mirror of
https://github.com/samba-team/samba.git
synced 2025-08-09 17:49:29 +03:00
s3:winbindd: make sure we don't try rpc requests against unaccessable domains
This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. metze
This commit is contained in:
@ -1632,7 +1632,13 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain)
|
||||
NTSTATUS result;
|
||||
|
||||
/* Internal connections never use the network. */
|
||||
if (domain->internal || !winbindd_can_contact_domain(domain)) {
|
||||
if (domain->internal) {
|
||||
domain->initialized = True;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
if (!winbindd_can_contact_domain(domain)) {
|
||||
invalidate_cm_connection(&domain->conn);
|
||||
domain->initialized = True;
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
@ -1665,6 +1671,23 @@ NTSTATUS init_dc_connection(struct winbindd_domain *domain)
|
||||
return init_dc_connection_network(domain);
|
||||
}
|
||||
|
||||
static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain)
|
||||
{
|
||||
NTSTATUS status;
|
||||
|
||||
status = init_dc_connection(domain);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
|
||||
if (!domain->internal && domain->conn.cli == NULL) {
|
||||
/* happens for trusted domains without inbound trust */
|
||||
return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
|
||||
}
|
||||
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
/******************************************************************************
|
||||
Set the trust flags (direction and forest location) for a domain
|
||||
******************************************************************************/
|
||||
@ -2011,7 +2034,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
||||
char *machine_account = NULL;
|
||||
char *domain_name = NULL;
|
||||
|
||||
result = init_dc_connection(domain);
|
||||
result = init_dc_connection_rpc(domain);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
return result;
|
||||
}
|
||||
@ -2194,7 +2217,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
|
||||
|
||||
DEBUG(10,("cm_connect_lsa_tcp\n"));
|
||||
|
||||
status = init_dc_connection(domain);
|
||||
status = init_dc_connection_rpc(domain);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
return status;
|
||||
}
|
||||
@ -2240,7 +2263,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
|
||||
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
|
||||
struct netlogon_creds_CredentialState *p_creds;
|
||||
|
||||
result = init_dc_connection(domain);
|
||||
result = init_dc_connection_rpc(domain);
|
||||
if (!NT_STATUS_IS_OK(result))
|
||||
return result;
|
||||
|
||||
@ -2372,7 +2395,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
|
||||
|
||||
*cli = NULL;
|
||||
|
||||
result = init_dc_connection(domain);
|
||||
result = init_dc_connection_rpc(domain);
|
||||
if (!NT_STATUS_IS_OK(result)) {
|
||||
return result;
|
||||
}
|
||||
|
Reference in New Issue
Block a user