1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

s3:winbind: Don't abort when receiving a NULL SID

Source code in winbind_rpc.c states that if the trusted domain
has no SID, winbindd just aborts the session. This happens with
MIT Kerberos realm added as trust to AD and winbindd just returns
without processing further as there is no SID returned for the
Linux system having kerberos support.

This fix makes winbindd to skip the domain having NULL SID instead
of aborting the request completely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13913

Signed-off-by: Amit Kumar <amitkuma@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Amit Kumar 2019-05-31 18:57:52 +05:30 committed by Andreas Schneider
parent d023b29876
commit eb093c5d2a

View File

@ -952,26 +952,24 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
if (dom_list_ex.domains[i].sid == NULL) {
DBG_ERR("Trusted domain %s has no SID, "
"skipping!\n",
trust->dns_name);
continue;
}
if (has_ex) { if (has_ex) {
trust->netbios_name = talloc_move(array, trust->netbios_name = talloc_move(array,
&dom_list_ex.domains[i].netbios_name.string); &dom_list_ex.domains[i].netbios_name.string);
trust->dns_name = talloc_move(array, trust->dns_name = talloc_move(array,
&dom_list_ex.domains[i].domain_name.string); &dom_list_ex.domains[i].domain_name.string);
if (dom_list_ex.domains[i].sid == NULL) {
DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
sid_copy(sid, dom_list_ex.domains[i].sid); sid_copy(sid, dom_list_ex.domains[i].sid);
} else { } else {
trust->netbios_name = talloc_move(array, trust->netbios_name = talloc_move(array,
&dom_list.domains[i].name.string); &dom_list.domains[i].name.string);
trust->dns_name = NULL; trust->dns_name = NULL;
if (dom_list.domains[i].sid == NULL) {
DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name));
return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
sid_copy(sid, dom_list.domains[i].sid); sid_copy(sid, dom_list.domains[i].sid);
} }