summaryrefslogtreecommitdiff
path: root/source3/nsswitch
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2006-09-13 14:54:55 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:51:43 -0500
commit5606e85d74d4dd9eb8616d497aaaad07f7e7d792 (patch)
tree815fb1b0f6e58d5844195832c98af2f469a337ba /source3/nsswitch
parentc9f9917e77ac780594c3dff476c33f521bbef2bd (diff)
downloadsamba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.tar.gz
samba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.tar.bz2
samba-5606e85d74d4dd9eb8616d497aaaad07f7e7d792.zip
r18476: Protect ourselves from bad cached creds a little
better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981)
Diffstat (limited to 'source3/nsswitch')
-rw-r--r--source3/nsswitch/winbindd_cache.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c
index 2cff894eb4..ac3b2661f0 100644
--- a/source3/nsswitch/winbindd_cache.c
+++ b/source3/nsswitch/winbindd_cache.c
@@ -282,13 +282,13 @@ static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx)
if (len != 16) {
DEBUG(0,("centry corruption? hash len (%u) != 16\n",
len ));
- smb_panic("centry_hash16");
+ return NULL;
}
if (centry->len - centry->ofs < 16) {
DEBUG(0,("centry corruption? needed 16 bytes, have %d\n",
centry->len - centry->ofs));
- smb_panic("centry_hash16");
+ return NULL;
}
ret = TALLOC_ARRAY(mem_ctx, char, 16);
@@ -589,6 +589,24 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache,
return centry;
}
+static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
+static void wcache_delete(const char *format, ...)
+{
+ va_list ap;
+ char *kstr;
+ TDB_DATA key;
+
+ va_start(ap, format);
+ smb_xvasprintf(&kstr, format, ap);
+ va_end(ap);
+
+ key.dptr = kstr;
+ key.dsize = strlen(kstr);
+
+ tdb_delete(wcache->tdb, key);
+ free(kstr);
+}
+
/*
make sure we have at least len bytes available in a centry
*/
@@ -918,6 +936,16 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
if we are returning a salted cred. */
*cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx);
+ if (*cached_nt_pass == NULL) {
+ const char *sidstr = sid_string_static(sid);
+
+ /* Bad (old) cred cache. Delete and pretend we
+ don't have it. */
+ DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n",
+ sidstr));
+ wcache_delete("CRED/%s", sidstr);
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
/* We only have 17 bytes more data in the salted cred case. */
if (centry->len - centry->ofs == 17) {