From: Stefan Metzmacher Date: Thu, 7 Jan 2016 14:06:46 +0000 (+0100) Subject: auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle... X-Git-Tag: tdb-1.3.10~590 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5ddf5add81ac8d1c989c578e2dcbf7b0b4e6714e;p=thirdparty%2Fsamba.git auth/auth_sam_reply: let make_user_info_dc_netlogon_validation() correctly handle level 6 We need to take care of extra sids in level 3 and 6! And level 6 also includes user_principal_name and dns_domain_name. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c index d7b84c43279..0e2c008984f 100644 --- a/auth/auth_sam_reply.c +++ b/auth/auth_sam_reply.c @@ -264,8 +264,12 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, struct auth_user_info_dc **_user_info_dc) { NTSTATUS status; - struct auth_user_info_dc *user_info_dc; - struct netr_SamBaseInfo *base = NULL; + struct auth_user_info_dc *user_info_dc = NULL; + const struct netr_SamBaseInfo *base = NULL; + uint32_t sidcount = 0; + const struct netr_SidAttr *sids = NULL; + const char *dns_domainname = NULL; + const char *principal = NULL; uint32_t i; switch (validation_level) { @@ -280,12 +284,18 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } base = &validation->sam3->base; + sidcount = validation->sam3->sidcount; + sids = validation->sam3->sids; break; case 6: if (!validation || !validation->sam6) { return NT_STATUS_INVALID_PARAMETER; } base = &validation->sam6->base; + sidcount = validation->sam6->sidcount; + sids = validation->sam6->sids; + dns_domainname = validation->sam6->dns_domainname.string; + principal = validation->sam6->principal_name.string; break; default: return NT_STATUS_INVALID_LEVEL; @@ -339,26 +349,29 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, http://www.microsoft.com/windows2000/techinfo/administration/security/sidfilter.asp */ - if (validation_level == 3) { + /* + * The IDL layer would be a better place to check this, but to + * guard the integer addition below, we double-check + */ + if (sidcount > UINT16_MAX) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (sidcount > 0) { struct dom_sid *dgrps = user_info_dc->sids; - size_t sidcount; + size_t dgrps_count; - /* The IDL layer would be a better place to check this, but to - * guard the integer addition below, we double-check */ - if (validation->sam3->sidcount > 65535) { - return NT_STATUS_INVALID_PARAMETER; + dgrps_count = user_info_dc->num_sids + sidcount; + dgrps = talloc_realloc(user_info_dc, dgrps, struct dom_sid, + dgrps_count); + if (dgrps == NULL) { + return NT_STATUS_NO_MEMORY; } - sidcount = user_info_dc->num_sids + validation->sam3->sidcount; - if (validation->sam3->sidcount > 0) { - dgrps = talloc_realloc(user_info_dc, dgrps, struct dom_sid, sidcount); - NT_STATUS_HAVE_NO_MEMORY(dgrps); - - for (i = 0; i < validation->sam3->sidcount; i++) { - if (validation->sam3->sids[i].sid) { - dgrps[user_info_dc->num_sids] = *validation->sam3->sids[i].sid; - user_info_dc->num_sids++; - } + for (i = 0; i < sidcount; i++) { + if (sids[i].sid) { + dgrps[user_info_dc->num_sids] = *sids[i].sid; + user_info_dc->num_sids++; } } @@ -372,6 +385,22 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx, return status; } + if (dns_domainname != NULL) { + user_info_dc->info->dns_domain_name = talloc_strdup(user_info_dc->info, + dns_domainname); + if (user_info_dc->info->dns_domain_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + + if (principal != NULL) { + user_info_dc->info->user_principal_name = talloc_strdup(user_info_dc->info, + principal); + if (user_info_dc->info->user_principal_name == NULL) { + return NT_STATUS_NO_MEMORY; + } + } + /* ensure we are never given NULL session keys */ if (all_zero(base->key.key, sizeof(base->key.key))) {