From cf131be215048a4f0fc300d9089bd97e02967045 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Aug 2007 15:46:56 +0000 Subject: r24583: Make sure we don't accept invalid request options. Thanks to Michael for his bit-magic. Guenther (This used to be commit 8a493cce98c5fcc2e498df9ef1ac0f1e3ee6a75e) --- source3/nsswitch/winbindd_pam.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) (limited to 'source3') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index b0a14ae4e9..110201dac8 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -579,6 +579,27 @@ failed: #endif /* HAVE_KRB5 */ } +/**************************************************************** +****************************************************************/ + +static BOOL check_request_flags(uint32_t flags) +{ + uint32_t flags_edata = WBFLAG_PAM_AFS_TOKEN | + WBFLAG_PAM_UNIX_NAME | + WBFLAG_PAM_INFO3_NDR; + + if ( ( (flags & flags_edata) == WBFLAG_PAM_AFS_TOKEN) || + ( (flags & flags_edata) == WBFLAG_PAM_INFO3_NDR) || + ( (flags & flags_edata) == WBFLAG_PAM_UNIX_NAME) || + !(flags & flags_edata) ) { + return True; + } + + DEBUG(1,("check_request_flags: invalid request flags\n")); + + return False; +} + void winbindd_pam_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; @@ -596,6 +617,11 @@ void winbindd_pam_auth(struct winbindd_cli_state *state) DEBUG(3, ("[%5lu]: pam auth %s\n", (unsigned long)state->pid, state->request.data.auth.user)); + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + /* Parse domain and username */ ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR ); @@ -1210,6 +1236,11 @@ enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain, DEBUG(3, ("[%5lu]: dual pam auth %s\n", (unsigned long)state->pid, state->request.data.auth.user)); + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + /* Parse domain and username */ ws_name_return( state->request.data.auth.user, WB_REPLACE_CHAR ); @@ -1551,6 +1582,11 @@ void winbindd_pam_auth_crap(struct winbindd_cli_state *state) const char *domain_name = NULL; NTSTATUS result; + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + if (!state->privileged) { char *error_string = NULL; DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access " @@ -1631,6 +1667,11 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, state->request.data.auth_crap.user[sizeof(state->request.data.auth_crap.user)-1]=0; state->request.data.auth_crap.domain[sizeof(state->request.data.auth_crap.domain)-1]=0; + if (!check_request_flags(state->request.flags)) { + result = NT_STATUS_INVALID_PARAMETER_MIX; + goto done; + } + name_user = state->request.data.auth_crap.user; if (*state->request.data.auth_crap.domain) { -- cgit