From 9a45bf39527d9c2dcd8d2debf214196100a3efce Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 26 Jul 2011 13:37:36 +1000 Subject: s3-auth set session_info->sanitized_username in create_local_token() Rather than passing this value around the callers, and eventually setting it in register_existing_vuid(), we simply pass it to create_local_token(). This also removes the need for auth_ntlmssp_get_username(). Andrew Bartlett Signed-off-by: Andrew Tridgell --- source3/smbd/password.c | 10 +--------- source3/smbd/proto.h | 3 +-- source3/smbd/sesssetup.c | 10 ++++------ source3/smbd/smb2_sesssetup.c | 16 ---------------- 4 files changed, 6 insertions(+), 33 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/password.c b/source3/smbd/password.c index e23818f2d1..7ccf2ea327 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -265,10 +265,8 @@ int register_homes_share(const char *username) int register_existing_vuid(struct smbd_server_connection *sconn, uint16 vuid, struct auth_session_info *session_info, - DATA_BLOB response_blob, - const char *smb_name) + DATA_BLOB response_blob) { - fstring tmp; user_struct *vuser; bool guest = security_session_user_level(session_info, NULL) < SECURITY_USER; @@ -280,12 +278,6 @@ int register_existing_vuid(struct smbd_server_connection *sconn, /* Use this to keep tabs on all our info from the authentication */ vuser->session_info = talloc_move(vuser, &session_info); - /* This is a potentially untrusted username */ - alpha_strcpy(tmp, smb_name, ". _-$", sizeof(tmp)); - - vuser->session_info->unix_info->sanitized_username = talloc_strdup( - vuser->session_info, tmp); - /* Make clear that we require the optional unix_token and unix_info in the source3 code */ SMB_ASSERT(vuser->session_info->unix_token); SMB_ASSERT(vuser->session_info->unix_info); diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 49fc8c7b20..7dee467661 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -704,8 +704,7 @@ int register_homes_share(const char *username); int register_existing_vuid(struct smbd_server_connection *sconn, uint16 vuid, struct auth_session_info *session_info, - DATA_BLOB response_blob, - const char *smb_name); + DATA_BLOB response_blob); void add_session_user(struct smbd_server_connection *sconn, const char *user); void add_session_workgroup(struct smbd_server_connection *sconn, const char *workgroup); diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 20b31096b0..683f6b2c15 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -367,7 +367,7 @@ static void reply_spnego_kerberos(struct smb_request *req, * it.... */ sess_vuid = register_existing_vuid(sconn, sess_vuid, - session_info, nullblob, user); + session_info, nullblob); reply_outbuf(req, 4, 0); SSVAL(req->outbuf,smb_uid,sess_vuid); @@ -448,8 +448,7 @@ static void reply_spnego_ntlmssp(struct smb_request *req, /* register_existing_vuid keeps the server info */ if (register_existing_vuid(sconn, vuid, - session_info, nullblob, - auth_ntlmssp_get_username(*auth_ntlmssp_state)) != + session_info, nullblob) != vuid) { /* The problem is, *auth_ntlmssp_state points * into the vuser this will have @@ -1641,7 +1640,7 @@ void reply_sesssetup_and_X(struct smb_request *req) return; } - nt_status = create_local_token(req, server_info, NULL, &session_info); + nt_status = create_local_token(req, server_info, NULL, sub_user, &session_info); TALLOC_FREE(server_info); if (!NT_STATUS_IS_OK(nt_status)) { @@ -1688,8 +1687,7 @@ void reply_sesssetup_and_X(struct smb_request *req) /* register_existing_vuid keeps the session_info */ sess_vuid = register_existing_vuid(sconn, sess_vuid, session_info, - nt_resp.data ? nt_resp : lm_resp, - sub_user); + nt_resp.data ? nt_resp : lm_resp); if (sess_vuid == UID_FIELD_INVALID) { data_blob_free(&nt_resp); data_blob_free(&lm_resp); diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index 7bc8692758..45acff2778 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -174,7 +174,6 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, struct passwd *pw = NULL; NTSTATUS status; char *real_username; - fstring tmp; bool username_was_mapped = false; bool map_domainuser_to_guest = false; @@ -256,11 +255,6 @@ static NTSTATUS smbd_smb2_session_setup_krb5(struct smbd_smb2_session *session, session->compat_vuser->vuid = session->vuid; DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser); - /* This is a potentially untrusted username */ - alpha_strcpy(tmp, user, ". _-$", sizeof(tmp)); - session->session_info->unix_info->sanitized_username = - talloc_strdup(session->session_info, tmp); - if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); @@ -442,8 +436,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s uint16_t *out_session_flags, uint64_t *out_session_id) { - fstring tmp; - if ((in_security_mode & SMB2_NEGOTIATE_SIGNING_REQUIRED) || lp_server_signing() == Required) { session->do_signing = true; @@ -472,14 +464,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s session->compat_vuser->vuid = session->vuid; DLIST_ADD(session->sconn->smb1.sessions.validated_users, session->compat_vuser); - /* This is a potentially untrusted username */ - alpha_strcpy(tmp, - auth_ntlmssp_get_username(session->auth_ntlmssp_state), - ". _-$", - sizeof(tmp)); - session->session_info->unix_info->sanitized_username = talloc_strdup( - session->session_info, tmp); - if (security_session_user_level(session->session_info, NULL) >= SECURITY_USER) { session->compat_vuser->homes_snum = register_homes_share(session->session_info->unix_info->unix_name); -- cgit