machine password timeout - overflow issues

Shlomi Yaakobovich Shlomi at exanet.com
Mon Jun 5 17:11:51 GMT 2006


Hi,

We've recently stumbled into an "interesting" behavior, we call it a bug. Happens only in "security = domain" environment due to obvious reasons (check the code). 

We use a very big number for the "machine password timeout" parameter: 999999999. About 3 weeks ago (you can calculate exactly, it was on May 13th, 2006), the sum of this number and the current value returned by time(NULL) gave a value bigger than the signed integer value. As a result, some of the comparisons, done in order to check if it is required to update the secrets.tdb file, gave the wrong result. Our solution is based on the fact that the secrets.tdb is not changed by samba, only by external operations (e.g. joining the domain), and this began causing problems for us !

Finally we've discovered that this is due to this overflow. I solved this simply by casting (time_t)lp_machine_password_timeout(), in both occurrences in auth/auth_domain.c. I would send a patch but this is so trivial... Unfortunately I see none of the Globals struct is defined as unsigned int, which would have been a better solution, IMHO.

Maybe I will send a patch tomorrow, if there's interest (I'm working on 3.0.20 anyway).

Shlomi


More information about the samba-technical mailing list