Author: jra Date: 2006-08-09 02:21:04 +0000 (Wed, 09 Aug 2006) New Revision: 17466
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=17466 Log: Merge over winbindd critical fixes : Ensure we never save a NULL SID mapping. || should be &&. Found by Whitfield school. Ensure we use a hash16 data type, not a string, for storing offline hashes. Jeremy. Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c Changeset: Modified: branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c =================================================================== --- branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c 2006-08-08 20:50:35 UTC (rev 17465) +++ branches/SAMBA_3_0_23/source/nsswitch/winbindd_cache.c 2006-08-09 02:21:04 UTC (rev 17466) @@ -269,9 +269,40 @@ return ret; } -/* pull a string from a cache entry, using the supplied +/* pull a hash16 from a cache entry, using the supplied talloc context */ +static char *centry_hash16(struct cache_entry *centry, TALLOC_CTX *mem_ctx) +{ + uint32 len; + char *ret; + + len = centry_uint8(centry); + + if (len != 16) { + DEBUG(0,("centry corruption? hash len (%u) != 16\n", + len )); + smb_panic("centry_hash16"); + } + + if (centry->len - centry->ofs < 16) { + DEBUG(0,("centry corruption? needed 16 bytes, have %d\n", + centry->len - centry->ofs)); + smb_panic("centry_hash16"); + } + + ret = TALLOC_ARRAY(mem_ctx, char, 16); + if (!ret) { + smb_panic("centry_hash out of memory\n"); + } + memcpy(ret,centry->data + centry->ofs, 16); + centry->ofs += 16; + return ret; +} + +/* pull a sid from a cache entry, using the supplied + talloc context +*/ static BOOL centry_sid(struct cache_entry *centry, TALLOC_CTX *mem_ctx, DOM_SID *sid) { char *sid_string; @@ -629,6 +660,17 @@ centry->ofs += len; } +/* + push a 16 byte hash into a centry - treat as 16 byte string. + */ +static void centry_put_hash16(struct cache_entry *centry, const uint8 val[16]) +{ + centry_put_uint8(centry, 16); + centry_expand(centry, 16); + memcpy(centry->data + centry->ofs, val, 16); + centry->ofs += 16; +} + static void centry_put_sid(struct cache_entry *centry, const DOM_SID *sid) { fstring sid_string; @@ -864,7 +906,7 @@ } t = centry_time(centry); - *cached_nt_pass = (const uint8 *)centry_string(centry, mem_ctx); + *cached_nt_pass = (const uint8 *)centry_hash16(centry, mem_ctx); #if DEBUG_PASSWORD dump_data(100, (const char *)cached_nt_pass, NT_HASH_LEN); @@ -905,7 +947,7 @@ #endif centry_put_time(centry, time(NULL)); - centry_put_string(centry, (const char *)nt_pass); + centry_put_hash16(centry, nt_pass); centry_end(centry, "CRED/%s", sid_to_string(sid_string, sid)); DEBUG(10,("wcache_save_creds: %s\n", sid_string)); @@ -1240,7 +1282,7 @@ status = domain->backend->name_to_sid(domain, mem_ctx, domain_name, name, sid, type); /* and save it */ - if (domain->online || !is_null_sid(sid)) { + if (domain->online && !is_null_sid(sid)) { wcache_save_name_to_sid(domain, status, domain_name, name, sid, *type); }
