From: Ralph Boehme Date: Sat, 18 Jan 2020 07:09:22 +0000 (+0100) Subject: s3/auth: use set_current_user_info() in auth3_check_password_send() X-Git-Tag: ldb-2.1.1~166 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92499287edb4b6b7eb4cb711597a08542361a1b5;p=thirdparty%2Fsamba.git s3/auth: use set_current_user_info() in auth3_check_password_send() This delays reloading config slightly, but I don't see how could affect observable behaviour other then log messages coming from the functions in between the different locations for lp_load_with_shares() like make_user_info_map() are sent to a different logfile if "log file" uses %U. Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider --- diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c index 3e39be30588..8d213f194cf 100644 --- a/source3/auth/auth_ntlmssp.c +++ b/source3/auth/auth_ntlmssp.c @@ -150,6 +150,7 @@ struct tevent_req *auth3_check_password_send( auth4_context->private_data, struct auth_context); struct auth_usersupplied_info *mapped_user_info = NULL; struct auth_serversupplied_info *server_info = NULL; + char *sanitized_username = NULL; NTSTATUS nt_status; bool username_was_mapped; @@ -169,12 +170,6 @@ struct tevent_req *auth3_check_password_send( set_remote_machine_name(user_info->workstation_name, True); - /* setup the string used by %U */ - /* sub_set_smb_name checks for weird internally */ - sub_set_smb_name(user_info->client.account_name); - - lp_load_with_shares(get_dyn_CONFIGFILE()); - nt_status = make_user_info_map(talloc_tos(), &mapped_user_info, user_info->client.account_name, @@ -196,6 +191,15 @@ struct tevent_req *auth3_check_password_send( mapped_user_info->flags = user_info->flags; + sanitized_username = talloc_alpha_strcpy( + state, + user_info->client.account_name, + SAFE_NETBIOS_CHARS "$"); + if (sanitized_username == NULL) { + tevent_req_nterror(req, NT_STATUS_NO_MEMORY); + return tevent_req_post(req, ev); + } + nt_status = auth_check_ntlm_password(state, auth_context, mapped_user_info, @@ -224,6 +228,15 @@ struct tevent_req *auth3_check_password_send( &server_info); if (!tevent_req_nterror(req, nt_status)) { state->authoritative = 1; + + /* setup the string used by %U */ + set_current_user_info( + sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + + lp_load_with_shares(get_dyn_CONFIGFILE()); + tevent_req_done(req); } state->server_info = server_info; @@ -232,6 +245,13 @@ struct tevent_req *auth3_check_password_send( server_info->nss_token |= username_was_mapped; + /* setup the string used by %U */ + set_current_user_info(sanitized_username, + server_info->unix_name, + server_info->info3->base.logon_domain.string); + + lp_load_with_shares(get_dyn_CONFIGFILE()); + /* Clear out the session keys, and pass them to the caller. * They will not be used in this form again - instead the * NTLMSSP code will decide on the final correct session key,