[s4] Crash in netr_LogonGetDomainInfo
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Nov 19 01:17:57 MST 2010
Okay, but on dcesrv_netr_ServerAuthenticate3 the "r->in.account_name" is
used for search operations (gendb_search call) ecc.
So, if not using "r->in.computer_name" in "LogonGetDomainInfo" how do I
get a valid key for fetching the computer entry? The DNS hostname cannot
be used since we know that it isn't always available.
Greets,
Matthias
Andrew Bartlett wrote:
> On Thu, 2010-11-18 at 22:32 +0100, Matthias Dieter Wallnöfer wrote:
>
>> Metze,
>>
>> I propose something like this.
>>
> Reading these comments made me look at the original code, and I don't
> think that it is quite correct.
>
> Firstly, my gut feeling is that we should not use r->in.computer_name.
> This is not normally used in the processing of the call, but in the
> credential chaining - and isn't always the same thing as the computer
> name in the account.
>
> You should instead check against the samaccountname without the $, as
> found in the DB after looking up the record by SID.
>
> (It would be worth testing what exactly happens if the CN and
> samAccountName are different - which one is it checked against).
>
> The check for a NULL dns_hostname is of course correct.
>
> Andrew Bartlett
>
>
More information about the samba-technical
mailing list