CVE-2017-12150: s3:popt_common: don't turn a guessed username into a specified one

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/include/auth_info.h b/source3/include/auth_info.h
index c6f71adc382cad514f7cfc0f861cd59319e7cc20..8212c27c40aaccd3921f0fc1c6661d431b756791 100644 (file)
--- a/source3/include/auth_info.h
+++ b/source3/include/auth_info.h
@@ -29,6 +29,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
 const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info);
 void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
                                    const char *username);
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info);
 const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info);
 void set_cmdline_auth_info_domain(struct user_auth_info *auth_info,
                                  const char *domain);

diff --git a/source3/lib/popt_common.c b/source3/lib/popt_common.c
index 65b6efeeb54794f1a2d3ec307ceb5e4be5bb9665..cc93a756c3ba529aa5fbaf2443ad3a109d6c039c 100644 (file)
--- a/source3/lib/popt_common.c
+++ b/source3/lib/popt_common.c
@@ -247,8 +247,6 @@ void popt_common_credentials_set_delay_post(void)
 
 void popt_common_credentials_post(void)
 {
-       const char *username = NULL;
-
        if (get_cmdline_auth_info_use_machine_account(cmdline_auth_info) &&
            !set_cmdline_auth_info_machine_account_creds(cmdline_auth_info))
        {
@@ -268,10 +266,7 @@ void popt_common_credentials_post(void)
         * correctly parsed yet. If we have a username we need to set it again
         * to run the string parser for the username correctly.
         */
-       username = get_cmdline_auth_info_username(cmdline_auth_info);
-       if (username != NULL && username[0] != '\0') {
-               set_cmdline_auth_info_username(cmdline_auth_info, username);
-       }
+       reset_cmdline_auth_info_username(cmdline_auth_info);
 }
 
 static void popt_common_credentials_callback(poptContext con,

diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index ad51a4f5217e95dff788667bf7249de1828d5c5a..80142e2f82b4c75687d0957a78daa8a1ac8ce6c8 100644 (file)
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -37,6 +37,7 @@
 struct user_auth_info {
        struct cli_credentials *creds;
        struct loadparm_context *lp_ctx;
+       bool got_username;
        bool got_pass;
        int signing_state;
        bool smb_encrypt;
@@ -93,6 +94,7 @@ void set_cmdline_auth_info_from_file(struct user_auth_info *auth_info,
        if (!ok) {
                exit(EIO);
        }
+       auth_info->got_username = true;
 }
 
 const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_info)
@@ -123,11 +125,38 @@ void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
                exit(ENOMEM);
        }
 
+       auth_info->got_username = true;
        if (strchr_m(username, '%') != NULL) {
                auth_info->got_pass = true;
        }
 }
 
+void reset_cmdline_auth_info_username(struct user_auth_info *auth_info)
+{
+       const char *username = NULL;
+       const char *new_val = NULL;
+
+       if (!auth_info->got_username) {
+               return;
+       }
+
+       username = cli_credentials_get_username(auth_info->creds);
+       if (username == NULL) {
+               return;
+       }
+       if (username[0] == '\0') {
+               return;
+       }
+
+       cli_credentials_parse_string(auth_info->creds,
+                                    username,
+                                    CRED_SPECIFIED);
+       new_val = cli_credentials_get_username(auth_info->creds);
+       if (new_val == NULL) {
+               exit(ENOMEM);
+       }
+}
+
 const char *get_cmdline_auth_info_domain(const struct user_auth_info *auth_info)
 {
        const char *domain = NULL;