From 5606e85d74d4dd9eb8616d497aaaad07f7e7d792 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 13 Sep 2006 14:54:55 +0000 Subject: r18476: Protect ourselves from bad cached creds a little better - don't just panic - delete them. Jeremy. (This used to be commit 4c54b75076442d239ae374b236c6f33aafece981) --- source3/nsswitch/winbindd_cache.c | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/winbindd_cache.c') diff --git a/source3/nsswitch/winbindd_cache.c b/source3/nsswitch/winbindd_cache.c index 2cff894eb4..ac3b2661f0 100644 --- a/source3/nsswitch/winbindd_cache.c +++ b/source3/nsswitch/winbindd_cache.c @@ -282,13 +282,13 @@ static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) if (len != 16) { DEBUG(0,("centry corruption? hash len (%u) != 16\n", len )); - smb_panic("centry_hash16"); + return NULL; } if (centry->len - centry->ofs < 16) { DEBUG(0,("centry corruption? needed 16 bytes, have %d\n", centry->len - centry->ofs)); - smb_panic("centry_hash16"); + return NULL; } ret = TALLOC_ARRAY(mem_ctx, char, 16); @@ -589,6 +589,24 @@ static struct cache_entry *wcache_fetch(struct winbind_cache *cache, return centry; } +static void wcache_delete(const char *format, ...) PRINTF_ATTRIBUTE(1,2); +static void wcache_delete(const char *format, ...) +{ + va_list ap; + char *kstr; + TDB_DATA key; + + va_start(ap, format); + smb_xvasprintf(&kstr, format, ap); + va_end(ap); + + key.dptr = kstr; + key.dsize = strlen(kstr); + + tdb_delete(wcache->tdb, key); + free(kstr); +} + /* make sure we have at least len bytes available in a centry */ @@ -918,6 +936,16 @@ NTSTATUS wcache_get_creds(struct winbindd_domain *domain, if we are returning a salted cred. */ *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); + if (*cached_nt_pass == NULL) { + const char *sidstr = sid_string_static(sid); + + /* Bad (old) cred cache. Delete and pretend we + don't have it. */ + DEBUG(0,("wcache_get_creds: bad entry for [CRED/%s] - deleting\n", + sidstr)); + wcache_delete("CRED/%s", sidstr); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } /* We only have 17 bytes more data in the salted cred case. */ if (centry->len - centry->ofs == 17) { -- cgit