[PATCH] small winbind refactorings and CIDs
Volker Lendecke
Volker.Lendecke at SerNet.DE
Wed Mar 16 05:56:02 UTC 2016
Hi!
Review appreciated!
Thanks, Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------
From ca6c9e33784b0ed20beb2e3edff298c2e425a5d0 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Mon, 22 Feb 2016 17:03:43 +0100
Subject: [PATCH 1/7] idmap: Factor out lp_scan_idmap_domains()
This simplifies idmap_found_domain_backend() by moving the regex magic
somewhere else. Also, this routine will be useful soon somewhere else, thus
make it non-static to idmap.c.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap.c | 125 +++++++++++++++++++++++++-------------
source3/winbindd/winbindd_proto.h | 3 +
2 files changed, 87 insertions(+), 41 deletions(-)
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 4012e70..d3c8fbe 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -70,13 +70,71 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
const char *domainname,
const char *modulename,
bool check_range);
-static bool idmap_found_domain_backend(
+
+struct lp_scan_idmap_domains_state {
+ bool (*fn)(const char *domname, void *private_data);
+ void *private_data;
+};
+
+static bool lp_scan_idmap_found_domain(
const char *string, regmatch_t matches[], void *private_data);
+bool lp_scan_idmap_domains(bool (*fn)(const char *domname,
+ void *private_data),
+ void *private_data)
+{
+ struct lp_scan_idmap_domains_state state = {
+ .fn = fn, .private_data = private_data };
+ int ret;
+
+ ret = lp_wi_scan_global_parametrics(
+ "idmapconfig\\(.*\\):backend", 2,
+ lp_scan_idmap_found_domain, &state);
+ if (ret != 0) {
+ DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret);
+ return false;
+ }
+
+ return true;
+}
+
+static bool lp_scan_idmap_found_domain(
+ const char *string, regmatch_t matches[], void *private_data)
+{
+ bool ok;
+
+ if (matches[1].rm_so == -1) {
+ DBG_WARNING("Found match, but no name??\n");
+ return false;
+ }
+ if (matches[1].rm_eo <= matches[1].rm_so) {
+ DBG_WARNING("Invalid match\n");
+ return false;
+ }
+
+ {
+ struct lp_scan_idmap_domains_state *state = private_data;
+ regoff_t len = matches[1].rm_eo - matches[1].rm_so;
+ char domname[len+1];
+
+ memcpy(domname, string + matches[1].rm_so, len);
+ domname[len] = '\0';
+
+ DBG_DEBUG("Found idmap domain \"%s\"\n", domname);
+
+ ok = state->fn(domname, state->private_data);
+ }
+
+ return ok;
+}
+
+static bool idmap_found_domain_backend(const char *domname,
+ void *private_data);
+
static bool idmap_init(void)
{
static bool initialized;
- int ret;
+ bool ok;
if (initialized) {
return true;
@@ -109,57 +167,42 @@ static bool idmap_init(void)
return false;
}
- ret = lp_wi_scan_global_parametrics(
- "idmapconfig\\(.*\\):backend", 2,
- idmap_found_domain_backend, NULL);
- if (ret != 0) {
- DBG_WARNING("wi_scan_global_parametrics returned %d\n", ret);
+ ok = lp_scan_idmap_domains(idmap_found_domain_backend, NULL);
+ if (!ok) {
+ DBG_WARNING("lp_scan_idmap_domains failed\n");
return false;
}
return true;
}
-static bool idmap_found_domain_backend(
- const char *string, regmatch_t matches[], void *private_data)
+static bool idmap_found_domain_backend(const char *domname,
+ void *private_data)
{
- if (matches[1].rm_so == -1) {
- DBG_WARNING("Found match, but no name??\n");
- return false;
- }
-
- {
- struct idmap_domain *dom, **tmp;
- regoff_t len = matches[1].rm_eo - matches[1].rm_so;
- char domname[len+1];
+ struct idmap_domain *dom, **tmp;
- memcpy(domname, string + matches[1].rm_so, len);
- domname[len] = '\0';
+ DBG_DEBUG("Found idmap domain \"%s\"\n", domname);
- DBG_DEBUG("Found idmap domain \"%s\"\n", domname);
-
- if (strcmp(domname, "*") == 0) {
- return false;
- }
+ if (strcmp(domname, "*") == 0) {
+ return false;
+ }
- dom = idmap_init_named_domain(idmap_domains, domname);
- if (dom == NULL) {
- DBG_NOTICE("Could not init idmap domain %s\n",
- domname);
- return false;
- }
+ dom = idmap_init_named_domain(idmap_domains, domname);
+ if (dom == NULL) {
+ DBG_NOTICE("Could not init idmap domain %s\n", domname);
+ return false;
+ }
- tmp = talloc_realloc(idmap_domains, idmap_domains,
- struct idmap_domain *, num_domains + 1);
- if (tmp == NULL) {
- DBG_WARNING("talloc_realloc failed\n");
- TALLOC_FREE(dom);
- return false;
- }
- idmap_domains = tmp;
- idmap_domains[num_domains] = dom;
- num_domains += 1;
+ tmp = talloc_realloc(idmap_domains, idmap_domains,
+ struct idmap_domain *, num_domains + 1);
+ if (tmp == NULL) {
+ DBG_WARNING("talloc_realloc failed\n");
+ TALLOC_FREE(dom);
+ return false;
}
+ idmap_domains = tmp;
+ idmap_domains[num_domains] = dom;
+ num_domains += 1;
return false;
}
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index dd389c2..8e94345 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -330,6 +330,9 @@ void init_idmap_child(void);
struct winbindd_child *idmap_child(void);
struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
const struct dom_sid *sid);
+bool lp_scan_idmap_domains(bool (*fn)(const char *domname,
+ void *private_data),
+ void *private_data);
/* The following definitions come from winbindd/winbindd_locator.c */
--
1.9.1
From 42bd5b9993403ed17919056fcc8378e0a3e34de1 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Fri, 4 Mar 2016 14:23:51 +0100
Subject: [PATCH 2/7] winbind: Introduce id_map_ptrs_init
This simplifies _wbint_Sids2UnixIDs a bit and will be re-used in _wbint_UnixIDs2Sids
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/idmap_proto.h | 2 ++
source3/winbindd/idmap_util.c | 31 +++++++++++++++++++++++++++++++
source3/winbindd/winbindd_dual_srv.c | 33 ++++++++-------------------------
3 files changed, 41 insertions(+), 25 deletions(-)
diff --git a/source3/winbindd/idmap_proto.h b/source3/winbindd/idmap_proto.h
index a12e5b4..0e124cd 100644
--- a/source3/winbindd/idmap_proto.h
+++ b/source3/winbindd/idmap_proto.h
@@ -59,6 +59,8 @@ struct id_map *idmap_find_map_by_sid(struct id_map **maps, struct dom_sid *sid);
char *idmap_fetch_secret(const char *backend, const char *domain,
const char *identity);
+struct id_map **id_map_ptrs_init(TALLOC_CTX *mem_ctx, size_t num_ids);
+
/* max number of ids requested per LDAP batch query */
#define IDMAP_LDAP_MAX_IDS 30
diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c
index f90565f..7591530 100644
--- a/source3/winbindd/idmap_util.c
+++ b/source3/winbindd/idmap_util.c
@@ -238,3 +238,34 @@ char *idmap_fetch_secret(const char *backend, const char *domain,
return ret;
}
+
+struct id_map **id_map_ptrs_init(TALLOC_CTX *mem_ctx, size_t num_ids)
+{
+ struct id_map **ptrs;
+ struct id_map *maps;
+ struct dom_sid *sids;
+ size_t i;
+
+ ptrs = talloc_array(mem_ctx, struct id_map *, num_ids+1);
+ if (ptrs == NULL) {
+ return NULL;
+ }
+ maps = talloc_array(ptrs, struct id_map, num_ids);
+ if (maps == NULL) {
+ TALLOC_FREE(ptrs);
+ return NULL;
+ }
+ sids = talloc_zero_array(ptrs, struct dom_sid, num_ids);
+ if (sids == NULL) {
+ TALLOC_FREE(ptrs);
+ return NULL;
+ }
+
+ for (i=0; i<num_ids; i++) {
+ maps[i] = (struct id_map) { .sid = &sids[i] };
+ ptrs[i] = &maps[i];
+ }
+ ptrs[num_ids] = NULL;
+
+ return ptrs;
+}
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index e42dce5..7c415e6 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -127,9 +127,7 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
struct wbint_TransID *ids;
uint32_t num_ids;
- struct id_map *id_maps = NULL;
struct id_map **id_map_ptrs = NULL;
- struct dom_sid *sids = NULL;
struct idmap_domain *dom;
NTSTATUS status = NT_STATUS_NO_MEMORY;
@@ -157,18 +155,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
return NT_STATUS_OK;
}
- id_maps = talloc_array(talloc_tos(), struct id_map, num_ids);
- if (id_maps == NULL) {
- goto nomem;
- }
- id_map_ptrs = talloc_array(talloc_tos(), struct id_map *, num_ids+1);
+ id_map_ptrs = id_map_ptrs_init(talloc_tos(), num_ids);
if (id_map_ptrs == NULL) {
goto nomem;
}
- sids = talloc_array(talloc_tos(), struct dom_sid, num_ids);
- if (sids == NULL) {
- goto nomem;
- }
/*
* Convert the input data into a list of id_map structs
@@ -177,18 +167,12 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
*/
for (i=0; i<num_ids; i++) {
+ struct id_map *m = id_map_ptrs[i];
- sid_compose(&sids[i], d->sid, ids[i].rid);
-
- id_maps[i] = (struct id_map) {
- .sid = &sids[i],
- .xid.type = ids[i].type,
- .status = ID_UNKNOWN
- };
-
- id_map_ptrs[i] = &id_maps[i];
+ sid_compose(m->sid, d->sid, ids[i].rid);
+ m->status = ID_UNKNOWN;
+ m->xid = (struct unixid) { .type = ids[i].type };
}
- id_map_ptrs[num_ids] = NULL;
status = dom->methods->sids_to_unixids(dom, id_map_ptrs);
@@ -203,9 +187,10 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
*/
for (i=0; i<num_ids; i++) {
+ struct id_map *m = id_map_ptrs[i];
- if (id_maps[i].status == ID_MAPPED) {
- ids[i].xid = id_maps[i].xid;
+ if (m->status == ID_MAPPED) {
+ ids[i].xid = m->xid;
} else {
ids[i].xid.id = UINT32_MAX;
ids[i].xid.type = ID_TYPE_NOT_SPECIFIED;
@@ -216,9 +201,7 @@ NTSTATUS _wbint_Sids2UnixIDs(struct pipes_struct *p,
nomem:
status = NT_STATUS_NO_MEMORY;
done:
- TALLOC_FREE(id_maps);
TALLOC_FREE(id_map_ptrs);
- TALLOC_FREE(sids);
return status;
}
--
1.9.1
From ab03e8762d1dd17f56f597eddce8eff395b9cc91 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:34:27 +0100
Subject: [PATCH 3/7] libads: Fix CID 1356316 Uninitialized pointer read
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libads/sasl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index e707228..e205e9f 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -646,7 +646,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
static ADS_STATUS ads_sasl_spnego_bind(ADS_STRUCT *ads)
{
TALLOC_CTX *frame = talloc_stackframe();
- struct ads_service_principal p;
+ struct ads_service_principal p = {0};
struct berval *scred=NULL;
int rc, i;
ADS_STATUS status;
--
1.9.1
From 9da99e7013e84e39ea13aa889a49a364b9e6c94a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:38:02 +0100
Subject: [PATCH 4/7] crypto: Fix CID 1356314 Resource leak
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/librpc/crypto/gse_krb5.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index b213e83..e0021d0 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -144,6 +144,7 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
ret = krb5_unparse_name(krbctx, princ, &princ_s);
if (ret != 0) {
+ SAFE_FREE(key);
continue;
}
@@ -152,12 +153,14 @@ static krb5_error_code fill_keytab_from_password(krb5_context krbctx,
enctypes[i]);
SAFE_FREE(princ_s);
if (salt_princ_s == NULL) {
+ SAFE_FREE(key);
continue;
}
ret = krb5_parse_name(krbctx, salt_princ_s, &salt_princ);
SAFE_FREE(salt_princ_s);
if (ret != 0) {
+ SAFE_FREE(key);
continue;
}
--
1.9.1
From 6d926968ebb5e7a7be38c994337a286526ada791 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:48:19 +0100
Subject: [PATCH 5/7] lib: Fix CID 1356315 Dereference before null check
Signed-off-by: Volker Lendecke <vl at samba.org>
---
lib/krb5_wrap/krb5_samba.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 9d2f698..ff6e5b7 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1628,12 +1628,9 @@ out:
if (memcmp(&zero_kt_entry, &kt_entry, sizeof(krb5_keytab_entry))) {
smb_krb5_kt_free_entry(context, &kt_entry);
}
- if (keytab) {
- if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
- krb5_kt_end_seq_get(context, keytab, &cursor);
- }
+ if (memcmp(&cursor, &zero_csr, sizeof(krb5_kt_cursor)) != 0) {
+ krb5_kt_end_seq_get(context, keytab, &cursor);
}
-
return ret;
}
--
1.9.1
From 0b72f0573822037e67078c3dac6aee9efa107ca7 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 20:55:37 +0100
Subject: [PATCH 6/7] ctdb: Fix CID 1356313 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl at samba.org>
---
ctdb/server/ctdb_tunables.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c
index 4e14279..4559aed 100644
--- a/ctdb/server/ctdb_tunables.c
+++ b/ctdb/server/ctdb_tunables.c
@@ -199,19 +199,21 @@ int32_t ctdb_control_list_tunables(struct ctdb_context *ctdb, TDB_DATA *outdata)
int i;
struct ctdb_control_list_tunable *t;
+ list = talloc_strdup(outdata, ":");
+ CTDB_NO_MEMORY(ctdb, list);
+
for (i=0; i<ARRAY_SIZE(tunable_map); i++) {
if (tunable_map[i].obsolete) {
continue;
}
- if (list == NULL) {
- list = talloc_strdup(outdata, tunable_map[i].name);
- } else {
- list = talloc_asprintf_append(list, ":%s",
- tunable_map[i].name);
- }
+ list = talloc_asprintf_append(list, "%s:",
+ tunable_map[i].name);
CTDB_NO_MEMORY(ctdb, list);
}
+ /* cut the last ':' */
+ list[strlen(list)-1] = '\0';
+
outdata->dsize = offsetof(struct ctdb_control_list_tunable, data) +
strlen(list) + 1;
outdata->dptr = talloc_size(outdata, outdata->dsize);
--
1.9.1
From cf9d099ee8a51701b4bf0051e8412a0357965bdf Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Tue, 15 Mar 2016 21:00:30 +0100
Subject: [PATCH 7/7] libsmb: Fix CID 1356312 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/libsmb/cliconnect.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 97d0352..50d1a0c 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1361,6 +1361,11 @@ static struct tevent_req *cli_session_setup_gensec_send(
size_t converted;
bool ok;
+ if (pass == NULL) {
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER_MIX);
+ return tevent_req_post(req, ev);
+ }
+
converted = strhex_to_str((char *)nt_hash.hash,
sizeof(nt_hash.hash),
pass, strlen(pass));
--
1.9.1
More information about the samba-technical
mailing list