r22173: BUG 4491, 4501: Additional fixes for protecting against

crashes in allocate_id().

BUG 4501: Fix segv in idmap_ad caused by resetting the
entry iterator when parsing search results.
(This used to be commit bd6ebbfb9f)

source3/nsswitch/idmap.c

@@ -578,32 +578,32 @@ NTSTATUS idmap_init(void)
 
 	if ( alloc_backend ) {
 
-	alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
-	if ( ! alloc_methods) {
-		ret = smb_probe_module("idmap", alloc_backend);
-		if (NT_STATUS_IS_OK(ret)) {
-			alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+		alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+		if ( ! alloc_methods) {
+			ret = smb_probe_module("idmap", alloc_backend);
+			if (NT_STATUS_IS_OK(ret)) {
+				alloc_methods = get_alloc_methods(alloc_backends, alloc_backend);
+			}
+		}
+		if ( alloc_methods) {
+			ret = alloc_methods->init(compat_params);
+			if ( ! NT_STATUS_IS_OK(ret)) {
+				DEBUG(0, ("idmap_init: Initialization failed for alloc "
+					  "backend %s\n", alloc_backend));
+				ret = NT_STATUS_UNSUCCESSFUL;
+				goto done;
+		}
+		} else {
+			DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
+				  alloc_backend));
+			/* certain compat backends are just readonly */
+			if ( compat )
+				ret = NT_STATUS_OK;
+			else
+				ret = NT_STATUS_UNSUCCESSFUL;
 		}
 	}
-	if ( alloc_methods) {
-		ret = alloc_methods->init(compat_params);
-		if ( ! NT_STATUS_IS_OK(ret)) {
-			DEBUG(0, ("idmap_init: Initialization failed for alloc "
-				  "backend %s\n", alloc_backend));
-			ret = NT_STATUS_UNSUCCESSFUL;
-			goto done;
-		}
-	} else {
-		DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", 
-			  alloc_backend));
-		/* certain compat backends are just readonly */
-		if ( compat )
-			ret = NT_STATUS_OK;
-		else
-			ret = NT_STATUS_UNSUCCESSFUL;
-	}
-	}
-
+	
 	/* cleanpu temporary strings */
 	TALLOC_FREE( compat_backend );
 	
@@ -633,6 +633,9 @@ NTSTATUS idmap_allocate_uid(struct unixid *id)
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_UID;
 	return alloc_methods->allocate_id(id);
 }
@@ -645,6 +648,9 @@ NTSTATUS idmap_allocate_gid(struct unixid *id)
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_GID;
 	return alloc_methods->allocate_id(id);
 }
@@ -657,6 +663,9 @@ NTSTATUS idmap_set_uid_hwm(struct unixid *id)
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_UID;
 	return alloc_methods->set_id_hwm(id);
 }
@@ -669,6 +678,9 @@ NTSTATUS idmap_set_gid_hwm(struct unixid *id)
 		return ret;
 	}
 
+	if ( !alloc_methods )
+		return NT_STATUS_NOT_SUPPORTED;	
+
 	id->type = ID_TYPE_GID;
 	return alloc_methods->set_id_hwm(id);
 }
@@ -1321,16 +1333,18 @@ void idmap_dump_maps(char *logfile)
 		return;
 	}
 
-	allid.type = ID_TYPE_UID;
-	allid.id = 0;
-	alloc_methods->get_id_hwm(&allid);
-	fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id);
-
-	allid.type = ID_TYPE_GID;
-	allid.id = 0;
-	alloc_methods->get_id_hwm(&allid);
-	fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id);
-
+	if ( alloc_methods ) {		
+		allid.type = ID_TYPE_UID;
+		allid.id = 0;
+		alloc_methods->get_id_hwm(&allid);
+		fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id);
+		
+		allid.type = ID_TYPE_GID;
+		allid.id = 0;
+		alloc_methods->get_id_hwm(&allid);
+		fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id);
+	}
+	
 	maps = talloc(idmap_ctx, struct id_map);
 	num_maps = 0;
 

source3/nsswitch/idmap_ad.c

@@ -166,7 +166,6 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, const char *params
 	char *config_option;
 	const char *range = NULL;
 	const char *schema_mode = NULL;	
-	ADS_STRUCT *ads;
 
 	if ( (ctx = talloc_zero(dom, struct idmap_ad_context)) == NULL ) {
 		DEBUG(0, ("Out of memory!\n"));
@@ -261,6 +260,7 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map
 				NULL, /* gidnumber */
 				NULL };
 	LDAPMessage *res = NULL;
+	LDAPMessage *entry = NULL;
 	char *filter = NULL;
 	int idx = 0;
 	int bidx = 0;
@@ -339,7 +339,7 @@ again:
 	}
 	filter = talloc_asprintf_append(filter, ")");
 	CHECK_ALLOC_DONE(filter);
-	DEBUG(10, ("Filter: [%s]\n", filter));
+
 	rc = ads_search_retry(ads, &res, filter, attrs);
 	if (!ADS_ERR_OK(rc)) {
 		DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc)));
@@ -351,8 +351,8 @@ again:
 		DEBUG(10, ("No IDs found\n"));
 	}
 
-	for (i = 0; i < count; i++) {
-		LDAPMessage *entry = NULL;
+	entry = res;
+	for (i = 0; (i < count) && entry; i++) {
 		DOM_SID sid;
 		enum id_type type;
 		struct id_map *map;
@@ -360,13 +360,14 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, res);
+			entry = ads_first_entry(ads, entry);
 		} else { /* following ones */
 			entry = ads_next_entry(ads, entry);
 		}
-		if ( ! entry) {
+
+		if ( !entry ) {
 			DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
-			continue;
+			break;
 		}
 
 		/* first check if the SID is present */
@@ -467,6 +468,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map
 				NULL, /* attr_gidnumber */
 				NULL };
 	LDAPMessage *res = NULL;
+	LDAPMessage *entry = NULL;
 	char *filter = NULL;
 	int idx = 0;
 	int bidx = 0;
@@ -524,8 +526,8 @@ again:
 		DEBUG(10, ("No IDs found\n"));
 	}
 
-	for (i = 0; i < count; i++) {
-		LDAPMessage *entry = NULL;
+	entry = res;	
+	for (i = 0; (i < count) && entry; i++) {
 		DOM_SID sid;
 		enum id_type type;
 		struct id_map *map;
@@ -533,13 +535,14 @@ again:
 		uint32_t atype;
 
 		if (i == 0) { /* first entry */
-			entry = ads_first_entry(ads, res);
+			entry = ads_first_entry(ads, entry);
 		} else { /* following ones */
 			entry = ads_next_entry(ads, entry);
 		}
-		if ( ! entry) {
+
+		if ( !entry ) {
 			DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n"));
-			continue;
+			break;
 		}
 
 		/* first check if the SID is present */