summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2010-04-01 09:29:38 +0200
committerStefan Metzmacher <metze@samba.org>2010-04-01 13:01:26 +0200
commitd930904b997d310aeff781bde1e7e3ce47dde8a1 (patch)
treed51119aadbec38e477e49f41f6439171705eae8c /source3/winbindd
parent658dc77446ce11e6454f64abea21edc2b5e405e6 (diff)
downloadsamba-d930904b997d310aeff781bde1e7e3ce47dde8a1.tar.gz
samba-d930904b997d310aeff781bde1e7e3ce47dde8a1.tar.bz2
samba-d930904b997d310aeff781bde1e7e3ce47dde8a1.zip
s3:winbindd: make sure we don't try rpc requests against unaccessable domains
This makes sure we don't crash while trying to dereference domain->conn.cli->foo while trying to establish a rpc connection to the server. metze
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_cm.c33
1 files changed, 28 insertions, 5 deletions
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0f0d5f8107..1ddfdef89b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1632,7 +1632,13 @@ static NTSTATUS init_dc_connection_network(struct winbindd_domain *domain)
NTSTATUS result;
/* Internal connections never use the network. */
- if (domain->internal || !winbindd_can_contact_domain(domain)) {
+ if (domain->internal) {
+ domain->initialized = True;
+ return NT_STATUS_OK;
+ }
+
+ if (!winbindd_can_contact_domain(domain)) {
+ invalidate_cm_connection(&domain->conn);
domain->initialized = True;
return NT_STATUS_OK;
}
@@ -1665,6 +1671,23 @@ NTSTATUS init_dc_connection(struct winbindd_domain *domain)
return init_dc_connection_network(domain);
}
+static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain)
+{
+ NTSTATUS status;
+
+ status = init_dc_connection(domain);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!domain->internal && domain->conn.cli == NULL) {
+ /* happens for trusted domains without inbound trust */
+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
+ }
+
+ return NT_STATUS_OK;
+}
+
/******************************************************************************
Set the trust flags (direction and forest location) for a domain
******************************************************************************/
@@ -2011,7 +2034,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
char *machine_account = NULL;
char *domain_name = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -2194,7 +2217,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain *domain,
DEBUG(10,("cm_connect_lsa_tcp\n"));
- status = init_dc_connection(domain);
+ status = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2240,7 +2263,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct netlogon_creds_CredentialState *p_creds;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2372,7 +2395,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
*cli = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}