s3: Pass rhost through to smb_pam_passchange

source3/auth/pampass.c

@@ -863,7 +863,8 @@ NTSTATUS smb_pam_passcheck(const char * user, const char * password)
  * PAM Password Change Suite
  */
 
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword)
+bool smb_pam_passchange(const char *user, const char *rhost,
+			const char *oldpassword, const char *newpassword)
 {
 	/* Appropriate quantities of root should be obtained BEFORE calling this function */
 	struct pam_conv *pconv = NULL;
@@ -872,7 +873,7 @@ bool smb_pam_passchange(const char * user, const char * oldpassword, const char
 	if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL)
 		return False;
 
-	if(!smb_pam_start(&pamh, user, NULL, pconv))
+	if(!smb_pam_start(&pamh, user, rhost, pconv))
 		return False;
 
 	if (!smb_pam_chauthtok(pamh, user)) {

source3/include/proto.h

@@ -223,7 +223,8 @@ bool smb_pam_claim_session(char *user, char *tty, char *rhost);
 bool smb_pam_close_session(char *user, char *tty, char *rhost);
 NTSTATUS smb_pam_accountcheck(const char *user, const char *rhost);
 NTSTATUS smb_pam_passcheck(const char * user, const char * password);
-bool smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword);
+bool smb_pam_passchange(const char *user, const char *rhost,
+			const char *oldpassword, const char *newpassword);
 bool smb_pam_claim_session(char *user, char *tty, char *rhost);
 bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
 

source3/rpc_server/srv_samr_chgpasswd.c

@@ -486,7 +486,7 @@ while we were waiting\n", WTERMSIG(wstat)));
 	return (chstat);
 }
 
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
 	       const char *oldpass, const char *newpass, bool as_root)
 {
 	char *passwordprogram = NULL;
@@ -546,9 +546,11 @@ bool chgpasswd(const char *name, const struct passwd *pass,
 			become_root();
 
 		if (pass) {
-			ret = smb_pam_passchange(pass->pw_name, oldpass, newpass);
+			ret = smb_pam_passchange(pass->pw_name, rhost,
+						 oldpass, newpass);
 		} else {
-			ret = smb_pam_passchange(name, oldpass, newpass);
+			ret = smb_pam_passchange(name, rhost, oldpass,
+						 newpass);
 		}
 
 		if (as_root)
@@ -961,7 +963,10 @@ NTSTATUS check_password_complexity(const char *username,
  is correct before calling. JRA.
 ************************************************************/
 
-static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passwd, bool as_root, enum samPwdChangeReason *samr_reject_reason)
+static NTSTATUS change_oem_password(struct samu *hnd, const char *rhost,
+				    char *old_passwd, char *new_passwd,
+				    bool as_root,
+				    enum samPwdChangeReason *samr_reject_reason)
 {
 	uint32 min_len;
 	uint32 refuse;
@@ -1054,7 +1059,8 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne
 	 */
 
 	if(lp_unix_password_sync() &&
-		!chgpasswd(username, pass, old_passwd, new_passwd, as_root)) {
+	   !chgpasswd(username, rhost, pass, old_passwd, new_passwd,
+		      as_root)) {
 		TALLOC_FREE(pass);
 		return NT_STATUS_ACCESS_DENIED;
 	}
@@ -1073,7 +1079,7 @@ static NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *ne
  Code to check and change the OEM hashed password.
 ************************************************************/
 
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
 			 uchar password_encrypted_with_lm_hash[516],
 			 const uchar old_lm_hash_encrypted[16],
 			 uchar password_encrypted_with_nt_hash[516],
@@ -1114,7 +1120,8 @@ NTSTATUS pass_oem_change(char *user,
 
 	/* We've already checked the old password here.... */
 	become_root();
-	nt_status = change_oem_password(sampass, NULL, new_passwd, True, reject_reason);
+	nt_status = change_oem_password(sampass, rhost, NULL, new_passwd,
+					True, reject_reason);
 	unbecome_root();
 
 	memset(new_passwd, 0, strlen(new_passwd));

source3/rpc_server/srv_samr_nt.c

@@ -1952,6 +1952,7 @@ NTSTATUS _samr_ChangePasswordUser2(struct pipes_struct *p,
 	 */
 
 	status = pass_oem_change(user_name,
+				 p->client_id->name,
 				 r->in.lm_password->data,
 				 r->in.lm_verifier->hash,
 				 r->in.nt_password->data,
@@ -2004,6 +2005,7 @@ NTSTATUS _samr_OemChangePasswordUser2(struct pipes_struct *p,
 	}
 
 	status = pass_oem_change(user_name,
+				 p->client_id->name,
 				 r->in.password->data,
 				 r->in.hash->hash,
 				 0,
@@ -2056,6 +2058,7 @@ NTSTATUS _samr_ChangePasswordUser3(struct pipes_struct *p,
 	 */
 
 	status = pass_oem_change(user_name,
+				 p->client_id->name,
 				 r->in.lm_password->data,
 				 r->in.lm_verifier->hash,
 				 r->in.nt_password->data,
@@ -4749,6 +4752,7 @@ static NTSTATUS set_user_info_21(struct samr_UserInfo21 *id21,
 
 static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
 				 struct samr_UserInfo23 *id23,
+				 const char *rhost,
 				 struct samu *pwd)
 {
 	char *plaintext_buf = NULL;
@@ -4811,7 +4815,8 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
 				DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
 			}
 
-			if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+			if(!chgpasswd(pdb_get_username(pwd), rhost,
+				      passwd, "", plaintext_buf, True)) {
 				return NT_STATUS_ACCESS_DENIED;
 			}
 			TALLOC_FREE(passwd);
@@ -4839,7 +4844,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx,
  set_user_info_pw
  ********************************************************************/
 
-static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
+static bool set_user_info_pw(uint8 *pass, const char *rhost, struct samu *pwd)
 {
 	size_t len = 0;
 	char *plaintext_buf = NULL;
@@ -4882,7 +4887,8 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
 				DEBUG(1, ("chgpasswd: Username does not exist in system !?!\n"));
 			}
 
-			if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) {
+			if(!chgpasswd(pdb_get_username(pwd), rhost, passwd,
+				      "", plaintext_buf, True)) {
 				return False;
 			}
 			TALLOC_FREE(passwd);
@@ -4901,6 +4907,7 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd)
  ********************************************************************/
 
 static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
+				 const char *rhost,
 				 struct samr_UserInfo24 *id24,
 				 struct samu *pwd)
 {
@@ -4911,7 +4918,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!set_user_info_pw(id24->password.data, pwd)) {
+	if (!set_user_info_pw(id24->password.data, rhost, pwd)) {
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
@@ -4930,6 +4937,7 @@ static NTSTATUS set_user_info_24(TALLOC_CTX *mem_ctx,
  ********************************************************************/
 
 static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
+				 const char *rhost,
 				 struct samr_UserInfo25 *id25,
 				 struct samu *pwd)
 {
@@ -4951,7 +4959,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
 	if ((id25->info.fields_present & SAMR_FIELD_NT_PASSWORD_PRESENT) ||
 	    (id25->info.fields_present & SAMR_FIELD_LM_PASSWORD_PRESENT)) {
 
-		if (!set_user_info_pw(id25->password.data, pwd)) {
+		if (!set_user_info_pw(id25->password.data, rhost, pwd)) {
 			return NT_STATUS_WRONG_PASSWORD;
 		}
 	}
@@ -4986,6 +4994,7 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx,
  ********************************************************************/
 
 static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
+				 const char *rhost,
 				 struct samr_UserInfo26 *id26,
 				 struct samu *pwd)
 {
@@ -4996,7 +5005,7 @@ static NTSTATUS set_user_info_26(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	if (!set_user_info_pw(id26->password.data, pwd)) {
+	if (!set_user_info_pw(id26->password.data, rhost, pwd)) {
 		return NT_STATUS_WRONG_PASSWORD;
 	}
 
@@ -5272,7 +5281,9 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			dump_data(100, info->info23.password.data, 516);
 
 			status = set_user_info_23(p->mem_ctx,
-						  &info->info23, pwd);
+						  &info->info23,
+						  p->client_id->name,
+						  pwd);
 			break;
 
 		case 24:
@@ -5286,6 +5297,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			dump_data(100, info->info24.password.data, 516);
 
 			status = set_user_info_24(p->mem_ctx,
+						  p->client_id->name,
 						  &info->info24, pwd);
 			break;
 
@@ -5300,6 +5312,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			dump_data(100, info->info25.password.data, 532);
 
 			status = set_user_info_25(p->mem_ctx,
+						  p->client_id->name,
 						  &info->info25, pwd);
 			break;
 
@@ -5314,6 +5327,7 @@ NTSTATUS _samr_SetUserInfo(struct pipes_struct *p,
 			dump_data(100, info->info26.password.data, 516);
 
 			status = set_user_info_26(p->mem_ctx,
+						  p->client_id->name,
 						  &info->info26, pwd);
 			break;
 

source3/rpc_server/srv_samr_util.h

@@ -64,9 +64,9 @@ void copy_id26_to_sam_passwd(struct samu *to,
 
 /* The following definitions come from rpc_server/srv_samr_chgpasswd.c  */
 
-bool chgpasswd(const char *name, const struct passwd *pass,
+bool chgpasswd(const char *name, const char *rhost, const struct passwd *pass,
 	       const char *oldpass, const char *newpass, bool as_root);
-NTSTATUS pass_oem_change(char *user,
+NTSTATUS pass_oem_change(char *user, const char *rhost,
 			 uchar password_encrypted_with_lm_hash[516],
 			 const uchar old_lm_hash_encrypted[16],
 			 uchar password_encrypted_with_nt_hash[516],