1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

s3: Lift smbd_server_fd() from pass_check()

This commit is contained in:
Volker Lendecke 2010-08-21 14:57:16 +02:00
parent a3995ef31c
commit 92fd03c5f0
4 changed files with 19 additions and 9 deletions

View File

@ -37,16 +37,23 @@ static NTSTATUS check_unix_security(const struct auth_context *auth_context,
{ {
NTSTATUS nt_status; NTSTATUS nt_status;
struct passwd *pass = NULL; struct passwd *pass = NULL;
const char *rhost;
char addr[INET6_ADDRSTRLEN];
DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name)); DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
become_root(); become_root();
pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name); pass = Get_Pwnam_alloc(talloc_tos(), user_info->mapped.account_name);
rhost = client_name(smbd_server_fd());
if (strequal(rhost,"UNKNOWN"))
rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
/** @todo This call assumes a ASCII password, no charset transformation is /** @todo This call assumes a ASCII password, no charset transformation is
done. We may need to revisit this **/ done. We may need to revisit this **/
nt_status = pass_check(pass, nt_status = pass_check(pass,
pass ? pass->pw_name : user_info->mapped.account_name, pass ? pass->pw_name : user_info->mapped.account_name,
rhost,
user_info->password.plaintext, user_info->password.plaintext,
true); true);

View File

@ -660,6 +660,7 @@ return NT_STATUS_OK on correct match, appropriate error otherwise
NTSTATUS pass_check(const struct passwd *pass, NTSTATUS pass_check(const struct passwd *pass,
const char *user, const char *user,
const char *rhost,
const char *password, const char *password,
bool run_cracker) bool run_cracker)
{ {
@ -668,13 +669,6 @@ NTSTATUS pass_check(const struct passwd *pass,
NTSTATUS nt_status; NTSTATUS nt_status;
const char *rhost;
char addr[INET6_ADDRSTRLEN];
rhost = client_name(smbd_server_fd());
if (strequal(rhost,"UNKNOWN"))
rhost = client_addr(smbd_server_fd(), addr, sizeof(addr));
#ifdef DEBUG_PASSWORD #ifdef DEBUG_PASSWORD
DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password));
#endif #endif

View File

@ -232,7 +232,10 @@ bool smb_pam_close_session(char *in_user, char *tty, char *rhost);
/* The following definitions come from auth/pass_check.c */ /* The following definitions come from auth/pass_check.c */
void dfs_unlogin(void); void dfs_unlogin(void);
NTSTATUS pass_check(const struct passwd *pass, const char *user, const char *password, NTSTATUS pass_check(const struct passwd *pass,
const char *user,
const char *rhost,
const char *password,
bool run_cracker); bool run_cracker);
/* The following definitions come from auth/token_util.c */ /* The following definitions come from auth/token_util.c */

View File

@ -339,6 +339,8 @@ static bool cgi_handle_authorization(char *line)
char *p; char *p;
fstring user, user_pass; fstring user, user_pass;
struct passwd *pass = NULL; struct passwd *pass = NULL;
const char *rhost;
char addr[INET6_ADDRSTRLEN];
if (!strnequal(line,"Basic ", 6)) { if (!strnequal(line,"Basic ", 6)) {
goto err; goto err;
@ -369,11 +371,15 @@ static bool cgi_handle_authorization(char *line)
pass = getpwnam_alloc(talloc_autofree_context(), user); pass = getpwnam_alloc(talloc_autofree_context(), user);
rhost = client_name(1);
if (strequal(rhost,"UNKNOWN"))
rhost = client_addr(1, addr, sizeof(addr));
/* /*
* Validate the password they have given. * Validate the password they have given.
*/ */
if NT_STATUS_IS_OK(pass_check(pass, user, user_pass, false)) { if NT_STATUS_IS_OK(pass_check(pass, user, rhost, user_pass, false)) {
if (pass) { if (pass) {
/* /*
* Password was ok. * Password was ok.