const char *
get_canonical_hostname(int use_dns)
{
char *host;
static char *canonical_host_name = NULL;
static char *remote_ip = NULL;
/* Check if we have previously retrieved name with same option. */
if (use_dns && canonical_host_name != NULL)
return canonical_host_name;
if (!use_dns && remote_ip != NULL)
return remote_ip;
/* Get the real hostname if socket; otherwise return UNKNOWN. */
if (packet_connection_is_on_socket())
host = get_remote_hostname(packet_get_connection_in(), use_dns);
else
host = "UNKNOWN";
if (use_dns)
canonical_host_name = host;
else
remote_ip = host;
return host;
}
const char *
get_canonical_hostname(int use_dns)
{
static char *canonical_host_name = NULL;
static int use_dns_done = 0;
/* Check if we have previously retrieved name with same option. */
if (canonical_host_name != NULL) {
if (use_dns_done != use_dns)
xfree(canonical_host_name);
else
return canonical_host_name;
}
/* Get the real hostname if socket; otherwise return UNKNOWN. */
if (packet_connection_is_on_socket())
canonical_host_name = get_remote_hostname(
packet_get_connection_in(), use_dns);
else
canonical_host_name = xstrdup("UNKNOWN");
use_dns_done = use_dns;
return canonical_host_name;
}
static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
TALLOC_CTX *mem_ctx,
struct smb_krb5_context *smb_krb5_context,
DATA_BLOB *pac_blob,
const char *princ_name,
const struct tsocket_address *remote_address,
uint32_t session_info_flags,
struct auth_session_info **session_info)
{
TALLOC_CTX *tmp_ctx;
struct PAC_LOGON_INFO *logon_info = NULL;
struct netr_SamInfo3 *info3_copy = NULL;
bool is_mapped;
bool is_guest;
char *ntuser;
char *ntdomain;
char *username;
char *rhost;
struct passwd *pw;
NTSTATUS status;
int rc;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
return NT_STATUS_NO_MEMORY;
}
if (pac_blob) {
#ifdef HAVE_KRB5
status = kerberos_pac_logon_info(tmp_ctx, *pac_blob, NULL, NULL,
NULL, NULL, 0, &logon_info);
#else
status = NT_STATUS_ACCESS_DENIED;
#endif
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
}
rc = get_remote_hostname(remote_address,
&rhost,
tmp_ctx);
if (rc < 0) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
if (strequal(rhost, "UNKNOWN")) {
rhost = tsocket_address_inet_addr_string(remote_address,
tmp_ctx);
if (rhost == NULL) {
status = NT_STATUS_NO_MEMORY;
goto done;
}
}
status = get_user_from_kerberos_info(tmp_ctx, rhost,
princ_name, logon_info,
&is_mapped, &is_guest,
&ntuser, &ntdomain,
&username, &pw);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos principal to system user "
"(%s)\n", nt_errstr(status)));
status = NT_STATUS_ACCESS_DENIED;
goto done;
}
/* save the PAC data if we have it */
if (logon_info) {
status = create_info3_from_pac_logon_info(tmp_ctx,
logon_info,
&info3_copy);
if (!NT_STATUS_IS_OK(status)) {
goto done;
}
netsamlogon_cache_store(ntuser, info3_copy);
}
/* setup the string used by %U */
sub_set_smb_name(username);
/* reload services so that the new %U is taken into account */
lp_load_with_shares(get_dyn_CONFIGFILE());
status = make_session_info_krb5(mem_ctx,
ntuser, ntdomain, username, pw,
info3_copy, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
session_info);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
nt_errstr(status)));
status = NT_STATUS_ACCESS_DENIED;
goto done;
}
DEBUG(5, (__location__ "OK: user: %s domain: %s client: %s\n",
ntuser, ntdomain, rhost));
status = NT_STATUS_OK;
done:
TALLOC_FREE(tmp_ctx);
return status;
}
