svn commit: samba r24583 - in branches: SAMBA_3_2/source/nsswitch
SAMBA_3_2_0/source/nsswitch
gd at samba.org
gd at samba.org
Mon Aug 20 15:46:56 GMT 2007
Author: gd
Date: 2007-08-20 15:46:56 +0000 (Mon, 20 Aug 2007)
New Revision: 24583
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24583
Log:
Make sure we don't accept invalid request options.
Thanks to Michael for his bit-magic.
Guenther
Modified:
branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c
Changeset:
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c 2007-08-20 13:57:55 UTC (rev 24582)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c 2007-08-20 15:46:56 UTC (rev 24583)
@@ -579,6 +579,27 @@
#endif /* HAVE_KRB5 */
}
+/****************************************************************
+****************************************************************/
+
+static BOOL check_request_flags(uint32_t flags)
+{
+ uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
+ WBFLAG_PAM_UNIX_NAME |
+ WBFLAG_PAM_INFO3_NDR;
+
+ if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+ !(flags & flags_edata) ) {
+ return True;
+ }
+
+ DEBUG(1,("check_request_flags: invalid request flags\n"));
+
+ return False;
+}
+
void winbindd_pam_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
@@ -596,6 +617,11 @@
DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1210,6 +1236,11 @@
DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1551,6 +1582,11 @@
const char *domain_name = NULL;
NTSTATUS result;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
if (!state->privileged) {
char *error_string = NULL;
DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access "
@@ -1631,6 +1667,11 @@
state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
name_user = state->request.data.auth_crap.user;
if (*state->request.data.auth_crap.domain) {
Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c 2007-08-20 13:57:55 UTC (rev 24582)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c 2007-08-20 15:46:56 UTC (rev 24583)
@@ -579,6 +579,27 @@
#endif /* HAVE_KRB5 */
}
+/****************************************************************
+****************************************************************/
+
+static BOOL check_request_flags(uint32_t flags)
+{
+ uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
+ WBFLAG_PAM_UNIX_NAME |
+ WBFLAG_PAM_INFO3_NDR;
+
+ if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+ !(flags & flags_edata) ) {
+ return True;
+ }
+
+ DEBUG(1,("check_request_flags: invalid request flags\n"));
+
+ return False;
+}
+
void winbindd_pam_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
@@ -596,6 +617,11 @@
DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1185,6 +1211,11 @@
DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1526,6 +1557,11 @@
const char *domain_name = NULL;
NTSTATUS result;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
if (!state->privileged) {
char *error_string = NULL;
DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access "
@@ -1606,6 +1642,11 @@
state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
name_user = state->request.data.auth_crap.user;
if (*state->request.data.auth_crap.domain) {
More information about the samba-cvs
mailing list