diff options
Diffstat (limited to 'source3/smbd/password.c')
-rw-r--r-- | source3/smbd/password.c | 70 |
1 files changed, 45 insertions, 25 deletions
diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 995abbf663..80b541584d 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -669,46 +669,51 @@ static char *validate_group(char *group, DATA_BLOB password,int snum) /* * As user_ok can recurse doing a getgrent(), we must - * copy the member list into a pstring on the stack before + * copy the member list onto the heap before * use. Bug pointed out by leon@eatworms.swmed.edu. */ if (gptr) { - pstring member_list; + char *member_list = NULL; + size_t list_len = 0; char *member; - size_t copied_len = 0; int i; + for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { + list_len += strlen(gptr->gr_mem[i])+1; + } + list_len++; + + member_list = SMB_MALLOC(list_len); + if (!member_list) { + endgrent(); + return NULL; + } + *member_list = '\0'; member = member_list; for(i = 0; gptr->gr_mem && gptr->gr_mem[i]; i++) { size_t member_len = strlen(gptr->gr_mem[i])+1; - if(copied_len+member_len < sizeof(pstring)) { - - DEBUG(10,("validate_group: = gr_mem = " - "%s\n", gptr->gr_mem[i])); - - safe_strcpy(member, gptr->gr_mem[i], - sizeof(pstring) - - copied_len - 1); - copied_len += member_len; - member += copied_len; - } else { - *member = '\0'; - } + + DEBUG(10,("validate_group: = gr_mem = " + "%s\n", gptr->gr_mem[i])); + + safe_strcpy(member, gptr->gr_mem[i], + list_len - (member-member_list)); + member += member_len; } endgrent(); member = member_list; while (*member) { - static fstring name; - fstrcpy(name,member); - if (user_ok(name,snum) && - password_ok(name,password)) { - endgrent(); - return(&name[0]); + if (user_ok(member,snum) && + password_ok(member,password)) { + char *name = talloc_strdup(talloc_tos(), + member); + SAFE_FREE(member_list); + return name; } DEBUG(10,("validate_group = member = %s\n", @@ -716,6 +721,8 @@ static char *validate_group(char *group, DATA_BLOB password,int snum) member += strlen(member) + 1; } + + SAFE_FREE(member_list); } else { endgrent(); return NULL; @@ -790,11 +797,22 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, /* check the user= fields and the given password */ if (!ok && lp_username(snum)) { + TALLOC_CTX *ctx = talloc_tos(); char *auser; - pstring user_list; - pstrcpy(user_list,lp_username(snum)); + char *user_list = talloc_strdup(ctx, lp_username(snum)); + + if (!user_list) { + goto check_guest; + } - pstring_sub(user_list,"%S",lp_servicename(snum)); + user_list = talloc_string_sub(ctx, + user_list, + "%S", + lp_servicename(snum)); + + if (!user_list) { + goto check_guest; + } for (auser=strtok(user_list,LIST_SEP); auser && !ok; auser = strtok(NULL,LIST_SEP)) { @@ -823,6 +841,8 @@ bool authorise_login(int snum, fstring user, DATA_BLOB password, } } + check_guest: + /* check for a normal guest connection */ if (!ok && GUEST_OK(snum)) { fstring guestname; |