summaryrefslogtreecommitdiff
path: root/source3/smbd/sesssetup.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/sesssetup.c')
-rw-r--r--source3/smbd/sesssetup.c27
1 files changed, 16 insertions, 11 deletions
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index e408cc88e9..bb7d17be56 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -168,8 +168,6 @@ static int reply_spnego_kerberos(connection_struct *conn,
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- data_blob_free(&auth_data);
-
DEBUG(3,("Ticket name is [%s]\n", client));
p = strchr_m(client, '@');
@@ -221,10 +219,10 @@ static int reply_spnego_kerberos(connection_struct *conn,
return ERROR_NT(ret);
}
- /* register_vuid keeps the server info */
sess_vuid = register_vuid(server_info, user);
free(user);
+ free_server_info(&server_info);
if (sess_vuid == -1) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
@@ -265,10 +263,8 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *outbuf,
if (NT_STATUS_IS_OK(nt_status)) {
int sess_vuid;
- /* register_vuid keeps the server info */
- sess_vuid = register_vuid(server_info, (*auth_ntlmssp_state)->ntlmssp_state->user);
- (*auth_ntlmssp_state)->server_info = NULL;
-
+ sess_vuid = register_vuid(server_info, (*auth_ntlmssp_state)->ntlmssp_state->user /* check this for weird */);
+
if (sess_vuid == -1) {
nt_status = NT_STATUS_LOGON_FAILURE;
} else {
@@ -276,7 +272,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *outbuf,
set_message(outbuf,4,0,True);
SSVAL(outbuf, smb_vwv3, 0);
- if (server_info->guest) {
+ if ((*auth_ntlmssp_state)->server_info && (*auth_ntlmssp_state)->server_info->guest) {
SSVAL(outbuf,smb_vwv2,1);
}
@@ -289,7 +285,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *outbuf,
data_blob_free(&response);
if (!ret || !NT_STATUS_EQUAL(nt_status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
- auth_ntlmssp_end(auth_ntlmssp_state);
+ auth_ntlmssp_end(&global_ntlmssp_state);
}
return ret;
@@ -588,6 +584,13 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
domain,native_os,native_lanman));
}
+ /* don't allow for weird usernames or domains */
+ alpha_strcpy(user, user, ". _-$", sizeof(user));
+ alpha_strcpy(domain, domain, ". _-@", sizeof(domain));
+ if (strstr(user, "..") || strstr(domain,"..")) {
+ return ERROR_NT(NT_STATUS_LOGON_FAILURE);
+ }
+
DEBUG(3,("sesssetupX:name=[%s]\\[%s]@[%s]\n", domain, user, get_remote_machine_name()));
if (*user) {
@@ -606,7 +609,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
fstrcpy(sub_user, lp_guestaccount());
}
- sub_set_smb_name(sub_user);
+ fstrcpy(current_user_info.smb_name,sub_user);
reload_services(True);
@@ -689,13 +692,15 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
/* register the name and uid as being validated, so further connections
to a uid can get through without a password, on the same VC */
- /* register_vuid keeps the server info */
sess_vuid = register_vuid(server_info, sub_user);
+
+ free_server_info(&server_info);
if (sess_vuid == -1) {
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
+
SSVAL(outbuf,smb_uid,sess_vuid);
SSVAL(inbuf,smb_uid,sess_vuid);