summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/dcesrv_gssapi.c25
-rw-r--r--source3/rpc_server/dcesrv_gssapi.h2
-rw-r--r--source3/rpc_server/srv_pipe.c8
3 files changed, 27 insertions, 8 deletions
diff --git a/source3/rpc_server/dcesrv_gssapi.c b/source3/rpc_server/dcesrv_gssapi.c
index 534e8a4189..bb1e91d870 100644
--- a/source3/rpc_server/dcesrv_gssapi.c
+++ b/source3/rpc_server/dcesrv_gssapi.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "rpc_server/dcesrv_gssapi.h"
#include "../librpc/gen_ndr/ndr_krb5pac.h"
+#include "../lib/tsocket/tsocket.h"
#include "librpc/crypto/gse.h"
#include "auth.h"
#ifdef HAVE_KRB5
@@ -103,7 +104,7 @@ NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx)
NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx,
- struct client_address *client_id,
+ const struct tsocket_address *remote_address,
struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *tmp_ctx;
@@ -117,8 +118,10 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
char *ntuser;
char *ntdomain;
char *username;
+ char *rhost;
struct passwd *pw;
NTSTATUS status;
+ int rc;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
@@ -173,7 +176,23 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
goto done;
}
- status = get_user_from_kerberos_info(tmp_ctx, client_id->name,
+ rc = get_remote_hostname(remote_address,
+ &rhost,
+ tmp_ctx);
+ if (rc < 0) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ if (strequal(rhost, "UNKNOWN")) {
+ rhost = tsocket_address_inet_addr_string(remote_address,
+ tmp_ctx);
+ if (rhost == NULL) {
+ status = NT_STATUS_NO_MEMORY;
+ goto done;
+ }
+ }
+
+ status = get_user_from_kerberos_info(tmp_ctx, rhost,
princ_name, logon_info,
&is_mapped, &is_guest,
&ntuser, &ntdomain,
@@ -199,7 +218,7 @@ NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
}
DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n",
- ntuser, ntdomain, client_id->name));
+ ntuser, ntdomain, rhost));
status = NT_STATUS_OK;
diff --git a/source3/rpc_server/dcesrv_gssapi.h b/source3/rpc_server/dcesrv_gssapi.h
index f770efbf6c..9cd456f9c1 100644
--- a/source3/rpc_server/dcesrv_gssapi.h
+++ b/source3/rpc_server/dcesrv_gssapi.h
@@ -36,7 +36,7 @@ NTSTATUS gssapi_server_step(struct gse_context *gse_ctx,
NTSTATUS gssapi_server_check_flags(struct gse_context *gse_ctx);
NTSTATUS gssapi_server_get_user_info(struct gse_context *gse_ctx,
TALLOC_CTX *mem_ctx,
- struct client_address *client_id,
+ const struct tsocket_address *remote_address,
struct auth_serversupplied_info **session_info);
#endif /* _DCESRV_GSSAPI_H_ */
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index b4611de3ac..5b2dcfdddb 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -722,7 +722,7 @@ err:
static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
struct gse_context *gse_ctx,
- struct client_address *client_id,
+ const struct tsocket_address *remote_address,
struct auth_serversupplied_info **session_info)
{
NTSTATUS status;
@@ -739,7 +739,7 @@ static NTSTATUS pipe_gssapi_verify_final(TALLOC_CTX *mem_ctx,
}
status = gssapi_server_get_user_info(gse_ctx, mem_ctx,
- client_id, session_info);
+ remote_address, session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, (__location__ ": failed to obtain the server info "
"for authenticated user: %s\n", nt_errstr(status)));
@@ -783,7 +783,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
gse_ctx = talloc_get_type_abort(p->auth.auth_ctx,
struct gse_context);
status = pipe_gssapi_verify_final(p, gse_ctx,
- p->client_id,
+ p->remote_address,
&p->session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("gssapi bind failed with: %s",
@@ -806,7 +806,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
gse_ctx = talloc_get_type_abort(mech_ctx,
struct gse_context);
status = pipe_gssapi_verify_final(p, gse_ctx,
- p->client_id,
+ p->remote_address,
&p->session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("gssapi bind failed with: %s",