Possible NULL-pointer dereference in lib/util/charset/pull_push.c

Jelmer Vernooij jelmer at samba.org
Tue Aug 27 15:59:34 MDT 2013 

On Tue, Aug 27, 2013 at 09:55:11PM +0200, Torsten Kurbad wrote:
> Hi Volker,
> 
> >For some reason it seems that the credentials passed in have
> >a NULL domain. How in your python code do you initialize the
> >credentials?
> 
> Like so:
> 
> --- snip ---
> 
> url = 'ldap://pdc.iwm-kmrc.de:389/'
> username = 'administrator'
> realm = 'ADS.IWM-KMRC.DE'
> password = 'test'
> 
> lpOptions = dict(
>     realm = realm,
>     workgroup = 'KMRC',
> )
> 
> # These are then passed (through a class method) to SamDB (simplified
> # excerpt):
> 
> from samba.auth import system_session
> from samba.credentials import Credentials
> from samba.param import LoadParm
> from samba.samdb import SamDB
> 
> class ActiveDirectory(object):
> 
> 	def __init__(self)
> 		self._credentials=Credentials()
> 		self._lp=LoadParm()
> 		self._session_info=system_session()
> 
> 	def connect(self, username, password, realm, url, lpOptions):
> 		if username is not None and realm is not None:
> 			self._credentials.set_realm(realm)
> 			self._credentials.set_username(username)
> 			self._credentials.set_password(password)
> 
> 			for (key, value) in lpOptions.items():
> 				self._lp.set(key,value)
> 
> 			connection = SamDB(url=url,
> 	                        session_info=self._session_info,
>         			credentials=self._credentials,
>                         	lp=self._lp)
> 
> --- snap ---
> 
> Do I understand you correctly in that I need to pass a 'domain'
> parameter in addition to 'workgroup' and 'realm'?
You don't seem to be passing in workgroup at the moment.

> Do you see any possible explanation, why the above code indeed does
> work correctly without the domain, iff I provide the correct value for
> 'password'?
Without looking at the code; we might be trying again with slightly
different parameters and thus are hitting an additional codepath.

Of course, this is a bug in the Python bindings somewhere - we
shouldn't segfault in this situation but raise an exception if a
domain really is required.

Cheers,

Jelmer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130827/65a1ae23/attachment.pgp>

More information about the samba-technical mailing list