1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

r10321: Fix winbindd recursion bug found by Ingo Steuwer <steuwer@univention.de>.

Jeremy.
This commit is contained in:
Jeremy Allison 2005-09-19 18:49:18 +00:00 committed by Gerald (Jerry) Carter
parent 7335440e48
commit 6795c818a3
4 changed files with 14 additions and 7 deletions

View File

@ -106,7 +106,7 @@ static int pam_winbind_request(enum winbindd_cmd req_type,
/* Fill in request and send down pipe */
init_request(request, req_type);
if (write_sock(request, sizeof(*request)) == -1) {
if (write_sock(request, sizeof(*request), 0) == -1) {
_pam_log(LOG_ERR, "write to socket failed!");
close_sock();
return PAM_SERVICE_ERR;

View File

@ -284,7 +284,7 @@ static int winbind_named_pipe_sock(const char *dir)
/* Connect to winbindd socket */
int winbind_open_pipe_sock(void)
static int winbind_open_pipe_sock(int recursing)
{
#ifdef HAVE_UNIXSOCKET
static pid_t our_pid;
@ -302,12 +302,17 @@ int winbind_open_pipe_sock(void)
return winbindd_fd;
}
if (recursing) {
return -1;
}
if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) {
return -1;
}
/* version-check the socket */
request.flags = WBFLAG_RECURSE;
if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
close_sock();
return -1;
@ -315,6 +320,7 @@ int winbind_open_pipe_sock(void)
/* try and get priv pipe */
request.flags = WBFLAG_RECURSE;
if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
int fd;
if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) {
@ -333,7 +339,7 @@ int winbind_open_pipe_sock(void)
/* Write data to winbindd socket */
int write_sock(void *buffer, int count)
int write_sock(void *buffer, int count, int recursing)
{
int result, nwritten;
@ -341,7 +347,7 @@ int write_sock(void *buffer, int count)
restart:
if (winbind_open_pipe_sock() == -1) {
if (winbind_open_pipe_sock(recursing) == -1) {
return -1;
}
@ -534,7 +540,7 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
init_request(request, req_type);
if (write_sock(request, sizeof(*request)) == -1) {
if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) {
return NSS_STATUS_UNAVAIL;
}

View File

@ -8,8 +8,7 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response);
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
int winbind_open_pipe_sock(void);
int write_sock(void *buffer, int count);
int write_sock(void *buffer, int count, int recursing);
int read_reply(struct winbindd_response *response);
void close_sock(void);
void free_response(struct winbindd_response *response);

View File

@ -172,6 +172,8 @@ typedef struct winbindd_gr {
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x0400
/* Flag to say this is a winbindd internal send - don't recurse. */
#define WBFLAG_RECURSE 0x0800
/* Winbind request structure */