The branch, master has been updated
via 92da0b2 s3: winbindd: Old NT Domain code sets struct
winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
from 7bc2e2d messaging_dgm: Don't expose the messaging_dgm_context
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 92da0b243c18546275c4736507188eba425a0732
Author: Jeremy Allison <[email protected]>
Date: Wed Jul 16 12:41:55 2014 -0700
s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be
NULL. Ensure this is safe with modern AD-DCs.
There are places in the code where we're not checking that alt_name is NULL
and then calling into the DC lookup code with a NULL name request. This can
happen in offline mode.
Fixes bug #10717 - Winbind crash on losing VPN connection
https://bugzilla.samba.org/show_bug.cgi?id=10717
Signed-off-by: Jeremy Allison <[email protected]>
Reviewed-by: Michael Adam <[email protected]>
Autobuild-User(master): Michael Adam <[email protected]>
Autobuild-Date(master): Mon Sep 15 23:29:00 CEST 2014 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_ads.c | 3 ++-
source3/winbindd/winbindd_cm.c | 8 ++++++--
2 files changed, 8 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index cfda82c..2e2239b 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -183,6 +183,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp,
const char *dom_name)
}
if (IS_DC) {
+ SMB_ASSERT(wb_dom->alt_name != NULL);
realm = SMB_STRDUP(wb_dom->alt_name);
} else {
struct winbindd_domain *our_domain = wb_dom;
@@ -239,7 +240,7 @@ static ADS_STRUCT *ads_cached_connection(struct
winbindd_domain *domain)
}
if ( IS_DC ) {
-
+ SMB_ASSERT(domain->alt_name != NULL);
realm = SMB_STRDUP(domain->alt_name);
}
else {
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 95c0aa8..01a4aa2 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -836,6 +836,10 @@ static NTSTATUS get_trust_creds(const struct
winbindd_domain *domain,
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
}
+ if (our_domain->alt_name == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
if (asprintf(machine_krb5_principal, "%s$@%s",
account_name, our_domain->alt_name) == -1)
{
@@ -1202,7 +1206,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
/* For active directory servers, try to get the ldap server name.
None of these failures should be considered critical for now */
- if (lp_security() == SEC_ADS) {
+ if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
ADS_STRUCT *ads;
ADS_STATUS ads_status;
char addr[INET6_ADDRSTRLEN];
@@ -1328,7 +1332,7 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct
winbindd_domain *domain,
return True;
}
- if (sec == SEC_ADS) {
+ if ((sec == SEC_ADS) && (domain->alt_name != NULL)) {
char *sitename = NULL;
/* We need to make sure we know the local site before
--
Samba Shared Repository
