From 6a448b934f0090e18090850bfc877d8e440d1d62 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 9 Mar 2006 22:31:37 +0000 Subject: [PATCH] r14112: * fix checks on return code from register_vuid() which could actually fail and we would still return success in the SMBsesssetup reply :-( * Make sure to create the local token for the server_fino struct in reply_spnego_kerberos() so that register_vuid() does not fail. (how did this ever work?) --- source/auth/auth_util.c | 2 -- source/smbd/password.c | 2 +- source/smbd/sesssetup.c | 23 +++++++++++++++++++---- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index 263d8f2df78..357da1fdb74 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -1301,8 +1301,6 @@ BOOL init_guest_info(void) { if (guest_info != NULL) return True; - - return NT_STATUS_IS_OK(make_new_server_info_guest(&guest_info)); } diff --git a/source/smbd/password.c b/source/smbd/password.c index 8b88990e2f0..8d33c1deed1 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -305,7 +305,7 @@ int register_vuid(auth_serversupplied_info *server_info, DEBUG(1, ("Failed to claim session for vuid=%d\n", vuser->vuid)); invalidate_vuid(vuser->vuid); - return -1; + return UID_FIELD_INVALID; } /* Register a home dir service for this user iff diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c index 1be117a7d43..1abb8006274 100644 --- a/source/smbd/sesssetup.c +++ b/source/smbd/sesssetup.c @@ -349,6 +349,21 @@ static int reply_spnego_kerberos(connection_struct *conn, pdb_set_domain(server_info->sam_account, domain, PDB_SET); } } + + /* we need to build the token for the user. make_server_info_guest() + already does this */ + + if ( !server_info->ptok ) { + ret = create_local_token( server_info ); + if ( !NT_STATUS_IS_OK(ret) ) { + SAFE_FREE(client); + data_blob_free(&ap_rep); + data_blob_free(&session_key); + TALLOC_FREE( mem_ctx ); + TALLOC_FREE( server_info ); + return ERROR_NT(ret); + } + } /* register_vuid keeps the server info */ /* register_vuid takes ownership of session_key, no need to free after this. @@ -357,7 +372,7 @@ static int reply_spnego_kerberos(connection_struct *conn, SAFE_FREE(client); - if (sess_vuid == -1) { + if (sess_vuid == UID_FIELD_INVALID ) { ret = NT_STATUS_LOGON_FAILURE; } else { /* current_user_info is changed on new vuid */ @@ -429,7 +444,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out sess_vuid = register_vuid(server_info, session_key, nullblob, (*auth_ntlmssp_state)->ntlmssp_state->user); (*auth_ntlmssp_state)->server_info = NULL; - if (sess_vuid == -1) { + if (sess_vuid == UID_FIELD_INVALID ) { nt_status = NT_STATUS_LOGON_FAILURE; } else { @@ -674,7 +689,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf, vuser = get_partial_auth_user_struct(vuid); if (!vuser) { vuid = register_vuid(NULL, data_blob(NULL, 0), data_blob(NULL, 0), NULL); - if (vuid == -1) { + if (vuid == UID_FIELD_INVALID ) { return ERROR_NT(NT_STATUS_INVALID_PARAMETER); } @@ -1100,7 +1115,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf, data_blob_free(&nt_resp); data_blob_free(&lm_resp); - if (sess_vuid == -1) { + if (sess_vuid == UID_FIELD_INVALID) { return ERROR_NT(NT_STATUS_LOGON_FAILURE); } -- 2.11.4.GIT