From 29af730964e567a8391ee381aae3b9aaa7e5e7e1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 27 Aug 2008 17:29:10 -0700 Subject: Fix the wcache_invalidate_samlogon calls. Jeremy. (This used to be commit 7c820899ed1364fdaeb7b49e8ddd839e67397ec0) --- source3/winbindd/winbindd_cache.c | 23 ++++++++++++++++++++++- source3/winbindd/winbindd_pam.c | 4 ++-- 2 files changed, 24 insertions(+), 3 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index c9d857c2ec..2fbb01b623 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -2259,6 +2259,8 @@ static int traverse_fn(TDB_CONTEXT *the_tdb, TDB_DATA kbuf, TDB_DATA dbuf, void wcache_invalidate_samlogon(struct winbindd_domain *domain, struct netr_SamInfo3 *info3) { + DOM_SID sid; + fstring key_str, sid_string; struct winbind_cache *cache; /* dont clear cached U/SID and UG/SID entries when we want to logon @@ -2272,7 +2274,26 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain, return; cache = get_cache(domain); - netsamlogon_clear_cached_user(cache->tdb, info3); + + if (!cache->tdb) { + return; + } + + sid_copy(&sid, info3->base.domain_sid); + sid_append_rid(&sid, info3->base.rid); + + /* Clear U/SID cache entry */ + fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid)); + DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); + tdb_delete(cache->tdb, string_tdb_data(key_str)); + + /* Clear UG/SID cache entry */ + fstr_sprintf(key_str, "UG/%s", sid_to_fstring(sid_string, &sid)); + DEBUG(10, ("wcache_invalidate_samlogon: clearing %s\n", key_str)); + tdb_delete(cache->tdb, string_tdb_data(key_str)); + + /* Samba/winbindd never needs this. */ + netsamlogon_clear_cached_user(info3); } bool wcache_invalidate_cache(void) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index a7911f60aa..d4a2e3ed79 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1595,8 +1595,8 @@ process_result: goto done; } - netsamlogon_cache_store(name_user, info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); + netsamlogon_cache_store(name_user, info3); /* save name_to_sid info as early as possible (only if this is our primary domain so we don't invalidate @@ -1921,8 +1921,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (NT_STATUS_IS_OK(result)) { - netsamlogon_cache_store(name_user, info3); wcache_invalidate_samlogon(find_domain_from_name(name_domain), info3); + netsamlogon_cache_store(name_user, info3); /* Check if the user is in the right group */ -- cgit From 52e23fe460ed662e10137503abd08f4bd6596651 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Aug 2008 12:29:24 +0200 Subject: winbindd: fix invalid sid copy (hit when enumerating sibling domains). Guenther (This used to be commit 5eee7423351ffd05486e33ff8eb905babcbc9422) --- source3/winbindd/winbindd_ads.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 097fa3907d..53ea3e148c 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1254,7 +1254,7 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, if (trusts.array[i].sid) { sid_copy( &d.sid, trusts.array[i].sid); } else { - sid_copy(&(*dom_sids)[ret_count], &global_sid_NULL); + sid_copy(&d.sid, &global_sid_NULL); } if ( domain->primary ) { -- cgit From ec4015d34fed1f0a53ae495d9d9b2744f0c29df0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 31 Aug 2008 11:34:01 +0200 Subject: Fix Coverity ID 592 The scanner did not figure out that we always have a primary domain, so it complained about us potentially passing a NULL pointer down to set_domain_online_request() where it is dereferenced. Make the code a bit clearer. (This used to be commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9) --- source3/winbindd/winbindd_dual.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 916e8c07c7..63ce0e8d7f 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1212,6 +1212,10 @@ static bool fork_domain_child(struct winbindd_child *child) } } + if (primary_domain == NULL) { + smb_panic("no primary domain found"); + } + /* Ensure we're not handling an event inherited from our parent. */ -- cgit From aac60fead2d3a07756c320ee09a0960252510c19 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 2 Sep 2008 21:51:30 +0200 Subject: winbindd: the ad trusted_domains call should return talloced strings. Guenther (This used to be commit b57cbf62e8180c8fdb8f541c43358d36d8dbbdfa) --- source3/winbindd/winbindd_ads.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/winbindd') diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 53ea3e148c..94e3bad7b2 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1239,8 +1239,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, continue; } - (*names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].netbios_name); - (*alt_names)[ret_count] = CONST_DISCARD(char *, trusts.array[i].dns_name); + (*names)[ret_count] = talloc_strdup(mem_ctx, trusts.array[i].netbios_name); + (*alt_names)[ret_count] = talloc_strdup(mem_ctx, trusts.array[i].dns_name); + if ((*names)[ret_count] == NULL) { + return NT_STATUS_NO_MEMORY; + } if (trusts.array[i].sid) { sid_copy(&(*dom_sids)[ret_count], trusts.array[i].sid); } else { -- cgit