1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00

CVE-2020-25717: s3-auth: fix MIT Realm regression

This looks like a regression introduced by the recent security fixes. This
commit should hopefully fixes it.

As a quick solution it might be possible to use the username map script based on
the example in https://bugzilla.samba.org/show_bug.cgi?id=14901#c0. We're not
sure this behaves identical, but it might work in the standalone server case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14922

Reported-at: https://lists.samba.org/archive/samba/2021-November/238720.html

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Ralph Boehme 2021-11-26 10:57:17 +01:00 committed by Stefan Metzmacher
parent f621317e3b
commit 1e61de8306

View File

@ -46,6 +46,7 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
char *fuser = NULL;
char *unixuser = NULL;
struct passwd *pw = NULL;
bool may_retry = false;
DEBUG(3, ("Kerberos ticket principal name is [%s]\n", princ_name));
@ -71,6 +72,7 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
domain = realm;
} else {
domain = lp_workgroup();
may_retry = true;
}
fuser = talloc_asprintf(mem_ctx,
@ -89,6 +91,13 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
*mapped_to_guest = false;
pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
if (may_retry && pw == NULL && !*is_mapped) {
fuser = talloc_strdup(mem_ctx, user);
if (!fuser) {
return NT_STATUS_NO_MEMORY;
}
pw = smb_getpwnam(mem_ctx, fuser, &unixuser, true);
}
if (pw) {
if (!unixuser) {
return NT_STATUS_NO_MEMORY;