diff options
author | Jeremy Allison <jra@samba.org> | 2006-09-13 14:54:55 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 11:51:43 -0500 |
commit | 5606e85d74d4dd9eb8616d497aaaad07f7e7d792 (patch) | |
tree | 815fb1b0f6e58d5844195832c98af2f469a337ba /source3/nsswitch | |
parent | c9f9917e77ac780594c3dff476c33f521bbef2bd (diff) | |
download | samba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.tar.gz samba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.tar.bz2 samba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.zip |
r18476: Protect ourselves from bad cached creds a little
better - don't just panic - delete them.
Jeremy.
(This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r-- | source3/nsswitch/winbindd_cache.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 2cff894eb4..ac3b2661f0 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -282,13 +282,13 @@ static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) if (len != 16) { DEBUG(0,("centry corruption? hash len (%u) != 16\n", len )); - smb_panic("centry_hash16"); + return NULL; } if (centry->len - centry->ofs < 16) { DEBUG(0,("centry corruption? needed 16 bytes, have %d\n", centry->len - centry->ofs)); - smb_panic("centry_hash16"); + return NULL; } ret = TALLOC_ARRAY(mem_ctx, char, 16); @@ -589,6 +589,24 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, return centry; } +static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2); +static void wcache_delete(const char *format, ...) +{ + va_list ap; + char *kstr; + TDB_DATA key; + + va_start(ap, format); + smb_xvasprintf(&kstr, format, ap); + va_end(ap); + + key.dptr = kstr; + key.dsize = strlen(kstr); + + tdb_delete(wcache->tdb, key); + free(kstr); +} + /* make sure we have at least len bytes available in a centry */ @@ -918,6 +936,16 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain, if we are returning a salted cred. */ *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); + if (*cached_nt_pass == NULL) { + const char *sidstr = sid_string_static(sid); + + /* Bad (old) cred cache. Delete and pretend we + don't have it. */ + DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n", + sidstr)); + wcache_delete("CRED/%s", sidstr); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } /* We only have 17 bytes more data in the salted cred case. */ if (centry->len - centry->ofs == 17) { |