winbindd crash
Jeremy Allison
jra at samba.org
Wed Nov 4 00:08:56 UTC 2015
On Mon, Nov 02, 2015 at 10:39:11AM +0000, Noel Power wrote:
> On 02/11/15 09:34, Noel Power wrote:
> > Hi Metz,
> > On 30/10/15 16:44, Stefan Metzmacher wrote:
> > [...]
> >> Can you split this into two commits?
> >>
> >> + if (!domain->conn.netlogon_creds) {
> >> + DEBUG(3, ("No security credentials available.\n"));
> >> + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> >>
> >> Can you please use if (domain->conn.netlogon_creds == NULL) ?
> >> and more details into the debug message (at least the domain name).
> >>
> >> Also please at the BUG: https://bugzilla... to the commit messages.
> >>
> > sure thing, can do, will update and attach soon
> >
>
> 'attached' have also been added at
> https://bugzilla.samba.org/show_bug.cgi?id=11566 also
Also Reviewed-by: Jeremy Allison <jra at samba.org>
Metze, are you OK with this part 1 ?
> From 4198f37bed021565a1abf055943e45234ebf0725 Mon Sep 17 00:00:00 2001
> From: Noel Power <noel.power at suse.com>
> Date: Thu, 22 Oct 2015 12:37:17 +0100
> Subject: [PATCH 1/2] Prevent null ptr access by returning error if no creds
> available
>
> Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
> being called with 'NULL' credentials
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
> Signed-off-by: Noel Power <noel.power at suse.com>
> ---
> source3/winbindd/winbindd_pam.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
> index bed2220..0b8ad01 100644
> --- a/source3/winbindd/winbindd_pam.c
> +++ b/source3/winbindd/winbindd_pam.c
> @@ -1367,8 +1367,10 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
> return result;
> }
> netr_attempts = 0;
> -
> - if (interactive && username != NULL && password != NULL) {
> + if (domain->conn.netlogon_creds == NULL) {
> + DEBUG(3, ("No security credentials available.\n"));
> + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> + } else if (interactive && username != NULL && password != NULL) {
> result = rpccli_netlogon_password_logon(domain->conn.netlogon_creds,
> netlogon_pipe->binding_handle,
> mem_ctx,
> --
> 2.1.4
>
> From f23c23ee52e791efa35d9e70552d30e0d4314695 Mon Sep 17 00:00:00 2001
> From: Noel Power <noel.power at suse.com>
> Date: Mon, 2 Nov 2015 09:59:12 +0000
> Subject: [PATCH 2/2] Prevent null ptr access by returning error if no creds
> available
>
> Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
> signed-off-by: Noel Power <noel.power at suse.com>
> ---
> source3/rpcclient/cmd_netlogon.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
> index 2d1c351..ea63602 100644
> --- a/source3/rpcclient/cmd_netlogon.c
> +++ b/source3/rpcclient/cmd_netlogon.c
> @@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
> if (argc == 6)
> sscanf(argv[5], "%x", &logon_param);
>
> + if (rpcclient_netlogon_creds == NULL) {
> + result = NT_STATUS_UNSUCCESSFUL;
> + goto done;
> + }
> +
> /* Perform the sam logon */
>
> result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds,
> --
> 2.1.4
>
More information about the samba-technical
mailing list