summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2008-02-15 10:30:15 +0100
committerStefan Metzmacher <metze@samba.org>2008-02-15 11:55:17 +0100
commitb8e0b5cbffb370aa0011cb8c0d4e85378044b99b (patch)
tree42cc146fa9c49d4a80ede658752a649b6c932319
parentf4c8b8553229992df8f78c4325185e7ce050df77 (diff)
downloadsamba-b8e0b5cbffb370aa0011cb8c0d4e85378044b99b.tar.gz
samba-b8e0b5cbffb370aa0011cb8c0d4e85378044b99b.tar.bz2
samba-b8e0b5cbffb370aa0011cb8c0d4e85378044b99b.zip
libwbclient: wbcAuthenticateUserEx() be more strict regarding invalid parameters
metze (This used to be commit 491ba9c0c9d479bc686c75242a3749f14d103fcd)
-rw-r--r--source3/nsswitch/libwbclient/wbc_pam.c60
1 files changed, 48 insertions, 12 deletions
diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c
index e7bcdfe20d..cf56a8b6d6 100644
--- a/source3/nsswitch/libwbclient/wbc_pam.c
+++ b/source3/nsswitch/libwbclient/wbc_pam.c
@@ -265,11 +265,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
struct wbcAuthErrorInfo **error)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
- int cmd;
+ int cmd = 0;
struct winbindd_request request;
struct winbindd_response response;
-
ZERO_STRUCT(request);
ZERO_STRUCT(response);
@@ -282,6 +281,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
BAIL_ON_WBC_ERROR(wbc_status);
}
+ if (!params->account_name) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
/* Initialize request */
switch (params->level) {
@@ -301,12 +305,36 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
WBFLAG_PAM_USER_SESSION_KEY |
WBFLAG_PAM_LMKEY;
+ if (params->password.response.lm_length &&
+ params->password.response.lm_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if (params->password.response.lm_length == 0 &&
+ params->password.response.lm_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
+ if (params->password.response.nt_length &&
+ !params->password.response.nt_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+ if (params->password.response.nt_length == 0&&
+ params->password.response.nt_data) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
strncpy(request.data.auth_crap.user,
params->account_name,
sizeof(request.data.auth_crap.user)-1);
- strncpy(request.data.auth_crap.domain,
- params->domain_name,
- sizeof(request.data.auth_crap.domain)-1);
+ if (params->domain_name) {
+ strncpy(request.data.auth_crap.domain,
+ params->domain_name,
+ sizeof(request.data.auth_crap.domain)-1);
+ }
if (params->workstation_name) {
strncpy(request.data.auth_crap.workstation,
params->workstation_name,
@@ -326,16 +354,24 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.data.auth_crap.nt_resp_len =
MIN(params->password.response.nt_length,
sizeof(request.data.auth_crap.nt_resp));
- memcpy(request.data.auth_crap.lm_resp,
- params->password.response.lm_data,
- request.data.auth_crap.lm_resp_len);
- memcpy(request.data.auth_crap.nt_resp,
- params->password.response.nt_data,
- request.data.auth_crap.nt_resp_len);
-
+ if (params->password.response.lm_data) {
+ memcpy(request.data.auth_crap.lm_resp,
+ params->password.response.lm_data,
+ request.data.auth_crap.lm_resp_len);
+ }
+ if (params->password.response.nt_data) {
+ memcpy(request.data.auth_crap.nt_resp,
+ params->password.response.nt_data,
+ request.data.auth_crap.nt_resp_len);
+ }
break;
}
+ if (cmd == 0) {
+ wbc_status = WBC_ERR_INVALID_PARAM;
+ BAIL_ON_WBC_ERROR(wbc_status);
+ }
+
wbc_status = wbcRequestResponse(cmd,
&request,
&response);