diff options
-rw-r--r-- | source3/rpc_server/dcesrv_gssapi.c | 25 | ||||
-rw-r--r-- | source3/rpc_server/dcesrv_gssapi.h | 2 | ||||
-rw-r--r-- | source3/rpc_server/srv_pipe.c | 8 |
3 files changed, 27 insertions, 8 deletions
diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c index 534e8a4189..bb1e91d870 100644 --- a/source3/rpc_server/dcesrv_gssapi.c +++ b/source3/rpc_server/dcesrv_gssapi.c @@ -21,6 +21,7 @@ #include "includes.h" #include "rpc_server/dcesrv_gssapi.h" #include "../librpc/gen_ndr/ndr_krb5pac.h" +#include "../lib/tsocket/tsocket.h" #include "librpc/crypto/gse.h" #include "auth.h" #ifdef HAVE_KRB5 @@ -103,7 +104,7 @@ NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx) NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, TALLOC_CTX *mem_ctx, - struct client_address *client_id, + const struct tsocket_address *remote_address, struct auth_serversupplied_info **server_info) { TALLOC_CTX *tmp_ctx; @@ -117,8 +118,10 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, char *ntuser; char *ntdomain; char *username; + char *rhost; struct passwd *pw; NTSTATUS status; + int rc; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { @@ -173,7 +176,23 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, goto done; } - status = get_user_from_kerberos_info(tmp_ctx, client_id->name, + rc = get_remote_hostname(remote_address, + &rhost, + tmp_ctx); + if (rc < 0) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + if (strequal(rhost, "UNKNOWN")) { + rhost = tsocket_address_inet_addr_string(remote_address, + tmp_ctx); + if (rhost == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + } + + status = get_user_from_kerberos_info(tmp_ctx, rhost, princ_name, logon_info, &is_mapped, &is_guest, &ntuser, &ntdomain, @@ -199,7 +218,7 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, } DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n", - ntuser, ntdomain, client_id->name)); + ntuser, ntdomain, rhost)); status = NT_STATUS_OK; diff --git a/source3/rpc_server/dcesrv_gssapi.h b/source3/rpc_server/dcesrv_gssapi.h index f770efbf6c..9cd456f9c1 100644 --- a/source3/rpc_server/dcesrv_gssapi.h +++ b/source3/rpc_server/dcesrv_gssapi.h @@ -36,7 +36,7 @@ NTSTATUS gssapi_server_step(struct gse_context *gse_ctx, NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx); NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx, TALLOC_CTX *mem_ctx, - struct client_address *client_id, + const struct tsocket_address *remote_address, struct auth_serversupplied_info **session_info); #endif /* _DCESRV_GSSAPI_H_ */ diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index b4611de3ac..5b2dcfdddb 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -722,7 +722,7 @@ err: static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx, struct gse_context *gse_ctx, - struct client_address *client_id, + const struct tsocket_address *remote_address, struct auth_serversupplied_info **session_info) { NTSTATUS status; @@ -739,7 +739,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx, } status = gssapi_server_get_user_info(gse_ctx, mem_ctx, - client_id, session_info); + remote_address, session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, (__location__ ": failed to obtain the server info " "for authenticated user: %s\n", nt_errstr(status))); @@ -783,7 +783,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) gse_ctx = talloc_get_type_abort(p->auth.auth_ctx, struct gse_context); status = pipe_gssapi_verify_final(p, gse_ctx, - p->client_id, + p->remote_address, &p->session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("gssapi bind failed with: %s", @@ -806,7 +806,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p) gse_ctx = talloc_get_type_abort(mech_ctx, struct gse_context); status = pipe_gssapi_verify_final(p, gse_ctx, - p->client_id, + p->remote_address, &p->session_info); if (!NT_STATUS_IS_OK(status)) { DEBUG(1, ("gssapi bind failed with: %s", |