1 |
vip-ire |
1.1 |
From db5a50fc60daaec47cbb520af1802f49c51cb5ec Mon Sep 17 00:00:00 2001 |
2 |
|
|
From: Stefan Metzmacher <metze@samba.org> |
3 |
|
|
Date: Wed, 11 May 2016 17:59:32 +0200 |
4 |
|
|
Subject: [PATCH] s3:ntlm_auth: make ntlm_auth_generate_session_info() more |
5 |
|
|
complete |
6 |
|
|
MIME-Version: 1.0 |
7 |
|
|
Content-Type: text/plain; charset=UTF-8 |
8 |
|
|
Content-Transfer-Encoding: 8bit |
9 |
|
|
|
10 |
|
|
The generate_session_info() function maybe called more than once |
11 |
|
|
per session. |
12 |
|
|
|
13 |
|
|
Some may try to look/dereference session_info->security_token, |
14 |
|
|
so we provide simplified token. |
15 |
|
|
|
16 |
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914 |
17 |
|
|
|
18 |
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
19 |
|
|
Reviewed-by: Andreas Schneider <asn@samba.org> |
20 |
|
|
Reviewed-by: Günther Deschner <gd@samba.org> |
21 |
|
|
(cherry picked from commit 825cce1f88b797c80116769e1755328dee2ba0e1) |
22 |
|
|
--- |
23 |
|
|
source3/utils/ntlm_auth.c | 51 ++++++++++++++++++++++++++++++++++++++++++----- |
24 |
|
|
1 file changed, 46 insertions(+), 5 deletions(-) |
25 |
|
|
|
26 |
|
|
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c |
27 |
|
|
index d01c522..0fa8997 100644 |
28 |
|
|
--- a/source3/utils/ntlm_auth.c |
29 |
|
|
+++ b/source3/utils/ntlm_auth.c |
30 |
|
|
@@ -27,6 +27,7 @@ |
31 |
|
|
#include "includes.h" |
32 |
|
|
#include "lib/param/param.h" |
33 |
|
|
#include "popt_common.h" |
34 |
|
|
+#include "libcli/security/security.h" |
35 |
|
|
#include "utils/ntlm_auth.h" |
36 |
|
|
#include "../libcli/auth/libcli_auth.h" |
37 |
|
|
#include "auth/ntlmssp/ntlmssp.h" |
38 |
|
|
@@ -705,18 +706,58 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte |
39 |
|
|
uint32_t session_info_flags, |
40 |
|
|
struct auth_session_info **session_info_out) |
41 |
|
|
{ |
42 |
|
|
- char *unix_username = (char *)server_returned_info; |
43 |
|
|
- struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); |
44 |
|
|
- if (!session_info) { |
45 |
|
|
+ const char *unix_username = (const char *)server_returned_info; |
46 |
|
|
+ bool ok; |
47 |
|
|
+ struct dom_sid *sids = NULL; |
48 |
|
|
+ struct auth_session_info *session_info = NULL; |
49 |
|
|
+ |
50 |
|
|
+ session_info = talloc_zero(mem_ctx, struct auth_session_info); |
51 |
|
|
+ if (session_info == NULL) { |
52 |
|
|
return NT_STATUS_NO_MEMORY; |
53 |
|
|
} |
54 |
|
|
|
55 |
|
|
session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); |
56 |
|
|
- if (!session_info->unix_info) { |
57 |
|
|
+ if (session_info->unix_info == NULL) { |
58 |
|
|
+ TALLOC_FREE(session_info); |
59 |
|
|
+ return NT_STATUS_NO_MEMORY; |
60 |
|
|
+ } |
61 |
|
|
+ session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, |
62 |
|
|
+ unix_username); |
63 |
|
|
+ if (session_info->unix_info->unix_name == NULL) { |
64 |
|
|
+ TALLOC_FREE(session_info); |
65 |
|
|
+ return NT_STATUS_NO_MEMORY; |
66 |
|
|
+ } |
67 |
|
|
+ |
68 |
|
|
+ session_info->security_token = talloc_zero(session_info, struct security_token); |
69 |
|
|
+ if (session_info->security_token == NULL) { |
70 |
|
|
TALLOC_FREE(session_info); |
71 |
|
|
return NT_STATUS_NO_MEMORY; |
72 |
|
|
} |
73 |
|
|
- session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); |
74 |
|
|
+ |
75 |
|
|
+ sids = talloc_zero_array(session_info->security_token, |
76 |
|
|
+ struct dom_sid, 3); |
77 |
|
|
+ if (sids == NULL) { |
78 |
|
|
+ TALLOC_FREE(session_info); |
79 |
|
|
+ return NT_STATUS_NO_MEMORY; |
80 |
|
|
+ } |
81 |
|
|
+ ok = dom_sid_parse(SID_WORLD, &sids[0]); |
82 |
|
|
+ if (!ok) { |
83 |
|
|
+ TALLOC_FREE(session_info); |
84 |
|
|
+ return NT_STATUS_INTERNAL_ERROR; |
85 |
|
|
+ } |
86 |
|
|
+ ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); |
87 |
|
|
+ if (!ok) { |
88 |
|
|
+ TALLOC_FREE(session_info); |
89 |
|
|
+ return NT_STATUS_INTERNAL_ERROR; |
90 |
|
|
+ } |
91 |
|
|
+ ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); |
92 |
|
|
+ if (!ok) { |
93 |
|
|
+ TALLOC_FREE(session_info); |
94 |
|
|
+ return NT_STATUS_INTERNAL_ERROR; |
95 |
|
|
+ } |
96 |
|
|
+ |
97 |
|
|
+ session_info->security_token->num_sids = talloc_array_length(sids); |
98 |
|
|
+ session_info->security_token->sids = sids; |
99 |
|
|
|
100 |
|
|
*session_info_out = session_info; |
101 |
|
|
|
102 |
|
|
-- |
103 |
|
|
1.9.1 |
104 |
|
|
|