diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-12-07 14:38:56 +1100 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-12-12 12:57:07 +0100 |
commit | e42e1ac089b3eca988848f3763ba54820192cb24 (patch) | |
tree | 6490efb982a3466baeaaaef5ca173e93762c6315 | |
parent | 3d7521c8abb4080dbff9f687257d05f5f4e45a51 (diff) | |
download | samba-e42e1ac089b3eca988848f3763ba54820192cb24.tar.gz samba-e42e1ac089b3eca988848f3763ba54820192cb24.tar.bz2 samba-e42e1ac089b3eca988848f3763ba54820192cb24.zip |
s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest test
This allows us to move this test to knownfail from skip
-rw-r--r-- | selftest/knownfail | 1 | ||||
-rw-r--r-- | selftest/skip | 1 | ||||
-rw-r--r-- | source4/rpc_server/lsa/dcesrv_lsa.c | 31 |
3 files changed, 18 insertions, 15 deletions
diff --git a/selftest/knownfail b/selftest/knownfail index 754ffb30c1..589a784298 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -106,3 +106,4 @@ ^samba4.ldap.acl.*.AclSearchTests.test_search4$ # ACL search behaviour not enabled by default ^samba4.ldap.acl.*.AclSearchTests.test_search5$ # ACL search behaviour not enabled by default ^samba4.ldap.acl.*.AclSearchTests.test_search6$ # ACL search behaviour not enabled by default +^samba4.rpc.lsa.forest # Not fully provided by Samba 4 diff --git a/selftest/skip b/selftest/skip index 8771b676d3..8ff2e60511 100644 --- a/selftest/skip +++ b/selftest/skip @@ -75,7 +75,6 @@ ^samba4.rpc.frsapi # Not provided by Samba 4 ^samba4.rpc.ntsvcs # Not provided by Samba 4 ^samba4.rpc.dfs # Not provided by Samba 4 -^samba4.rpc.lsa.forest # Not provided by Samba 4 ^samba4.*.base.samba3.* # Samba3-specific test ^samba4.*.raw.samba3.* # Samba3-specific test ^samba4.rpc..*samba3.* # Samba3-specific test diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 5acdfe8046..acab1874af 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1525,7 +1525,7 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx, } /* entry exists, just modify secret if any */ - if (in->count == 0) { + if (in == NULL || in->count == 0) { return NT_STATUS_OK; } @@ -1601,6 +1601,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, uint32_t *enc_types = NULL; DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob; struct trustDomainPasswords auth_struct; + struct AuthenticationInformationArray *current_passwords = NULL; NTSTATUS nt_status; struct ldb_message **msgs; struct ldb_message *msg; @@ -1695,18 +1696,21 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, /* TODO: should we fetch previous values from the existing entry * and append them ? */ - if (auth_struct.incoming.count) { + if (auth_info_int && auth_struct.incoming.count) { nt_status = get_trustauth_inout_blob(dce_call, mem_ctx, &auth_struct.incoming, &trustAuthIncoming); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; } + + current_passwords = &auth_struct.incoming; + } else { trustAuthIncoming = data_blob(NULL, 0); } - if (auth_struct.outgoing.count) { + if (auth_info_int && auth_struct.outgoing.count) { nt_status = get_trustauth_inout_blob(dce_call, mem_ctx, &auth_struct.outgoing, &trustAuthOutgoing); @@ -1831,17 +1835,15 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, } in_transaction = true; - ret = ldb_modify(p_state->sam_ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(1,("Failed to modify trusted domain record %s: %s\n", - ldb_dn_get_linearized(msg->dn), - ldb_errstring(p_state->sam_ldb))); - if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) { - nt_status = NT_STATUS_ACCESS_DENIED; - } else { - nt_status = NT_STATUS_INTERNAL_DB_CORRUPTION; + if (msg->num_elements) { + ret = ldb_modify(p_state->sam_ldb, msg); + if (ret != LDB_SUCCESS) { + DEBUG(1,("Failed to modify trusted domain record %s: %s\n", + ldb_dn_get_linearized(msg->dn), + ldb_errstring(p_state->sam_ldb))); + nt_status = dsdb_ldb_err_to_ntstatus(ret); + goto done; } - goto done; } if (add_incoming || del_incoming) { @@ -1854,12 +1856,13 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call, goto done; } + /* We use trustAuthIncoming.data to incidate that auth_struct.incoming is valid */ nt_status = update_trust_user(mem_ctx, p_state->sam_ldb, p_state->domain_dn, del_incoming, netbios_name, - &auth_struct.incoming); + current_passwords); if (!NT_STATUS_IS_OK(nt_status)) { goto done; } |