CVE-2020-25717 auth4: Make auth_developer pseudo-async

This is a simpler approach to really just wrap the code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

(cherry picked from commit 43a1e42815718591faa8d526319b96d089a758fa)

diff --git a/source4/auth/ntlm/auth_developer.c b/source4/auth/ntlm/auth_developer.c
index b655283975b10effb0b31ec759ad374063b09c45..551f0ae1605329badbd9df2478f6d50ba3f96525 100644 (file)
--- a/source4/auth/ntlm/auth_developer.c
+++ b/source4/auth/ntlm/auth_developer.c
@@ -20,9 +20,11 @@
 */
 
 #include "includes.h"
+#include <tevent.h>
 #include "auth/auth.h"
 #include "auth/ntlm/auth_proto.h"
 #include "libcli/security/security.h"
+#include "lib/util/tevent_ntstatus.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_AUTH
@@ -135,10 +137,67 @@ static NTSTATUS name_to_ntstatus_check_password(struct auth_method_context *ctx,
        return nt_status;
 }
 
+struct name_to_ntstatus_check_password_state {
+       struct auth_user_info_dc *user_info_dc;
+       bool authoritative;
+};
+
+static struct tevent_req *name_to_ntstatus_check_password_send(
+       TALLOC_CTX *mem_ctx,
+       struct tevent_context *ev,
+       struct auth_method_context *ctx,
+       const struct auth_usersupplied_info *user_info)
+{
+       struct tevent_req *req = NULL;
+       struct name_to_ntstatus_check_password_state *state = NULL;
+       NTSTATUS status;
+
+       req = tevent_req_create(
+               mem_ctx,
+               &state,
+               struct name_to_ntstatus_check_password_state);
+       if (req == NULL) {
+               return NULL;
+       }
+
+       status = name_to_ntstatus_check_password(
+               ctx,
+               state,
+               user_info,
+               &state->user_info_dc,
+               &state->authoritative);
+       if (tevent_req_nterror(req, status)) {
+               return tevent_req_post(req, ev);
+       }
+       tevent_req_done(req);
+       return tevent_req_post(req, ev);
+}
+
+static NTSTATUS name_to_ntstatus_check_password_recv(
+       struct tevent_req *req,
+       TALLOC_CTX *mem_ctx,
+       struct auth_user_info_dc **interim_info,
+       bool *authoritative)
+{
+       struct name_to_ntstatus_check_password_state *state = tevent_req_data(
+               req, struct name_to_ntstatus_check_password_state);
+       NTSTATUS status;
+
+       if (tevent_req_is_nterror(req, &status)) {
+               tevent_req_received(req);
+               return status;
+       }
+       *interim_info = talloc_move(mem_ctx, &state->user_info_dc);
+       *authoritative = state->authoritative;
+       tevent_req_received(req);
+       return NT_STATUS_OK;
+}
+
 static const struct auth_operations name_to_ntstatus_auth_ops = {
        .name           = "name_to_ntstatus",
        .want_check     = name_to_ntstatus_want_check,
-       .check_password = name_to_ntstatus_check_password
+       .check_password_send    = name_to_ntstatus_check_password_send,
+       .check_password_recv    = name_to_ntstatus_check_password_recv,
 };
 
 _PUBLIC_ NTSTATUS auth4_developer_init(TALLOC_CTX *ctx)

diff --git a/source4/auth/ntlm/wscript_build b/source4/auth/ntlm/wscript_build
index 6ea0c4d7e3a80ee97653c79ec85c91691e8bceff..1ee8d79563a140bdc78cfae95352a2eff0acc820 100644 (file)
--- a/source4/auth/ntlm/wscript_build
+++ b/source4/auth/ntlm/wscript_build
@@ -28,7 +28,7 @@ bld.SAMBA_MODULE('auth4_developer',
        source='auth_developer.c',
        subsystem='auth4',
        init_function='auth4_developer_init',
-       deps='talloc'
+       deps='tevent'
        )