winbindd crash
Andreas Schneider
asn at samba.org
Wed Nov 4 07:13:07 UTC 2015
On Tuesday 03 November 2015 16:08:56 Jeremy Allison wrote:
> On Mon, Nov 02, 2015 at 10:39:11AM +0000, Noel Power wrote:
> > On 02/11/15 09:34, Noel Power wrote:
> > > Hi Metz,
> > > On 30/10/15 16:44, Stefan Metzmacher wrote:
> > > [...]
> > >
> > >> Can you split this into two commits?
> > >>
> > >> + if (!domain->conn.netlogon_creds) {
> > >> + DEBUG(3, ("No security credentials available.\n"));
> > >> + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> > >>
> > >> Can you please use if (domain->conn.netlogon_creds == NULL) ?
> > >> and more details into the debug message (at least the domain name).
> > >>
> > >> Also please at the BUG: https://bugzilla... to the commit messages.
> > >
> > > sure thing, can do, will update and attach soon
> >
> > 'attached' have also been added at
> > https://bugzilla.samba.org/show_bug.cgi?id=11566 also
>
> Also Reviewed-by: Jeremy Allison <jra at samba.org>
>
> Metze, are you OK with this part 1 ?
RB+ but please use DBG_NOTICE
>
> > From 4198f37bed021565a1abf055943e45234ebf0725 Mon Sep 17 00:00:00 2001
> > From: Noel Power <noel.power at suse.com>
> > Date: Thu, 22 Oct 2015 12:37:17 +0100
> > Subject: [PATCH 1/2] Prevent null ptr access by returning error if no
> > creds
> >
> > available
> >
> > Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
> > being called with 'NULL' credentials
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
> > Signed-off-by: Noel Power <noel.power at suse.com>
> > ---
> >
> > source3/winbindd/winbindd_pam.c | 6 ++++--
> > 1 file changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/source3/winbindd/winbindd_pam.c
> > b/source3/winbindd/winbindd_pam.c index bed2220..0b8ad01 100644
> > --- a/source3/winbindd/winbindd_pam.c
> > +++ b/source3/winbindd/winbindd_pam.c
> > @@ -1367,8 +1367,10 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
> > winbindd_domain *domain,>
> > return result;
> >
> > }
> > netr_attempts = 0;
> >
> > -
> > - if (interactive && username != NULL && password != NULL) {
> > + if (domain->conn.netlogon_creds == NULL) {
> > + DEBUG(3, ("No security credentials available.\n"));
> > + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
> > + } else if (interactive && username != NULL && password != NULL) {
> >
> > result = rpccli_netlogon_password_logon(domain-
>conn.netlogon_creds,
> >
> > netlogon_pipe->binding_handle,
> > mem_ctx,
> >
> > From f23c23ee52e791efa35d9e70552d30e0d4314695 Mon Sep 17 00:00:00 2001
> > From: Noel Power <noel.power at suse.com>
> > Date: Mon, 2 Nov 2015 09:59:12 +0000
> > Subject: [PATCH 2/2] Prevent null ptr access by returning error if no
> > creds
> >
> > available
> >
> > Prevent rpccli_netlogon_password_logon being called with 'NULL'
> > credentials.
> >
> > BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
> > signed-off-by: Noel Power <noel.power at suse.com>
> > ---
> >
> > source3/rpcclient/cmd_netlogon.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/source3/rpcclient/cmd_netlogon.c
> > b/source3/rpcclient/cmd_netlogon.c index 2d1c351..ea63602 100644
> > --- a/source3/rpcclient/cmd_netlogon.c
> > +++ b/source3/rpcclient/cmd_netlogon.c
> > @@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct
> > rpc_pipe_client *cli,>
> > if (argc == 6)
> >
> > sscanf(argv[5], "%x", &logon_param);
> >
> > + if (rpcclient_netlogon_creds == NULL) {
> > + result = NT_STATUS_UNSUCCESSFUL;
> > + goto done;
> > + }
> > +
> >
> > /* Perform the sam logon */
> >
> > result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds,
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list