From a2a289d0446fedb4ea40834b5b5b190fdca30906 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 2 Mar 2018 17:07:11 +0100 Subject: [PATCH] s3:auth: pass the whole auth_session_info from copy_session_info_serverinfo_guest() to create_local_token() We only need to adjust sanitized_username in order to keep the same behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- source3/auth/auth_util.c | 51 +++++++++++++++++----------------------- source3/include/auth.h | 5 ++-- 2 files changed, 23 insertions(+), 33 deletions(-) diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index ad14cf6d2219..8b7630fd5d7d 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -472,6 +472,26 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, return NT_STATUS_LOGON_FAILURE; } + if (server_info->cached_session_info != NULL) { + session_info = copy_session_info(mem_ctx, + server_info->cached_session_info); + if (session_info == NULL) { + return NT_STATUS_NO_MEMORY; + } + + /* This is a potentially untrusted username for use in %U */ + alpha_strcpy(tmp, smb_username, ". _-$", sizeof(tmp)); + session_info->unix_info->sanitized_username = + talloc_strdup(session_info->unix_info, tmp); + if (session_info->unix_info->sanitized_username == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + + *session_info_out = session_info; + return NT_STATUS_OK; + } + session_info = talloc_zero(mem_ctx, struct auth_session_info); if (!session_info) { return NT_STATUS_NO_MEMORY; @@ -526,30 +546,6 @@ NTSTATUS create_local_token(TALLOC_CTX *mem_ctx, return status; } - if (server_info->security_token) { - /* Just copy the token, it has already been finalised - * (nasty hack to support a cached guest/system session_info - */ - - session_info->security_token = dup_nt_token(session_info, server_info->security_token); - if (!session_info->security_token) { - TALLOC_FREE(session_info); - return NT_STATUS_NO_MEMORY; - } - - session_info->unix_token->ngroups = server_info->utok.ngroups; - if (server_info->utok.ngroups != 0) { - session_info->unix_token->groups = (gid_t *)talloc_memdup( - session_info->unix_token, server_info->utok.groups, - sizeof(gid_t)*session_info->unix_token->ngroups); - } else { - session_info->unix_token->groups = NULL; - } - - *session_info_out = session_info; - return NT_STATUS_OK; - } - /* * If winbind is not around, we can not make much use of the SIDs the * domain controller provided us with. Likewise if the user name was @@ -1565,12 +1561,6 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO * to take the wrong path */ SMB_ASSERT(src->security_token); - dst->security_token = dup_nt_token(dst, src->security_token); - if (!dst->security_token) { - TALLOC_FREE(dst); - return NULL; - } - dst->session_key = data_blob_talloc( dst, src->session_key.data, src->session_key.length); @@ -1593,6 +1583,7 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo_guest(TALLO return NULL; } + dst->cached_session_info = src; return dst; } diff --git a/source3/include/auth.h b/source3/include/auth.h index d30553739649..31a1f2018359 100644 --- a/source3/include/auth.h +++ b/source3/include/auth.h @@ -34,15 +34,14 @@ struct auth_serversupplied_info { struct security_unix_token utok; /* - * NT group information taken from the info3 structure + * A complete auth_session_info * * This is not normally filled in, during the typical * authentication process. If filled in, it has already been * finalised by a nasty hack to support a cached guest/system * session_info */ - - struct security_token *security_token; + const struct auth_session_info *cached_session_info; /* These are the intermediate session keys, as provided by a * NETLOGON server and used by NTLMSSP to negotiate key -- 2.34.1