mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
We only need to adjust sanitized_username in order to keep the same behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
e8402ec048
commit
a2a289d044
@ -472,6 +472,26 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
|
||||
if (server_info->cached_session_info != NULL) {
|
||||
session_info = copy_session_info(mem_ctx,
|
||||
server_info->cached_session_info);
|
||||
if (session_info == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
/* This is a potentially untrusted username for use in %U */
|
||||
alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
|
||||
session_info->unix_info->sanitized_username =
|
||||
talloc_strdup(session_info->unix_info, tmp);
|
||||
if (session_info->unix_info->sanitized_username == NULL) {
|
||||
TALLOC_FREE(session_info);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
*session_info_out = session_info;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
session_info = talloc_zero(mem_ctx, struct auth_session_info);
|
||||
if (!session_info) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
@ -526,30 +546,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
||||
return status;
|
||||
}
|
||||
|
||||
if (server_info->security_token) {
|
||||
/* Just copy the token, it has already been finalised
|
||||
* (nasty hack to support a cached guest/system session_info
|
||||
*/
|
||||
|
||||
session_info->security_token = dup_nt_token(session_info, server_info->security_token);
|
||||
if (!session_info->security_token) {
|
||||
TALLOC_FREE(session_info);
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
session_info->unix_token->ngroups = server_info->utok.ngroups;
|
||||
if (server_info->utok.ngroups != 0) {
|
||||
session_info->unix_token->groups = (gid_t *)talloc_memdup(
|
||||
session_info->unix_token, server_info->utok.groups,
|
||||
sizeof(gid_t)*session_info->unix_token->ngroups);
|
||||
} else {
|
||||
session_info->unix_token->groups = NULL;
|
||||
}
|
||||
|
||||
*session_info_out = session_info;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/*
|
||||
* If winbind is not around, we can not make much use of the SIDs the
|
||||
* domain controller provided us with. Likewise if the user name was
|
||||
@ -1565,12 +1561,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
|
||||
* to take the wrong path */
|
||||
SMB_ASSERT(src->security_token);
|
||||
|
||||
dst->security_token = dup_nt_token(dst, src->security_token);
|
||||
if (!dst->security_token) {
|
||||
TALLOC_FREE(dst);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
dst->session_key = data_blob_talloc( dst, src->session_key.data,
|
||||
src->session_key.length);
|
||||
|
||||
@ -1593,6 +1583,7 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
|
||||
return NULL;
|
||||
}
|
||||
|
||||
dst->cached_session_info = src;
|
||||
return dst;
|
||||
}
|
||||
|
||||
|
@ -34,15 +34,14 @@ struct auth_serversupplied_info {
|
||||
struct security_unix_token utok;
|
||||
|
||||
/*
|
||||
* NT group information taken from the info3 structure
|
||||
* A complete auth_session_info
|
||||
*
|
||||
* This is not normally filled in, during the typical
|
||||
* authentication process. If filled in, it has already been
|
||||
* finalised by a nasty hack to support a cached guest/system
|
||||
* session_info
|
||||
*/
|
||||
|
||||
struct security_token *security_token;
|
||||
const struct auth_session_info *cached_session_info;
|
||||
|
||||
/* These are the intermediate session keys, as provided by a
|
||||
* NETLOGON server and used by NTLMSSP to negotiate key
|
||||
|
Loading…
Reference in New Issue
Block a user