diff options
-rw-r--r-- | source3/auth/auth_util.c | 63 |
1 files changed, 53 insertions, 10 deletions
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c index e07d687d35..790b2f0624 100644 --- a/source3/auth/auth_util.c +++ b/source3/auth/auth_util.c @@ -485,6 +485,14 @@ static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx) return result; } +static char *sanitize_username(TALLOC_CTX *mem_ctx, const char *username) +{ + fstring tmp; + + alpha_strcpy(tmp, username, ". _-$", sizeof(tmp)); + return talloc_strdup(mem_ctx, tmp); +} + /*************************************************************************** Make (and fill) a user_info struct from a struct samu ***************************************************************************/ @@ -523,6 +531,13 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, TALLOC_FREE(pwd); + result->sanitized_username = sanitize_username(result, + result->unix_name); + if (result->sanitized_username == NULL) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + status = pdb_enum_group_memberships(result, sampass, &result->sids, &gids, &result->num_sids); @@ -983,7 +998,6 @@ bool user_in_group(const char *username, const char *groupname) return user_in_group_sid(username, &group_sid); } - /*************************************************************************** Make (and fill) a server_info struct from a 'struct passwd' by conversion to a struct samu @@ -1018,7 +1032,17 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info, } result->sam_account = sampass; + result->unix_name = talloc_strdup(result, unix_username); + result->sanitized_username = sanitize_username(result, unix_username); + + if ((result->unix_name == NULL) + || (result->sanitized_username == NULL)) { + TALLOC_FREE(sampass); + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + result->uid = pwd->pw_uid; result->gid = pwd->pw_gid; @@ -1162,22 +1186,25 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx, struct auth_serversupplied_info **presult) { struct auth_serversupplied_info *result; + struct passwd *pwd; NTSTATUS status; - result = make_server_info(mem_ctx); - if (result == NULL) { - return NT_STATUS_NO_MEMORY; + pwd = getpwnam_alloc(talloc_tos(), username); + if (pwd == NULL) { + return NT_STATUS_NO_SUCH_USER; } - result->nss_token = true; - result->guest = is_guest; + status = make_server_info_pw(&result, pwd->pw_name, pwd); - result->unix_name = talloc_strdup(result, username); - if (result->unix_name == NULL) { - TALLOC_FREE(result); - return NT_STATUS_NO_MEMORY; + TALLOC_FREE(pwd); + + if (!NT_STATUS_IS_OK(status)) { + return status; } + result->nss_token = true; + result->guest = is_guest; + status = create_local_token(result); if (!NT_STATUS_IS_OK(status)) { @@ -1624,6 +1651,13 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx, result->sam_account = sam_account; result->unix_name = talloc_strdup(result, found_username); + result->sanitized_username = sanitize_username(result, + result->unix_name); + if (result->sanitized_username == NULL) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + /* Fill in the unix info we found on the way */ result->uid = uid; @@ -1859,8 +1893,17 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx, result->sam_account = sam_account; result->unix_name = talloc_strdup(result, found_username); + result->sanitized_username = sanitize_username(result, + result->unix_name); result->login_server = talloc_strdup(result, info->logon_server); + if ((result->unix_name == NULL) + || (result->sanitized_username == NULL) + || (result->login_server == NULL)) { + TALLOC_FREE(result); + return NT_STATUS_NO_MEMORY; + } + /* Fill in the unix info we found on the way */ result->uid = uid; |