diff options
| author | Stefan Metzmacher <metze@samba.org> | 2016-05-11 17:59:32 +0200 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2016-05-30 11:09:19 +0200 |
| commit | 93155fae52ff4e5b36826a6369d1a7c6152f873a (patch) | |
| tree | 89f4474722509c3c10adf3d1783d01385ee0e3a6 | |
| parent | e410d79f15e6d12738e33186444e85e74ad00814 (diff) | |
| download | samba-93155fae52ff4e5b36826a6369d1a7c6152f873a.tar.gz | |
s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete
The generate_session_info() function maybe called more than once
per session.
Some may try to look/dereference session_info->security_token,
so we provide simplified token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
| -rw-r--r-- | source3/utils/ntlm_auth.c | 51 |
1 files changed, 46 insertions, 5 deletions
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index d01c522dffd..0fa8997b986 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -27,6 +27,7 @@ #include "includes.h" #include "lib/param/param.h" #include "popt_common.h" +#include "libcli/security/security.h" #include "utils/ntlm_auth.h" #include "../libcli/auth/libcli_auth.h" #include "auth/ntlmssp/ntlmssp.h" @@ -705,18 +706,58 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte uint32_t session_info_flags, struct auth_session_info **session_info_out) { - char *unix_username = (char *)server_returned_info; - struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); - if (!session_info) { + const char *unix_username = (const char *)server_returned_info; + bool ok; + struct dom_sid *sids = NULL; + struct auth_session_info *session_info = NULL; + + session_info = talloc_zero(mem_ctx, struct auth_session_info); + if (session_info == NULL) { return NT_STATUS_NO_MEMORY; } session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); - if (!session_info->unix_info) { + if (session_info->unix_info == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, + unix_username); + if (session_info->unix_info->unix_name == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + + session_info->security_token = talloc_zero(session_info, struct security_token); + if (session_info->security_token == NULL) { TALLOC_FREE(session_info); return NT_STATUS_NO_MEMORY; } - session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); + + sids = talloc_zero_array(session_info->security_token, + struct dom_sid, 3); + if (sids == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + ok = dom_sid_parse(SID_WORLD, &sids[0]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + + session_info->security_token->num_sids = talloc_array_length(sids); + session_info->security_token->sids = sids; *session_info_out = session_info; |