mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token()
We only need to adjust sanitized_username in order to keep the same behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
e8402ec048
commit
a2a289d044
@ -472,6 +472,26 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|||||||
return NT_STATUS_LOGON_FAILURE;
|
return NT_STATUS_LOGON_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (server_info->cached_session_info != NULL) {
|
||||||
|
session_info = copy_session_info(mem_ctx,
|
||||||
|
server_info->cached_session_info);
|
||||||
|
if (session_info == NULL) {
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This is a potentially untrusted username for use in %U */
|
||||||
|
alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp));
|
||||||
|
session_info->unix_info->sanitized_username =
|
||||||
|
talloc_strdup(session_info->unix_info, tmp);
|
||||||
|
if (session_info->unix_info->sanitized_username == NULL) {
|
||||||
|
TALLOC_FREE(session_info);
|
||||||
|
return NT_STATUS_NO_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
*session_info_out = session_info;
|
||||||
|
return NT_STATUS_OK;
|
||||||
|
}
|
||||||
|
|
||||||
session_info = talloc_zero(mem_ctx, struct auth_session_info);
|
session_info = talloc_zero(mem_ctx, struct auth_session_info);
|
||||||
if (!session_info) {
|
if (!session_info) {
|
||||||
return NT_STATUS_NO_MEMORY;
|
return NT_STATUS_NO_MEMORY;
|
||||||
@ -526,30 +546,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx,
|
|||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (server_info->security_token) {
|
|
||||||
/* Just copy the token, it has already been finalised
|
|
||||||
* (nasty hack to support a cached guest/system session_info
|
|
||||||
*/
|
|
||||||
|
|
||||||
session_info->security_token = dup_nt_token(session_info, server_info->security_token);
|
|
||||||
if (!session_info->security_token) {
|
|
||||||
TALLOC_FREE(session_info);
|
|
||||||
return NT_STATUS_NO_MEMORY;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_info->unix_token->ngroups = server_info->utok.ngroups;
|
|
||||||
if (server_info->utok.ngroups != 0) {
|
|
||||||
session_info->unix_token->groups = (gid_t *)talloc_memdup(
|
|
||||||
session_info->unix_token, server_info->utok.groups,
|
|
||||||
sizeof(gid_t)*session_info->unix_token->ngroups);
|
|
||||||
} else {
|
|
||||||
session_info->unix_token->groups = NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
*session_info_out = session_info;
|
|
||||||
return NT_STATUS_OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* If winbind is not around, we can not make much use of the SIDs the
|
* If winbind is not around, we can not make much use of the SIDs the
|
||||||
* domain controller provided us with. Likewise if the user name was
|
* domain controller provided us with. Likewise if the user name was
|
||||||
@ -1565,12 +1561,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
|
|||||||
* to take the wrong path */
|
* to take the wrong path */
|
||||||
SMB_ASSERT(src->security_token);
|
SMB_ASSERT(src->security_token);
|
||||||
|
|
||||||
dst->security_token = dup_nt_token(dst, src->security_token);
|
|
||||||
if (!dst->security_token) {
|
|
||||||
TALLOC_FREE(dst);
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
dst->session_key = data_blob_talloc( dst, src->session_key.data,
|
dst->session_key = data_blob_talloc( dst, src->session_key.data,
|
||||||
src->session_key.length);
|
src->session_key.length);
|
||||||
|
|
||||||
@ -1593,6 +1583,7 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dst->cached_session_info = src;
|
||||||
return dst;
|
return dst;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -34,15 +34,14 @@ struct auth_serversupplied_info {
|
|||||||
struct security_unix_token utok;
|
struct security_unix_token utok;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* NT group information taken from the info3 structure
|
* A complete auth_session_info
|
||||||
*
|
*
|
||||||
* This is not normally filled in, during the typical
|
* This is not normally filled in, during the typical
|
||||||
* authentication process. If filled in, it has already been
|
* authentication process. If filled in, it has already been
|
||||||
* finalised by a nasty hack to support a cached guest/system
|
* finalised by a nasty hack to support a cached guest/system
|
||||||
* session_info
|
* session_info
|
||||||
*/
|
*/
|
||||||
|
const struct auth_session_info *cached_session_info;
|
||||||
struct security_token *security_token;
|
|
||||||
|
|
||||||
/* These are the intermediate session keys, as provided by a
|
/* These are the intermediate session keys, as provided by a
|
||||||
* NETLOGON server and used by NTLMSSP to negotiate key
|
* NETLOGON server and used by NTLMSSP to negotiate key
|
||||||
|
Loading…
Reference in New Issue
Block a user