diff options
| author | Günther Deschner <gd@samba.org> | 2007-08-20 15:46:56 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:30:07 -0500 |
| commit | cf131be215048a4f0fc300d9089bd97e02967045 (patch) | |
| tree | 84a61e8ec6f42226c9d562e758424460c18480cb | |
| parent | b2ff8a26636abb49277630846bd7a2a6b9044ad8 (diff) | |
| download | samba-cf131be215048a4f0fc300d9089bd97e02967045.tar.gz samba-cf131be215048a4f0fc300d9089bd97e02967045.tar.bz2 samba-cf131be215048a4f0fc300d9089bd97e02967045.zip | |
r24583: Make sure we don't accept invalid request options.
Thanks to Michael for his bit-magic.
Guenther
(This used to be commit 8a493cce98c5fcc2e498df9ef1ac0f1e3ee6a75e)
| -rw-r--r-- | source3/nsswitch/winbindd_pam.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index b0a14ae4e9..110201dac8 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -579,6 +579,27 @@ failed: #endif /* HAVE_KRB5 */ } +/**************************************************************** +****************************************************************/ + +static BOOL check_request_flags(uint32_t flags) +{ + uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN | + WBFLAG_PAM_UNIX_NAME | + WBFLAG_PAM_INFO3_NDR; + + if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) || + ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) || + ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) || + !(flags & flags_edata) ) { + return True; + } + + DEBUG(1,("check_request_flags: invalid request flags\n")); + + return False; +} + void winbindd_pam_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; @@ -596,6 +617,11 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid, state->request.data.auth.user)); + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + /* Parse domain and username */ ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR ); @@ -1210,6 +1236,11 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid, state->request.data.auth.user)); + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + /* Parse domain and username */ ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR ); @@ -1551,6 +1582,11 @@ void winbindd_pam_auth_crap(struct winbindd_cli_state *state) const char *domain_name = NULL; NTSTATUS result; + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + if (!state->privileged) { char *error_string = NULL; DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access " @@ -1631,6 +1667,11 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0; state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0; + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + name_user = state->request.data.auth_crap.user; if (*state->request.data.auth_crap.domain) { |