[s4] Crash in netr_LogonGetDomainInfo

Andrew Bartlett abartlet at samba.org
Fri Nov 19 01:23:07 MST 2010


On Fri, 2010-11-19 at 09:17 +0100, Matthias Dieter Wallnöfer wrote:
> Okay, but on dcesrv_netr_ServerAuthenticate3 the "r->in.account_name" is 
> used for search operations (gendb_search call) ecc.
> So, if not using "r->in.computer_name" in "LogonGetDomainInfo" how do I 
> get a valid key for fetching the computer entry? The DNS hostname cannot 
> be used since we know that it isn't always available.

You already get it from the credentials (see how it uses <SID=%s> as the
DN), which as you note are obtained via the account name originally.  

That can be trusted as we know that if the account has authenticated,
and the credentials chain is valid.  

However, the computer name specified here is a unique key, but we do no
checks to ensure it is equal to the account name (nor should we, it
breaks inter-domain trusts).  As such, we must instead treat it as an
opaque identifier and look up the credentials, and from there get the DN
(as we do).

All I'm asking is that we change to using the result of that search to
determine the client's 'short name' for DNS update purposes.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101119/4be32326/attachment.pgp>


More information about the samba-technical mailing list