From 19bf1f6445b61c14190d92ce8dd8fd14901d68bc Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 7 Oct 2014 16:16:44 +0200 Subject: [PATCH] Fix segfault in winbind. resolves: #1033595 --- samba-4.1.13-fix_winbind_segfault.patch | 82 +++++++++++++++++++++++++ samba.spec | 9 ++- 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 samba-4.1.13-fix_winbind_segfault.patch diff --git a/samba-4.1.13-fix_winbind_segfault.patch b/samba-4.1.13-fix_winbind_segfault.patch new file mode 100644 index 0000000..784c6db --- /dev/null +++ b/samba-4.1.13-fix_winbind_segfault.patch @@ -0,0 +1,82 @@ +commit 6b1091dcd9a32977542692e78cfa2c930a691404 +Author: Jeremy Allison +AuthorDate: Wed Jul 16 12:41:55 2014 -0700 +Commit: Karolin Seeger +CommitDate: Sat Sep 27 20:58:13 2014 +0200 + + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs. + + There are places in the code where we're not checking that alt_name is NULL + and then calling into the DC lookup code with a NULL name request. This can + happen in offline mode. + + Fixes bug #10717 - Winbind crash on losing VPN connection + + https://bugzilla.samba.org/show_bug.cgi?id=10717 + + Signed-off-by: Jeremy Allison + Reviewed-by: Michael Adam + + Autobuild-User(master): Michael Adam + Autobuild-Date(master): Mon Sep 15 23:29:00 CEST 2014 on sn-devel-104 + + (cherry picked from commit 92da0b243c18546275c4736507188eba425a0732) +--- + source3/winbindd/winbindd_ads.c | 3 ++- + source3/winbindd/winbindd_cm.c | 8 ++++++-- + 2 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c +index e47613e..fb0bc26 100644 +--- a/source3/winbindd/winbindd_ads.c ++++ b/source3/winbindd/winbindd_ads.c +@@ -169,6 +169,7 @@ ADS_STATUS ads_idmap_cached_connection(ADS_STRUCT **adsp, const char *dom_name) + } + + if (IS_DC) { ++ SMB_ASSERT(wb_dom->alt_name != NULL); + realm = SMB_STRDUP(wb_dom->alt_name); + } else { + struct winbindd_domain *our_domain = wb_dom; +@@ -224,7 +225,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) + } + + if ( IS_DC ) { +- ++ SMB_ASSERT(domain->alt_name != NULL); + realm = SMB_STRDUP(domain->alt_name); + } + else { +diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c +index 61917db..8bbc886 100644 +--- a/source3/winbindd/winbindd_cm.c ++++ b/source3/winbindd/winbindd_cm.c +@@ -833,6 +833,10 @@ static NTSTATUS get_trust_creds(const struct winbindd_domain *domain, + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + ++ if (our_domain->alt_name == NULL) { ++ return NT_STATUS_INVALID_PARAMETER; ++ } ++ + if (asprintf(machine_krb5_principal, "%s$@%s", + account_name, our_domain->alt_name) == -1) + { +@@ -1199,7 +1203,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, + /* For active directory servers, try to get the ldap server name. + None of these failures should be considered critical for now */ + +- if (lp_security() == SEC_ADS) { ++ if ((lp_security() == SEC_ADS) && (domain->alt_name != NULL)) { + ADS_STRUCT *ads; + ADS_STATUS ads_status; + char addr[INET6_ADDRSTRLEN]; +@@ -1327,7 +1331,7 @@ static bool get_dcs(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, + return True; + } + +- if (sec == SEC_ADS) { ++ if ((sec == SEC_ADS) && (domain->alt_name != NULL)) { + char *sitename = NULL; + + /* We need to make sure we know the local site before diff --git a/samba.spec b/samba.spec index 261ec23..70f0a43 100644 --- a/samba.spec +++ b/samba.spec @@ -6,7 +6,7 @@ # ctdb is enabled by default, you can disable it with: --without clustering %bcond_without clustering -%define main_release 1 +%define main_release 5 %define samba_version 4.1.12 %define talloc_version 2.0.8 @@ -94,6 +94,8 @@ Source6: samba.pamd Source200: README.dc Source201: README.downgrade +Patch0: samba-4.1.13-fix_winbind_segfault.patch + BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) Requires(pre): /usr/sbin/groupadd @@ -513,6 +515,8 @@ module necessary to communicate to the Winbind Daemon %prep %setup -q -n samba-%{version}%{pre_release} +%patch0 -p1 -b .samba-4.1.13-fix_winbind_segfault.patch + %build %global _talloc_lib ,talloc,pytalloc,pytalloc-util %global _tevent_lib ,tevent,pytevent @@ -1583,6 +1587,9 @@ rm -rf %{buildroot} %{_mandir}/man8/pam_winbind.8* %changelog +* Tue Oct 07 2014 - Andreas Schneider - 4.1.12-5 +- resolves: #1033595 - Fix segfault in winbind. + * Wed Sep 24 2014 - Andreas Schneider - 4.1.12-1 - Update to Samba 4.1.12.