1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by removing the unused logon_info argument

This code is only every called in standalone mode on a MIT realm,
it means we never have a PAC and we also don't have winbindd arround.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Stefan Metzmacher 2021-10-08 17:59:59 +02:00 committed by Jule Anger
parent 2609e4297e
commit e8bb009009
3 changed files with 11 additions and 49 deletions

View File

@ -214,7 +214,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
}
status = get_user_from_kerberos_info(tmp_ctx, rhost,
princ_name, NULL,
princ_name,
&is_mapped, &is_guest,
&ntuser, &ntdomain,
&username, &pw);

View File

@ -417,7 +417,6 @@ struct PAC_LOGON_INFO;
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
const char *princ_name,
struct PAC_LOGON_INFO *logon_info,
bool *is_mapped,
bool *mapped_to_guest,
char **ntuser,

View File

@ -31,7 +31,6 @@
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
const char *princ_name,
struct PAC_LOGON_INFO *logon_info,
bool *is_mapped,
bool *mapped_to_guest,
char **ntuser,
@ -40,8 +39,8 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
struct passwd **_pw)
{
NTSTATUS status;
char *domain = NULL;
char *realm = NULL;
const char *domain = NULL;
const char *realm = NULL;
char *user = NULL;
char *p;
char *fuser = NULL;
@ -62,55 +61,16 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
realm = talloc_strdup(talloc_tos(), p + 1);
if (!realm) {
return NT_STATUS_NO_MEMORY;
}
realm = p + 1;
if (!strequal(realm, lp_realm())) {
DEBUG(3, ("Ticket for foreign realm %s@%s\n", user, realm));
if (!lp_allow_trusted_domains()) {
return NT_STATUS_LOGON_FAILURE;
}
}
if (logon_info && logon_info->info3.base.logon_domain.string) {
domain = talloc_strdup(mem_ctx,
logon_info->info3.base.logon_domain.string);
if (!domain) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(10, ("Domain is [%s] (using PAC)\n", domain));
domain = realm;
} else {
/* If we have winbind running, we can (and must) shorten the
username by using the short netbios name. Otherwise we will
have inconsistent user names. With Kerberos, we get the
fully qualified realm, with ntlmssp we get the short
name. And even w2k3 does use ntlmssp if you for example
connect to an ip address. */
wbcErr wbc_status;
struct wbcDomainInfo *info = NULL;
DEBUG(10, ("Mapping [%s] to short name using winbindd\n",
realm));
wbc_status = wbcDomainInfo(realm, &info);
if (WBC_ERROR_IS_OK(wbc_status)) {
domain = talloc_strdup(mem_ctx,
info->short_name);
wbcFreeMemory(info);
} else {
DEBUG(3, ("Could not find short name: %s\n",
wbcErrorString(wbc_status)));
domain = talloc_strdup(mem_ctx, realm);
}
if (!domain) {
return NT_STATUS_NO_MEMORY;
}
DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
domain = lp_workgroup();
}
fuser = talloc_asprintf(mem_ctx,
@ -175,7 +135,11 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
*ntuser = user;
*ntdomain = domain;
*ntdomain = talloc_strdup(mem_ctx, domain);
if (*ntdomain == NULL) {
return NT_STATUS_NO_MEMORY;
}
*_pw = pw;
return NT_STATUS_OK;
@ -282,7 +246,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
const char *cli_name,
const char *princ_name,
struct PAC_LOGON_INFO *logon_info,
bool *is_mapped,
bool *mapped_to_guest,
char **ntuser,