summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2007-08-20 15:46:56 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:30:07 -0500
commitcf131be215048a4f0fc300d9089bd97e02967045 (patch)
tree84a61e8ec6f42226c9d562e758424460c18480cb
parentb2ff8a26636abb49277630846bd7a2a6b9044ad8 (diff)
downloadsamba-cf131be215048a4f0fc300d9089bd97e02967045.tar.gz
samba-cf131be215048a4f0fc300d9089bd97e02967045.tar.bz2
samba-cf131be215048a4f0fc300d9089bd97e02967045.zip
r24583: Make sure we don't accept invalid request options.
Thanks to Michael for his bit-magic. Guenther (This used to be commit 8a493cce98c5fcc2e498df9ef1ac0f1e3ee6a75e)
-rw-r--r--source3/nsswitch/winbindd_pam.c41
1 files changed, 41 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index b0a14ae4e9..110201dac8 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -579,6 +579,27 @@ failed:
#endif /* HAVE_KRB5 */
}
+/****************************************************************
+****************************************************************/
+
+static BOOL check_request_flags(uint32_t flags)
+{
+ uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN |
+ WBFLAG_PAM_UNIX_NAME |
+ WBFLAG_PAM_INFO3_NDR;
+
+ if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) ||
+ ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) ||
+ !(flags & flags_edata) ) {
+ return True;
+ }
+
+ DEBUG(1,("check_request_flags: invalid request flags\n"));
+
+ return False;
+}
+
void winbindd_pam_auth(struct winbindd_cli_state *state)
{
struct winbindd_domain *domain;
@@ -596,6 +617,11 @@ void winbindd_pam_auth(struct winbindd_cli_state *state)
DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1210,6 +1236,11 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid,
state->request.data.auth.user));
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
/* Parse domain and username */
ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR );
@@ -1551,6 +1582,11 @@ void winbindd_pam_auth_crap(struct winbindd_cli_state *state)
const char *domain_name = NULL;
NTSTATUS result;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
if (!state->privileged) {
char *error_string = NULL;
DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access "
@@ -1631,6 +1667,11 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0;
state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0;
+ if (!check_request_flags(state->request.flags)) {
+ result = NT_STATUS_INVALID_PARAMETER_MIX;
+ goto done;
+ }
+
name_user = state->request.data.auth_crap.user;
if (*state->request.data.auth_crap.domain) {