1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-20 14:03:59 +03:00
samba-mirror/source3/winbindd/winbindd_ndr.c
Pavel Filipenský 8abac09763 s3:winbindd: Use a correct value for the length of domain children
We often loop over the array of domain children. However, the size of
the array is calculated as lp_winbind_max_domain_connections() which can
change (it is based on smb.conf). The fix is the talloc_array_length().

Reproducer:

winbind max domain connections = 100

smbcontrol all reload-config
smbcontrol all debug 10

/var/log/samba/log.winbindd shows many lines with random garbage pid:

[2023/08/25 10:03:49.898994, 10, pid=158296, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_dual.c:885(winbind_msg_relay_fn)
  winbind_msg_relay_fn: sending message to pid 1037686087.
[2023/08/25 10:03:49.899010,  3, pid=158296, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid)
  pid_to_procid: messaging_dgm_get_unique failed: No such file or directory

In this scenario we dereference only a garbage PID, but if we would
dereference some garbage pointer we would segfault.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-08-30 12:42:29 +00:00

163 lines
5.6 KiB
C

/*
* Unix SMB/CIFS implementation.
* winbindd debug helper
* Copyright (C) Guenther Deschner 2008
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "winbindd.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "../librpc/gen_ndr/ndr_lsa.h"
#include "../librpc/ndr/libndr.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
/****************************************************************
****************************************************************/
void ndr_print_winbindd_child(struct ndr_print *ndr,
const char *name,
const struct winbindd_child *r)
{
ndr_print_struct(ndr, name, "winbindd_child");
ndr->depth++;
ndr_print_uint32(ndr, "pid", (uint32_t)r->pid);
#if 0
ndr_print_winbindd_domain(ndr, "domain", r->domain);
#else
ndr_print_ptr(ndr, "domain", r->domain);
#endif
ndr_print_string(ndr, "logfilename", r->logfilename);
/* struct fd_event event; */
ndr_print_ptr(ndr, "lockout_policy_event", r->lockout_policy_event);
ndr->depth--;
}
/****************************************************************
****************************************************************/
void ndr_print_winbindd_cm_conn(struct ndr_print *ndr,
const char *name,
const struct winbindd_cm_conn *r)
{
ndr_print_struct(ndr, name, "winbindd_cm_conn");
ndr->depth++;
ndr_print_ptr(ndr, "cli", r->cli);
ndr_print_ptr(ndr, "samr_pipe", r->samr_pipe);
ndr_print_policy_handle(ndr, "sam_connect_handle", &r->sam_connect_handle);
ndr_print_policy_handle(ndr, "sam_domain_handle", &r->sam_domain_handle);
ndr_print_ptr(ndr, "lsa_pipe", r->lsa_pipe);
ndr_print_policy_handle(ndr, "lsa_policy", &r->lsa_policy);
ndr_print_ptr(ndr, "netlogon_pipe", r->netlogon_pipe);
ndr->depth--;
}
/****************************************************************
****************************************************************/
#ifdef HAVE_ADS
extern struct winbindd_methods ads_methods;
extern struct winbindd_methods reconnect_ads_methods;
#endif
extern struct winbindd_methods msrpc_methods;
extern struct winbindd_methods builtin_passdb_methods;
extern struct winbindd_methods sam_passdb_methods;
extern struct winbindd_methods reconnect_methods;
void ndr_print_winbindd_methods(struct ndr_print *ndr,
const char *name,
const struct winbindd_methods *r)
{
ndr_print_struct(ndr, name, "winbindd_methods");
ndr->depth++;
if (r == NULL) {
ndr_print_string(ndr, name, "(NULL)");
ndr->depth--;
return;
}
if (r == &msrpc_methods) {
ndr_print_string(ndr, name, "msrpc_methods");
#ifdef HAVE_ADS
} else if (r == &ads_methods) {
ndr_print_string(ndr, name, "ads_methods");
} else if (r == &reconnect_ads_methods) {
ndr_print_string(ndr, name, "reconnect_ads_methods");
#endif
} else if (r == &builtin_passdb_methods) {
ndr_print_string(ndr, name, "builtin_passdb_methods");
} else if (r == &sam_passdb_methods) {
ndr_print_string(ndr, name, "sam_passdb_methods");
} else if (r == &reconnect_methods) {
ndr_print_string(ndr, name, "reconnect_methods");
} else {
ndr_print_string(ndr, name, "UNKNOWN");
}
ndr->depth--;
}
/****************************************************************
****************************************************************/
void ndr_print_winbindd_domain(struct ndr_print *ndr,
const char *name,
const struct winbindd_domain *r)
{
int i;
if (!r) {
return;
}
ndr_print_struct(ndr, name, "winbindd_domain");
ndr->depth++;
ndr_print_string(ndr, "name", r->name);
ndr_print_string(ndr, "alt_name", r->alt_name);
ndr_print_string(ndr, "forest_name", r->forest_name);
ndr_print_dom_sid(ndr, "sid", &r->sid);
ndr_print_netr_TrustFlags(ndr, "domain_flags", r->domain_flags);
ndr_print_lsa_TrustType(ndr, "domain_type", r->domain_type);
ndr_print_lsa_TrustAttributes(ndr, "domain_trust_attribs", r->domain_trust_attribs);
ndr_print_bool(ndr, "initialized", r->initialized);
ndr_print_bool(ndr, "native_mode", r->native_mode);
ndr_print_bool(ndr, "active_directory", r->active_directory);
ndr_print_bool(ndr, "primary", r->primary);
ndr_print_bool(ndr, "internal", r->internal);
ndr_print_bool(ndr, "online", r->online);
ndr_print_time_t(ndr, "startup_time", r->startup_time);
ndr_print_bool(ndr, "startup", r->startup);
ndr_print_winbindd_methods(ndr, "backend", r->backend);
ndr_print_ptr(ndr,
"backend_data.samr_pipes",
r->backend_data.samr_pipes);
ndr_print_ptr(ndr,
"backend_data.ads_conn",
r->backend_data.ads_conn);
ndr_print_string(ndr, "dcname", r->dcname);
ndr_print_sockaddr_storage(ndr, "dcaddr", &r->dcaddr);
ndr_print_time_t(ndr, "last_seq_check", r->last_seq_check);
ndr_print_uint32(ndr, "sequence_number", r->sequence_number);
ndr_print_NTSTATUS(ndr, "last_status", r->last_status);
ndr_print_winbindd_cm_conn(ndr, "conn", &r->conn);
for (i=0; i<talloc_array_length(r->children); i++) {
ndr_print_winbindd_child(ndr, "children", &r->children[i]);
}
ndr_print_ptr(ndr, "check_online_event", r->check_online_event);
ndr->depth--;
}