The branch, master has been updated via aa57604 s3:smbd: fix anonymous authentication if signing is mandatory via 825cce1 s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete from 84aea20 ctdb: Fix CID 1327222 Copy into fixed size buffer
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit aa5760433b219de7b41d35ca7ad6d4d702b89adf Author: Stefan Metzmacher <me...@samba.org> Date: Wed May 18 09:56:02 2016 +0200 s3:smbd: fix anonymous authentication if signing is mandatory BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Wed May 18 15:49:46 CEST 2016 on sn-devel-144 commit 825cce1f88b797c80116769e1755328dee2ba0e1 Author: Stefan Metzmacher <me...@samba.org> Date: Wed May 11 17:59:32 2016 +0200 s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete The generate_session_info() function maybe called more than once per session. Some may try to look/dereference session_info->security_token, so we provide simplified token. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Reviewed-by: Günther Deschner <g...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/smbd/sesssetup.c | 8 ++++++-- source3/utils/ntlm_auth.c | 51 ++++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 52 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 62dc49e..c058eac 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -130,6 +130,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) struct smbXsrv_connection *xconn = req->xconn; struct smbd_server_connection *sconn = req->sconn; uint16_t action = 0; + bool is_authenticated = false; NTTIME now = timeval_to_nttime(&req->request_time); struct smbXsrv_session *session = NULL; uint16_t smb_bufsize = SVAL(req->vwv+2, 0); @@ -336,12 +337,13 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) sconn->num_users++; if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { + is_authenticated = true; session->compat->homes_snum = register_homes_share(session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(xconn) && - action == 0 && + is_authenticated && session->global->signing_key.length > 0) { /* @@ -601,6 +603,7 @@ void reply_sesssetup_and_X(struct smb_request *req) struct auth_session_info *session_info = NULL; uint16_t smb_flag2 = req->flags2; uint16_t action = 0; + bool is_authenticated = false; NTTIME now = timeval_to_nttime(&req->request_time); struct smbXsrv_session *session = NULL; NTSTATUS nt_status; @@ -1038,12 +1041,13 @@ void reply_sesssetup_and_X(struct smb_request *req) sconn->num_users++; if (security_session_user_level(session_info, NULL) >= SECURITY_USER) { + is_authenticated = true; session->compat->homes_snum = register_homes_share(session_info->unix_info->unix_name); } if (srv_is_signing_negotiated(xconn) && - action == 0 && + is_authenticated && session->global->signing_key.length > 0) { /* diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index e19bc7e..ed6b2f4 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -27,6 +27,7 @@ #include "includes.h" #include "lib/param/param.h" #include "popt_common.h" +#include "libcli/security/security.h" #include "utils/ntlm_auth.h" #include "../libcli/auth/libcli_auth.h" #include "auth/ntlmssp/ntlmssp.h" @@ -716,18 +717,58 @@ static NTSTATUS ntlm_auth_generate_session_info(struct auth4_context *auth_conte uint32_t session_info_flags, struct auth_session_info **session_info_out) { - char *unix_username = (char *)server_returned_info; - struct auth_session_info *session_info = talloc_zero(mem_ctx, struct auth_session_info); - if (!session_info) { + const char *unix_username = (const char *)server_returned_info; + bool ok; + struct dom_sid *sids = NULL; + struct auth_session_info *session_info = NULL; + + session_info = talloc_zero(mem_ctx, struct auth_session_info); + if (session_info == NULL) { return NT_STATUS_NO_MEMORY; } session_info->unix_info = talloc_zero(session_info, struct auth_user_info_unix); - if (!session_info->unix_info) { + if (session_info->unix_info == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + session_info->unix_info->unix_name = talloc_strdup(session_info->unix_info, + unix_username); + if (session_info->unix_info->unix_name == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + + session_info->security_token = talloc_zero(session_info, struct security_token); + if (session_info->security_token == NULL) { TALLOC_FREE(session_info); return NT_STATUS_NO_MEMORY; } - session_info->unix_info->unix_name = talloc_steal(session_info->unix_info, unix_username); + + sids = talloc_zero_array(session_info->security_token, + struct dom_sid, 3); + if (sids == NULL) { + TALLOC_FREE(session_info); + return NT_STATUS_NO_MEMORY; + } + ok = dom_sid_parse(SID_WORLD, &sids[0]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_NETWORK, &sids[1]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + ok = dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[2]); + if (!ok) { + TALLOC_FREE(session_info); + return NT_STATUS_INTERNAL_ERROR; + } + + session_info->security_token->num_sids = talloc_array_length(sids); + session_info->security_token->sids = sids; *session_info_out = session_info; -- Samba Shared Repository