From: Ralph Boehme Date: Fri, 17 Jan 2020 20:56:27 +0000 (+0100) Subject: s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base() X-Git-Tag: ldb-2.1.1~168 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1484fb0c6636308958f0d8d7c81429e0743f5cbd;p=thirdparty%2Fsamba.git s3/rpc_server/netlogon: use set_current_user_info() in _netr_LogonSamLogon_base() Note that we're now sanitizing the username we got from the client, as we do everywhere else. Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider --- diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c index 52b17c10e61..3f1347a31ed 100644 --- a/source3/rpc_server/netlogon/srv_netlog_nt.c +++ b/source3/rpc_server/netlogon/srv_netlog_nt.c @@ -1517,6 +1517,7 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, NTSTATUS status = NT_STATUS_OK; union netr_LogonLevel *logon = r->in.logon; const char *nt_username, *nt_domain, *nt_workstation; + char *sanitized_username = NULL; struct auth_usersupplied_info *user_info = NULL; struct auth_serversupplied_info *server_info = NULL; struct auth_context *auth_context = NULL; @@ -1603,8 +1604,6 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, } /* end switch */ DEBUG(3,("User:[%s@%s] Requested Domain:[%s]\n", nt_username, nt_workstation, nt_domain)); - fstrcpy(current_user_info.smb_name, nt_username); - sub_set_smb_name(nt_username); DEBUG(5,("Attempting validation level %d for unmapped username %s.\n", r->in.validation_level, nt_username)); @@ -1745,6 +1744,19 @@ static NTSTATUS _netr_LogonSamLogon_base(struct pipes_struct *p, return NT_STATUS_LOGON_FAILURE; } + sanitized_username = talloc_alpha_strcpy(talloc_tos(), + nt_username, + SAFE_NETBIOS_CHARS "$"); + if (sanitized_username == NULL) { + TALLOC_FREE(server_info); + return NT_STATUS_NO_MEMORY; + } + + set_current_user_info(sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + TALLOC_FREE(sanitized_username); + /* This is the point at which, if the login was successful, that the SAM Local Security Authority should record that the user is logged in to the domain. */