[s4] Crash in netr_LogonGetDomainInfo
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Nov 19 01:42:25 MST 2010
Reworked version.
Andrew Bartlett wrote:
> On Fri, 2010-11-19 at 09:17 +0100, Matthias Dieter Wallnöfer wrote:
>
>> Okay, but on dcesrv_netr_ServerAuthenticate3 the "r->in.account_name" is
>> used for search operations (gendb_search call) ecc.
>> So, if not using "r->in.computer_name" in "LogonGetDomainInfo" how do I
>> get a valid key for fetching the computer entry? The DNS hostname cannot
>> be used since we know that it isn't always available.
>>
> You already get it from the credentials (see how it uses<SID=%s> as the
> DN), which as you note are obtained via the account name originally.
>
> That can be trusted as we know that if the account has authenticated,
> and the credentials chain is valid.
>
> However, the computer name specified here is a unique key, but we do no
> checks to ensure it is equal to the account name (nor should we, it
> breaks inter-domain trusts). As such, we must instead treat it as an
> opaque identifier and look up the credentials, and from there get the DN
> (as we do).
>
> All I'm asking is that we change to using the result of that search to
> determine the client's 'short name' for DNS update purposes.
>
> Andrew Bartlett
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logonGetDomainInfo.patch
Type: application/mbox
Size: 4091 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101119/239c9fb9/attachment.bin>
More information about the samba-technical
mailing list