mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2020-25717: s3:auth: simplify make_session_info_krb5() by removing unused arguments
This is only ever be called in standalone mode with an MIT realm, so we don't have a PAC/info3 structure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
e8bb009009
commit
757f1d20e4
@ -227,7 +227,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
|
||||
|
||||
status = make_session_info_krb5(mem_ctx,
|
||||
ntuser, ntdomain, username, pw,
|
||||
NULL, is_guest, is_mapped, NULL /* No session key for now, caller will sort it out */,
|
||||
is_guest, is_mapped,
|
||||
session_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("Failed to map kerberos pac to server info (%s)\n",
|
||||
|
@ -428,9 +428,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
char *ntdomain,
|
||||
char *username,
|
||||
struct passwd *pw,
|
||||
const struct netr_SamInfo3 *info3,
|
||||
bool mapped_to_guest, bool username_was_mapped,
|
||||
DATA_BLOB *session_key,
|
||||
struct auth_session_info **session_info);
|
||||
|
||||
/* The following definitions come from auth/auth_samba4.c */
|
||||
|
@ -150,9 +150,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
char *ntdomain,
|
||||
char *username,
|
||||
struct passwd *pw,
|
||||
const struct netr_SamInfo3 *info3,
|
||||
bool mapped_to_guest, bool username_was_mapped,
|
||||
DATA_BLOB *session_key,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
NTSTATUS status;
|
||||
@ -166,20 +164,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
return status;
|
||||
}
|
||||
|
||||
} else if (info3) {
|
||||
/* pass the unmapped username here since map_username()
|
||||
will be called again in make_server_info_info3() */
|
||||
|
||||
status = make_server_info_info3(mem_ctx,
|
||||
ntuser, ntdomain,
|
||||
&server_info,
|
||||
info3);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(1, ("make_server_info_info3 failed: %s!\n",
|
||||
nt_errstr(status)));
|
||||
return status;
|
||||
}
|
||||
|
||||
} else {
|
||||
/*
|
||||
* We didn't get a PAC, we have to make up the user
|
||||
@ -231,7 +215,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
|
||||
server_info->nss_token |= username_was_mapped;
|
||||
|
||||
status = create_local_token(mem_ctx, server_info, session_key, ntuser, session_info);
|
||||
status = create_local_token(mem_ctx, server_info, NULL, ntuser, session_info);
|
||||
talloc_free(server_info);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DEBUG(10,("failed to create local token: %s\n",
|
||||
@ -261,9 +245,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
char *ntdomain,
|
||||
char *username,
|
||||
struct passwd *pw,
|
||||
const struct netr_SamInfo3 *info3,
|
||||
bool mapped_to_guest, bool username_was_mapped,
|
||||
DATA_BLOB *session_key,
|
||||
struct auth_session_info **session_info)
|
||||
{
|
||||
return NT_STATUS_NOT_IMPLEMENTED;
|
||||
|
Loading…
Reference in New Issue
Block a user