mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
CVE-2020-25717: s3:auth: simplify get_user_from_kerberos_info() by removing the unused logon_info argument
This code is only every called in standalone mode on a MIT realm, it means we never have a PAC and we also don't have winbindd arround. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
parent
2609e4297e
commit
e8bb009009
@ -214,7 +214,7 @@ static NTSTATUS auth3_generate_session_info_pac(struct auth4_context *auth_ctx,
|
||||
}
|
||||
|
||||
status = get_user_from_kerberos_info(tmp_ctx, rhost,
|
||||
princ_name, NULL,
|
||||
princ_name,
|
||||
&is_mapped, &is_guest,
|
||||
&ntuser, &ntdomain,
|
||||
&username, &pw);
|
||||
|
@ -417,7 +417,6 @@ struct PAC_LOGON_INFO;
|
||||
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
const char *cli_name,
|
||||
const char *princ_name,
|
||||
struct PAC_LOGON_INFO *logon_info,
|
||||
bool *is_mapped,
|
||||
bool *mapped_to_guest,
|
||||
char **ntuser,
|
||||
|
@ -31,7 +31,6 @@
|
||||
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
const char *cli_name,
|
||||
const char *princ_name,
|
||||
struct PAC_LOGON_INFO *logon_info,
|
||||
bool *is_mapped,
|
||||
bool *mapped_to_guest,
|
||||
char **ntuser,
|
||||
@ -40,8 +39,8 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
struct passwd **_pw)
|
||||
{
|
||||
NTSTATUS status;
|
||||
char *domain = NULL;
|
||||
char *realm = NULL;
|
||||
const char *domain = NULL;
|
||||
const char *realm = NULL;
|
||||
char *user = NULL;
|
||||
char *p;
|
||||
char *fuser = NULL;
|
||||
@ -62,55 +61,16 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
realm = talloc_strdup(talloc_tos(), p + 1);
|
||||
if (!realm) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
realm = p + 1;
|
||||
|
||||
if (!strequal(realm, lp_realm())) {
|
||||
DEBUG(3, ("Ticket for foreign realm %s@%s\n", user, realm));
|
||||
if (!lp_allow_trusted_domains()) {
|
||||
return NT_STATUS_LOGON_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
if (logon_info && logon_info->info3.base.logon_domain.string) {
|
||||
domain = talloc_strdup(mem_ctx,
|
||||
logon_info->info3.base.logon_domain.string);
|
||||
if (!domain) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
DEBUG(10, ("Domain is [%s] (using PAC)\n", domain));
|
||||
domain = realm;
|
||||
} else {
|
||||
|
||||
/* If we have winbind running, we can (and must) shorten the
|
||||
username by using the short netbios name. Otherwise we will
|
||||
have inconsistent user names. With Kerberos, we get the
|
||||
fully qualified realm, with ntlmssp we get the short
|
||||
name. And even w2k3 does use ntlmssp if you for example
|
||||
connect to an ip address. */
|
||||
|
||||
wbcErr wbc_status;
|
||||
struct wbcDomainInfo *info = NULL;
|
||||
|
||||
DEBUG(10, ("Mapping [%s] to short name using winbindd\n",
|
||||
realm));
|
||||
|
||||
wbc_status = wbcDomainInfo(realm, &info);
|
||||
|
||||
if (WBC_ERROR_IS_OK(wbc_status)) {
|
||||
domain = talloc_strdup(mem_ctx,
|
||||
info->short_name);
|
||||
wbcFreeMemory(info);
|
||||
} else {
|
||||
DEBUG(3, ("Could not find short name: %s\n",
|
||||
wbcErrorString(wbc_status)));
|
||||
domain = talloc_strdup(mem_ctx, realm);
|
||||
}
|
||||
if (!domain) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
DEBUG(10, ("Domain is [%s] (using Winbind)\n", domain));
|
||||
domain = lp_workgroup();
|
||||
}
|
||||
|
||||
fuser = talloc_asprintf(mem_ctx,
|
||||
@ -175,7 +135,11 @@ NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
*ntuser = user;
|
||||
*ntdomain = domain;
|
||||
*ntdomain = talloc_strdup(mem_ctx, domain);
|
||||
if (*ntdomain == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
*_pw = pw;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -282,7 +246,6 @@ NTSTATUS make_session_info_krb5(TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS get_user_from_kerberos_info(TALLOC_CTX *mem_ctx,
|
||||
const char *cli_name,
|
||||
const char *princ_name,
|
||||
struct PAC_LOGON_INFO *logon_info,
|
||||
bool *is_mapped,
|
||||
bool *mapped_to_guest,
|
||||
char **ntuser,
|
||||
|
Loading…
Reference in New Issue
Block a user