From 2d3a2e8d7bcd5d8238a33d085936dddb4c83110c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 16 Jul 2014 12:41:55 -0700 Subject: [PATCH] s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs. There are places in the code where we're not checking that alt_name is NULL and then calling into the DC lookup code with a NULL name request. This can happen in offline mode. Fixes bug #10717 - Winbind crash on losing VPN connection https://bugzilla.samba.org/show_bug.cgi?id=10717 Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Mon Sep 15 23:29:00 CEST 2014 on sn-devel-104 (cherry picked from commit 92da0b243c18546275c4736507188eba425a0732) --- source3/winbindd/winbindd_ads.c | 3 ++- source3/winbindd/winbindd_cm.c | 8 ++++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 4c26389..693ae90 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -169,6 +169,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name) } if (IS_DC) { + SMB_ASSERT(wb_dom->alt_name != NULL); realm = SMB_STRDUP(wb_dom->alt_name); } else { struct winbindd_domain *our_domain = wb_dom; @@ -217,7 +218,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) } if ( IS_DC ) { - + SMB_ASSERT(domain->alt_name != NULL); realm = SMB_STRDUP(domain->alt_name); } else { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 61917db..8bbc886 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -833,6 +833,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain, return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; } + if (our_domain->alt_name == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + if (asprintf(machine_krb5_principal, "%s$@%s", account_name, our_domain->alt_name) == -1) { @@ -1199,7 +1203,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, /* For active directory servers, try to get the ldap server name. None of these failures should be considered critical for now */ - if (lp_security() == SEC_ADS) { + if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) { ADS_STRUCT *ads; ADS_STATUS ads_status; char addr[INET6_ADDRSTRLEN]; @@ -1327,7 +1331,7 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, return True; } - if (sec == SEC_ADS) { + if ((sec == SEC_ADS) && (domain->alt_name != NULL)) { char *sitename = NULL; /* We need to make sure we know the local site before -- 1.9.1