2009-07-28 15:06:11 -04:00
/*
Unix SMB / CIFS implementation .
In - Child server implementation of the routines defined in wbint . idl
Copyright ( C ) Volker Lendecke 2009
2009-10-06 18:26:33 +02:00
Copyright ( C ) Guenther Deschner 2009
2009-07-28 15:06:11 -04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
# include "winbindd/winbindd.h"
# include "winbindd/winbindd_proto.h"
2011-02-28 10:19:44 +01:00
# include "rpc_client/cli_pipe.h"
2011-05-02 13:21:53 +02:00
# include "ntdomain.h"
2021-10-04 12:19:57 +02:00
# include "librpc/rpc/dcesrv_core.h"
2019-05-28 16:12:51 +02:00
# include "librpc/gen_ndr/ndr_winbind.h"
# include "librpc/gen_ndr/ndr_winbind_scompat.h"
2011-01-12 11:55:34 +01:00
# include "../librpc/gen_ndr/ndr_netlogon_c.h"
2014-12-23 09:04:42 +01:00
# include "../librpc/gen_ndr/ndr_lsa_c.h"
2010-08-18 18:13:42 +02:00
# include "idmap.h"
2010-10-12 15:27:50 +11:00
# include "../libcli/security/security.h"
2014-05-06 17:00:09 +12:00
# include "../libcli/auth/netlogon_creds_cli.h"
2014-12-23 09:04:42 +01:00
# include "passdb.h"
# include "../source4/dsdb/samdb/samdb.h"
2017-12-11 16:25:35 +01:00
# include "rpc_client/cli_netlogon.h"
# include "rpc_client/util_netlogon.h"
2018-01-05 14:21:05 +01:00
# include "libsmb/dsgetdcname.h"
2021-01-03 21:53:49 +01:00
# include "lib/global_contexts.h"
2009-07-28 15:06:11 -04:00
2022-03-09 11:56:33 +01:00
NTSTATUS _wbint_Ping ( struct pipes_struct * p , struct wbint_Ping * r )
2009-07-28 15:06:11 -04:00
{
* r - > out . out_data = r - > in . in_data ;
2022-03-09 11:56:33 +01:00
return NT_STATUS_OK ;
2009-07-28 15:06:11 -04:00
}
2009-08-03 23:44:46 +02:00
2022-02-28 17:16:23 +01:00
NTSTATUS _wbint_InitConnection ( struct pipes_struct * p ,
struct wbint_InitConnection * r )
2022-05-09 16:56:18 +02:00
{
2022-02-28 17:16:23 +01:00
struct winbindd_domain * domain = wb_child_domain ( ) ;
2022-05-09 16:56:18 +02:00
2022-02-28 17:16:23 +01:00
if ( r - > in . dcname ! = NULL & & strlen ( r - > in . dcname ) > 0 ) {
2022-05-09 16:56:18 +02:00
TALLOC_FREE ( domain - > dcname ) ;
2022-02-28 17:16:23 +01:00
domain - > dcname = talloc_strdup ( domain , r - > in . dcname ) ;
2022-05-09 16:56:18 +02:00
if ( domain - > dcname = = NULL ) {
2022-02-28 17:16:23 +01:00
return NT_STATUS_NO_MEMORY ;
2022-05-09 16:56:18 +02:00
}
}
init_dc_connection ( domain , false ) ;
if ( ! domain - > initialized ) {
2022-05-09 16:59:21 +02:00
/*
* If we return error here we can ' t do any cached
* authentication , but we may be in disconnected mode and can ' t
* initialize correctly . Do what the previous code did and just
* return without initialization , once we go online we ' ll
* re - initialize .
*/
DBG_INFO ( " %s returning without initialization online = %d \n " ,
domain - > name , ( int ) domain - > online ) ;
2022-05-09 16:56:18 +02:00
}
2022-02-28 17:16:23 +01:00
* r - > out . name = talloc_strdup ( p - > mem_ctx , domain - > name ) ;
if ( * r - > out . name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
if ( domain - > alt_name ! = NULL ) {
* r - > out . alt_name = talloc_strdup ( p - > mem_ctx , domain - > alt_name ) ;
if ( * r - > out . alt_name = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
}
r - > out . sid = dom_sid_dup ( p - > mem_ctx , & domain - > sid ) ;
if ( r - > out . sid = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2022-05-09 16:56:18 +02:00
2022-02-28 17:16:23 +01:00
* r - > out . flags = 0 ;
if ( domain - > active_directory ) {
* r - > out . flags | = WB_DOMINFO_DOMAIN_AD ;
2024-09-25 19:04:41 +02:00
* r - > out . flags | = WB_DOMINFO_DOMAIN_NATIVE ;
2022-02-28 17:16:23 +01:00
}
if ( domain - > primary ) {
* r - > out . flags | = WB_DOMINFO_DOMAIN_PRIMARY ;
}
2022-05-09 16:56:18 +02:00
2022-02-28 17:16:23 +01:00
return NT_STATUS_OK ;
2022-05-09 16:56:18 +02:00
}
2018-03-12 11:29:22 +01:00
bool reset_cm_connection_on_error ( struct winbindd_domain * domain ,
2018-03-12 16:11:37 +01:00
struct dcerpc_binding_handle * b ,
2018-03-12 11:29:22 +01:00
NTSTATUS status )
2011-06-03 14:28:33 -07:00
{
2018-03-12 13:39:59 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_RPC_SEC_PKG_ERROR ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_NETWORK_ACCESS_DENIED ) ) {
invalidate_cm_connection ( domain ) ;
domain - > conn . netlogon_force_reauth = true ;
return true ;
}
2018-03-12 11:12:34 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_IO_TIMEOUT ) | |
NT_STATUS_EQUAL ( status , NT_STATUS_IO_DEVICE_ERROR ) )
{
2014-09-23 10:35:21 -07:00
invalidate_cm_connection ( domain ) ;
2011-06-03 14:28:33 -07:00
/* We invalidated the connection. */
return true ;
}
2018-03-12 16:11:37 +01:00
if ( b ! = NULL & & ! dcerpc_binding_handle_is_connected ( b ) ) {
invalidate_cm_connection ( domain ) ;
return true ;
}
2011-06-03 14:28:33 -07:00
return false ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_LookupSid ( struct pipes_struct * p , struct wbint_LookupSid * r )
2009-08-03 23:44:46 +02:00
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
char * dom_name ;
char * name ;
enum lsa_SidType type ;
NTSTATUS status ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_sid_to_name ( domain , p - > mem_ctx , r - > in . sid ,
& dom_name , & name , & type ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2009-08-03 23:44:46 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
* r - > out . domain = dom_name ;
* r - > out . name = name ;
* r - > out . type = type ;
return NT_STATUS_OK ;
}
2009-08-04 07:22:34 -04:00
2011-03-11 12:48:11 +01:00
NTSTATUS _wbint_LookupSids ( struct pipes_struct * p , struct wbint_LookupSids * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
2014-02-20 13:14:31 +01:00
struct lsa_RefDomainList * domains = r - > out . domains ;
2011-06-03 14:28:33 -07:00
NTSTATUS status ;
2018-03-12 17:09:34 +01:00
bool retry = false ;
2011-03-11 12:48:11 +01:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
/*
* This breaks the winbindd_domain - > methods abstraction : This
* is only called for remote domains , and both winbindd_msrpc
* and winbindd_ad call into lsa_lookupsids anyway . Caching is
* done at the wbint RPC layer .
*/
2018-03-12 17:09:34 +01:00
again :
2011-06-03 14:28:33 -07:00
status = rpc_lookup_sids ( p - > mem_ctx , domain , r - > in . sids ,
2014-02-20 13:14:31 +01:00
& domains , & r - > out . names ) ;
if ( domains ! = NULL ) {
r - > out . domains = domains ;
}
2018-03-12 17:09:34 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , NULL , status ) ) {
retry = true ;
goto again ;
}
2011-06-03 14:28:33 -07:00
return status ;
2011-03-11 12:48:11 +01:00
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_LookupName ( struct pipes_struct * p , struct wbint_LookupName * r )
2009-08-04 07:22:34 -04:00
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
2011-06-03 14:28:33 -07:00
NTSTATUS status ;
2009-08-04 07:22:34 -04:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_name_to_sid ( domain , p - > mem_ctx , r - > in . domain ,
r - > in . name , r - > in . flags ,
r - > out . sid , r - > out . type ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2011-06-03 14:28:33 -07:00
return status ;
2009-08-04 07:22:34 -04:00
}
2009-08-04 13:28:59 -04:00
2011-03-23 18:18:13 +01:00
NTSTATUS _wbint_Sids2UnixIDs ( struct pipes_struct * p ,
struct wbint_Sids2UnixIDs * r )
{
2015-12-29 21:33:20 +00:00
uint32_t i ;
struct lsa_DomainInfo * d ;
struct wbint_TransID * ids ;
uint32_t num_ids ;
struct id_map * * id_map_ptrs = NULL ;
struct idmap_domain * dom ;
2011-03-23 18:18:13 +01:00
NTSTATUS status = NT_STATUS_NO_MEMORY ;
2015-12-29 21:33:20 +00:00
if ( r - > in . domains - > count ! = 1 ) {
return NT_STATUS_INVALID_PARAMETER ;
}
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
d = & r - > in . domains - > domains [ 0 ] ;
ids = r - > in . ids - > ids ;
num_ids = r - > in . ids - > num_ids ;
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
dom = idmap_find_domain_with_sid ( d - > name . string , d - > sid ) ;
if ( dom = = NULL ) {
2018-12-14 21:09:51 +01:00
struct dom_sid_buf buf ;
2015-12-29 21:33:20 +00:00
DEBUG ( 10 , ( " idmap domain %s:%s not found \n " ,
2018-12-14 21:09:51 +01:00
d - > name . string ,
dom_sid_str_buf ( d - > sid , & buf ) ) ) ;
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
for ( i = 0 ; i < num_ids ; i + + ) {
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
ids [ i ] . xid = ( struct unixid ) {
. id = UINT32_MAX ,
. type = ID_TYPE_NOT_SPECIFIED
} ;
2011-03-23 18:18:13 +01:00
}
2015-12-29 21:33:20 +00:00
return NT_STATUS_OK ;
}
2016-03-04 14:23:51 +01:00
id_map_ptrs = id_map_ptrs_init ( talloc_tos ( ) , num_ids ) ;
2015-12-29 21:33:20 +00:00
if ( id_map_ptrs = = NULL ) {
goto nomem ;
}
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
/*
* Convert the input data into a list of id_map structs
* suitable for handing in to the idmap sids_to_unixids
* method .
*/
for ( i = 0 ; i < num_ids ; i + + ) {
2016-03-04 14:23:51 +01:00
struct id_map * m = id_map_ptrs [ i ] ;
2015-12-29 21:33:20 +00:00
2016-03-04 14:23:51 +01:00
sid_compose ( m - > sid , d - > sid , ids [ i ] . rid ) ;
m - > status = ID_UNKNOWN ;
2020-09-15 16:01:04 +02:00
m - > xid = ( struct unixid ) { . type = ids [ i ] . type_hint } ;
2015-12-29 21:33:20 +00:00
}
status = dom - > methods - > sids_to_unixids ( dom , id_map_ptrs ) ;
2018-12-18 15:53:48 +01:00
if ( NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
/*
* This is okay . We need to transfer the mapped ones
* up to our caller . The individual mappings carry the
* information whether they are mapped or not .
*/
status = NT_STATUS_OK ;
}
2015-12-29 21:33:20 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-03-23 18:18:13 +01:00
DEBUG ( 10 , ( " sids_to_unixids returned %s \n " ,
nt_errstr ( status ) ) ) ;
2015-12-29 21:33:20 +00:00
goto done ;
}
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
/*
* Extract the results for handing them back to the caller .
*/
2011-03-23 18:18:13 +01:00
2015-12-29 21:33:20 +00:00
for ( i = 0 ; i < num_ids ; i + + ) {
2016-03-04 14:23:51 +01:00
struct id_map * m = id_map_ptrs [ i ] ;
2012-11-18 13:51:13 +01:00
2020-09-15 17:26:11 +02:00
if ( m - > status = = ID_REQUIRE_TYPE ) {
ids [ i ] . xid . id = UINT32_MAX ;
ids [ i ] . xid . type = ID_TYPE_WB_REQUIRE_TYPE ;
continue ;
}
2016-08-09 18:25:12 +02:00
if ( ! idmap_unix_id_is_in_range ( m - > xid . id , dom ) ) {
2017-03-07 14:06:52 +01:00
DBG_DEBUG ( " id % " PRIu32 " is out of range "
" % " PRIu32 " -% " PRIu32 " for domain %s \n " ,
m - > xid . id , dom - > low_id , dom - > high_id ,
dom - > name ) ;
2016-08-09 18:25:12 +02:00
m - > status = ID_UNMAPPED ;
}
2016-03-04 14:23:51 +01:00
if ( m - > status = = ID_MAPPED ) {
ids [ i ] . xid = m - > xid ;
2015-12-29 21:33:20 +00:00
} else {
ids [ i ] . xid . id = UINT32_MAX ;
ids [ i ] . xid . type = ID_TYPE_NOT_SPECIFIED ;
2011-03-23 18:18:13 +01:00
}
}
2015-12-29 21:33:20 +00:00
goto done ;
2011-03-23 18:18:13 +01:00
nomem :
2015-12-29 21:33:20 +00:00
status = NT_STATUS_NO_MEMORY ;
done :
TALLOC_FREE ( id_map_ptrs ) ;
2011-03-23 18:18:13 +01:00
return status ;
}
2015-08-20 17:07:19 +02:00
NTSTATUS _wbint_UnixIDs2Sids ( struct pipes_struct * p ,
struct wbint_UnixIDs2Sids * r )
{
2016-03-04 15:45:24 +01:00
struct id_map * * maps ;
NTSTATUS status ;
2015-08-20 17:07:19 +02:00
uint32_t i ;
2016-03-04 15:45:24 +01:00
maps = id_map_ptrs_init ( talloc_tos ( ) , r - > in . num_ids ) ;
if ( maps = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
2015-08-20 17:07:19 +02:00
for ( i = 0 ; i < r - > in . num_ids ; i + + ) {
2016-03-04 15:45:24 +01:00
maps [ i ] - > status = ID_UNKNOWN ;
maps [ i ] - > xid = r - > in . xids [ i ] ;
}
2015-08-20 17:07:19 +02:00
2017-09-25 15:39:39 +02:00
status = idmap_backend_unixids_to_sids ( maps , r - > in . domain_name ,
r - > in . domain_sid ) ;
2016-03-04 15:45:24 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
TALLOC_FREE ( maps ) ;
return status ;
}
for ( i = 0 ; i < r - > in . num_ids ; i + + ) {
2021-03-05 15:48:29 -07:00
if ( maps [ i ] - > status = = ID_MAPPED ) {
r - > out . xids [ i ] = maps [ i ] - > xid ;
sid_copy ( & r - > out . sids [ i ] , maps [ i ] - > sid ) ;
2021-03-05 16:01:13 -07:00
} else {
r - > out . sids [ i ] = ( struct dom_sid ) { 0 } ;
2021-03-05 15:48:29 -07:00
}
2015-08-20 17:07:19 +02:00
}
2016-03-04 15:45:24 +01:00
TALLOC_FREE ( maps ) ;
2015-08-20 17:07:19 +02:00
return NT_STATUS_OK ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_AllocateUid ( struct pipes_struct * p , struct wbint_AllocateUid * r )
2009-08-30 09:41:43 +02:00
{
struct unixid xid ;
NTSTATUS status ;
status = idmap_allocate_uid ( & xid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
* r - > out . uid = xid . id ;
return NT_STATUS_OK ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_AllocateGid ( struct pipes_struct * p , struct wbint_AllocateGid * r )
2009-08-30 09:46:34 +02:00
{
struct unixid xid ;
NTSTATUS status ;
status = idmap_allocate_gid ( & xid ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
* r - > out . gid = xid . id ;
return NT_STATUS_OK ;
}
2016-12-29 09:56:29 +00:00
NTSTATUS _wbint_GetNssInfo ( struct pipes_struct * p , struct wbint_GetNssInfo * r )
{
struct idmap_domain * domain ;
NTSTATUS status ;
domain = idmap_find_domain ( r - > in . info - > domain_name ) ;
if ( ( domain = = NULL ) | | ( domain - > query_user = = NULL ) ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
status = domain - > query_user ( domain , r - > in . info ) ;
return status ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_LookupUserAliases ( struct pipes_struct * p ,
2009-08-04 15:54:05 -04:00
struct wbint_LookupUserAliases * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
2011-06-03 14:28:33 -07:00
NTSTATUS status ;
2009-08-04 15:54:05 -04:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_lookup_useraliases ( domain , p - > mem_ctx ,
r - > in . sids - > num_sids ,
r - > in . sids - > sids ,
& r - > out . rids - > num_rids ,
& r - > out . rids - > rids ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2011-06-03 14:28:33 -07:00
return status ;
2009-08-04 15:54:05 -04:00
}
2009-08-04 16:07:01 -04:00
2017-03-02 14:55:15 +01:00
NTSTATUS _wbint_LookupUserGroups ( struct pipes_struct * p ,
struct wbint_LookupUserGroups * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
NTSTATUS status ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
status = wb_cache_lookup_usergroups ( domain , p - > mem_ctx , r - > in . sid ,
& r - > out . sids - > num_sids ,
& r - > out . sids - > sids ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2017-03-02 14:55:15 +01:00
return status ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_QuerySequenceNumber ( struct pipes_struct * p ,
2009-08-15 11:16:28 +02:00
struct wbint_QuerySequenceNumber * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
2011-06-03 14:28:33 -07:00
NTSTATUS status ;
2009-08-15 11:16:28 +02:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_sequence_number ( domain , r - > out . sequence ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2011-06-03 14:28:33 -07:00
return status ;
2009-08-15 11:16:28 +02:00
}
2009-08-16 10:58:43 +02:00
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_LookupGroupMembers ( struct pipes_struct * p ,
2009-08-16 10:58:43 +02:00
struct wbint_LookupGroupMembers * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
uint32_t i , num_names ;
struct dom_sid * sid_mem ;
char * * names ;
uint32_t * name_types ;
NTSTATUS status ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_lookup_groupmem ( domain , p - > mem_ctx , r - > in . sid ,
r - > in . type , & num_names , & sid_mem ,
& names , & name_types ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2009-08-16 10:58:43 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2009-08-23 12:43:43 +02:00
r - > out . members - > num_principals = num_names ;
r - > out . members - > principals = talloc_array (
2009-08-23 12:38:35 +02:00
r - > out . members , struct wbint_Principal , num_names ) ;
2009-08-23 12:43:43 +02:00
if ( r - > out . members - > principals = = NULL ) {
2009-08-16 10:58:43 +02:00
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < num_names ; i + + ) {
2009-08-23 12:43:43 +02:00
struct wbint_Principal * m = & r - > out . members - > principals [ i ] ;
2009-08-16 10:58:43 +02:00
sid_copy ( & m - > sid , & sid_mem [ i ] ) ;
2009-08-23 12:43:43 +02:00
m - > name = talloc_move ( r - > out . members - > principals , & names [ i ] ) ;
2009-08-16 10:58:43 +02:00
m - > type = ( enum lsa_SidType ) name_types [ i ] ;
}
return NT_STATUS_OK ;
}
2009-08-17 22:40:19 +02:00
2023-03-29 14:53:14 +02:00
NTSTATUS _wbint_LookupAliasMembers ( struct pipes_struct * p ,
struct wbint_LookupAliasMembers * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
NTSTATUS status ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
status = wb_cache_lookup_aliasmem ( domain ,
p - > mem_ctx ,
r - > in . sid ,
r - > in . type ,
& r - > out . sids - > num_sids ,
& r - > out . sids - > sids ) ;
reset_cm_connection_on_error ( domain , NULL , status ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_QueryGroupList ( struct pipes_struct * p ,
struct wbint_QueryGroupList * r )
2009-08-27 19:54:18 +02:00
{
2017-12-06 18:48:47 +01:00
TALLOC_CTX * frame = NULL ;
2009-08-27 19:54:18 +02:00
struct winbindd_domain * domain = wb_child_domain ( ) ;
2015-03-28 08:36:11 +00:00
uint32_t i ;
uint32_t num_local_groups = 0 ;
struct wb_acct_info * local_groups = NULL ;
uint32_t num_dom_groups = 0 ;
struct wb_acct_info * dom_groups = NULL ;
uint32_t ti = 0 ;
uint64_t num_total = 0 ;
2009-08-27 19:54:18 +02:00
struct wbint_Principal * result ;
2017-12-06 18:48:47 +01:00
NTSTATUS status = NT_STATUS_UNSUCCESSFUL ;
2015-03-28 08:36:11 +00:00
bool include_local_groups = false ;
2009-08-27 19:54:18 +02:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2017-12-06 18:48:47 +01:00
frame = talloc_stackframe ( ) ;
2015-03-28 08:36:11 +00:00
switch ( lp_server_role ( ) ) {
case ROLE_ACTIVE_DIRECTORY_DC :
if ( domain - > internal ) {
/*
* we want to include local groups
* for BUILTIN and WORKGROUP
*/
include_local_groups = true ;
}
break ;
2023-02-27 17:03:32 +01:00
case ROLE_DOMAIN_MEMBER :
/*
* This is needed for GETGRENT to show also e . g . BUILTIN / users .
* Otherwise the test_membership_user ( smbtorture
* local . nss . membership ) would fail ( getgrouplist ( ) would
* reports BUILTIN / users ) .
*/
if ( domain - > internal ) {
/*
* we want to include local groups
* for BUILTIN and LOCALSAM
*/
include_local_groups = true ;
}
break ;
2015-03-28 08:36:11 +00:00
default :
/*
* We might include local groups in more
* setups later , but that requires more work
* elsewhere .
*/
break ;
}
if ( include_local_groups ) {
2017-12-06 18:48:47 +01:00
status = wb_cache_enum_local_groups ( domain , frame ,
2016-10-07 16:31:40 -07:00
& num_local_groups ,
& local_groups ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2015-03-28 08:36:11 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2017-12-06 18:48:47 +01:00
goto out ;
2015-03-28 08:36:11 +00:00
}
}
2017-12-06 18:48:47 +01:00
status = wb_cache_enum_dom_groups ( domain , frame ,
2016-10-07 16:31:40 -07:00
& num_dom_groups ,
& dom_groups ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2009-08-27 19:54:18 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2017-12-06 18:48:47 +01:00
goto out ;
2009-08-27 19:54:18 +02:00
}
2015-03-28 08:36:11 +00:00
num_total = num_local_groups + num_dom_groups ;
if ( num_total > UINT32_MAX ) {
2017-12-06 18:48:47 +01:00
status = NT_STATUS_INTERNAL_ERROR ;
goto out ;
2015-03-28 08:36:11 +00:00
}
2017-12-06 18:48:47 +01:00
result = talloc_array ( frame , struct wbint_Principal , num_total ) ;
2009-08-27 19:54:18 +02:00
if ( result = = NULL ) {
2017-12-06 18:48:47 +01:00
status = NT_STATUS_NO_MEMORY ;
goto out ;
2009-08-27 19:54:18 +02:00
}
2015-03-28 08:36:11 +00:00
for ( i = 0 ; i < num_local_groups ; i + + ) {
struct wb_acct_info * lg = & local_groups [ i ] ;
struct wbint_Principal * rg = & result [ ti + + ] ;
sid_compose ( & rg - > sid , & domain - > sid , lg - > rid ) ;
rg - > type = SID_NAME_ALIAS ;
rg - > name = talloc_strdup ( result , lg - > acct_name ) ;
if ( rg - > name = = NULL ) {
2017-12-06 18:48:47 +01:00
status = NT_STATUS_NO_MEMORY ;
goto out ;
2015-03-28 08:36:11 +00:00
}
}
num_local_groups = 0 ;
for ( i = 0 ; i < num_dom_groups ; i + + ) {
struct wb_acct_info * dg = & dom_groups [ i ] ;
struct wbint_Principal * rg = & result [ ti + + ] ;
sid_compose ( & rg - > sid , & domain - > sid , dg - > rid ) ;
rg - > type = SID_NAME_DOM_GRP ;
rg - > name = talloc_strdup ( result , dg - > acct_name ) ;
if ( rg - > name = = NULL ) {
2017-12-06 18:48:47 +01:00
status = NT_STATUS_NO_MEMORY ;
goto out ;
2009-08-27 19:54:18 +02:00
}
}
2015-03-28 08:36:11 +00:00
num_dom_groups = 0 ;
2009-08-27 19:54:18 +02:00
2015-03-28 08:36:11 +00:00
r - > out . groups - > num_principals = ti ;
2017-12-06 18:48:47 +01:00
r - > out . groups - > principals = talloc_move ( r - > out . groups , & result ) ;
2010-06-14 11:49:32 +02:00
2017-12-06 18:48:47 +01:00
status = NT_STATUS_OK ;
out :
TALLOC_FREE ( frame ) ;
return status ;
2009-08-27 19:54:18 +02:00
}
2016-12-29 18:13:28 +00:00
NTSTATUS _wbint_QueryUserRidList ( struct pipes_struct * p ,
struct wbint_QueryUserRidList * r )
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
NTSTATUS status ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
/*
* Right now this is overkill . We should add a backend call
* just querying the rids .
*/
status = wb_cache_query_user_list ( domain , p - > mem_ctx ,
2017-01-03 12:11:30 +00:00
& r - > out . rids - > rids ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2016-12-29 18:13:28 +00:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2017-01-03 12:11:30 +00:00
r - > out . rids - > num_rids = talloc_array_length ( r - > out . rids - > rids ) ;
2016-12-29 18:13:28 +00:00
2017-01-03 12:11:30 +00:00
return NT_STATUS_OK ;
2016-12-29 18:13:28 +00:00
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_DsGetDcName ( struct pipes_struct * p , struct wbint_DsGetDcName * r )
2009-08-25 22:13:34 +02:00
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
struct rpc_pipe_client * netlogon_pipe ;
struct netr_DsRGetDCNameInfo * dc_info ;
NTSTATUS status ;
WERROR werr ;
unsigned int orig_timeout ;
2011-01-12 11:55:34 +01:00
struct dcerpc_binding_handle * b ;
2018-03-12 19:53:26 +01:00
bool retry = false ;
bool try_dsrgetdcname = false ;
2009-08-25 22:13:34 +02:00
if ( domain = = NULL ) {
2018-08-21 11:09:16 -07:00
return dsgetdcname ( p - > mem_ctx , global_messaging_context ( ) ,
2009-08-25 22:13:34 +02:00
r - > in . domain_name , r - > in . domain_guid ,
r - > in . site_name ? r - > in . site_name : " " ,
r - > in . flags ,
r - > out . dc_info ) ;
}
2018-03-12 19:53:26 +01:00
if ( domain - > active_directory ) {
try_dsrgetdcname = true ;
}
reconnect :
2009-08-25 22:13:34 +02:00
status = cm_connect_netlogon ( domain , & netlogon_pipe ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2009-08-25 22:13:34 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 10 , ( " Can't contact the NETLOGON pipe \n " ) ) ;
return status ;
}
2011-01-12 11:55:34 +01:00
b = netlogon_pipe - > binding_handle ;
2009-08-25 22:13:34 +02:00
/* This call can take a long time - allow the server to time out.
35 seconds should do it . */
orig_timeout = rpccli_set_timeout ( netlogon_pipe , 35000 ) ;
2018-03-12 19:53:26 +01:00
if ( try_dsrgetdcname ) {
2011-01-12 11:55:34 +01:00
status = dcerpc_netr_DsRGetDCName ( b ,
p - > mem_ctx , domain - > dcname ,
2009-08-25 22:13:34 +02:00
r - > in . domain_name , NULL , r - > in . domain_guid ,
r - > in . flags , r - > out . dc_info , & werr ) ;
if ( NT_STATUS_IS_OK ( status ) & & W_ERROR_IS_OK ( werr ) ) {
goto done ;
}
2018-03-12 19:53:26 +01:00
if ( ! retry & &
reset_cm_connection_on_error ( domain , NULL , status ) )
{
retry = true ;
goto reconnect ;
2011-06-03 14:28:33 -07:00
}
2018-03-12 19:53:26 +01:00
try_dsrgetdcname = false ;
retry = false ;
2009-08-25 22:13:34 +02:00
}
/*
* Fallback to less capable methods
*/
dc_info = talloc_zero ( r - > out . dc_info , struct netr_DsRGetDCNameInfo ) ;
if ( dc_info = = NULL ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
if ( r - > in . flags & DS_PDC_REQUIRED ) {
2011-01-12 11:55:34 +01:00
status = dcerpc_netr_GetDcName ( b ,
p - > mem_ctx , domain - > dcname ,
2009-08-25 22:13:34 +02:00
r - > in . domain_name , & dc_info - > dc_unc , & werr ) ;
} else {
2011-01-12 11:55:34 +01:00
status = dcerpc_netr_GetAnyDCName ( b ,
p - > mem_ctx , domain - > dcname ,
2009-08-25 22:13:34 +02:00
r - > in . domain_name , & dc_info - > dc_unc , & werr ) ;
}
2018-03-12 19:53:26 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
retry = true ;
goto reconnect ;
}
2009-08-25 22:13:34 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2011-01-12 11:55:34 +01:00
DEBUG ( 10 , ( " dcerpc_netr_Get[Any]DCName failed: %s \n " ,
2009-08-25 22:13:34 +02:00
nt_errstr ( status ) ) ) ;
goto done ;
}
if ( ! W_ERROR_IS_OK ( werr ) ) {
2011-01-12 11:55:34 +01:00
DEBUG ( 10 , ( " dcerpc_netr_Get[Any]DCName failed: %s \n " ,
2009-08-25 22:13:34 +02:00
win_errstr ( werr ) ) ) ;
status = werror_to_ntstatus ( werr ) ;
goto done ;
}
* r - > out . dc_info = dc_info ;
status = NT_STATUS_OK ;
done :
/* And restore our original timeout. */
rpccli_set_timeout ( netlogon_pipe , orig_timeout ) ;
return status ;
}
2009-08-27 17:11:24 +02:00
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_LookupRids ( struct pipes_struct * p , struct wbint_LookupRids * r )
2009-08-27 17:11:24 +02:00
{
struct winbindd_domain * domain = wb_child_domain ( ) ;
char * domain_name ;
char * * names ;
enum lsa_SidType * types ;
struct wbint_Principal * result ;
NTSTATUS status ;
2017-01-24 16:17:31 +01:00
uint32_t i ;
2009-08-27 17:11:24 +02:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2016-10-07 16:31:40 -07:00
status = wb_cache_rids_to_names ( domain , talloc_tos ( ) , r - > in . domain_sid ,
r - > in . rids - > rids , r - > in . rids - > num_rids ,
& domain_name , & names , & types ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2020-07-08 15:09:45 +02:00
if ( ! NT_STATUS_IS_OK ( status ) & &
! NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
2009-08-27 17:11:24 +02:00
return status ;
}
2010-12-04 20:16:00 +01:00
* r - > out . domain_name = talloc_move ( r - > out . domain_name , & domain_name ) ;
2009-08-27 17:11:24 +02:00
result = talloc_array ( p - > mem_ctx , struct wbint_Principal ,
r - > in . rids - > num_rids ) ;
if ( result = = NULL ) {
return NT_STATUS_NO_MEMORY ;
}
for ( i = 0 ; i < r - > in . rids - > num_rids ; i + + ) {
2011-06-27 14:34:39 +02:00
sid_compose ( & result [ i ] . sid , r - > in . domain_sid ,
r - > in . rids - > rids [ i ] ) ;
2009-08-27 17:11:24 +02:00
result [ i ] . type = types [ i ] ;
result [ i ] . name = talloc_move ( result , & names [ i ] ) ;
}
TALLOC_FREE ( types ) ;
TALLOC_FREE ( names ) ;
r - > out . names - > num_principals = r - > in . rids - > num_rids ;
r - > out . names - > principals = result ;
return NT_STATUS_OK ;
}
2009-09-06 09:32:34 +02:00
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_CheckMachineAccount ( struct pipes_struct * p ,
2009-09-06 09:32:34 +02:00
struct wbint_CheckMachineAccount * r )
{
struct winbindd_domain * domain ;
int num_retries = 0 ;
NTSTATUS status ;
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2009-11-23 13:58:23 +01:00
again :
2014-09-23 10:35:21 -07:00
invalidate_cm_connection ( domain ) ;
2013-08-07 11:32:44 +02:00
domain - > conn . netlogon_force_reauth = true ;
2009-09-06 09:32:34 +02:00
{
2018-02-02 15:24:00 +01:00
struct rpc_pipe_client * netlogon_pipe = NULL ;
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2009-09-06 09:32:34 +02:00
}
/* There is a race condition between fetching the trust account
password and the periodic machine password change . So it ' s
possible that the trust account password has been changed on us .
We are returned NT_STATUS_ACCESS_DENIED if this happens . */
# define MAX_RETRIES 3
if ( ( num_retries < MAX_RETRIES )
& & NT_STATUS_EQUAL ( status , NT_STATUS_ACCESS_DENIED ) ) {
num_retries + + ;
goto again ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe \n " ) ) ;
goto done ;
}
/* Pass back result code - zero for success, other values for
specific failures . */
2009-10-06 17:46:25 +02:00
DEBUG ( 3 , ( " domain %s secret is %s \n " , domain - > name ,
NT_STATUS_IS_OK ( status ) ? " good " : " bad " ) ) ;
2009-09-06 09:32:34 +02:00
done :
DEBUG ( NT_STATUS_IS_OK ( status ) ? 5 : 2 ,
2009-10-06 17:46:25 +02:00
( " Checking the trust account password for domain %s returned %s \n " ,
domain - > name , nt_errstr ( status ) ) ) ;
2009-09-06 09:32:34 +02:00
return status ;
}
2009-09-06 14:47:06 +02:00
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_ChangeMachineAccount ( struct pipes_struct * p ,
2009-10-06 18:26:33 +02:00
struct wbint_ChangeMachineAccount * r )
{
2018-08-21 11:09:16 -07:00
struct messaging_context * msg_ctx = global_messaging_context ( ) ;
2009-10-06 18:26:33 +02:00
struct winbindd_domain * domain ;
NTSTATUS status ;
2018-02-02 15:24:00 +01:00
struct rpc_pipe_client * netlogon_pipe = NULL ;
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2009-10-06 18:26:33 +02:00
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2022-11-22 16:09:34 +01:00
if ( r - > in . dcname ! = NULL & & r - > in . dcname [ 0 ] ! = ' \0 ' ) {
invalidate_cm_connection ( domain ) ;
TALLOC_FREE ( domain - > dcname ) ;
domain - > dcname = talloc_strdup ( domain , r - > in . dcname ) ;
if ( domain - > dcname = = NULL ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
domain - > force_dc = true ;
DBG_NOTICE ( " attempt connection to change trust account "
" password for %s at %s \n " ,
domain - > name , domain - > dcname ) ;
}
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2009-10-06 18:26:33 +02:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe \n " ) ) ;
goto done ;
}
2018-02-02 15:24:00 +01:00
status = trust_pw_change ( netlogon_creds_ctx ,
2013-09-16 18:37:34 +02:00
msg_ctx ,
netlogon_pipe - > binding_handle ,
domain - > name ,
2017-05-22 15:36:29 +02:00
domain - > dcname ,
2013-09-16 18:37:34 +02:00
true ) ; /* force */
2009-10-06 18:26:33 +02:00
/* Pass back result code - zero for success, other values for
specific failures . */
DEBUG ( 3 , ( " domain %s secret %s \n " , domain - > name ,
NT_STATUS_IS_OK ( status ) ? " changed " : " unchanged " ) ) ;
done :
2022-11-22 16:09:34 +01:00
DEBUG ( NT_STATUS_IS_OK ( status ) ? 5 :
domain - > force_dc ? 0 : 2 ,
( " Changing the trust account password for domain %s at %s "
" (forced: %s) returned %s \n " ,
domain - > name , domain - > dcname , domain - > force_dc ? " yes " : " no " ,
nt_errstr ( status ) ) ) ;
domain - > force_dc = false ;
2009-10-06 18:26:33 +02:00
return status ;
}
2010-07-28 10:28:36 +02:00
NTSTATUS _wbint_PingDc ( struct pipes_struct * p , struct wbint_PingDc * r )
2009-12-21 21:50:43 +01:00
{
NTSTATUS status ;
struct winbindd_domain * domain ;
struct rpc_pipe_client * netlogon_pipe ;
union netr_CONTROL_QUERY_INFORMATION info ;
WERROR werr ;
fstring logon_server ;
2011-01-12 11:55:34 +01:00
struct dcerpc_binding_handle * b ;
2014-12-22 15:19:47 -08:00
bool retry = false ;
2009-12-21 21:50:43 +01:00
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2014-12-22 15:19:47 -08:00
reconnect :
2009-12-21 21:50:43 +01:00
status = cm_connect_netlogon ( domain , & netlogon_pipe ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2009-12-21 21:50:43 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2013-05-24 12:40:49 -07:00
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe: %s \n " ,
nt_errstr ( status ) ) ) ;
2009-12-21 21:50:43 +01:00
return status ;
}
2011-01-12 11:55:34 +01:00
b = netlogon_pipe - > binding_handle ;
2009-12-21 21:50:43 +01:00
fstr_sprintf ( logon_server , " \\ \\ %s " , domain - > dcname ) ;
2012-08-10 08:10:42 -07:00
* r - > out . dcname = talloc_strdup ( p - > mem_ctx , domain - > dcname ) ;
2013-02-25 14:55:48 +01:00
if ( * r - > out . dcname = = NULL ) {
2012-08-10 08:10:42 -07:00
DEBUG ( 2 , ( " Could not allocate memory \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
2009-12-21 21:50:43 +01:00
/*
* This provokes a WERR_NOT_SUPPORTED error message . This is
* documented in the wspp docs . I could not get a successful
* call to work , but the main point here is testing that the
* netlogon pipe works .
*/
2011-01-12 11:55:34 +01:00
status = dcerpc_netr_LogonControl ( b , p - > mem_ctx ,
2009-12-21 21:50:43 +01:00
logon_server , NETLOGON_CONTROL_QUERY ,
2 , & info , & werr ) ;
2018-03-12 16:53:49 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
2014-12-22 15:19:47 -08:00
retry = true ;
goto reconnect ;
}
2011-01-12 11:55:34 +01:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 2 , ( " dcerpc_netr_LogonControl failed: %s \n " ,
nt_errstr ( status ) ) ) ;
2009-12-21 21:50:43 +01:00
return status ;
}
2011-01-12 11:55:34 +01:00
if ( ! W_ERROR_EQUAL ( werr , WERR_NOT_SUPPORTED ) ) {
DEBUG ( 2 , ( " dcerpc_netr_LogonControl returned %s, expected "
" WERR_NOT_SUPPORTED \n " ,
win_errstr ( werr ) ) ) ;
return werror_to_ntstatus ( werr ) ;
}
2009-12-21 21:50:43 +01:00
DEBUG ( 5 , ( " winbindd_dual_ping_dc succeeded \n " ) ) ;
return NT_STATUS_OK ;
}
2014-05-06 17:00:09 +12:00
2014-05-08 12:17:32 +12:00
NTSTATUS _winbind_DsrUpdateReadOnlyServerDnsRecords ( struct pipes_struct * p ,
struct winbind_DsrUpdateReadOnlyServerDnsRecords * r )
2014-05-06 17:00:09 +12:00
{
struct winbindd_domain * domain ;
NTSTATUS status ;
2018-02-02 15:24:00 +01:00
struct rpc_pipe_client * netlogon_pipe = NULL ;
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2018-03-12 19:53:53 +01:00
struct dcerpc_binding_handle * b = NULL ;
bool retry = false ;
2014-05-06 17:00:09 +12:00
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2018-03-12 19:53:53 +01:00
reconnect :
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2014-05-06 17:00:09 +12:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe \n " ) ) ;
goto done ;
}
2018-03-12 19:53:53 +01:00
b = netlogon_pipe - > binding_handle ;
2018-02-02 15:24:00 +01:00
status = netlogon_creds_cli_DsrUpdateReadOnlyServerDnsRecords ( netlogon_creds_ctx ,
2014-05-06 17:00:09 +12:00
netlogon_pipe - > binding_handle ,
r - > in . site_name ,
r - > in . dns_ttl ,
r - > in . dns_names ) ;
2018-03-12 19:53:53 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
retry = true ;
goto reconnect ;
}
2014-05-06 17:00:09 +12:00
/* Pass back result code - zero for success, other values for
specific failures . */
DEBUG ( 3 , ( " DNS records for domain %s %s \n " , domain - > name ,
NT_STATUS_IS_OK ( status ) ? " changed " : " unchanged " ) ) ;
done :
DEBUG ( NT_STATUS_IS_OK ( status ) ? 5 : 2 ,
( " Update of DNS records via RW DC %s returned %s \n " ,
domain - > name , nt_errstr ( status ) ) ) ;
return status ;
}
2014-05-08 12:17:32 +12:00
NTSTATUS _winbind_SamLogon ( struct pipes_struct * p ,
2014-05-08 16:49:13 +12:00
struct winbind_SamLogon * r )
2014-05-08 12:17:32 +12:00
{
2021-10-04 12:19:57 +02:00
struct dcesrv_call_state * dce_call = p - > dce_call ;
struct dcesrv_connection * dcesrv_conn = dce_call - > conn ;
const struct tsocket_address * local_address =
dcesrv_connection_get_local_address ( dcesrv_conn ) ;
2021-10-04 12:26:18 +02:00
const struct tsocket_address * remote_address =
dcesrv_connection_get_remote_address ( dcesrv_conn ) ;
2014-05-08 16:49:13 +12:00
struct winbindd_domain * domain ;
NTSTATUS status ;
2018-01-23 17:39:15 +01:00
struct netr_IdentityInfo * identity_info = NULL ;
2014-05-08 16:49:13 +12:00
DATA_BLOB lm_response , nt_response ;
2021-06-15 14:06:27 +02:00
DATA_BLOB challenge = data_blob_null ;
2017-06-08 17:10:12 +02:00
uint32_t flags = 0 ;
2017-12-11 16:25:35 +01:00
uint16_t validation_level ;
union netr_Validation * validation = NULL ;
2018-01-23 17:39:15 +01:00
bool interactive = false ;
2017-01-28 20:20:59 +00:00
2021-10-04 17:29:34 +02:00
/*
* Make sure we start with authoritative = true ,
* it will only set to false if we don ' t know the
* domain .
*/
r - > out . authoritative = true ;
2014-05-08 16:49:13 +12:00
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2018-01-23 17:57:37 +01:00
switch ( r - > in . validation_level ) {
case 3 :
case 6 :
break ;
default :
2014-05-08 16:49:13 +12:00
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2018-01-23 17:39:15 +01:00
switch ( r - > in . logon_level ) {
case NetlogonInteractiveInformation :
case NetlogonServiceInformation :
case NetlogonInteractiveTransitiveInformation :
case NetlogonServiceTransitiveInformation :
if ( r - > in . logon . password = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
interactive = true ;
identity_info = & r - > in . logon . password - > identity_info ;
2021-06-15 14:06:27 +02:00
challenge = data_blob_null ;
2018-01-23 17:39:15 +01:00
lm_response = data_blob_talloc ( p - > mem_ctx ,
r - > in . logon . password - > lmpassword . hash ,
sizeof ( r - > in . logon . password - > lmpassword . hash ) ) ;
nt_response = data_blob_talloc ( p - > mem_ctx ,
r - > in . logon . password - > ntpassword . hash ,
sizeof ( r - > in . logon . password - > ntpassword . hash ) ) ;
break ;
case NetlogonNetworkInformation :
case NetlogonNetworkTransitiveInformation :
if ( r - > in . logon . network = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
interactive = false ;
identity_info = & r - > in . logon . network - > identity_info ;
2021-06-15 14:06:27 +02:00
challenge = data_blob_talloc ( p - > mem_ctx ,
r - > in . logon . network - > challenge ,
8 ) ;
2018-01-23 17:39:15 +01:00
lm_response = data_blob_talloc ( p - > mem_ctx ,
r - > in . logon . network - > lm . data ,
r - > in . logon . network - > lm . length ) ;
nt_response = data_blob_talloc ( p - > mem_ctx ,
r - > in . logon . network - > nt . data ,
r - > in . logon . network - > nt . length ) ;
break ;
2014-05-08 16:49:13 +12:00
2018-01-23 17:39:15 +01:00
case NetlogonGenericInformation :
if ( r - > in . logon . generic = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
identity_info = & r - > in . logon . generic - > identity_info ;
/*
* Not implemented here . . .
*/
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
default :
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2014-05-08 16:49:13 +12:00
status = winbind_dual_SamLogon ( domain , p - > mem_ctx ,
2018-01-23 17:39:15 +01:00
interactive ,
identity_info - > parameter_control ,
identity_info - > account_name . string ,
identity_info - > domain_name . string ,
identity_info - > workstation . string ,
2019-02-01 13:49:49 +13:00
identity_info - > logon_id ,
2019-01-28 15:31:46 +13:00
" SamLogon " ,
0 ,
2018-01-23 17:39:15 +01:00
challenge ,
2017-01-28 20:20:59 +00:00
lm_response , nt_response ,
2021-10-04 12:26:18 +02:00
remote_address ,
2021-10-04 12:19:57 +02:00
local_address ,
2017-04-12 14:12:32 +12:00
& r - > out . authoritative ,
2018-02-08 17:23:49 +01:00
true , /* skip_sam */
2017-04-12 14:12:32 +12:00
& flags ,
2017-12-11 16:25:35 +01:00
& validation_level ,
& validation ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2018-01-23 17:57:37 +01:00
switch ( r - > in . validation_level ) {
case 3 :
status = map_validation_to_info3 ( p - > mem_ctx ,
validation_level ,
validation ,
& r - > out . validation . sam3 ) ;
TALLOC_FREE ( validation ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
case 6 :
status = map_validation_to_info6 ( p - > mem_ctx ,
validation_level ,
validation ,
& r - > out . validation . sam6 ) ;
TALLOC_FREE ( validation ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
return NT_STATUS_OK ;
2017-12-11 16:25:35 +01:00
}
2018-01-23 17:57:37 +01:00
smb_panic ( __location__ ) ;
return NT_STATUS_INTERNAL_ERROR ;
2014-05-08 12:17:32 +12:00
}
2014-12-19 10:36:29 +01:00
2014-12-23 09:04:42 +01:00
static WERROR _winbind_LogonControl_REDISCOVER ( struct pipes_struct * p ,
struct winbindd_domain * domain ,
struct winbind_LogonControl * r )
{
NTSTATUS status ;
struct rpc_pipe_client * netlogon_pipe = NULL ;
2018-02-02 15:24:00 +01:00
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2014-12-23 09:04:42 +01:00
struct netr_NETLOGON_INFO_2 * info2 = NULL ;
WERROR check_result = WERR_INTERNAL_ERROR ;
info2 = talloc_zero ( p - > mem_ctx , struct netr_NETLOGON_INFO_2 ) ;
if ( info2 = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
if ( domain - > internal ) {
check_result = WERR_OK ;
goto check_return ;
}
/*
* For now we just force a reconnect
*
* TODO : take care of the optional ' \ dcname '
*/
invalidate_cm_connection ( domain ) ;
domain - > conn . netlogon_force_reauth = true ;
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2014-12-23 09:04:42 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
status = NT_STATUS_NO_LOGON_SERVERS ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 2 , ( " %s: domain[%s/%s] cm_connect_netlogon() returned %s \n " ,
__func__ , domain - > name , domain - > alt_name ,
nt_errstr ( status ) ) ) ;
/*
* Here we return a top level error !
* This is different than TC_QUERY or TC_VERIFY .
*/
return ntstatus_to_werror ( status ) ;
}
check_result = WERR_OK ;
check_return :
info2 - > pdc_connection_status = WERR_OK ;
if ( domain - > dcname ! = NULL ) {
info2 - > flags | = NETLOGON_HAS_IP ;
info2 - > flags | = NETLOGON_HAS_TIMESERV ;
info2 - > trusted_dc_name = talloc_asprintf ( info2 , " \\ \\ %s " ,
domain - > dcname ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
} else {
info2 - > trusted_dc_name = talloc_strdup ( info2 , " " ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
}
info2 - > tc_connection_status = check_result ;
2023-03-07 11:13:41 +13:00
if ( ! W_ERROR_IS_OK ( info2 - > pdc_connection_status ) | |
! W_ERROR_IS_OK ( info2 - > tc_connection_status ) )
{
2014-12-23 09:04:42 +01:00
DEBUG ( 2 , ( " %s: domain[%s/%s] dcname[%s] "
" pdc_connection[%s] tc_connection[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ,
win_errstr ( info2 - > pdc_connection_status ) ,
win_errstr ( info2 - > tc_connection_status ) ) ) ;
}
r - > out . query - > info2 = info2 ;
DEBUG ( 5 , ( " %s: succeeded. \n " , __func__ ) ) ;
return WERR_OK ;
}
static WERROR _winbind_LogonControl_TC_QUERY ( struct pipes_struct * p ,
struct winbindd_domain * domain ,
struct winbind_LogonControl * r )
{
NTSTATUS status ;
struct rpc_pipe_client * netlogon_pipe = NULL ;
2018-02-02 15:24:00 +01:00
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2014-12-23 09:04:42 +01:00
struct netr_NETLOGON_INFO_2 * info2 = NULL ;
WERROR check_result = WERR_INTERNAL_ERROR ;
info2 = talloc_zero ( p - > mem_ctx , struct netr_NETLOGON_INFO_2 ) ;
if ( info2 = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
if ( domain - > internal ) {
check_result = WERR_OK ;
goto check_return ;
}
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2014-12-23 09:04:42 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
status = NT_STATUS_NO_LOGON_SERVERS ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe: %s \n " ,
nt_errstr ( status ) ) ) ;
check_result = ntstatus_to_werror ( status ) ;
goto check_return ;
}
check_result = WERR_OK ;
check_return :
info2 - > pdc_connection_status = WERR_OK ;
if ( domain - > dcname ! = NULL ) {
info2 - > flags | = NETLOGON_HAS_IP ;
info2 - > flags | = NETLOGON_HAS_TIMESERV ;
info2 - > trusted_dc_name = talloc_asprintf ( info2 , " \\ \\ %s " ,
domain - > dcname ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
} else {
info2 - > trusted_dc_name = talloc_strdup ( info2 , " " ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
}
info2 - > tc_connection_status = check_result ;
2023-03-07 11:13:41 +13:00
if ( ! W_ERROR_IS_OK ( info2 - > pdc_connection_status ) | |
! W_ERROR_IS_OK ( info2 - > tc_connection_status ) )
{
2014-12-23 09:04:42 +01:00
DEBUG ( 2 , ( " %s: domain[%s/%s] dcname[%s] "
" pdc_connection[%s] tc_connection[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ,
win_errstr ( info2 - > pdc_connection_status ) ,
win_errstr ( info2 - > tc_connection_status ) ) ) ;
}
r - > out . query - > info2 = info2 ;
DEBUG ( 5 , ( " %s: succeeded. \n " , __func__ ) ) ;
return WERR_OK ;
}
static WERROR _winbind_LogonControl_TC_VERIFY ( struct pipes_struct * p ,
struct winbindd_domain * domain ,
struct winbind_LogonControl * r )
{
TALLOC_CTX * frame = talloc_stackframe ( ) ;
NTSTATUS status ;
NTSTATUS result ;
struct lsa_String trusted_domain_name = { } ;
struct lsa_StringLarge trusted_domain_name_l = { } ;
struct rpc_pipe_client * local_lsa_pipe = NULL ;
struct policy_handle local_lsa_policy = { } ;
struct dcerpc_binding_handle * local_lsa = NULL ;
struct rpc_pipe_client * netlogon_pipe = NULL ;
2018-02-02 15:24:00 +01:00
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2014-12-23 09:04:42 +01:00
struct cli_credentials * creds = NULL ;
struct samr_Password * cur_nt_hash = NULL ;
uint32_t trust_attributes = 0 ;
struct samr_Password new_owf_password = { } ;
2022-05-11 12:07:43 +12:00
bool cmp_new = false ;
2014-12-23 09:04:42 +01:00
struct samr_Password old_owf_password = { } ;
2022-05-11 12:07:43 +12:00
bool cmp_old = false ;
2014-12-23 09:04:42 +01:00
const struct lsa_TrustDomainInfoInfoEx * local_tdo = NULL ;
bool fetch_fti = false ;
struct lsa_ForestTrustInformation * new_fti = NULL ;
struct netr_TrustInfo * trust_info = NULL ;
struct netr_NETLOGON_INFO_2 * info2 = NULL ;
struct dcerpc_binding_handle * b = NULL ;
WERROR check_result = WERR_INTERNAL_ERROR ;
WERROR verify_result = WERR_INTERNAL_ERROR ;
bool retry = false ;
trusted_domain_name . string = domain - > name ;
trusted_domain_name_l . string = domain - > name ;
info2 = talloc_zero ( p - > mem_ctx , struct netr_NETLOGON_INFO_2 ) ;
if ( info2 = = NULL ) {
TALLOC_FREE ( frame ) ;
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
if ( domain - > internal ) {
check_result = WERR_OK ;
goto check_return ;
}
if ( ! domain - > primary ) {
union lsa_TrustedDomainInfo * tdi = NULL ;
status = open_internal_lsa_conn ( frame , & local_lsa_pipe ,
& local_lsa_policy ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: open_internal_lsa_conn() failed - %s \n " ,
__location__ , __func__ , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
local_lsa = local_lsa_pipe - > binding_handle ;
status = dcerpc_lsa_QueryTrustedDomainInfoByName ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name ,
LSA_TRUSTED_DOMAIN_INFO_INFO_EX ,
& tdi , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName(%s) failed - %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( NT_STATUS_EQUAL ( result , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
DEBUG ( 1 , ( " %s:%s: domain[%s] not found via LSA, might be removed already. \n " ,
__location__ , __func__ , domain - > name ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_NO_SUCH_DOMAIN ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( tdi = = NULL ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName() "
" returned no trusted domain information \n " ,
__location__ , __func__ ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
local_tdo = & tdi - > info_ex ;
trust_attributes = local_tdo - > trust_attributes ;
}
if ( trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) {
struct lsa_ForestTrustInformation * old_fti = NULL ;
status = dcerpc_lsa_lsaRQueryForestTrustInformation ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name ,
LSA_FOREST_TRUST_DOMAIN_INFO ,
& old_fti , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) failed %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( NT_STATUS_EQUAL ( result , NT_STATUS_NOT_FOUND ) ) {
DEBUG ( 2 , ( " %s: no forest trust information available for domain[%s] yet. \n " ,
__func__ , domain - > name ) ) ;
old_fti = NULL ;
fetch_fti = true ;
result = NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
TALLOC_FREE ( old_fti ) ;
}
reconnect :
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2014-12-23 09:04:42 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
status = NT_STATUS_NO_LOGON_SERVERS ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe: %s \n " ,
nt_errstr ( status ) ) ) ;
check_result = ntstatus_to_werror ( status ) ;
goto check_return ;
}
check_result = WERR_OK ;
b = netlogon_pipe - > binding_handle ;
2024-02-27 09:53:04 +01:00
status = winbindd_get_trust_credentials ( domain ,
frame ,
true , /* netlogon */
false , /* ipc_fallback */
& creds ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
cur_nt_hash = cli_credentials_get_nt_hash ( creds , frame ) ;
TALLOC_FREE ( creds ) ;
}
2014-12-23 09:04:42 +01:00
if ( cur_nt_hash = = NULL ) {
verify_result = WERR_NO_TRUST_LSA_SECRET ;
goto verify_return ;
}
if ( fetch_fti ) {
2018-02-02 15:24:00 +01:00
status = netlogon_creds_cli_GetForestTrustInformation ( netlogon_creds_ctx ,
2014-12-23 09:04:42 +01:00
b , frame ,
& new_fti ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE ) ) {
status = NT_STATUS_NOT_SUPPORTED ;
}
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) ) {
new_fti = NULL ;
status = NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2018-03-12 16:53:49 +01:00
if ( ! retry & &
reset_cm_connection_on_error ( domain , b , status ) )
{
2014-12-23 09:04:42 +01:00
retry = true ;
goto reconnect ;
}
DEBUG ( 2 , ( " netlogon_creds_cli_GetForestTrustInformation(%s) "
" failed: %s \n " ,
domain - > name , nt_errstr ( status ) ) ) ;
check_result = ntstatus_to_werror ( status ) ;
goto check_return ;
}
}
if ( new_fti ! = NULL ) {
struct lsa_ForestTrustInformation old_fti = { } ;
struct lsa_ForestTrustInformation * merged_fti = NULL ;
struct lsa_ForestTrustCollisionInfo * collision_info = NULL ;
status = dsdb_trust_merge_forest_info ( frame , local_tdo ,
& old_fti , new_fti ,
& merged_fti ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: dsdb_trust_merge_forest_info(%s) failed %s \n " ,
__location__ , __func__ ,
domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return ntstatus_to_werror ( status ) ;
}
status = dcerpc_lsa_lsaRSetForestTrustInformation ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name_l ,
LSA_FOREST_TRUST_DOMAIN_INFO ,
merged_fti ,
0 , /* check_only=0 => store it! */
& collision_info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRSetForestTrustInformation(%s) failed %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRSetForestTrustInformation(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
2015-07-14 11:33:35 +02:00
return ntstatus_to_werror ( result ) ;
2014-12-23 09:04:42 +01:00
}
}
2018-02-02 15:24:00 +01:00
status = netlogon_creds_cli_ServerGetTrustInfo ( netlogon_creds_ctx ,
2014-12-23 09:04:42 +01:00
b , frame ,
& new_owf_password ,
& old_owf_password ,
& trust_info ) ;
if ( NT_STATUS_EQUAL ( status , NT_STATUS_RPC_PROCNUM_OUT_OF_RANGE ) ) {
status = NT_STATUS_NOT_SUPPORTED ;
}
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NOT_SUPPORTED ) ) {
DEBUG ( 5 , ( " netlogon_creds_cli_ServerGetTrustInfo failed: %s \n " ,
nt_errstr ( status ) ) ) ;
verify_result = WERR_OK ;
goto verify_return ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
2018-03-12 16:53:49 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
2014-12-23 09:04:42 +01:00
retry = true ;
goto reconnect ;
}
DEBUG ( 2 , ( " netlogon_creds_cli_ServerGetTrustInfo failed: %s \n " ,
nt_errstr ( status ) ) ) ;
if ( ! dcerpc_binding_handle_is_connected ( b ) ) {
check_result = ntstatus_to_werror ( status ) ;
goto check_return ;
} else {
verify_result = ntstatus_to_werror ( status ) ;
goto verify_return ;
}
}
if ( trust_info ! = NULL & & trust_info - > count > = 1 ) {
uint32_t diff = trust_info - > data [ 0 ] ^ trust_attributes ;
if ( diff & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) {
verify_result = WERR_DOMAIN_TRUST_INCONSISTENT ;
goto verify_return ;
}
}
2022-05-11 12:07:43 +12:00
cmp_new = mem_equal_const_time ( new_owf_password . hash ,
cur_nt_hash - > hash ,
sizeof ( cur_nt_hash - > hash ) ) ;
cmp_old = mem_equal_const_time ( old_owf_password . hash ,
cur_nt_hash - > hash ,
sizeof ( cur_nt_hash - > hash ) ) ;
if ( ! cmp_new & & ! cmp_old ) {
2014-12-23 09:04:42 +01:00
DEBUG ( 1 , ( " %s:Error: credentials for domain[%s/%s] doesn't match "
" any password known to dcname[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ) ) ;
verify_result = WERR_WRONG_PASSWORD ;
goto verify_return ;
}
2022-05-11 12:07:43 +12:00
if ( ! cmp_new ) {
2014-12-23 09:04:42 +01:00
DEBUG ( 2 , ( " %s:Warning: credentials for domain[%s/%s] only match "
" against the old password known to dcname[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ) ) ;
}
verify_result = WERR_OK ;
goto verify_return ;
check_return :
verify_result = check_result ;
verify_return :
info2 - > flags | = NETLOGON_VERIFY_STATUS_RETURNED ;
info2 - > pdc_connection_status = verify_result ;
if ( domain - > dcname ! = NULL ) {
info2 - > flags | = NETLOGON_HAS_IP ;
info2 - > flags | = NETLOGON_HAS_TIMESERV ;
info2 - > trusted_dc_name = talloc_asprintf ( info2 , " \\ \\ %s " ,
domain - > dcname ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
TALLOC_FREE ( frame ) ;
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
} else {
info2 - > trusted_dc_name = talloc_strdup ( info2 , " " ) ;
if ( info2 - > trusted_dc_name = = NULL ) {
TALLOC_FREE ( frame ) ;
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
}
info2 - > tc_connection_status = check_result ;
2023-03-07 11:13:41 +13:00
if ( ! W_ERROR_IS_OK ( info2 - > pdc_connection_status ) | |
! W_ERROR_IS_OK ( info2 - > tc_connection_status ) )
{
2014-12-23 09:04:42 +01:00
DEBUG ( 2 , ( " %s: domain[%s/%s] dcname[%s] "
" pdc_connection[%s] tc_connection[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ,
win_errstr ( info2 - > pdc_connection_status ) ,
win_errstr ( info2 - > tc_connection_status ) ) ) ;
}
r - > out . query - > info2 = info2 ;
DEBUG ( 5 , ( " %s: succeeded. \n " , __func__ ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_OK ;
}
static WERROR _winbind_LogonControl_CHANGE_PASSWORD ( struct pipes_struct * p ,
struct winbindd_domain * domain ,
struct winbind_LogonControl * r )
{
2018-08-21 11:09:16 -07:00
struct messaging_context * msg_ctx = global_messaging_context ( ) ;
2014-12-23 09:04:42 +01:00
NTSTATUS status ;
2018-02-02 15:24:00 +01:00
struct rpc_pipe_client * netlogon_pipe = NULL ;
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2014-12-23 09:04:42 +01:00
struct cli_credentials * creds = NULL ;
struct samr_Password * cur_nt_hash = NULL ;
struct netr_NETLOGON_INFO_1 * info1 = NULL ;
struct dcerpc_binding_handle * b ;
WERROR change_result = WERR_OK ;
bool retry = false ;
info1 = talloc_zero ( p - > mem_ctx , struct netr_NETLOGON_INFO_1 ) ;
if ( info1 = = NULL ) {
2015-12-03 15:24:18 +01:00
return WERR_NOT_ENOUGH_MEMORY ;
2014-12-23 09:04:42 +01:00
}
if ( domain - > internal ) {
return WERR_NOT_SUPPORTED ;
}
status = pdb_get_trust_credentials ( domain - > name ,
domain - > alt_name ,
p - > mem_ctx ,
& creds ) ;
if ( NT_STATUS_IS_OK ( status ) ) {
cur_nt_hash = cli_credentials_get_nt_hash ( creds , p - > mem_ctx ) ;
TALLOC_FREE ( creds ) ;
}
reconnect :
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2014-12-23 09:04:42 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
status = NT_STATUS_NO_LOGON_SERVERS ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 2 , ( " %s: domain[%s/%s] cm_connect_netlogon() returned %s \n " ,
__func__ , domain - > name , domain - > alt_name ,
nt_errstr ( status ) ) ) ;
/*
* Here we return a top level error !
* This is different than TC_QUERY or TC_VERIFY .
*/
return ntstatus_to_werror ( status ) ;
}
b = netlogon_pipe - > binding_handle ;
if ( cur_nt_hash = = NULL ) {
change_result = WERR_NO_TRUST_LSA_SECRET ;
goto change_return ;
}
TALLOC_FREE ( cur_nt_hash ) ;
2018-02-02 15:24:00 +01:00
status = trust_pw_change ( netlogon_creds_ctx ,
2014-12-23 09:04:42 +01:00
msg_ctx , b , domain - > name ,
2017-05-22 15:36:29 +02:00
domain - > dcname ,
2014-12-23 09:04:42 +01:00
true ) ; /* force */
if ( ! NT_STATUS_IS_OK ( status ) ) {
2018-03-12 16:53:49 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
2014-12-23 09:04:42 +01:00
retry = true ;
goto reconnect ;
}
DEBUG ( 1 , ( " trust_pw_change(%s): %s \n " ,
domain - > name , nt_errstr ( status ) ) ) ;
change_result = ntstatus_to_werror ( status ) ;
goto change_return ;
}
change_result = WERR_OK ;
change_return :
info1 - > pdc_connection_status = change_result ;
if ( ! W_ERROR_IS_OK ( info1 - > pdc_connection_status ) ) {
DEBUG ( 2 , ( " %s: domain[%s/%s] dcname[%s] "
" pdc_connection[%s] \n " ,
__func__ , domain - > name , domain - > alt_name ,
domain - > dcname ,
win_errstr ( info1 - > pdc_connection_status ) ) ) ;
}
r - > out . query - > info1 = info1 ;
DEBUG ( 5 , ( " %s: succeeded. \n " , __func__ ) ) ;
return WERR_OK ;
}
2014-12-19 10:36:29 +01:00
WERROR _winbind_LogonControl ( struct pipes_struct * p ,
struct winbind_LogonControl * r )
{
struct winbindd_domain * domain ;
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return WERR_NO_SUCH_DOMAIN ;
}
2014-12-23 09:04:42 +01:00
switch ( r - > in . function_code ) {
case NETLOGON_CONTROL_REDISCOVER :
if ( r - > in . level ! = 2 ) {
return WERR_INVALID_PARAMETER ;
}
return _winbind_LogonControl_REDISCOVER ( p , domain , r ) ;
case NETLOGON_CONTROL_TC_QUERY :
if ( r - > in . level ! = 2 ) {
return WERR_INVALID_PARAMETER ;
}
return _winbind_LogonControl_TC_QUERY ( p , domain , r ) ;
case NETLOGON_CONTROL_TC_VERIFY :
if ( r - > in . level ! = 2 ) {
return WERR_INVALID_PARAMETER ;
}
return _winbind_LogonControl_TC_VERIFY ( p , domain , r ) ;
case NETLOGON_CONTROL_CHANGE_PASSWORD :
if ( r - > in . level ! = 1 ) {
return WERR_INVALID_PARAMETER ;
}
return _winbind_LogonControl_CHANGE_PASSWORD ( p , domain , r ) ;
default :
break ;
}
DEBUG ( 4 , ( " %s: function_code[0x%x] not supported \n " ,
__func__ , r - > in . function_code ) ) ;
2014-12-19 10:36:29 +01:00
return WERR_NOT_SUPPORTED ;
}
2015-01-23 13:07:14 +01:00
WERROR _winbind_GetForestTrustInformation ( struct pipes_struct * p ,
struct winbind_GetForestTrustInformation * r )
{
2015-01-23 13:07:14 +01:00
TALLOC_CTX * frame = talloc_stackframe ( ) ;
NTSTATUS status , result ;
2015-01-23 13:07:14 +01:00
struct winbindd_domain * domain ;
2018-02-02 15:24:00 +01:00
struct rpc_pipe_client * netlogon_pipe = NULL ;
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2015-01-23 13:07:14 +01:00
struct dcerpc_binding_handle * b ;
bool retry = false ;
struct lsa_String trusted_domain_name = { } ;
struct lsa_StringLarge trusted_domain_name_l = { } ;
union lsa_TrustedDomainInfo * tdi = NULL ;
const struct lsa_TrustDomainInfoInfoEx * tdo = NULL ;
struct lsa_ForestTrustInformation _old_fti = { } ;
struct lsa_ForestTrustInformation * old_fti = NULL ;
struct lsa_ForestTrustInformation * new_fti = NULL ;
struct lsa_ForestTrustInformation * merged_fti = NULL ;
struct lsa_ForestTrustCollisionInfo * collision_info = NULL ;
bool update_fti = false ;
struct rpc_pipe_client * local_lsa_pipe ;
struct policy_handle local_lsa_policy ;
struct dcerpc_binding_handle * local_lsa = NULL ;
2015-01-23 13:07:14 +01:00
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
2015-01-23 13:07:14 +01:00
TALLOC_FREE ( frame ) ;
2015-01-23 13:07:14 +01:00
return WERR_NO_SUCH_DOMAIN ;
}
2015-01-23 13:07:14 +01:00
/*
* checking for domain - > internal and domain - > primary
* makes sure we only do some work when running as DC .
*/
if ( domain - > internal ) {
TALLOC_FREE ( frame ) ;
return WERR_NO_SUCH_DOMAIN ;
}
if ( domain - > primary ) {
TALLOC_FREE ( frame ) ;
return WERR_NO_SUCH_DOMAIN ;
}
trusted_domain_name . string = domain - > name ;
trusted_domain_name_l . string = domain - > name ;
status = open_internal_lsa_conn ( frame , & local_lsa_pipe ,
& local_lsa_policy ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: open_internal_lsa_conn() failed - %s \n " ,
__location__ , __func__ , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
local_lsa = local_lsa_pipe - > binding_handle ;
status = dcerpc_lsa_QueryTrustedDomainInfoByName ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name ,
LSA_TRUSTED_DOMAIN_INFO_INFO_EX ,
& tdi , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName(%s) failed - %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( NT_STATUS_EQUAL ( result , NT_STATUS_OBJECT_NAME_NOT_FOUND ) ) {
DEBUG ( 1 , ( " %s:%s: domain[%s] not found via LSA, might be removed already. \n " ,
__location__ , __func__ , domain - > name ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_NO_SUCH_DOMAIN ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( tdi = = NULL ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.QueryTrustedDomainInfoByName() "
" returned no trusted domain information \n " ,
__location__ , __func__ ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
tdo = & tdi - > info_ex ;
if ( ! ( tdo - > trust_attributes & LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE ) ) {
DEBUG ( 2 , ( " %s: tdo[%s/%s] is no forest trust attributes[0x%08X] \n " ,
__func__ , tdo - > netbios_name . string ,
tdo - > domain_name . string ,
( unsigned ) tdo - > trust_attributes ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_NO_SUCH_DOMAIN ;
}
if ( r - > in . flags & ~ DS_GFTI_UPDATE_TDO ) {
TALLOC_FREE ( frame ) ;
return WERR_INVALID_FLAGS ;
}
reconnect :
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 16:11:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2015-01-23 13:07:14 +01:00
if ( NT_STATUS_EQUAL ( status , NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND ) ) {
status = NT_STATUS_NO_LOGON_SERVERS ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe: %s \n " ,
nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return ntstatus_to_werror ( status ) ;
}
b = netlogon_pipe - > binding_handle ;
2018-02-02 15:24:00 +01:00
status = netlogon_creds_cli_GetForestTrustInformation ( netlogon_creds_ctx ,
2015-01-23 13:07:14 +01:00
b , p - > mem_ctx ,
& new_fti ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2018-03-12 16:53:49 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
2015-01-23 13:07:14 +01:00
retry = true ;
goto reconnect ;
}
DEBUG ( 2 , ( " netlogon_creds_cli_GetForestTrustInformation(%s) failed: %s \n " ,
domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return ntstatus_to_werror ( status ) ;
}
* r - > out . forest_trust_info = new_fti ;
if ( r - > in . flags & DS_GFTI_UPDATE_TDO ) {
update_fti = true ;
}
status = dcerpc_lsa_lsaRQueryForestTrustInformation ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name ,
LSA_FOREST_TRUST_DOMAIN_INFO ,
& old_fti , & result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) failed %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( NT_STATUS_EQUAL ( result , NT_STATUS_NOT_FOUND ) ) {
DEBUG ( 2 , ( " %s: no forest trust information available for domain[%s] yet. \n " ,
__func__ , domain - > name ) ) ;
update_fti = true ;
old_fti = & _old_fti ;
result = NT_STATUS_OK ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRQueryForestTrustInformation(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( old_fti = = NULL ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRQueryForestTrustInformation() "
" returned success without returning forest trust information \n " ,
__location__ , __func__ ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( ! update_fti ) {
goto done ;
}
status = dsdb_trust_merge_forest_info ( frame , tdo , old_fti , new_fti ,
& merged_fti ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: dsdb_trust_merge_forest_info(%s) failed %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return ntstatus_to_werror ( status ) ;
}
status = dcerpc_lsa_lsaRSetForestTrustInformation ( local_lsa , frame ,
& local_lsa_policy ,
& trusted_domain_name_l ,
LSA_FOREST_TRUST_DOMAIN_INFO ,
merged_fti ,
0 , /* check_only=0 => store it! */
& collision_info ,
& result ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRSetForestTrustInformation(%s) failed %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( status ) ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_INTERNAL_ERROR ;
}
if ( ! NT_STATUS_IS_OK ( result ) ) {
DEBUG ( 0 , ( " %s:%s: local_lsa.lsaRSetForestTrustInformation(%s) returned %s \n " ,
__location__ , __func__ , domain - > name , nt_errstr ( result ) ) ) ;
TALLOC_FREE ( frame ) ;
return ntstatus_to_werror ( result ) ;
}
done :
DEBUG ( 5 , ( " _winbind_GetForestTrustInformation succeeded \n " ) ) ;
TALLOC_FREE ( frame ) ;
return WERR_OK ;
2015-01-23 13:07:14 +01:00
}
2017-04-11 15:51:50 +12:00
NTSTATUS _winbind_SendToSam ( struct pipes_struct * p , struct winbind_SendToSam * r )
{
struct winbindd_domain * domain ;
NTSTATUS status ;
struct rpc_pipe_client * netlogon_pipe ;
2018-02-02 15:24:00 +01:00
struct netlogon_creds_cli_context * netlogon_creds_ctx = NULL ;
2018-03-12 19:54:37 +01:00
struct dcerpc_binding_handle * b = NULL ;
bool retry = false ;
2017-04-11 15:51:50 +12:00
DEBUG ( 5 , ( " _winbind_SendToSam received \n " ) ) ;
domain = wb_child_domain ( ) ;
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2018-03-12 19:54:37 +01:00
reconnect :
2018-02-02 15:24:00 +01:00
status = cm_connect_netlogon_secure ( domain ,
& netlogon_pipe ,
& netlogon_creds_ctx ) ;
2018-03-12 19:54:37 +01:00
reset_cm_connection_on_error ( domain , NULL , status ) ;
2017-04-11 15:51:50 +12:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 3 , ( " could not open handle to NETLOGON pipe \n " ) ) ;
return status ;
}
2018-03-12 19:54:37 +01:00
b = netlogon_pipe - > binding_handle ;
2018-02-02 15:24:00 +01:00
status = netlogon_creds_cli_SendToSam ( netlogon_creds_ctx ,
2018-03-12 19:54:37 +01:00
b ,
2017-04-11 15:51:50 +12:00
& r - > in . message ) ;
2018-03-12 19:54:37 +01:00
if ( ! retry & & reset_cm_connection_on_error ( domain , b , status ) ) {
retry = true ;
goto reconnect ;
}
2017-04-11 15:51:50 +12:00
return status ;
}
2019-10-22 18:28:44 +02:00
2021-06-04 15:36:16 +02:00
NTSTATUS _wbint_ListTrustedDomains ( struct pipes_struct * p ,
struct wbint_ListTrustedDomains * r )
2022-03-01 11:40:31 +01:00
{
2021-06-04 15:36:16 +02:00
struct winbindd_domain * domain = wb_child_domain ( ) ;
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
uint32_t i ;
2022-03-01 11:40:31 +01:00
NTSTATUS result ;
struct netr_DomainTrustList trusts ;
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
uint32_t count = 0 ;
struct netr_DomainTrust * array = NULL ;
2021-06-04 15:36:16 +02:00
pid_t client_pid ;
2022-03-01 11:40:31 +01:00
2021-06-04 15:36:16 +02:00
if ( domain = = NULL ) {
return NT_STATUS_REQUEST_NOT_ACCEPTED ;
}
2022-03-01 11:40:31 +01:00
2021-06-04 15:36:16 +02:00
/* Cut client_pid to 32bit */
client_pid = r - > in . client_pid ;
if ( ( uint64_t ) client_pid ! = r - > in . client_pid ) {
DBG_DEBUG ( " pid out of range \n " ) ;
return NT_STATUS_INVALID_PARAMETER ;
}
DBG_NOTICE ( " [%s % " PRIu32 " ]: list trusted domains \n " ,
r - > in . client_name , client_pid ) ;
2022-03-01 11:40:31 +01:00
2021-06-04 15:36:16 +02:00
result = wb_cache_trusted_domains ( domain , p - > mem_ctx , & trusts ) ;
2022-03-01 11:40:31 +01:00
if ( ! NT_STATUS_IS_OK ( result ) ) {
DBG_NOTICE ( " wb_cache_trusted_domains returned %s \n " ,
nt_errstr ( result ) ) ;
2021-06-04 15:36:16 +02:00
return result ;
2022-03-01 11:40:31 +01:00
}
2021-06-04 15:36:16 +02:00
for ( i = 0 ; i < trusts . count ; i + + ) {
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
struct netr_DomainTrust * st = & trusts . array [ i ] ;
struct netr_DomainTrust * dt = NULL ;
if ( st - > sid = = NULL ) {
2022-03-01 11:40:31 +01:00
continue ;
}
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
if ( dom_sid_equal ( st - > sid , & global_sid_NULL ) ) {
2022-03-01 11:40:31 +01:00
continue ;
}
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
array = talloc_realloc ( r - > out . domains , array ,
struct netr_DomainTrust ,
count + 1 ) ;
if ( array = = NULL ) {
2021-06-04 15:36:16 +02:00
return NT_STATUS_NO_MEMORY ;
}
2022-03-01 11:40:31 +01:00
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
dt = & array [ count ] ;
2022-03-01 11:40:31 +01:00
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
* dt = ( struct netr_DomainTrust ) {
. trust_flags = st - > trust_flags ,
. trust_type = st - > trust_type ,
. trust_attributes = st - > trust_attributes ,
. netbios_name = talloc_move ( array , & st - > netbios_name ) ,
. dns_name = talloc_move ( array , & st - > dns_name ) ,
} ;
2022-03-01 11:40:31 +01:00
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
dt - > sid = dom_sid_dup ( array , st - > sid ) ;
if ( dt - > sid = = NULL ) {
2021-06-04 15:36:16 +02:00
return NT_STATUS_NO_MEMORY ;
}
2022-03-01 11:40:31 +01:00
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
count + + ;
2022-03-01 11:40:31 +01:00
}
winbindd: fix listing trusted domains with NT trusts
Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.
To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.
Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:
2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.
Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.
Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.
And using a struct initializer ensures all members are properly initialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224
2024-01-13 11:40:55 +01:00
r - > out . domains - > array = array ;
r - > out . domains - > count = count ;
2021-06-04 15:36:16 +02:00
return NT_STATUS_OK ;
2022-03-01 11:40:31 +01:00
}
2019-10-22 18:28:44 +02:00
# include "librpc/gen_ndr/ndr_winbind_scompat.c"