From: Noel Power Date: Sat, 21 Oct 2023 11:06:10 +0000 (+0100) Subject: s3/winbindd: in winbindd_ccache_save use canonicalize_username X-Git-Tag: talloc-2.4.2~1173 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa3febfddc7c070a1f4cc3c1d744af472d9d995e;p=thirdparty%2Fsamba.git s3/winbindd: in winbindd_ccache_save use canonicalize_username replace use of canonicalize_username_fstr with canonicalize_username Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c index 6227171712a..1cce11b186d 100644 --- a/source3/winbindd/winbindd_ccache_access.c +++ b/source3/winbindd/winbindd_ccache_access.c @@ -26,6 +26,7 @@ #include "winbindd.h" #include "auth/gensec/gensec.h" #include "auth_generic.h" +#include "lib/util/string_wrappers.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND @@ -183,7 +184,11 @@ static bool check_client_uid(struct winbindd_cli_state *state, uid_t uid) bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - fstring name_namespace, name_domain, name_user; + fstring f_name_namespace, f_name_domain, f_name_user; + char *name_namespace = NULL; + char *name_domain = NULL; + char *name_user = NULL; + char *auth_user = NULL; NTSTATUS result = NT_STATUS_NOT_SUPPORTED; struct WINBINDD_MEMORY_CREDS *entry; DATA_BLOB initial, challenge, auth; @@ -199,17 +204,21 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) /* Parse domain and username */ - ok = canonicalize_username_fstr( - state->request->data.ccache_ntlm_auth.user, - name_namespace, - name_domain, - name_user); + auth_user = state->request->data.ccache_ntlm_auth.user; + ok = canonicalize_username(state, + &auth_user, + &name_namespace, + &name_domain, + &name_user); if (!ok) { DEBUG(5,("winbindd_ccache_ntlm_auth: cannot parse domain and user from name [%s]\n", state->request->data.ccache_ntlm_auth.user)); return false; } + fstrcpy(state->request->data.ccache_ntlm_auth.user, auth_user); + TALLOC_FREE(auth_user); + domain = find_auth_domain(state->request->flags, name_domain); if (domain == NULL) { @@ -240,11 +249,14 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) goto process_result; } + TALLOC_FREE(name_namespace); + TALLOC_FREE(name_domain); + TALLOC_FREE(name_user); /* Parse domain and username */ ok = parse_domain_user(state->request->data.ccache_ntlm_auth.user, - name_namespace, - name_domain, - name_user); + f_name_namespace, + f_name_domain, + f_name_user); if (!ok) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: cannot parse " "domain and user from name [%s]\n", @@ -252,6 +264,24 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) goto process_result; } + name_namespace = talloc_strdup(state, f_name_namespace); + if (name_namespace == NULL) { + result = NT_STATUS_NO_MEMORY; + goto process_result; + } + + name_domain = talloc_strdup(state, f_name_domain); + if (name_domain == NULL) { + result = NT_STATUS_NO_MEMORY; + goto process_result; + } + + name_user = talloc_strdup(state, f_name_user); + if (name_user == NULL) { + result = NT_STATUS_NO_MEMORY; + goto process_result; + } + entry = find_memory_creds_by_name(state->request->data.ccache_ntlm_auth.user); if (entry == NULL || entry->nt_hash == NULL || entry->lm_hash == NULL) { DEBUG(10,("winbindd_dual_ccache_ntlm_auth: could not find " @@ -313,7 +343,10 @@ bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state) bool winbindd_ccache_save(struct winbindd_cli_state *state) { struct winbindd_domain *domain; - fstring name_namespace, name_domain, name_user; + char *name_namespace = NULL; + char *name_domain = NULL; + char *name_user = NULL; + char *save_user = NULL; NTSTATUS status; bool ok; @@ -329,10 +362,13 @@ bool winbindd_ccache_save(struct winbindd_cli_state *state) /* Parse domain and username */ - ok = canonicalize_username_fstr(state->request->data.ccache_save.user, - name_namespace, - name_domain, - name_user); + + save_user = state->request->data.ccache_save.user; + ok = canonicalize_username(state, + &save_user, + &name_namespace, + &name_domain, + &name_user); if (!ok) { DEBUG(5,("winbindd_ccache_save: cannot parse domain and user " "from name [%s]\n", @@ -340,6 +376,8 @@ bool winbindd_ccache_save(struct winbindd_cli_state *state) return false; } + fstrcpy(state->request->data.ccache_save.user, save_user); + /* * The domain is checked here only for compatibility * reasons. We used to do the winbindd memory ccache for