s3-auth set session_info->sanitized_username in create_local_token()

Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token().  This also removes the need for
auth_ntlmssp_get_username().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>

source3/auth/auth_ntlmssp.c

@@ -44,6 +44,7 @@ NTSTATUS auth_ntlmssp_steal_session_info(TALLOC_CTX *mem_ctx,
 	nt_status = create_local_token(mem_ctx,
 				       auth_ntlmssp_state->server_info,
 				       &auth_ntlmssp_state->ntlmssp_state->session_key,
+				       auth_ntlmssp_state->ntlmssp_state->user,
 				       session_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {

source3/auth/auth_util.c

@@ -457,6 +457,7 @@ static NTSTATUS log_nt_token(struct security_token *token)
 NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 			    const struct auth_serversupplied_info *server_info,
 			    DATA_BLOB *session_key,
+			    const char *smb_username, /* for ->sanitized_username, for %U subs */
 			    struct auth_session_info **session_info_out)
 {
 	struct security_token *t;
@@ -465,6 +466,7 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 	struct dom_sid tmp_sid;
 	struct auth_session_info *session_info;
 	struct wbcUnixId *ids;
+	fstring tmp;
 
 	/* Ensure we can't possible take a code path leading to a
 	 * null defref. */
@@ -498,11 +500,10 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	session_info->unix_info->sanitized_username = talloc_strdup(session_info, server_info->sanitized_username);
-	if (!session_info->unix_info->sanitized_username) {
-		TALLOC_FREE(session_info);
-		return NT_STATUS_NO_MEMORY;
-	}
+	/* This is a potentially untrusted username for use in %U */
+	alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
+	session_info->unix_info->sanitized_username =
+				talloc_strdup(session_info->unix_info, tmp);
 
 	session_info->unix_info->system = server_info->system;
 
@@ -837,7 +838,6 @@ static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_i
 	struct netr_SamInfo3 info3;
 	TALLOC_CTX *tmp_ctx;
 	NTSTATUS status;
-	fstring tmp;
 
 	tmp_ctx = talloc_stackframe();
 	if (tmp_ctx == NULL) {
@@ -869,7 +869,9 @@ static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_i
 	/* This should not be done here (we should produce a server
 	 * info, and later construct a session info from it), but for
 	 * now this does not change the previous behavior */
-	status = create_local_token(tmp_ctx, *server_info, NULL, session_info);
+	status = create_local_token(tmp_ctx, *server_info, NULL,
+				    (*server_info)->info3->base.account_name.string,
+				    session_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("create_local_token failed: %s\n",
 			  nt_errstr(status)));
@@ -882,10 +884,6 @@ static NTSTATUS make_new_session_info_guest(struct auth_session_info **session_i
 	   all zeros! */
 	(*session_info)->session_key = data_blob(zeros, sizeof(zeros));
 
-	alpha_strcpy(tmp, (*server_info)->info3->base.account_name.string,
-		     ". _-$", sizeof(tmp));
-	(*session_info)->unix_info->sanitized_username = talloc_strdup(*session_info, tmp);
-
 	status = NT_STATUS_OK;
 done:
 	TALLOC_FREE(tmp_ctx);
@@ -953,9 +951,8 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
 
 	status = make_server_info_pw(&result, pwd->pw_name, pwd);
 
-	TALLOC_FREE(pwd);
-
 	if (!NT_STATUS_IS_OK(status)) {
+		TALLOC_FREE(pwd);
 		return status;
 	}
 
@@ -963,7 +960,8 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
 	result->guest = is_guest;
 
 	/* Now turn the server_info into a session_info with the full token etc */
-	status = create_local_token(mem_ctx, result, NULL, session_info);
+	status = create_local_token(mem_ctx, result, NULL, pwd->pw_name, session_info);
+	TALLOC_FREE(pwd);
 	talloc_free(result);
 	return status;
 }

source3/auth/proto.h

@@ -151,6 +151,7 @@ NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
 NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
 			    const struct auth_serversupplied_info *server_info,
 			    DATA_BLOB *session_key,
+			    const char *smb_name,
 			    struct auth_session_info **session_info_out);
 NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
 				    bool is_guest,

source3/auth/user_krb5.c

@@ -262,7 +262,7 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
 
 	server_info->nss_token |= username_was_mapped;
 
-	status = create_local_token(mem_ctx, server_info, session_key, session_info);
+	status = create_local_token(mem_ctx, server_info, session_key, ntuser, session_info);
 	talloc_free(server_info);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10,("failed to create local token: %s\n",

source3/include/ntlmssp_wrap.h

@@ -62,8 +62,6 @@ NTSTATUS auth_ntlmssp_unseal_packet(struct auth_ntlmssp_state *ans,
 				    const DATA_BLOB *sig);
 bool auth_ntlmssp_negotiated_sign(struct auth_ntlmssp_state *ans);
 bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans);
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans);
-const char *auth_ntlmssp_get_domain(struct auth_ntlmssp_state *ans);
 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 				   const char *user);
 NTSTATUS auth_ntlmssp_set_domain(struct auth_ntlmssp_state *ans,

source3/libsmb/ntlmssp_wrap.c

@@ -111,15 +111,6 @@ bool auth_ntlmssp_negotiated_seal(struct auth_ntlmssp_state *ans)
 	return ans->ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_SEAL;
 }
 
-/* Needed for 'smb username' processing */
-const char *auth_ntlmssp_get_username(struct auth_ntlmssp_state *ans)
-{
-	if (ans->gensec_security) {
-		return ""; /* We can't get at this value, and it's just for the %U macros */
-	}
-	return ans->ntlmssp_state->user;
-}
-
 NTSTATUS auth_ntlmssp_set_username(struct auth_ntlmssp_state *ans,
 				   const char *user)
 {

source3/rpc_server/rpc_server.c

@@ -123,7 +123,8 @@ static int make_server_pipes_struct(TALLOC_CTX *mem_ctx,
 		 * Some internal functions need a local token to determine access to
 		 * resources.
 		 */
-		status = create_local_token(p, server_info, &session_info->session_key, &p->session_info);
+		status = create_local_token(p, server_info, &session_info->session_key, info3->base.account_name.string,
+					    &p->session_info);
 		talloc_free(server_info);
 		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(1, ("Failed to init local auth token\n"));

source3/smbd/password.c

@@ -265,10 +265,8 @@ int register_homes_share(const char *username)
 int register_existing_vuid(struct smbd_server_connection *sconn,
 			uint16 vuid,
 			struct auth_session_info *session_info,
-			DATA_BLOB response_blob,
-			const char *smb_name)
+			DATA_BLOB response_blob)
 {
-	fstring tmp;
 	user_struct *vuser;
 	bool guest = security_session_user_level(session_info, NULL) < SECURITY_USER;
 
@@ -280,12 +278,6 @@ int register_existing_vuid(struct smbd_server_connection *sconn,
 	/* Use this to keep tabs on all our info from the authentication */
 	vuser->session_info = talloc_move(vuser, &session_info);
 
-	/* This is a potentially untrusted username */
-	alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp));
-
-	vuser->session_info->unix_info->sanitized_username = talloc_strdup(
-		vuser->session_info, tmp);
-
 	/* Make clear that we require the optional unix_token and unix_info in the source3 code */
 	SMB_ASSERT(vuser->session_info->unix_token);
 	SMB_ASSERT(vuser->session_info->unix_info);

source3/smbd/proto.h

@@ -704,8 +704,7 @@ int register_homes_share(const char *username);
 int register_existing_vuid(struct smbd_server_connection *sconn,
 			uint16 vuid,
 			struct auth_session_info *session_info,
-			DATA_BLOB response_blob,
-			const char *smb_name);
+			DATA_BLOB response_blob);
 void add_session_user(struct smbd_server_connection *sconn, const char *user);
 void add_session_workgroup(struct smbd_server_connection *sconn,
 			   const char *workgroup);

source3/smbd/sesssetup.c

@@ -367,7 +367,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
 	 * it.... */
 
 	sess_vuid = register_existing_vuid(sconn, sess_vuid,
-					   session_info, nullblob, user);
+					   session_info, nullblob);
 
 	reply_outbuf(req, 4, 0);
 	SSVAL(req->outbuf,smb_uid,sess_vuid);
@@ -448,8 +448,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req,
 
 		/* register_existing_vuid keeps the server info */
 		if (register_existing_vuid(sconn, vuid,
-					   session_info, nullblob,
-					   auth_ntlmssp_get_username(*auth_ntlmssp_state)) !=
+					   session_info, nullblob) !=
 					   vuid) {
 			/* The problem is, *auth_ntlmssp_state points
 			 * into the vuser this will have
@@ -1641,7 +1640,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		return;
 	}
 
-	nt_status = create_local_token(req, server_info, NULL, &session_info);
+	nt_status = create_local_token(req, server_info, NULL, sub_user, &session_info);
 	TALLOC_FREE(server_info);
 
 	if (!NT_STATUS_IS_OK(nt_status)) {
@@ -1688,8 +1687,7 @@ void reply_sesssetup_and_X(struct smb_request *req)
 		/* register_existing_vuid keeps the session_info */
 		sess_vuid = register_existing_vuid(sconn, sess_vuid,
 					session_info,
-					nt_resp.data ? nt_resp : lm_resp,
-					sub_user);
+					nt_resp.data ? nt_resp : lm_resp);
 		if (sess_vuid == UID_FIELD_INVALID) {
 			data_blob_free(&nt_resp);
 			data_blob_free(&lm_resp);

source3/smbd/smb2_sesssetup.c

@@ -174,7 +174,6 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	struct passwd *pw = NULL;
 	NTSTATUS status;
 	char *real_username;
-	fstring tmp;
 	bool username_was_mapped = false;
 	bool map_domainuser_to_guest = false;
 
@@ -256,11 +255,6 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session,
 	session->compat_vuser->vuid = session->vuid;
 	DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
 
-	/* This is a potentially untrusted username */
-	alpha_strcpy(tmp, user, ". _-$", sizeof(tmp));
-	session->session_info->unix_info->sanitized_username =
-				talloc_strdup(session->session_info, tmp);
-
 	if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
 		session->compat_vuser->homes_snum =
 			register_homes_share(session->session_info->unix_info->unix_name);
@@ -442,8 +436,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 					uint16_t *out_session_flags,
 					uint64_t *out_session_id)
 {
-	fstring tmp;
-
 	if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) ||
 	    lp_server_signing() == Required) {
 		session->do_signing = true;
@@ -472,14 +464,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 	session->compat_vuser->vuid = session->vuid;
 	DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser);
 
-	/* This is a potentially untrusted username */
-	alpha_strcpy(tmp,
-		     auth_ntlmssp_get_username(session->auth_ntlmssp_state),
-		     ". _-$",
-		     sizeof(tmp));
-	session->session_info->unix_info->sanitized_username = talloc_strdup(
-		session->session_info, tmp);
-
 	if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) {
 		session->compat_vuser->homes_snum =
 			register_homes_share(session->session_info->unix_info->unix_name);