[PATCHES] s4:rpc_server/lsa: bugs...

Stefan (metze) Metzmacher metze at samba.org
Thu Dec 18 16:37:38 MST 2014


Am 19.12.2014 um 00:09 schrieb Simo:
> On Thu, 2014-12-18 at 21:07 +0100, Stefan (metze) Metzmacher wrote:
>> +       if (add_outgoing && del_outgoing) {
> 
> This should be ||

Yes, here's an updated and tested patch.

metze
-------------- next part --------------
From 1ab2b8634b423554443497427dcdf1f086ae5d97 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:03:49 +0100
Subject: [PATCH 1/4] s4:rpc_server/lsa: pass the correct variable to
 setInfoTrustedDomain_base()

This requires 'struct lsa_policy_state', we now pass this directly
instead of a instead of an opaque 'struct dcesrv_handle'.

dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle'
with 'struct lsa_trusted_domain_state' before, which results in segfaults.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 6c09649..40867dd 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1600,13 +1600,12 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
 
 
 static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
-					  struct dcesrv_handle *p_handle,
+					  struct lsa_policy_state *p_state,
 					  TALLOC_CTX *mem_ctx,
 					  struct ldb_message *dom_msg,
 					  enum lsa_TrustDomInfoEnum level,
 					  union lsa_TrustedDomainInfo *info)
 {
-	struct lsa_policy_state *p_state = p_handle->data;
 	uint32_t *posix_offset = NULL;
 	struct lsa_TrustDomainInfoInfoEx *info_ex = NULL;
 	struct lsa_TrustDomainInfoAuthInfo *auth_info = NULL;
@@ -1942,7 +1941,7 @@ static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain(
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	return setInfoTrustedDomain_base(dce_call, h, mem_ctx,
+	return setInfoTrustedDomain_base(dce_call, td_state->policy, mem_ctx,
 					 msgs[0], r->in.level, r->in.info);
 }
 
@@ -2160,7 +2159,7 @@ static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
 	}
 
-	return setInfoTrustedDomain_base(dce_call, policy_handle, mem_ctx,
+	return setInfoTrustedDomain_base(dce_call, policy_state, mem_ctx,
 					 msgs[0], r->in.level, r->in.info);
 }
 
-- 
1.9.1


From 497ed02e2b5b65cb377384d87629191c31835202 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:33:38 +0100
Subject: [PATCH 2/4] s4:rpc_server/lsa: remove
 trustAuthIncoming/trustAuthOutgoing when the related flag is removed.

When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared
we should also remove the related credentials.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 40867dd..0aad375 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1779,10 +1779,14 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
 		}
 
 		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
-			add_incoming = true;
+			if (auth_info != NULL && trustAuthIncoming.length > 0) {
+				add_incoming = true;
+			}
 		}
 		if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
-			add_outgoing = true;
+			if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+				add_outgoing = true;
+			}
 		}
 
 		if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
@@ -1830,28 +1834,32 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
 		}
 	}
 
-	if (add_incoming && trustAuthIncoming.data) {
+	if (add_incoming || del_incoming) {
 		ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
 					LDB_FLAG_MOD_REPLACE, NULL);
 		if (ret != LDB_SUCCESS) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		ret = ldb_msg_add_value(msg, "trustAuthIncoming",
-					&trustAuthIncoming, NULL);
-		if (ret != LDB_SUCCESS) {
-			return NT_STATUS_NO_MEMORY;
+		if (add_incoming) {
+			ret = ldb_msg_add_value(msg, "trustAuthIncoming",
+						&trustAuthIncoming, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
 	}
-	if (add_outgoing && trustAuthOutgoing.data) {
+	if (add_outgoing || del_outgoing) {
 		ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
 					LDB_FLAG_MOD_REPLACE, NULL);
 		if (ret != LDB_SUCCESS) {
 			return NT_STATUS_NO_MEMORY;
 		}
-		ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
-					&trustAuthOutgoing, NULL);
-		if (ret != LDB_SUCCESS) {
-			return NT_STATUS_NO_MEMORY;
+		if (add_outgoing) {
+			ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
+						&trustAuthOutgoing, NULL);
+			if (ret != LDB_SUCCESS) {
+				return NT_STATUS_NO_MEMORY;
+			}
 		}
 	}
 
-- 
1.9.1


From 8f775912dcdcaab581de77c5ae2ca89e68b4a9b0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:37:17 +0100
Subject: [PATCH 3/4] s4:rpc_server/lsa: remove unused allow_warnings=True

We compile without warnings now.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source4/rpc_server/wscript_build | 1 -
 1 file changed, 1 deletion(-)

diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index 2866257..c79c1827 100755
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -103,7 +103,6 @@ bld.SAMBA_MODULE('dcerpc_netlogon',
 
 bld.SAMBA_MODULE('dcerpc_lsarpc',
 	source='lsa/dcesrv_lsa.c lsa/lsa_init.c lsa/lsa_lookup.c',
-	allow_warnings=True,
 	autoproto='lsa/proto.h',
 	subsystem='dcerpc_server',
 	init_function='dcerpc_server_lsa_init',
-- 
1.9.1


From c215b0238af907b6dd642ea4900aacd68f468b24 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:47:50 +0100
Subject: [PATCH 4/4] s4:rpc_server/lsa: fix segfault in check_ft_info()

This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.

The nb_name variable was uninitialized and dereferenced without checking.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
 source4/rpc_server/lsa/dcesrv_lsa.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0aad375..020360d 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -4159,6 +4159,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 
 		nrec = &new_fti->records[new_fti_idx].record;
 		dns_name = NULL;
+		nb_name = NULL;
 		tln_conflict = false;
 		sid_conflict = false;
 		nb_conflict = false;
@@ -4237,6 +4238,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
 				sid_conflict = true;
 			}
 			if (!(trec->flags & LSA_NB_DISABLED_ADMIN) &&
+			    (nb_name != NULL) &&
 			    strcasecmp_m(trec->data.info.netbios_name.string,
 					 nb_name) == 0) {
 				nb_conflict = true;
-- 
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141219/f45e3bb2/attachment.pgp>


More information about the samba-technical mailing list