winbindd crash
Jeremy Allison
jra at samba.org
Tue Nov 3 23:59:54 UTC 2015
On Mon, Nov 02, 2015 at 11:27:16AM +0000, Noel Power wrote:
> Hi Metz
> On 02/11/15 10:45, Stefan Metzmacher wrote:
> > Hi Noel,
> >
> >> + if (domain->conn.netlogon_creds == NULL) {
> >> + DEBUG(3, ("No security credentials available.\n"));
> >> + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> > Can you also improve the debug message (at least with the domain name)?
> >
> how about attached (p.s. I am suffering from debug message writers block
> so if you have message content in mind I'm happy to change it)
LGTM. Reviewed-by: Jeremy Allison <jra at samba.org>
Metze, are you also good to go ?
> From ec60c96b123eda337df2f62dc381f69f60ba79e8 Mon Sep 17 00:00:00 2001
> From: Noel Power <noel.power at suse.com>
> Date: Mon, 2 Nov 2015 09:59:12 +0000
> Subject: [PATCH 2/2] Prevent null ptr access by returning error if no creds
> available
>
> Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
> signed-off-by: Noel Power <noel.power at suse.com>
> ---
> source3/rpcclient/cmd_netlogon.c | 5 +++++
> source3/winbindd/winbindd_pam.c | 3 ++-
> 2 files changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
> index 2d1c351..ea63602 100644
> --- a/source3/rpcclient/cmd_netlogon.c
> +++ b/source3/rpcclient/cmd_netlogon.c
> @@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
> if (argc == 6)
> sscanf(argv[5], "%x", &logon_param);
>
> + if (rpcclient_netlogon_creds == NULL) {
> + result = NT_STATUS_UNSUCCESSFUL;
> + goto done;
> + }
> +
> /* Perform the sam logon */
>
> result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds,
> diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
> index 0b8ad01..a09143f 100644
> --- a/source3/winbindd/winbindd_pam.c
> +++ b/source3/winbindd/winbindd_pam.c
> @@ -1368,7 +1368,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
> }
> netr_attempts = 0;
> if (domain->conn.netlogon_creds == NULL) {
> - DEBUG(3, ("No security credentials available.\n"));
> + DEBUG(3, ("No security credentials available for "
> + "domain [%s]\n", domainname));
> result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> } else if (interactive && username != NULL && password != NULL) {
> result = rpccli_netlogon_password_logon(domain->conn.netlogon_creds,
> --
> 2.1.4
>
More information about the samba-technical
mailing list