svn commit: samba r24583 - in branches: SAMBA_3_2/source/nsswitch SAMBA_3_2_0/source/nsswitch

[gd at samba.org]

Author: gd
Date: 2007-08-20 15:46:56 +0000 (Mon, 20 Aug 2007)
New Revision: 24583

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=24583

Log:
Make sure we don't accept invalid request options.
Thanks to Michael for his bit-magic.

Guenther

Modified:
   branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
   branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c


Changeset:
Modified: branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c	2007-08-20 13:57:55 UTC (rev 24582)
+++ branches/SAMBA_3_2/source/nsswitch/winbindd_pam.c	2007-08-20 15:46:56 UTC (rev 24583)
@@ -579,6 +579,27 @@
 #endif /* HAVE_KRB5 */
 }
 
+/****************************************************************
+****************************************************************/
+
+static BOOL check_request_flags(uint32_t flags)
+{
+	uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
+			       WBFLAG_PAM_UNIX_NAME |
+			       WBFLAG_PAM_INFO3_NDR;
+
+	if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
+	     ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
+	     ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+	      !(flags & flags_edata) ) {
+		return True;
+	}
+
+	DEBUG(1,("check_request_flags: invalid request flags\n"));
+
+	return False;
+}
+
 void winbindd_pam_auth(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain;
@@ -596,6 +617,11 @@
 	DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
 		  state->request.data.auth.user));
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	/* Parse domain and username */
 	
 	ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1210,6 +1236,11 @@
 	DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
 		  state->request.data.auth.user));
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	/* Parse domain and username */
 	
 	ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1551,6 +1582,11 @@
 	const char *domain_name = NULL;
 	NTSTATUS result;
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	if (!state->privileged) {
 		char *error_string = NULL;
 		DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access "
@@ -1631,6 +1667,11 @@
 	state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
 	state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	name_user = state->request.data.auth_crap.user;
 
 	if (*state->request.data.auth_crap.domain) {

Modified: branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c
===================================================================
--- branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c	2007-08-20 13:57:55 UTC (rev 24582)
+++ branches/SAMBA_3_2_0/source/nsswitch/winbindd_pam.c	2007-08-20 15:46:56 UTC (rev 24583)
@@ -579,6 +579,27 @@
 #endif /* HAVE_KRB5 */
 }
 
+/****************************************************************
+****************************************************************/
+
+static BOOL check_request_flags(uint32_t flags)
+{
+	uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
+			       WBFLAG_PAM_UNIX_NAME |
+			       WBFLAG_PAM_INFO3_NDR;
+
+	if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
+	     ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
+	     ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+	      !(flags & flags_edata) ) {
+		return True;
+	}
+
+	DEBUG(1,("check_request_flags: invalid request flags\n"));
+
+	return False;
+}
+
 void winbindd_pam_auth(struct winbindd_cli_state *state)
 {
 	struct winbindd_domain *domain;
@@ -596,6 +617,11 @@
 	DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
 		  state->request.data.auth.user));
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	/* Parse domain and username */
 	
 	ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1185,6 +1211,11 @@
 	DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
 		  state->request.data.auth.user));
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	/* Parse domain and username */
 	
 	ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1526,6 +1557,11 @@
 	const char *domain_name = NULL;
 	NTSTATUS result;
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	if (!state->privileged) {
 		char *error_string = NULL;
 		DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access "
@@ -1606,6 +1642,11 @@
 	state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
 	state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
 
+	if (!check_request_flags(state->request.flags)) {
+		result = NT_STATUS_INVALID_PARAMETER_MIX;
+		goto done;
+	}
+
 	name_user = state->request.data.auth_crap.user;
 
 	if (*state->request.data.auth_crap.domain) {