ -261,7 +261,8 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry) struct auth_context *auth_context; static const uint8_t challenge_8[8] = {1, 2, 3, 4, 5, 6, 7, 8}; DATA_BLOB challenge = data_blob_const(challenge_8, sizeof(challenge_8)); - struct tsocket_address *tsocket_address; + struct tsocket_address *remote_address; + struct tsocket_address *local_address; unsigned char local_nt_response[24]; DATA_BLOB nt_resp = data_blob_const(local_nt_response, sizeof(local_nt_response)); unsigned char local_nt_session_key[16]; @@ -275,14 +276,18 @@ static bool test_auth(TALLOC_CTX *mem_ctx, struct samu *pdb_entry) local_nt_response); SMBsesskeygen_ntv1(pdb_get_nt_passwd(pdb_entry), local_nt_session_key); - if (tsocket_address_inet_from_strings(NULL, "ip", NULL, 0, &tsocket_address) != 0) { + if (tsocket_address_inet_from_strings(NULL, "ip", NULL, 0, &remote_address) != 0) { return False; } - + + if (tsocket_address_inet_from_strings(NULL, "ip", NULL, 0, &local_address) != 0) { + return False; + } + status = make_user_info(mem_ctx, &user_info, pdb_get_username(pdb_entry), pdb_get_username(pdb_entry), - pdb_get_domain(pdb_entry), pdb_get_domain(pdb_entry), lp_netbios_name(), - tsocket_address, "pdbtest", + pdb_get_domain(pdb_entry), pdb_get_domain(pdb_entry), lp_netbios_name(), + remote_address,local_address, "pdbtest", NULL, &nt_resp, NULL, NULL, NULL, AUTH_PASSWORD_RESPONSE); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 3df4af3ff10..157a19374b3 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1778,6 +1778,7 @@ NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx, table, session_info, NULL, + NULL, winbind_messaging_context(), &cli); } else { @@ -1785,6 +1786,7 @@ NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx, table, session_info, NULL, + NULL, winbind_messaging_context(), &cli); } diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 101f8d47468..606e6de0012 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1261,7 +1261,7 @@ static NTSTATUS winbindd_dual_auth_passdb(TALLOC_CTX *mem_ctx, * here. */ status = make_user_info(frame, &user_info, user, user, domain, domain, - lp_netbios_name(), local, + lp_netbios_name(), local, local, "winbind", lm_resp, nt_resp, NULL, NULL, NULL, AUTH_PASSWORD_RESPONSE); |