From bd6ebbfb9fb9d95bdf41eab1fd134170fcf6b6bf Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 11 Apr 2007 12:32:58 +0000 Subject: [PATCH] r22173: BUG 4491, 4501: Additional fixes for protecting against crashes in allocate_id(). BUG 4501: Fix segv in idmap_ad caused by resetting the entry iterator when parsing search results. --- source/nsswitch/idmap.c | 80 +++++++++++++++++++++++++++------------------- source/nsswitch/idmap_ad.c | 27 +++++++++------- 2 files changed, 62 insertions(+), 45 deletions(-) diff --git a/source/nsswitch/idmap.c b/source/nsswitch/idmap.c index c68d69dfb24..de98c81f5a9 100644 --- a/source/nsswitch/idmap.c +++ b/source/nsswitch/idmap.c @@ -578,32 +578,32 @@ NTSTATUS idmap_init(void) if ( alloc_backend ) { - alloc_methods = get_alloc_methods(alloc_backends, alloc_backend); - if ( ! alloc_methods) { - ret = smb_probe_module("idmap", alloc_backend); - if (NT_STATUS_IS_OK(ret)) { - alloc_methods = get_alloc_methods(alloc_backends, alloc_backend); + alloc_methods = get_alloc_methods(alloc_backends, alloc_backend); + if ( ! alloc_methods) { + ret = smb_probe_module("idmap", alloc_backend); + if (NT_STATUS_IS_OK(ret)) { + alloc_methods = get_alloc_methods(alloc_backends, alloc_backend); + } } - } - if ( alloc_methods) { - ret = alloc_methods->init(compat_params); - if ( ! NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("idmap_init: Initialization failed for alloc " - "backend %s\n", alloc_backend)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; + if ( alloc_methods) { + ret = alloc_methods->init(compat_params); + if ( ! NT_STATUS_IS_OK(ret)) { + DEBUG(0, ("idmap_init: Initialization failed for alloc " + "backend %s\n", alloc_backend)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + } else { + DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", + alloc_backend)); + /* certain compat backends are just readonly */ + if ( compat ) + ret = NT_STATUS_OK; + else + ret = NT_STATUS_UNSUCCESSFUL; } - } else { - DEBUG(2, ("idmap_init: Unable to get methods for alloc backend %s\n", - alloc_backend)); - /* certain compat backends are just readonly */ - if ( compat ) - ret = NT_STATUS_OK; - else - ret = NT_STATUS_UNSUCCESSFUL; - } } - + /* cleanpu temporary strings */ TALLOC_FREE( compat_backend ); @@ -633,6 +633,9 @@ NTSTATUS idmap_allocate_uid(struct unixid *id) return ret; } + if ( !alloc_methods ) + return NT_STATUS_NOT_SUPPORTED; + id->type = ID_TYPE_UID; return alloc_methods->allocate_id(id); } @@ -645,6 +648,9 @@ NTSTATUS idmap_allocate_gid(struct unixid *id) return ret; } + if ( !alloc_methods ) + return NT_STATUS_NOT_SUPPORTED; + id->type = ID_TYPE_GID; return alloc_methods->allocate_id(id); } @@ -657,6 +663,9 @@ NTSTATUS idmap_set_uid_hwm(struct unixid *id) return ret; } + if ( !alloc_methods ) + return NT_STATUS_NOT_SUPPORTED; + id->type = ID_TYPE_UID; return alloc_methods->set_id_hwm(id); } @@ -669,6 +678,9 @@ NTSTATUS idmap_set_gid_hwm(struct unixid *id) return ret; } + if ( !alloc_methods ) + return NT_STATUS_NOT_SUPPORTED; + id->type = ID_TYPE_GID; return alloc_methods->set_id_hwm(id); } @@ -1321,16 +1333,18 @@ void idmap_dump_maps(char *logfile) return; } - allid.type = ID_TYPE_UID; - allid.id = 0; - alloc_methods->get_id_hwm(&allid); - fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id); - - allid.type = ID_TYPE_GID; - allid.id = 0; - alloc_methods->get_id_hwm(&allid); - fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id); - + if ( alloc_methods ) { + allid.type = ID_TYPE_UID; + allid.id = 0; + alloc_methods->get_id_hwm(&allid); + fprintf(dump, "USER HWM %lu\n", (unsigned long)allid.id); + + allid.type = ID_TYPE_GID; + allid.id = 0; + alloc_methods->get_id_hwm(&allid); + fprintf(dump, "GROUP HWM %lu\n", (unsigned long)allid.id); + } + maps = talloc(idmap_ctx, struct id_map); num_maps = 0; diff --git a/source/nsswitch/idmap_ad.c b/source/nsswitch/idmap_ad.c index eff3545d157..87f73f99f09 100644 --- a/source/nsswitch/idmap_ad.c +++ b/source/nsswitch/idmap_ad.c @@ -166,7 +166,6 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, const char *params char *config_option; const char *range = NULL; const char *schema_mode = NULL; - ADS_STRUCT *ads; if ( (ctx = talloc_zero(dom, struct idmap_ad_context)) == NULL ) { DEBUG(0, ("Out of memory!\n")); @@ -261,6 +260,7 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map NULL, /* gidnumber */ NULL }; LDAPMessage *res = NULL; + LDAPMessage *entry = NULL; char *filter = NULL; int idx = 0; int bidx = 0; @@ -339,7 +339,7 @@ again: } filter = talloc_asprintf_append(filter, ")"); CHECK_ALLOC_DONE(filter); - DEBUG(10, ("Filter: [%s]\n", filter)); + rc = ads_search_retry(ads, &res, filter, attrs); if (!ADS_ERR_OK(rc)) { DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc))); @@ -351,8 +351,8 @@ again: DEBUG(10, ("No IDs found\n")); } - for (i = 0; i < count; i++) { - LDAPMessage *entry = NULL; + entry = res; + for (i = 0; (i < count) && entry; i++) { DOM_SID sid; enum id_type type; struct id_map *map; @@ -360,13 +360,14 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, res); + entry = ads_first_entry(ads, entry); } else { /* following ones */ entry = ads_next_entry(ads, entry); } - if ( ! entry) { + + if ( !entry ) { DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n")); - continue; + break; } /* first check if the SID is present */ @@ -467,6 +468,7 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map NULL, /* attr_gidnumber */ NULL }; LDAPMessage *res = NULL; + LDAPMessage *entry = NULL; char *filter = NULL; int idx = 0; int bidx = 0; @@ -524,8 +526,8 @@ again: DEBUG(10, ("No IDs found\n")); } - for (i = 0; i < count; i++) { - LDAPMessage *entry = NULL; + entry = res; + for (i = 0; (i < count) && entry; i++) { DOM_SID sid; enum id_type type; struct id_map *map; @@ -533,13 +535,14 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, res); + entry = ads_first_entry(ads, entry); } else { /* following ones */ entry = ads_next_entry(ads, entry); } - if ( ! entry) { + + if ( !entry ) { DEBUG(2, ("ERROR: Unable to fetch ldap entries from results\n")); - continue; + break; } /* first check if the SID is present */ -- 2.11.4.GIT