Ignore:
Timestamp:
Nov 24, 2016, 1:14:11 PM (9 years ago)
Author:
Silvan Scherrer
Message:

Samba Server: update vendor to version 4.4.3

File:
1 edited

Legend:

Unmodified
Added
Removed

  • vendor/current/source4/auth/session.c

    r740 r988  
    3333#include "system/kerberos.h"
    3434#include <gssapi/gssapi.h>
     35#include "libcli/wbclient/wbclient.h"
    3536
    3637_PUBLIC_ struct auth_session_info *anonymous_session(TALLOC_CTX *mem_ctx,
     
    6566        NT_STATUS_HAVE_NO_MEMORY(tmp_ctx);
    6667
    67         session_info = talloc(tmp_ctx, struct auth_session_info);
    68         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info, tmp_ctx);
     68        session_info = talloc_zero(tmp_ctx, struct auth_session_info);
     69        if (session_info == NULL) {
     70                TALLOC_FREE(tmp_ctx);
     71                return NT_STATUS_NO_MEMORY;
     72        }
    6973
    7074        session_info->info = talloc_reference(session_info, user_info_dc->info);
    7175
    7276        session_info->torture = talloc_zero(session_info, struct auth_user_info_torture);
    73         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->torture, tmp_ctx);
     77        if (session_info->torture == NULL) {
     78                TALLOC_FREE(tmp_ctx);
     79                return NT_STATUS_NO_MEMORY;
     80        }
    7481        session_info->torture->num_dc_sids = user_info_dc->num_sids;
    7582        session_info->torture->dc_sids = talloc_reference(session_info, user_info_dc->sids);
    76         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->torture->dc_sids, tmp_ctx);
     83        if (session_info->torture->dc_sids == NULL) {
     84                TALLOC_FREE(tmp_ctx);
     85                return NT_STATUS_NO_MEMORY;
     86        }
    7787
    7888        /* unless set otherwise, the session key is the user session
     
    8090        session_info->session_key = data_blob_talloc(session_info, user_info_dc->user_session_key.data, user_info_dc->user_session_key.length);
    8191        if (!session_info->session_key.data && session_info->session_key.length) {
    82                 NT_STATUS_HAVE_NO_MEMORY_AND_FREE(session_info->session_key.data, tmp_ctx);
     92                if (session_info->session_key.data == NULL) {
     93                        TALLOC_FREE(tmp_ctx);
     94                        return NT_STATUS_NO_MEMORY;
     95                }
    8396        }
    8497
    8598        anonymous_sid = dom_sid_parse_talloc(tmp_ctx, SID_NT_ANONYMOUS);
    86         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(anonymous_sid, tmp_ctx);
     99        if (anonymous_sid == NULL) {
     100                TALLOC_FREE(tmp_ctx);
     101                return NT_STATUS_NO_MEMORY;
     102        }
    87103
    88104        system_sid = dom_sid_parse_talloc(tmp_ctx, SID_NT_SYSTEM);
    89         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(system_sid, tmp_ctx);
     105        if (system_sid == NULL) {
     106                TALLOC_FREE(tmp_ctx);
     107                return NT_STATUS_NO_MEMORY;
     108        }
    90109
    91110        sids = talloc_array(tmp_ctx, struct dom_sid, user_info_dc->num_sids);
    92         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sids, tmp_ctx);
     111        if (sids == NULL) {
     112                TALLOC_FREE(tmp_ctx);
     113                return NT_STATUS_NO_MEMORY;
     114        }
    93115        if (!sids) {
    94116                talloc_free(tmp_ctx);
     
    102124        }
    103125
    104         if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(anonymous_sid, &user_info_dc->sids[PRIMARY_USER_SID_INDEX])) {
     126        /*
     127         * Finally add the "standard" sids.
     128         * The only difference between guest and "anonymous"
     129         * is the addition of Authenticated_Users.
     130         */
     131
     132        if (session_info_flags & AUTH_SESSION_INFO_DEFAULT_GROUPS) {
     133                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 2);
     134                NT_STATUS_HAVE_NO_MEMORY(sids);
     135
     136                if (!dom_sid_parse(SID_WORLD, &sids[num_sids])) {
     137                        return NT_STATUS_INTERNAL_ERROR;
     138                }
     139                num_sids++;
     140
     141                if (!dom_sid_parse(SID_NT_NETWORK, &sids[num_sids])) {
     142                        return NT_STATUS_INTERNAL_ERROR;
     143                }
     144                num_sids++;
     145        }
     146
     147        if (session_info_flags & AUTH_SESSION_INFO_AUTHENTICATED) {
     148                sids = talloc_realloc(tmp_ctx, sids, struct dom_sid, num_sids + 1);
     149                NT_STATUS_HAVE_NO_MEMORY(sids);
     150
     151                if (!dom_sid_parse(SID_NT_AUTHENTICATED_USERS, &sids[num_sids])) {
     152                        return NT_STATUS_INTERNAL_ERROR;
     153                }
     154                num_sids++;
     155        }
     156
     157
     158
     159        if (num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(anonymous_sid, &sids[PRIMARY_USER_SID_INDEX])) {
    105160                /* Don't expand nested groups of system, anonymous etc*/
    106         } else if (user_info_dc->num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(system_sid, &user_info_dc->sids[PRIMARY_USER_SID_INDEX])) {
     161        } else if (num_sids > PRIMARY_USER_SID_INDEX && dom_sid_equal(system_sid, &sids[PRIMARY_USER_SID_INDEX])) {
    107162                /* Don't expand nested groups of system, anonymous etc*/
    108163        } else if (sam_ctx) {
     
    111166
    112167                /* Search for each group in the token */
    113                 for (i = 0; i < user_info_dc->num_sids; i++) {
     168                for (i = 0; i < num_sids; i++) {
    114169                        char *sid_string;
    115170                        const char *sid_dn;
    116171                        DATA_BLOB sid_blob;
    117                        
     172
    118173                        sid_string = dom_sid_string(tmp_ctx,
    119                                                       &user_info_dc->sids[i]);
    120                         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_string, user_info_dc);
     174                                                      &sids[i]);
     175                        if (sid_string == NULL) {
     176                                TALLOC_FREE(user_info_dc);
     177                                return NT_STATUS_NO_MEMORY;
     178                        }
    121179                       
    122180                        sid_dn = talloc_asprintf(tmp_ctx, "<SID=%s>", sid_string);
    123181                        talloc_free(sid_string);
    124                         NT_STATUS_HAVE_NO_MEMORY_AND_FREE(sid_dn, user_info_dc);
     182                        if (sid_dn == NULL) {
     183                                TALLOC_FREE(user_info_dc);
     184                                return NT_STATUS_NO_MEMORY;
     185                        }
    125186                        sid_blob = data_blob_string_const(sid_dn);
    126187                       
     
    146207                                          session_info_flags,
    147208                                          &session_info->security_token);
    148         NT_STATUS_NOT_OK_RETURN_AND_FREE(nt_status, tmp_ctx);
     209        if (!NT_STATUS_IS_OK(nt_status)) {
     210                TALLOC_FREE(tmp_ctx);
     211                return nt_status;
     212        }
    149213
    150214        session_info->credentials = NULL;
     
    156220}
    157221
    158 /* Create a session_info structure from the
    159  * auth_session_info_transport we were forwarded over named pipe
    160  * forwarding.
     222
     223/* Fill out the auth_session_info with a cli_credentials based on the
     224 * auth_session_info we were forwarded over named pipe forwarding.
    161225 *
    162226 * NOTE: The stucture members of session_info_transport are stolen
     
    169233{
    170234        struct auth_session_info *session_info;
    171         session_info = talloc_zero(mem_ctx, struct auth_session_info);
    172         if (!session_info) {
    173                 *reason = "failed to allocate session_info";
    174                 return NULL;
    175         }
    176 
    177         session_info->security_token = talloc_move(session_info, &session_info_transport->security_token);
    178         session_info->info = talloc_move(session_info, &session_info_transport->info);
    179         session_info->session_key = session_info_transport->session_key;
    180         session_info->session_key.data = talloc_move(session_info, &session_info_transport->session_key.data);
    181 
     235        session_info = talloc_steal(mem_ctx, session_info_transport->session_info);
     236        /*
     237         * This is to allow us to check the type of this pointer using
     238         * talloc_get_type()
     239         */
     240        talloc_set_name(session_info, "struct auth_session_info");
     241#ifdef HAVE_GSS_IMPORT_CRED
    182242        if (session_info_transport->exported_gssapi_credentials.length) {
    183243                struct cli_credentials *creds;
     
    230290
    231291        }
    232 
     292#endif
    233293        return session_info;
    234294}
     
    237297/* Create a auth_session_info_transport from an auth_session_info.
    238298 *
    239  * NOTE: Members of the auth_session_info_transport structure are not talloc_referenced, but simply assigned.  They are only valid for the lifetime of the struct auth_session_info
    240  *
    241  * This isn't normally an issue, as the auth_session_info has a very long typical life
     299 * NOTE: Members of the auth_session_info_transport structure are
     300 * talloc_referenced() into this structure, and should not be changed.
    242301 */
    243302NTSTATUS auth_session_info_transport_from_session(TALLOC_CTX *mem_ctx,
     
    248307{
    249308
    250         struct auth_session_info_transport *session_info_transport = talloc_zero(mem_ctx, struct auth_session_info_transport);
    251         session_info_transport->security_token = talloc_reference(session_info, session_info->security_token);
    252         NT_STATUS_HAVE_NO_MEMORY(session_info_transport->security_token);
    253 
    254         session_info_transport->info = talloc_reference(session_info, session_info->info);
    255         NT_STATUS_HAVE_NO_MEMORY(session_info_transport->info);
    256 
    257         session_info_transport->session_key = session_info->session_key;
    258         session_info_transport->session_key.data = talloc_reference(session_info, session_info->session_key.data);
    259         if (!session_info_transport->session_key.data && session_info->session_key.length) {
    260                 return NT_STATUS_NO_MEMORY;
    261         }
    262 
     309        struct auth_session_info_transport *session_info_transport
     310                = talloc_zero(mem_ctx, struct auth_session_info_transport);
     311        if (!session_info_transport) {
     312                return NT_STATUS_NO_MEMORY;
     313        };
     314        session_info_transport->session_info = talloc_reference(session_info_transport, session_info);
     315        if (!session_info_transport->session_info) {
     316                return NT_STATUS_NO_MEMORY;
     317        };
     318#ifdef HAVE_GSS_EXPORT_CRED
    263319        if (session_info->credentials) {
    264320                struct gssapi_creds_container *gcc;
     
    294350                }
    295351        }
     352#endif
    296353        *transport_out = session_info_transport;
    297354        return NT_STATUS_OK;
     
    350407        security_token_debug(0, dbg_lev, session_info->security_token);
    351408}
    352 
Note: See TracChangeset for help on using the changeset viewer.