diff options
author | Stefan Metzmacher <metze@samba.org> | 2010-04-01 09:29:38 +0200 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2010-04-01 13:01:26 +0200 |
commit | d930904b997d310aeff781bde1e7e3ce47dde8a1 (patch) | |
tree | d51119aadbec38e477e49f41f6439171705eae8c /source3/winbindd | |
parent | 658dc77446ce11e6454f64abea21edc2b5e405e6 (diff) | |
download | samba-d930904b997d310aeff781bde1e7e3ce47dde8a1.tar.gz samba-d930904b997d310aeff781bde1e7e3ce47dde8a1.tar.bz2 samba-d930904b997d310aeff781bde1e7e3ce47dde8a1.zip |
s3:winbindd: make sure we don't try rpc requests against unaccessable domains
This makes sure we don't crash while trying to dereference domain->conn.cli->foo
while trying to establish a rpc connection to the server.
metze
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_cm.c | 33 |
1 files changed, 28 insertions, 5 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 0f0d5f8107..1ddfdef89b 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1632,7 +1632,13 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain) NTSTATUS result; /* Internal connections never use the network. */ - if (domain->internal || !winbindd_can_contact_domain(domain)) { + if (domain->internal) { + domain->initialized = True; + return NT_STATUS_OK; + } + + if (!winbindd_can_contact_domain(domain)) { + invalidate_cm_connection(&domain->conn); domain->initialized = True; return NT_STATUS_OK; } @@ -1665,6 +1671,23 @@ NTSTATUS init_dc_connection(struct winbindd_domain *domain) return init_dc_connection_network(domain); } +static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain) +{ + NTSTATUS status; + + status = init_dc_connection(domain); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!domain->internal && domain->conn.cli == NULL) { + /* happens for trusted domains without inbound trust */ + return NT_STATUS_TRUSTED_DOMAIN_FAILURE; + } + + return NT_STATUS_OK; +} + /****************************************************************************** Set the trust flags (direction and forest location) for a domain ******************************************************************************/ @@ -2011,7 +2034,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, char *machine_account = NULL; char *domain_name = NULL; - result = init_dc_connection(domain); + result = init_dc_connection_rpc(domain); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -2194,7 +2217,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain, DEBUG(10,("cm_connect_lsa_tcp\n")); - status = init_dc_connection(domain); + status = init_dc_connection_rpc(domain); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -2240,7 +2263,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, NTSTATUS result = NT_STATUS_UNSUCCESSFUL; struct netlogon_creds_CredentialState *p_creds; - result = init_dc_connection(domain); + result = init_dc_connection_rpc(domain); if (!NT_STATUS_IS_OK(result)) return result; @@ -2372,7 +2395,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, *cli = NULL; - result = init_dc_connection(domain); + result = init_dc_connection_rpc(domain); if (!NT_STATUS_IS_OK(result)) { return result; } |