From ea6fd742b26b83006f623a05379ad21ce13fd9be Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 8 Jul 2014 16:36:30 -0700 Subject: [PATCH 1/3] s3: libwbclient: Don't break out of loop too soon - find all parameters. Fix bug #10692: wbcCredentialCache fails if challenge_blob is not first https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Jeremy Allison --- nsswitch/libwbclient/wbc_pam.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index f183cc6..6e9838d 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -1228,11 +1228,9 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, for (i=0; inum_blobs; i++) { if (strcasecmp(params->blobs[i].name, "initial_blob") == 0) { initial_blob = ¶ms->blobs[i]; - break; } if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) { challenge_blob = ¶ms->blobs[i]; - break; } } -- 2.0.0.526.g5318336 From c74d5d765995f2eeaefdf942ca18b982b797e011 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Jul 2014 05:28:36 +0200 Subject: [PATCH 2/3] libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison --- nsswitch/libwbclient/wbc_pam.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 6e9838d..ae70d67 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -1208,6 +1208,25 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, goto fail; } + for (i=0; inum_blobs; i++) { + if (strcasecmp(params->blobs[i].name, "initial_blob") == 0) { + if (initial_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + initial_blob = ¶ms->blobs[i]; + continue; + } + if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) { + if (challenge_blob != NULL) { + status = WBC_ERR_INVALID_PARAM; + goto fail; + } + challenge_blob = ¶ms->blobs[i]; + continue; + } + } + if (params->domain_name != NULL) { status = wbcRequestResponse(WINBINDD_INFO, NULL, &response); if (!WBC_ERROR_IS_OK(status)) { @@ -1225,15 +1244,6 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, } request.data.ccache_ntlm_auth.uid = getuid(); - for (i=0; inum_blobs; i++) { - if (strcasecmp(params->blobs[i].name, "initial_blob") == 0) { - initial_blob = ¶ms->blobs[i]; - } - if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) { - challenge_blob = ¶ms->blobs[i]; - } - } - request.data.ccache_ntlm_auth.initial_blob_len = 0; request.data.ccache_ntlm_auth.challenge_blob_len = 0; request.extra_len = 0; -- 2.0.0.526.g5318336 From b3da7c90a15d27573205a9bf9fbc32b6ff6f15c9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 10 Jul 2014 05:28:36 +0200 Subject: [PATCH 3/3] libwbclient: reject unknown named blobs in wbcCredentialCache() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Jul 10 22:30:45 CEST 2014 on sn-devel-104 --- nsswitch/libwbclient/wbc_pam.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index ae70d67..e58310f 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -1225,6 +1225,8 @@ wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, challenge_blob = ¶ms->blobs[i]; continue; } + status = WBC_ERR_INVALID_PARAM; + goto fail; } if (params->domain_name != NULL) { -- 2.0.0.526.g5318336