1 |
From db5a50fc60daaec47cbb520af1802f49c51cb5ec Mon Sep 17 00:00:00 2001 |
2 |
From: Stefan Metzmacher <metze@samba.org> |
3 |
Date: Wed, 11 May 2016 17:59:32 +0200 |
4 |
Subject: [PATCH] s3:ntlm_auth: make ntlm_auth_generate_session_info() more |
5 |
complete |
6 |
MIME-Version: 1.0 |
7 |
Content-Type: text/plain; charset=UTF-8 |
8 |
Content-Transfer-Encoding: 8bit |
9 |
|
10 |
The generate_session_info() function maybe called more than once |
11 |
per session. |
12 |
|
13 |
Some may try to look/dereference session_info->security_token, |
14 |
so we provide simplified token. |
15 |
|
16 |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914 |
17 |
|
18 |
Signed-off-by: Stefan Metzmacher <metze@samba.org> |
19 |
Reviewed-by: Andreas Schneider <asn@samba.org> |
20 |
Reviewed-by: Günther Deschner <gd@samba.org> |
21 |
(cherry picked from commit 825cce1f88b797c80116769e1755328dee2ba0e1) |
22 |
--- |
23 |
source3/utils/ntlm_auth.c | 51 ++++++++++++++++++++++++++++++++++++++++++----- |
24 |
1 file changed, 46 insertions(+), 5 deletions(-) |
25 |
|
26 |
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c |
27 |
index d01c522..0fa8997 100644 |
28 |
--- a/source3/utils/ntlm_auth.c |
29 |
+++ b/source3/utils/ntlm_auth.c |
30 |
@@ -27,6 +27,7 @@ |
31 |
#include "includes.h" |
32 |
#include "lib/param/param.h" |
33 |
#include "popt_common.h" |
34 |
+#include "libcli/security/security.h" |
35 |
#include "utils/ntlm_auth.h" |
36 |
#include "../libcli/auth/libcli_auth.h" |
37 |
#include "auth/ntlmssp/ntlmssp.h" |
38 |
@@ -705,18 +706,58 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte |
39 |
uint32_t session_info_flags, |
40 |
struct auth_session_info **session_info_out) |
41 |
{ |
42 |
- char *unix_username = (char *)server_returned_info; |
43 |
- struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); |
44 |
- if (!session_info) { |
45 |
+ const char *unix_username = (const char *)server_returned_info; |
46 |
+ bool ok; |
47 |
+ struct dom_sid *sids = NULL; |
48 |
+ struct auth_session_info *session_info = NULL; |
49 |
+ |
50 |
+ session_info = talloc_zero(mem_ctx, struct auth_session_info); |
51 |
+ if (session_info == NULL) { |
52 |
return NT_STATUS_NO_MEMORY; |
53 |
} |
54 |
|
55 |
session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); |
56 |
- if (!session_info->unix_info) { |
57 |
+ if (session_info->unix_info == NULL) { |
58 |
+ TALLOC_FREE(session_info); |
59 |
+ return NT_STATUS_NO_MEMORY; |
60 |
+ } |
61 |
+ session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, |
62 |
+ unix_username); |
63 |
+ if (session_info->unix_info->unix_name == NULL) { |
64 |
+ TALLOC_FREE(session_info); |
65 |
+ return NT_STATUS_NO_MEMORY; |
66 |
+ } |
67 |
+ |
68 |
+ session_info->security_token = talloc_zero(session_info, struct security_token); |
69 |
+ if (session_info->security_token == NULL) { |
70 |
TALLOC_FREE(session_info); |
71 |
return NT_STATUS_NO_MEMORY; |
72 |
} |
73 |
- session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); |
74 |
+ |
75 |
+ sids = talloc_zero_array(session_info->security_token, |
76 |
+ struct dom_sid, 3); |
77 |
+ if (sids == NULL) { |
78 |
+ TALLOC_FREE(session_info); |
79 |
+ return NT_STATUS_NO_MEMORY; |
80 |
+ } |
81 |
+ ok = dom_sid_parse(SID_WORLD, &sids[0]); |
82 |
+ if (!ok) { |
83 |
+ TALLOC_FREE(session_info); |
84 |
+ return NT_STATUS_INTERNAL_ERROR; |
85 |
+ } |
86 |
+ ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); |
87 |
+ if (!ok) { |
88 |
+ TALLOC_FREE(session_info); |
89 |
+ return NT_STATUS_INTERNAL_ERROR; |
90 |
+ } |
91 |
+ ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); |
92 |
+ if (!ok) { |
93 |
+ TALLOC_FREE(session_info); |
94 |
+ return NT_STATUS_INTERNAL_ERROR; |
95 |
+ } |
96 |
+ |
97 |
+ session_info->security_token->num_sids = talloc_array_length(sids); |
98 |
+ session_info->security_token->sids = sids; |
99 |
|
100 |
*session_info_out = session_info; |
101 |
|
102 |
-- |
103 |
1.9.1 |
104 |
|