From: Ralph Boehme <slow@samba.org>
Date: Fri, 15 Dec 2017 20:13:52 +0000 (+0100)
Subject: winbindd: only use NetBIOS name when searching domain list in add_trusted_domain_from... 
X-Git-Tag: samba-4.8.0rc1~65
X-Git-Url: http://git.samba.org/?p=samba.git;a=commitdiff_plain;h=5ffade7b29292c671aca51bd82e25de8723d6852

winbindd: only use NetBIOS name when searching domain list in add_trusted_domain_from_tdc()

Unique key for domains is the NetBIOS name, period. If the the caller
passes a domain name that matches a different domains DNS name or vice
versa, that is an error. The same applies to SIDs.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index cac6ba5373d..37725cf67fe 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -174,22 +174,58 @@ add_trusted_domain_from_tdc(const struct winbindd_tdc_domain *tdc)
 	/* We can't call domain_list() as this function is called from
 	   init_domain_list() and we'll get stuck in a loop. */
 	for (domain = _domain_list; domain; domain = domain->next) {
-		if (strequal(domain_name, domain->name) ||
-		    strequal(domain_name, domain->alt_name))
-		{
+		if (strequal(domain_name, domain->name)) {
 			break;
 		}
+	}
+
+	if (domain != NULL) {
+		struct winbindd_domain *check_domain = NULL;
+
+		for (check_domain = _domain_list;
+		     check_domain != NULL;
+		     check_domain = check_domain->next)
+		{
+			if (check_domain == domain) {
+				continue;
+			}
 
-		if (alternative_name) {
-			if (strequal(alternative_name, domain->name) ||
-			    strequal(alternative_name, domain->alt_name))
-			{
+			if (dom_sid_equal(&check_domain->sid, sid)) {
 				break;
 			}
 		}
 
-		if (dom_sid_equal(sid, &domain->sid)) {
-			break;
+		if (check_domain != NULL) {
+			DBG_ERR("SID [%s] already used by domain [%s], "
+				"expected [%s]\n",
+				sid_string_dbg(sid), check_domain->name,
+				domain->name);
+			return NULL;
+		}
+	}
+
+	if ((domain != NULL) && (alternative_name != NULL)) {
+		struct winbindd_domain *check_domain = NULL;
+
+		for (check_domain = _domain_list;
+		     check_domain != NULL;
+		     check_domain = check_domain->next)
+		{
+			if (check_domain == domain) {
+				continue;
+			}
+
+			if (strequal(check_domain->alt_name, alternative_name)) {
+				break;
+			}
+		}
+
+		if (check_domain != NULL) {
+			DBG_ERR("DNS name [%s] used by domain [%s], "
+				"expected [%s]\n",
+				alternative_name, check_domain->name,
+				domain->name);
+			return NULL;
 		}
 	}