From 659dd65f8f5c352a4cd17e072929a8cc0b6e4d34 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 25 Feb 2013 09:31:12 +0100 Subject: [PATCH] winbind: Correctly use names in the domain struct. Reviewed-by: David Disseldorp --- source3/winbindd/winbindd_ads.c | 2 +- source3/winbindd/winbindd_cache.c | 19 +++++++++++++++---- source3/winbindd/winbindd_cm.c | 4 ++-- source3/winbindd/winbindd_dual.c | 17 ++++++++++------- source3/winbindd/winbindd_misc.c | 4 +++- source3/winbindd/winbindd_pam.c | 22 +++++++++++++++++++--- source3/winbindd/winbindd_util.c | 4 ++-- 7 files changed, 52 insertions(+), 20 deletions(-) diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index e27ad5705ac..8abcfd6d0f5 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -115,7 +115,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) if ( !domain->primary ) our_domain = find_our_domain(); - if ( our_domain->alt_name[0] != '\0' ) { + if (our_domain->alt_name != NULL) { ads->auth.realm = SMB_STRDUP( our_domain->alt_name ); if (!strupper_m( ads->auth.realm )) { ads_destroy( &ads ); diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 0e47a38f15a..d7499df673e 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4321,8 +4321,16 @@ static bool add_wbdomain_to_tdc_array( struct winbindd_domain *new_dom, if ( !list ) return false; - list[idx].domain_name = talloc_strdup( list, new_dom->name ); - list[idx].dns_name = talloc_strdup( list, new_dom->alt_name ); + list[idx].domain_name = talloc_strdup(list, new_dom->name); + if (list[idx].domain_name == NULL) { + return false; + } + if (new_dom->alt_name != NULL) { + list[idx].dns_name = talloc_strdup(list, new_dom->alt_name); + if (list[idx].dns_name == NULL) { + return false; + } + } if ( !is_null_sid( &new_dom->sid ) ) { sid_copy( &list[idx].sid, &new_dom->sid ); @@ -4405,7 +4413,7 @@ static int pack_tdc_domains( struct winbindd_tdc_domain *domains, len += tdb_pack( buffer+len, buflen-len, "fffddd", domains[i].domain_name, - domains[i].dns_name, + domains[i].dns_name ? domains[i].dns_name : "", sid_to_fstring(tmp, &domains[i].sid), domains[i].trust_flags, domains[i].trust_attribs, @@ -4479,7 +4487,10 @@ static size_t unpack_tdc_domains( unsigned char *buf, int buflen, flags, attribs, type)); list[i].domain_name = talloc_strdup( list, domain_name ); - list[i].dns_name = talloc_strdup( list, dns_name ); + list[i].dns_name = NULL; + if (dns_name[0] != '\0') { + list[i].dns_name = talloc_strdup(list, dns_name); + } if ( !string_to_sid( &(list[i].sid), sid_string ) ) { DEBUG(10,("unpack_tdc_domains: no SID for domain %s\n", domain_name)); diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 57d6b1df797..50728a56d85 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -561,7 +561,7 @@ static void winbind_add_failed_connection_entry( /* If this was the saf name for the last thing we talked to, remove it. */ saf_delete(domain->name); - if (*domain->alt_name) { + if (domain->alt_name != NULL) { add_failed_connection_entry(domain->alt_name, server, result); saf_delete(domain->alt_name); } @@ -1600,7 +1600,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, result = NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND; DEBUG(10,("cm_open_connection: dcname is '%s' for domain %s\n", - domain->dcname, domain->name )); + domain->dcname ? domain->dcname : "", domain->name )); if (domain->dcname != NULL && NT_STATUS_IS_OK(check_negative_conn_cache( domain->name, domain->dcname)) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index c752ffeaac9..e1e45d49102 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -378,12 +378,15 @@ static void wb_domain_request_initialized(struct tevent_req *subreq) return; } - talloc_free(state->domain->alt_name); - state->domain->alt_name = talloc_strdup(state->domain, - response->data.domain_info.alt_name); - if (state->domain->alt_name == NULL) { - tevent_req_error(req, ENOMEM); - return; + if (response->data.domain_info.alt_name[0] != '\0') { + talloc_free(state->domain->alt_name); + + state->domain->alt_name = talloc_strdup(state->domain, + response->data.domain_info.alt_name); + if (state->domain->alt_name == NULL) { + tevent_req_error(req, ENOMEM); + return; + } } state->domain->native_mode = response->data.domain_info.native_mode; @@ -539,7 +542,7 @@ void winbind_child_died(pid_t pid) void winbindd_flush_negative_conn_cache(struct winbindd_domain *domain) { flush_negative_conn_cache_for_domain(domain->name); - if (*domain->alt_name) { + if (domain->alt_name != NULL) { flush_negative_conn_cache_for_domain(domain->alt_name); } } diff --git a/source3/winbindd/winbindd_misc.c b/source3/winbindd/winbindd_misc.c index 4759a17acac..3d70917ecbf 100644 --- a/source3/winbindd/winbindd_misc.c +++ b/source3/winbindd/winbindd_misc.c @@ -200,7 +200,9 @@ enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain * if (state->request->data.list_all_domains && !have_own_domain) { extra_data = talloc_asprintf_append_buffer( extra_data, "%s\\%s\\%s\n", domain->name, - domain->alt_name[0] ? domain->alt_name : domain->name, + domain->alt_name != NULL ? + domain->alt_name : + domain->name, sid_string_talloc(state->mem_ctx, &domain->sid)); } diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index b23d421fcda..158a7c431d2 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -556,6 +556,10 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, *info3 = NULL; + if (domain->alt_name == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + /* 1st step: * prepare a krb5_cc_cache string for the user */ @@ -586,7 +590,11 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, parse_domain_user(user, name_domain, name_user); - realm = domain->alt_name; + realm = talloc_strdup(mem_ctx, domain->alt_name); + if (realm == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (!strupper_m(realm)) { return NT_STATUS_INVALID_PARAMETER; } @@ -931,6 +939,10 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, const char *service = NULL; const char *user_ccache_file; + if (domain->alt_name == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + uid = get_uid_from_request(state->request); if (uid == -1) { DEBUG(0,("winbindd_dual_pam_auth_cached: invalid uid\n")); @@ -945,7 +957,11 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, return NT_STATUS_NO_MEMORY; } - realm = domain->alt_name; + realm = talloc_strdup(state->mem_ctx, domain->alt_name); + if (realm == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (!strupper_m(realm)) { return NT_STATUS_INVALID_PARAMETER; } @@ -970,7 +986,7 @@ static NTSTATUS winbindd_dual_pam_auth_cached(struct winbindd_domain *domain, service, state->request->data.auth.user, state->request->data.auth.pass, - domain->alt_name, + realm, uid, time(NULL), time(NULL) + lp_winbind_cache_time(), diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 4759fd51099..85b014d97cc 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -683,7 +683,7 @@ struct winbindd_domain *find_domain_from_name_noinit(const char *domain_name) for (domain = domain_list(); domain != NULL; domain = domain->next) { if (strequal(domain_name, domain->name) || - (domain->alt_name[0] && + (domain->alt_name != NULL && strequal(domain_name, domain->alt_name))) { return domain; } @@ -763,7 +763,7 @@ struct winbindd_domain *find_root_domain(void) { struct winbindd_domain *ours = find_our_domain(); - if (ours->forest_name[0] == '\0') { + if (ours->forest_name == NULL) { return NULL; } -- 2.11.4.GIT