summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-09-19 18:49:18 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:03:40 -0500
commit7bd1888cdf95b0e32fe1a2993d7bcb2b16e475b1 (patch)
tree27beb86f10f8a94e967a3e1a67b4a3f507b96906
parenteb93fc968daa42bc87cb7f5bb62ed65624a4c774 (diff)
downloadsamba-7bd1888cdf95b0e32fe1a2993d7bcb2b16e475b1.tar.gz
samba-7bd1888cdf95b0e32fe1a2993d7bcb2b16e475b1.tar.bz2
samba-7bd1888cdf95b0e32fe1a2993d7bcb2b16e475b1.zip
r10321: Fix winbindd recursion bug found by Ingo Steuwer <steuwer@univention.de>.
Jeremy. (This used to be commit 6795c818a3d63737d5b40faffa3a0b91c71b427b)
-rw-r--r--source3/nsswitch/pam_winbind.c2
-rw-r--r--source3/nsswitch/wb_common.c14
-rw-r--r--source3/nsswitch/winbind_client.h3
-rw-r--r--source3/nsswitch/winbindd_nss.h2
4 files changed, 14 insertions, 7 deletions
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index 8d4f59101c..a87ccb4972 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -106,7 +106,7 @@ static int pam_winbind_request(enum winbindd_cmd req_type,
/* Fill in request and send down pipe */
init_request(request, req_type);
- if (write_sock(request, sizeof(*request)) == -1) {
+ if (write_sock(request, sizeof(*request), 0) == -1) {
_pam_log(LOG_ERR, "write to socket failed!");
close_sock();
return PAM_SERVICE_ERR;
diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c
index 5ed0b9161e..6d09666525 100644
--- a/source3/nsswitch/wb_common.c
+++ b/source3/nsswitch/wb_common.c
@@ -284,7 +284,7 @@ static int winbind_named_pipe_sock(const char *dir)
/* Connect to winbindd socket */
-int winbind_open_pipe_sock(void)
+static int winbind_open_pipe_sock(int recursing)
{
#ifdef HAVE_UNIXSOCKET
static pid_t our_pid;
@@ -302,12 +302,17 @@ int winbind_open_pipe_sock(void)
return winbindd_fd;
}
+ if (recursing) {
+ return -1;
+ }
+
if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) {
return -1;
}
/* version-check the socket */
+ request.flags = WBFLAG_RECURSE;
if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
close_sock();
return -1;
@@ -315,6 +320,7 @@ int winbind_open_pipe_sock(void)
/* try and get priv pipe */
+ request.flags = WBFLAG_RECURSE;
if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
int fd;
if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) {
@@ -333,7 +339,7 @@ int winbind_open_pipe_sock(void)
/* Write data to winbindd socket */
-int write_sock(void *buffer, int count)
+int write_sock(void *buffer, int count, int recursing)
{
int result, nwritten;
@@ -341,7 +347,7 @@ int write_sock(void *buffer, int count)
restart:
- if (winbind_open_pipe_sock() == -1) {
+ if (winbind_open_pipe_sock(recursing) == -1) {
return -1;
}
@@ -534,7 +540,7 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
init_request(request, req_type);
- if (write_sock(request, sizeof(*request)) == -1) {
+ if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) {
return NSS_STATUS_UNAVAIL;
}
diff --git a/source3/nsswitch/winbind_client.h b/source3/nsswitch/winbind_client.h
index ec20cd78ef..1d3d379af0 100644
--- a/source3/nsswitch/winbind_client.h
+++ b/source3/nsswitch/winbind_client.h
@@ -8,8 +8,7 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response);
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
-int winbind_open_pipe_sock(void);
-int write_sock(void *buffer, int count);
+int write_sock(void *buffer, int count, int recursing);
int read_reply(struct winbindd_response *response);
void close_sock(void);
void free_response(struct winbindd_response *response);
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index cf0fae74a0..d012811d37 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -172,6 +172,8 @@ typedef struct winbindd_gr {
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x0400
+/* Flag to say this is a winbindd internal send - don't recurse. */
+#define WBFLAG_RECURSE 0x0800
/* Winbind request structure */