s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()

We only need to adjust sanitized_username in order to keep the same behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a2a289d0446fedb4ea40834b5b5b190fdca30906)

2 files changed, 23 insertions, 33 deletions

diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 4c9f384253a..2de7f3bf763 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -472,6 +472,26 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_LOGON_FAILURE;
 	}
 
+	if (server_info->cached_session_info != NULL) {
+		session_info = copy_session_info(mem_ctx,
+				server_info->cached_session_info);
+		if (session_info == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		/* This is a potentially untrusted username for use in %U */
+		alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
+		session_info->unix_info->sanitized_username =
+				talloc_strdup(session_info->unix_info, tmp);
+		if (session_info->unix_info->sanitized_username == NULL) {
+			TALLOC_FREE(session_info);
+			return NT_STATUS_NO_MEMORY;
+		}
+
+		*session_info_out = session_info;
+		return NT_STATUS_OK;
+	}
+
 	session_info = talloc_zero(mem_ctx, struct auth_session_info);
 	if (!session_info) {
 		return NT_STATUS_NO_MEMORY;
@@ -526,30 +546,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 		return status;
 	}
 
-	if (server_info->security_token) {
-		/* Just copy the token, it has already been finalised
-		 * (nasty hack to support a cached guest/system session_info
-		 */
-
-		session_info->security_token = dup_nt_token(session_info, server_info->security_token);
-		if (!session_info->security_token) {
-			TALLOC_FREE(session_info);
-			return NT_STATUS_NO_MEMORY;
-		}
-
-		session_info->unix_token->ngroups = server_info->utok.ngroups;
-		if (server_info->utok.ngroups != 0) {
-			session_info->unix_token->groups = (gid_t *)talloc_memdup(
-				session_info->unix_token, server_info->utok.groups,
-				sizeof(gid_t)*session_info->unix_token->ngroups);
-		} else {
-			session_info->unix_token->groups = NULL;
-		}
-
-		*session_info_out = session_info;
-		return NT_STATUS_OK;
-	}
-
 	/*
 	 * If winbind is not around, we can not make much use of the SIDs the
 	 * domain controller provided us with. Likewise if the user name was
@@ -1560,12 +1556,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
 	 * to take the wrong path */
 	SMB_ASSERT(src->security_token);
 
-	dst->security_token = dup_nt_token(dst, src->security_token);
-	if (!dst->security_token) {
-		TALLOC_FREE(dst);
-		return NULL;
-	}
-
 	dst->session_key = data_blob_talloc( dst, src->session_key.data,
 						src->session_key.length);
 
@@ -1588,6 +1578,7 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
 		return NULL;
 	}
 
+	dst->cached_session_info = src;
 	return dst;
 }
 
diff --git a/source3/include/auth.h b/source3/include/auth.h
index d3055373964..31a1f201835 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -34,15 +34,14 @@ struct auth_serversupplied_info {
 	struct security_unix_token utok;
 
 	/*
-	 * NT group information taken from the info3 structure
+	 * A complete auth_session_info
 	 *
 	 * This is not normally filled in, during the typical
 	 * authentication process.  If filled in, it has already been
 	 * finalised by a nasty hack to support a cached guest/system
 	 * session_info
 	 */
-
-	struct security_token *security_token;
+	const struct auth_session_info *cached_session_info;
 
 	/* These are the intermediate session keys, as provided by a
 	 * NETLOGON server and used by NTLMSSP to negotiate key