r14112: * fix checks on return code from register_vuid() which could actually

  fail and we would still return success in the SMBsesssetup reply :-(
* Make sure to create the local token for the server_fino struct
  in reply_spnego_kerberos() so that register_vuid() does not fail.
  (how did this ever work?)

diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c
index 263d8f2df78a427d246528bfa38ac58b3a7b74d9..357da1fdb74913f2bc0ce0210eaacbb3831635b4 100644 (file)
--- a/source/auth/auth_util.c
+++ b/source/auth/auth_util.c
@@ -1301,8 +1301,6 @@ BOOL init_guest_info(void)
 {
        if (guest_info != NULL)
                return True;
-               
-       
 
        return NT_STATUS_IS_OK(make_new_server_info_guest(&guest_info));
 }

diff --git a/source/smbd/password.c b/source/smbd/password.c
index 8b88990e2f0d3da952e6f5cc072079a11ed7033d..8d33c1deed1690d61d81864255c10a7756c85a28 100644 (file)
--- a/source/smbd/password.c
+++ b/source/smbd/password.c
@@ -305,7 +305,7 @@ int register_vuid(auth_serversupplied_info *server_info,
                DEBUG(1, ("Failed to claim session for vuid=%d\n",
                          vuser->vuid));
                invalidate_vuid(vuser->vuid);
-               return -1;
+               return UID_FIELD_INVALID;
        }
 
        /* Register a home dir service for this user iff

diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 1be117a7d43c7fa1ecdad737dbf19db49d4e4ab2..1abb800627429a596a33a005315b6bfd80b4250b 100644 (file)
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -349,6 +349,21 @@ static int reply_spnego_kerberos(connection_struct *conn,
                        pdb_set_domain(server_info->sam_account, domain, PDB_SET);
                }
        }
+       
+       /* we need to build the token for the user. make_server_info_guest()
+          already does this */
+       
+       if ( !server_info->ptok ) {
+               ret = create_local_token( server_info );
+               if ( !NT_STATUS_IS_OK(ret) ) {
+                       SAFE_FREE(client);
+                       data_blob_free(&ap_rep);
+                       data_blob_free(&session_key);
+                       TALLOC_FREE( mem_ctx );
+                       TALLOC_FREE( server_info );
+                       return ERROR_NT(ret);
+               }
+       }
 
        /* register_vuid keeps the server info */
        /* register_vuid takes ownership of session_key, no need to free after this.
@@ -357,7 +372,7 @@ static int reply_spnego_kerberos(connection_struct *conn,
 
        SAFE_FREE(client);
 
-       if (sess_vuid == -1) {
+       if (sess_vuid == UID_FIELD_INVALID ) {
                ret = NT_STATUS_LOGON_FAILURE;
        } else {
                /* current_user_info is changed on new vuid */
@@ -429,7 +444,7 @@ static BOOL reply_spnego_ntlmssp(connection_struct *conn, char *inbuf, char *out
                sess_vuid = register_vuid(server_info, session_key, nullblob, (*auth_ntlmssp_state)->ntlmssp_state->user);
                (*auth_ntlmssp_state)->server_info = NULL;
 
-               if (sess_vuid == -1) {
+               if (sess_vuid == UID_FIELD_INVALID ) {
                        nt_status = NT_STATUS_LOGON_FAILURE;
                } else {
                        
@@ -674,7 +689,7 @@ static int reply_sesssetup_and_X_spnego(connection_struct *conn, char *inbuf,
        vuser = get_partial_auth_user_struct(vuid);
        if (!vuser) {
                vuid = register_vuid(NULL, data_blob(NULL, 0), data_blob(NULL, 0), NULL);
-               if (vuid == -1) {
+               if (vuid == UID_FIELD_INVALID ) {
                        return ERROR_NT(NT_STATUS_INVALID_PARAMETER);
                }
        
@@ -1100,7 +1115,7 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,
        data_blob_free(&nt_resp);
        data_blob_free(&lm_resp);
 
-       if (sess_vuid == -1) {
+       if (sess_vuid == UID_FIELD_INVALID) {
                return ERROR_NT(NT_STATUS_LOGON_FAILURE);
        }