winbindd crash
Stefan Metzmacher
metze at samba.org
Wed Nov 4 07:40:59 UTC 2015
Am 04.11.2015 um 00:59 schrieb Jeremy Allison:
> On Mon, Nov 02, 2015 at 11:27:16AM +0000, Noel Power wrote:
>> Hi Metz
>> On 02/11/15 10:45, Stefan Metzmacher wrote:
>>> Hi Noel,
>>>
>>>> + if (domain->conn.netlogon_creds == NULL) {
>>>> + DEBUG(3, ("No security credentials available.\n"));
>>>> + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
>>> Can you also improve the debug message (at least with the domain name)?
>>>
>> how about attached (p.s. I am suffering from debug message writers block
>> so if you have message content in mind I'm happy to change it)
>
> LGTM. Reviewed-by: Jeremy Allison <jra at samba.org>
>
> Metze, are you also good to go ?
>
>
>> From ec60c96b123eda337df2f62dc381f69f60ba79e8 Mon Sep 17 00:00:00 2001
>> From: Noel Power <noel.power at suse.com>
>> Date: Mon, 2 Nov 2015 09:59:12 +0000
>> Subject: [PATCH 2/2] Prevent null ptr access by returning error if no creds
>> available
>>
>> Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.
>>
>> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569
>> signed-off-by: Noel Power <noel.power at suse.com>
>> ---
>> source3/rpcclient/cmd_netlogon.c | 5 +++++
>> source3/winbindd/winbindd_pam.c | 3 ++-
>> 2 files changed, 7 insertions(+), 1 deletion(-)
>>
>> diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
>> index 2d1c351..ea63602 100644
>> --- a/source3/rpcclient/cmd_netlogon.c
>> +++ b/source3/rpcclient/cmd_netlogon.c
>> @@ -800,6 +800,11 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
>> if (argc == 6)
>> sscanf(argv[5], "%x", &logon_param);
>>
>> + if (rpcclient_netlogon_creds == NULL) {
>> + result = NT_STATUS_UNSUCCESSFUL;
>> + goto done;
>> + }
>> +
>> /* Perform the sam logon */
>>
>> result = rpccli_netlogon_password_logon(rpcclient_netlogon_creds,
>> diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
>> index 0b8ad01..a09143f 100644
>> --- a/source3/winbindd/winbindd_pam.c
>> +++ b/source3/winbindd/winbindd_pam.c
>> @@ -1368,7 +1368,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
>> }
>> netr_attempts = 0;
>> if (domain->conn.netlogon_creds == NULL) {
>> - DEBUG(3, ("No security credentials available.\n"));
>> + DEBUG(3, ("No security credentials available for "
>> + "domain [%s]\n", domainname));
>> result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
>> } else if (interactive && username != NULL && password != NULL) {
>> result = rpccli_netlogon_password_logon(domain->conn.netlogon_creds,
This change should be squashed to the first patch, otherwise I'm
reviewed-by me.
metze
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151104/e041cfe4/signature.sig>
More information about the samba-technical
mailing list