1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-08 21:18:16 +03:00

CVE-2020-25717 auth4: Remove sync check_password from auth_operations

Remove complexity in the data structures, and pushes the async-ness
one level down.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 254af19ba8)
This commit is contained in:
Volker Lendecke 2021-04-14 22:24:44 +02:00 committed by Jule Anger
parent 3815c92cc8
commit d92787c05a
2 changed files with 4 additions and 44 deletions

View File

@ -61,10 +61,6 @@ struct auth_operations {
/* Given the user supplied info, check a password */
NTSTATUS (*check_password)(struct auth_method_context *ctx, TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
struct auth_user_info_dc **interim_info,
bool *authoritative);
struct tevent_req *(*check_password_send)(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct auth_method_context *ctx,

View File

@ -332,7 +332,6 @@ static void auth_check_password_next(struct tevent_req *req)
struct auth_check_password_state *state =
tevent_req_data(req, struct auth_check_password_state);
struct tevent_req *subreq = NULL;
bool authoritative = true;
NTSTATUS status;
if (state->method == NULL) {
@ -357,47 +356,12 @@ static void auth_check_password_next(struct tevent_req *req)
return;
}
if (state->method->ops->check_password_send != NULL) {
subreq = state->method->ops->check_password_send(state,
state->ev,
state->method,
state->user_info);
if (tevent_req_nomem(subreq, req)) {
return;
}
tevent_req_set_callback(subreq,
auth_check_password_done,
req);
subreq = state->method->ops->check_password_send(
state, state->ev, state->method, state->user_info);
if (tevent_req_nomem(subreq, req)) {
return;
}
if (state->method->ops->check_password == NULL) {
tevent_req_nterror(req, NT_STATUS_INTERNAL_ERROR);
return;
}
status = state->method->ops->check_password(state->method,
state,
state->user_info,
&state->user_info_dc,
&authoritative);
if (!authoritative ||
NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) {
DEBUG(11,("auth_check_password_send: "
"%s passes to the next method\n",
state->method->ops->name));
state->method = state->method->next;
auth_check_password_next(req);
return;
}
/* the backend has handled the request */
if (tevent_req_nterror(req, status)) {
return;
}
tevent_req_done(req);
tevent_req_set_callback(subreq, auth_check_password_done, req);
}
static void auth_check_password_done(struct tevent_req *subreq)