sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.

Browse Source 
There are places in the code where we're not checking that alt_name is NULL
and then calling into the DC lookup code with a NULL name request. This can
happen in offline mode.

Fixes bug #10717 - Winbind crash on losing VPN connection

https://bugzilla.samba.org/show_bug.cgi?id=10717

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Sep 15 23:29:00 CEST 2014 on sn-devel-104
This commit is contained in:
Jeremy Allison 2014-07-16 12:41:55 -07:00 committed by Michael Adam
parent 7bc2e2d0d4
commit 92da0b243c
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
source3/winbindd/winbindd_ads.c
View File

@ -183,6 +183,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
}
if (IS_DC) {
SMB_ASSERT(wb_dom->alt_name != NULL);
realm = SMB_STRDUP(wb_dom->alt_name);
} else {
struct winbindd_domain *our_domain = wb_dom;
@ -239,7 +240,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
}
if ( IS_DC ) {
SMB_ASSERT(domain->alt_name != NULL);
realm = SMB_STRDUP(domain->alt_name);
}
else {

8
source3/winbindd/winbindd_cm.c
View File

@ -836,6 +836,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
if (our_domain->alt_name == NULL) {
return NT_STATUS_INVALID_PARAMETER;
}
if (asprintf(machine_krb5_principal, "%s$@%s",
account_name, our_domain->alt_name) == -1)
{
@ -1202,7 +1206,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
/* For active directory servers, try to get the ldap server name.
None of these failures should be considered critical for now */
if (lp_security() == SEC_ADS) {
if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
ADS_STRUCT *ads;
ADS_STATUS ads_status;
char addr[INET6_ADDRSTRLEN];
@ -1328,7 +1332,7 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
return True;
}
if (sec == SEC_ADS) {
if ((sec == SEC_ADS) && (domain->alt_name != NULL)) {
char *sitename = NULL;
/* We need to make sure we know the local site before