[PATCHES] s4:rpc_server/lsa: bugs...
Stefan (metze) Metzmacher
metze at samba.org
Thu Dec 18 16:37:38 MST 2014
Am 19.12.2014 um 00:09 schrieb Simo:
> On Thu, 2014-12-18 at 21:07 +0100, Stefan (metze) Metzmacher wrote:
>> + if (add_outgoing && del_outgoing) {
>
> This should be ||
Yes, here's an updated and tested patch.
metze
-------------- next part --------------
From 1ab2b8634b423554443497427dcdf1f086ae5d97 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:03:49 +0100
Subject: [PATCH 1/4] s4:rpc_server/lsa: pass the correct variable to
setInfoTrustedDomain_base()
This requires 'struct lsa_policy_state', we now pass this directly
instead of a instead of an opaque 'struct dcesrv_handle'.
dcesrv_lsa_SetInformationTrustedDomain() passes in a 'struct dcesrv_handle'
with 'struct lsa_trusted_domain_state' before, which results in segfaults.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/rpc_server/lsa/dcesrv_lsa.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 6c09649..40867dd 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1600,13 +1600,12 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
- struct dcesrv_handle *p_handle,
+ struct lsa_policy_state *p_state,
TALLOC_CTX *mem_ctx,
struct ldb_message *dom_msg,
enum lsa_TrustDomInfoEnum level,
union lsa_TrustedDomainInfo *info)
{
- struct lsa_policy_state *p_state = p_handle->data;
uint32_t *posix_offset = NULL;
struct lsa_TrustDomainInfoInfoEx *info_ex = NULL;
struct lsa_TrustDomainInfoAuthInfo *auth_info = NULL;
@@ -1942,7 +1941,7 @@ static NTSTATUS dcesrv_lsa_SetInformationTrustedDomain(
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- return setInfoTrustedDomain_base(dce_call, h, mem_ctx,
+ return setInfoTrustedDomain_base(dce_call, td_state->policy, mem_ctx,
msgs[0], r->in.level, r->in.info);
}
@@ -2160,7 +2159,7 @@ static NTSTATUS dcesrv_lsa_SetTrustedDomainInfoByName(struct dcesrv_call_state *
return NT_STATUS_INTERNAL_DB_CORRUPTION;
}
- return setInfoTrustedDomain_base(dce_call, policy_handle, mem_ctx,
+ return setInfoTrustedDomain_base(dce_call, policy_state, mem_ctx,
msgs[0], r->in.level, r->in.info);
}
--
1.9.1
From 497ed02e2b5b65cb377384d87629191c31835202 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:33:38 +0100
Subject: [PATCH 2/4] s4:rpc_server/lsa: remove
trustAuthIncoming/trustAuthOutgoing when the related flag is removed.
When LSA_TRUST_DIRECTION_INBOUND or LSA_TRUST_DIRECTION_OUTBOUND flags is cleared
we should also remove the related credentials.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/rpc_server/lsa/dcesrv_lsa.c | 32 ++++++++++++++++++++------------
1 file changed, 20 insertions(+), 12 deletions(-)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 40867dd..0aad375 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1779,10 +1779,14 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
}
if (info_ex->trust_direction & LSA_TRUST_DIRECTION_INBOUND) {
- add_incoming = true;
+ if (auth_info != NULL && trustAuthIncoming.length > 0) {
+ add_incoming = true;
+ }
}
if (info_ex->trust_direction & LSA_TRUST_DIRECTION_OUTBOUND) {
- add_outgoing = true;
+ if (auth_info != NULL && trustAuthOutgoing.length > 0) {
+ add_outgoing = true;
+ }
}
if ((origdir & LSA_TRUST_DIRECTION_INBOUND) &&
@@ -1830,28 +1834,32 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
}
}
- if (add_incoming && trustAuthIncoming.data) {
+ if (add_incoming || del_incoming) {
ret = ldb_msg_add_empty(msg, "trustAuthIncoming",
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_value(msg, "trustAuthIncoming",
- &trustAuthIncoming, NULL);
- if (ret != LDB_SUCCESS) {
- return NT_STATUS_NO_MEMORY;
+ if (add_incoming) {
+ ret = ldb_msg_add_value(msg, "trustAuthIncoming",
+ &trustAuthIncoming, NULL);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
}
- if (add_outgoing && trustAuthOutgoing.data) {
+ if (add_outgoing || del_outgoing) {
ret = ldb_msg_add_empty(msg, "trustAuthOutgoing",
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
return NT_STATUS_NO_MEMORY;
}
- ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
- &trustAuthOutgoing, NULL);
- if (ret != LDB_SUCCESS) {
- return NT_STATUS_NO_MEMORY;
+ if (add_outgoing) {
+ ret = ldb_msg_add_value(msg, "trustAuthOutgoing",
+ &trustAuthOutgoing, NULL);
+ if (ret != LDB_SUCCESS) {
+ return NT_STATUS_NO_MEMORY;
+ }
}
}
--
1.9.1
From 8f775912dcdcaab581de77c5ae2ca89e68b4a9b0 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:37:17 +0100
Subject: [PATCH 3/4] s4:rpc_server/lsa: remove unused allow_warnings=True
We compile without warnings now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/rpc_server/wscript_build | 1 -
1 file changed, 1 deletion(-)
diff --git a/source4/rpc_server/wscript_build b/source4/rpc_server/wscript_build
index 2866257..c79c1827 100755
--- a/source4/rpc_server/wscript_build
+++ b/source4/rpc_server/wscript_build
@@ -103,7 +103,6 @@ bld.SAMBA_MODULE('dcerpc_netlogon',
bld.SAMBA_MODULE('dcerpc_lsarpc',
source='lsa/dcesrv_lsa.c lsa/lsa_init.c lsa/lsa_lookup.c',
- allow_warnings=True,
autoproto='lsa/proto.h',
subsystem='dcerpc_server',
init_function='dcerpc_server_lsa_init',
--
1.9.1
From c215b0238af907b6dd642ea4900aacd68f468b24 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze at samba.org>
Date: Mon, 15 Dec 2014 16:47:50 +0100
Subject: [PATCH 4/4] s4:rpc_server/lsa: fix segfault in check_ft_info()
This is triggered by lsa_lsaRSetForestTrustInformation()
with ForestTrustInfo elements using FOREST_TRUST_TOP_LEVEL_NAME.
The nb_name variable was uninitialized and dereferenced without checking.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
---
source4/rpc_server/lsa/dcesrv_lsa.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 0aad375..020360d 100644
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -4159,6 +4159,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
nrec = &new_fti->records[new_fti_idx].record;
dns_name = NULL;
+ nb_name = NULL;
tln_conflict = false;
sid_conflict = false;
nb_conflict = false;
@@ -4237,6 +4238,7 @@ static NTSTATUS check_ft_info(TALLOC_CTX *mem_ctx,
sid_conflict = true;
}
if (!(trec->flags & LSA_NB_DISABLED_ADMIN) &&
+ (nb_name != NULL) &&
strcasecmp_m(trec->data.info.netbios_name.string,
nb_name) == 0) {
nb_conflict = true;
--
1.9.1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20141219/f45e3bb2/attachment.pgp>
More information about the samba-technical
mailing list