Andreas Schneider
parent
3620ac8a38
commit
19bf1f6445
82
samba-4.1.13-fix_winbind_segfault.patch
Normal file
82
samba-4.1.13-fix_winbind_segfault.patch
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
commit 6b1091dcd9a32977542692e78cfa2c930a691404
|
||||||
|
Author: Jeremy Allison <jra@samba.org>
|
||||||
|
AuthorDate: Wed Jul 16 12:41:55 2014 -0700
|
||||||
|
Commit: Karolin Seeger <kseeger@samba.org>
|
||||||
|
CommitDate: Sat Sep 27 20:58:13 2014 +0200
|
||||||
|
|
||||||
|
s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs.
|
||||||
|
|
||||||
|
There are places in the code where we're not checking that alt_name is NULL
|
||||||
|
and then calling into the DC lookup code with a NULL name request. This can
|
||||||
|
happen in offline mode.
|
||||||
|
|
||||||
|
Fixes bug #10717 - Winbind crash on losing VPN connection
|
||||||
|
|
||||||
|
https://bugzilla.samba.org/show_bug.cgi?id=10717
|
||||||
|
|
||||||
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
||||||
|
Reviewed-by: Michael Adam <obnox@samba.org>
|
||||||
|
|
||||||
|
Autobuild-User(master): Michael Adam <obnox@samba.org>
|
||||||
|
Autobuild-Date(master): Mon Sep 15 23:29:00 CEST 2014 on sn-devel-104
|
||||||
|
|
||||||
|
(cherry picked from commit 92da0b243c18546275c4736507188eba425a0732)
|
||||||
|
---
|
||||||
|
source3/winbindd/winbindd_ads.c | 3 ++-
|
||||||
|
source3/winbindd/winbindd_cm.c | 8 ++++++--
|
||||||
|
2 files changed, 8 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
|
||||||
|
index e47613e..fb0bc26 100644
|
||||||
|
--- a/source3/winbindd/winbindd_ads.c
|
||||||
|
+++ b/source3/winbindd/winbindd_ads.c
|
||||||
|
@@ -169,6 +169,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (IS_DC) {
|
||||||
|
+ SMB_ASSERT(wb_dom->alt_name != NULL);
|
||||||
|
realm = SMB_STRDUP(wb_dom->alt_name);
|
||||||
|
} else {
|
||||||
|
struct winbindd_domain *our_domain = wb_dom;
|
||||||
|
@@ -224,7 +225,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( IS_DC ) {
|
||||||
|
-
|
||||||
|
+ SMB_ASSERT(domain->alt_name != NULL);
|
||||||
|
realm = SMB_STRDUP(domain->alt_name);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
|
||||||
|
index 61917db..8bbc886 100644
|
||||||
|
--- a/source3/winbindd/winbindd_cm.c
|
||||||
|
+++ b/source3/winbindd/winbindd_cm.c
|
||||||
|
@@ -833,6 +833,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain,
|
||||||
|
return NT_STATUS_CANT_ACCESS_DOMAIN_INFO;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ if (our_domain->alt_name == NULL) {
|
||||||
|
+ return NT_STATUS_INVALID_PARAMETER;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
if (asprintf(machine_krb5_principal, "%s$@%s",
|
||||||
|
account_name, our_domain->alt_name) == -1)
|
||||||
|
{
|
||||||
|
@@ -1199,7 +1203,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx,
|
||||||
|
/* For active directory servers, try to get the ldap server name.
|
||||||
|
None of these failures should be considered critical for now */
|
||||||
|
|
||||||
|
- if (lp_security() == SEC_ADS) {
|
||||||
|
+ if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) {
|
||||||
|
ADS_STRUCT *ads;
|
||||||
|
ADS_STATUS ads_status;
|
||||||
|
char addr[INET6_ADDRSTRLEN];
|
||||||
|
@@ -1327,7 +1331,7 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain,
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (sec == SEC_ADS) {
|
||||||
|
+ if ((sec == SEC_ADS) && (domain->alt_name != NULL)) {
|
||||||
|
char *sitename = NULL;
|
||||||
|
|
||||||
|
/* We need to make sure we know the local site before
|
||||||
@ -6,7 +6,7 @@
|
|||||||
# ctdb is enabled by default, you can disable it with: --without clustering
|
# ctdb is enabled by default, you can disable it with: --without clustering
|
||||||
%bcond_without clustering
|
%bcond_without clustering
|
||||||
|
|
||||||
%define main_release 1
|
%define main_release 5
|
||||||
|
|
||||||
%define samba_version 4.1.12
|
%define samba_version 4.1.12
|
||||||
%define talloc_version 2.0.8
|
%define talloc_version 2.0.8
|
||||||
@ -94,6 +94,8 @@ Source6: samba.pamd
|
|||||||
Source200: README.dc
|
Source200: README.dc
|
||||||
Source201: README.downgrade
|
Source201: README.downgrade
|
||||||
|
|
||||||
|
Patch0: samba-4.1.13-fix_winbind_segfault.patch
|
||||||
|
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
@ -513,6 +515,8 @@ module necessary to communicate to the Winbind Daemon
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n samba-%{version}%{pre_release}
|
%setup -q -n samba-%{version}%{pre_release}
|
||||||
|
|
||||||
|
%patch0 -p1 -b .samba-4.1.13-fix_winbind_segfault.patch
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
%global _talloc_lib ,talloc,pytalloc,pytalloc-util
|
||||||
%global _tevent_lib ,tevent,pytevent
|
%global _tevent_lib ,tevent,pytevent
|
||||||
@ -1583,6 +1587,9 @@ rm -rf %{buildroot}
|
|||||||
%{_mandir}/man8/pam_winbind.8*
|
%{_mandir}/man8/pam_winbind.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 07 2014 - Andreas Schneider <asn@redhat.com> - 4.1.12-5
|
||||||
|
- resolves: #1033595 - Fix segfault in winbind.
|
||||||
|
|
||||||
* Wed Sep 24 2014 - Andreas Schneider <asn@redhat.com> - 4.1.12-1
|
* Wed Sep 24 2014 - Andreas Schneider <asn@redhat.com> - 4.1.12-1
|
||||||
- Update to Samba 4.1.12.
|
- Update to Samba 4.1.12.
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user