summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-07-15 18:05:42 +1000
committerAndrew Bartlett <abartlet@samba.org>2011-07-20 09:17:11 +1000
commitd22ff66afa9215a7a918c33abc55288e4efae8b6 (patch)
tree434a07b5528c3799e878e6c58f11990be9582937
parentba53498c66f5b27602c3f6fe0866729177e211c8 (diff)
downloadsamba-d22ff66afa9215a7a918c33abc55288e4efae8b6.tar.gz
samba-d22ff66afa9215a7a918c33abc55288e4efae8b6.tar.bz2
samba-d22ff66afa9215a7a918c33abc55288e4efae8b6.zip
s3-auth assert that security_token is present in the copy, and explain why nss_token can be skipped
Signed-off-by: Andrew Tridgell <tridge@samba.org>
-rw-r--r--source3/auth/auth_util.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index acef47907f..f399acb476 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -907,7 +907,13 @@ NTSTATUS make_session_info_from_username(TALLOC_CTX *mem_ctx,
return status;
}
-/* This function MUST only used to create the cached server_info for guest */
+/* This function MUST only used to create the cached server_info for
+ * guest.
+ *
+ * This is a lossy conversion. Variables known to be lost so far
+ * include: nss_token (not needed because the only read doesn't happen
+ * for the GUEST user, as this routine populates ->security_token
+ */
static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX *mem_ctx,
const struct auth3_session_info *src)
{
@@ -937,12 +943,15 @@ static struct auth_serversupplied_info *copy_session_info_serverinfo(TALLOC_CTX
dst->utok.groups = NULL;
}
- if (src->security_token) {
- dst->security_token = dup_nt_token(dst, src->security_token);
- if (!dst->security_token) {
- TALLOC_FREE(dst);
- return NULL;
- }
+ /* We must have a security_token as otherwise the lossy
+ * conversion without nss_token would cause create_local_token
+ * to take the wrong path */
+ SMB_ASSERT(src->security_token);
+
+ dst->security_token = dup_nt_token(dst, src->security_token);
+ if (!dst->security_token) {
+ TALLOC_FREE(dst);
+ return NULL;
}
dst->session_key = data_blob_talloc( dst, src->session_key.data,