summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/auth/auth_unix.c7
-rw-r--r--source3/auth/pass_check.c8
-rw-r--r--source3/include/proto.h5
-rw-r--r--source3/web/cgi.c8
4 files changed, 19 insertions, 9 deletions
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index c50ac78ee4c..87cfdb9dd54 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -37,16 +37,23 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
{
NTSTATUS nt_status;
struct passwd *pass = NULL;
+ const char *rhost;
+ char addr[INET6_ADDRSTRLEN];
DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
become_root();
pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
+ rhost = client_name(smbd_server_fd());
+ if (strequal(rhost,"UNKNOWN"))
+ rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
+
/** @todo This call assumes a ASCII password, no charset transformation is
done. We may need to revisit this **/
nt_status = pass_check(pass,
pass ? pass->pw_name : user_info->mapped.account_name,
+ rhost,
user_info->password.plaintext,
true);
diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c
index 80e7da91df4..c61a10ba1b0 100644
--- a/source3/auth/pass_check.c
+++ b/source3/auth/pass_check.c
@@ -660,6 +660,7 @@ return NT_STATUS_OK on correct match, appropriate error otherwise
NTSTATUS pass_check(const struct passwd *pass,
const char *user,
+ const char *rhost,
const char *password,
bool run_cracker)
{
@@ -668,13 +669,6 @@ NTSTATUS pass_check(const struct passwd *pass,
NTSTATUS nt_status;
- const char *rhost;
- char addr[INET6_ADDRSTRLEN];
-
- rhost = client_name(smbd_server_fd());
- if (strequal(rhost,"UNKNOWN"))
- rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
-
#ifdef DEBUG_PASSWORD
DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
#endif
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e82b1ac4866..e2d1c94e7bf 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -232,7 +232,10 @@ bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
/* The following definitions come from auth/pass_check.c */
void dfs_unlogin(void);
-NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password,
+NTSTATUS pass_check(const struct passwd *pass,
+ const char *user,
+ const char *rhost,
+ const char *password,
bool run_cracker);
/* The following definitions come from auth/token_util.c */
diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 9c9a3654577..794152cd99a 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -339,6 +339,8 @@ static bool cgi_handle_authorization(char *line)
char *p;
fstring user, user_pass;
struct passwd *pass = NULL;
+ const char *rhost;
+ char addr[INET6_ADDRSTRLEN];
if (!strnequal(line,"Basic ", 6)) {
goto err;
@@ -369,11 +371,15 @@ static bool cgi_handle_authorization(char *line)
pass = getpwnam_alloc(talloc_autofree_context(), user);
+ rhost = client_name(1);
+ if (strequal(rhost,"UNKNOWN"))
+ rhost = client_addr(1, addr, sizeof(addr));
+
/*
* Validate the password they have given.
*/
- if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) {
+ if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
if (pass) {
/*
* Password was ok.