diff options
-rw-r--r-- | source3/auth/auth_unix.c | 7 | ||||
-rw-r--r-- | source3/auth/pass_check.c | 8 | ||||
-rw-r--r-- | source3/include/proto.h | 5 | ||||
-rw-r--r-- | source3/web/cgi.c | 8 |
4 files changed, 19 insertions, 9 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c index c50ac78ee4c..87cfdb9dd54 100644 --- a/source3/auth/auth_unix.c +++ b/source3/auth/auth_unix.c @@ -37,16 +37,23 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context, { NTSTATUS nt_status; struct passwd *pass = NULL; + const char *rhost; + char addr[INET6_ADDRSTRLEN]; DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); become_root(); pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name); + rhost = client_name(smbd_server_fd()); + if (strequal(rhost,"UNKNOWN")) + rhost = client_addr(smbd_server_fd(), addr, sizeof(addr)); + /** @todo This call assumes a ASCII password, no charset transformation is done. We may need to revisit this **/ nt_status = pass_check(pass, pass ? pass->pw_name : user_info->mapped.account_name, + rhost, user_info->password.plaintext, true); diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c index 80e7da91df4..c61a10ba1b0 100644 --- a/source3/auth/pass_check.c +++ b/source3/auth/pass_check.c @@ -660,6 +660,7 @@ return NT_STATUS_OK on correct match, appropriate error otherwise NTSTATUS pass_check(const struct passwd *pass, const char *user, + const char *rhost, const char *password, bool run_cracker) { @@ -668,13 +669,6 @@ NTSTATUS pass_check(const struct passwd *pass, NTSTATUS nt_status; - const char *rhost; - char addr[INET6_ADDRSTRLEN]; - - rhost = client_name(smbd_server_fd()); - if (strequal(rhost,"UNKNOWN")) - rhost = client_addr(smbd_server_fd(), addr, sizeof(addr)); - #ifdef DEBUG_PASSWORD DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); #endif diff --git a/source3/include/proto.h b/source3/include/proto.h index e82b1ac4866..e2d1c94e7bf 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -232,7 +232,10 @@ bool smb_pam_close_session(char *in_user, char *tty, char *rhost); /* The following definitions come from auth/pass_check.c */ void dfs_unlogin(void); -NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, +NTSTATUS pass_check(const struct passwd *pass, + const char *user, + const char *rhost, + const char *password, bool run_cracker); /* The following definitions come from auth/token_util.c */ diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 9c9a3654577..794152cd99a 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -339,6 +339,8 @@ static bool cgi_handle_authorization(char *line) char *p; fstring user, user_pass; struct passwd *pass = NULL; + const char *rhost; + char addr[INET6_ADDRSTRLEN]; if (!strnequal(line,"Basic ", 6)) { goto err; @@ -369,11 +371,15 @@ static bool cgi_handle_authorization(char *line) pass = getpwnam_alloc(talloc_autofree_context(), user); + rhost = client_name(1); + if (strequal(rhost,"UNKNOWN")) + rhost = client_addr(1, addr, sizeof(addr)); + /* * Validate the password they have given. */ - if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) { + if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) { if (pass) { /* * Password was ok. |