s4-resolve: fixed a crash bug on timeout

We were creating the name resolution context as a child of lp_ctx,
which meant when we gave up on a connection the timer on name
resolution kept running, and when it timed out the callback crashed as
the socket was already removed.

diff --git a/source4/lib/socket/connect_multi.c b/source4/lib/socket/connect_multi.c
index 8fcfc0a8ea702f74727649851bb64015552e068c..68386ba565eda876dd4a0e1cfbb4d34674a8fb0c 100644 (file)
--- a/source4/lib/socket/connect_multi.c
+++ b/source4/lib/socket/connect_multi.c
@@ -103,7 +103,7 @@ _PUBLIC_ struct composite_context *socket_connect_multi_send(
                struct nbt_name name;
                struct composite_context *creq;
                make_nbt_name_server(&name, server_address);
-               creq = resolve_name_send(resolve_ctx, &name, result->event_ctx);
+               creq = resolve_name_send(resolve_ctx, multi, &name, result->event_ctx);
                if (composite_nomem(creq, result)) goto failed;
                composite_continue(result, creq, continue_resolve_name, result);
                return result;

diff --git a/source4/libcli/finddcs.c b/source4/libcli/finddcs.c
index 2e4fad93325fd1c5c90669279d31c61b5816a380..8330042ea14b0d5e8ee77b1c515af89732ac0ed0 100644 (file)
--- a/source4/libcli/finddcs.c
+++ b/source4/libcli/finddcs.c
@@ -102,7 +102,7 @@ struct composite_context *finddcs_send(TALLOC_CTX *mem_ctx,
        state->msg_ctx = msg_ctx;
 
        make_nbt_name(&name, state->domain_name, name_type);
-       creq = resolve_name_send(resolve_ctx, &name, event_ctx);
+       creq = resolve_name_send(resolve_ctx, state, &name, event_ctx);
        composite_continue(c, creq, finddcs_name_resolved, state);
        return c;
 }

diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c
index 6a3d5daeccdba8bec9e2fccf32dbc40203ada180..0ad3a75e893e71e88c2d0ca0c299dff65ba72acd 100644 (file)
--- a/source4/libcli/resolve/resolve.c
+++ b/source4/libcli/resolve/resolve.c
@@ -136,6 +136,7 @@ static struct composite_context *setup_next_method(struct composite_context *c)
   general name resolution - async send
  */
 struct composite_context *resolve_name_all_send(struct resolve_context *ctx,
+                                               TALLOC_CTX *mem_ctx,
                                                uint32_t flags,
                                                uint16_t port,
                                                struct nbt_name *name,
@@ -148,7 +149,7 @@ struct composite_context *resolve_name_all_send(struct resolve_context *ctx,
                return NULL;
        }
 
-       c = composite_create(ctx, event_ctx);
+       c = composite_create(mem_ctx, event_ctx);
        if (c == NULL) return NULL;
 
        if (composite_nomem(c->event_ctx, c)) return c;
@@ -221,10 +222,11 @@ NTSTATUS resolve_name_all_recv(struct composite_context *c,
 }
 
 struct composite_context *resolve_name_send(struct resolve_context *ctx,
+                                           TALLOC_CTX *mem_ctx,
                                            struct nbt_name *name,
                                            struct tevent_context *event_ctx)
 {
-       return resolve_name_all_send(ctx, 0, 0, name, event_ctx);
+       return resolve_name_all_send(ctx, mem_ctx, 0, 0, name, event_ctx);
 }
 
 NTSTATUS resolve_name_recv(struct composite_context *c,
@@ -253,7 +255,7 @@ NTSTATUS resolve_name(struct resolve_context *ctx,
                          const char **reply_addr,
                          struct tevent_context *ev)
 {
-       struct composite_context *c = resolve_name_send(ctx, name, ev);
+       struct composite_context *c = resolve_name_send(ctx, mem_ctx, name, ev);
        return resolve_name_recv(c, mem_ctx, reply_addr);
 }
 

diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c
index 8c1a73b6817bd927a616871aca6fa83249871c26..64ed6c3acce0ffe4a970ac1b5be6adcf8e67946f 100644 (file)
--- a/source4/libcli/smb2/connect.c
+++ b/source4/libcli/smb2/connect.c
@@ -271,7 +271,7 @@ struct composite_context *smb2_connect_send(TALLOC_CTX *mem_ctx,
        ZERO_STRUCT(name);
        name.name = host;
 
-       creq = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+       creq = resolve_name_send(resolve_ctx, state, &name, c->event_ctx);
        composite_continue(c, creq, continue_resolve, c);
        return c;
 }

diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c
index 9a19771bc0f6edb4eed2552255be16407c19d2f5..3d35018acbc5df9e6ba66e4e6aa7e7527d7c3277 100644 (file)
--- a/source4/libcli/smb_composite/connect.c
+++ b/source4/libcli/smb_composite/connect.c
@@ -480,7 +480,7 @@ struct composite_context *smb_composite_connect_send(struct smb_composite_connec
 
        state->stage = CONNECT_RESOLVE;
        make_nbt_name_server(&name, io->in.dest_host);
-       state->creq = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+       state->creq = resolve_name_send(resolve_ctx, state, &name, c->event_ctx);
 
        if (state->creq == NULL) goto failed;
        state->creq->async.private_data = c;

diff --git a/source4/libnet/libnet_lookup.c b/source4/libnet/libnet_lookup.c
index ab26814b9ad052accbc02958f1498a3816432d24..4548864ba4adf8acd088ca66ad96819882d0c7e6 100644 (file)
--- a/source4/libnet/libnet_lookup.c
+++ b/source4/libnet/libnet_lookup.c
@@ -88,7 +88,7 @@ struct composite_context *libnet_Lookup_send(struct libnet_context *ctx,
        }
 
        /* send resolve request */
-       cresolve_req = resolve_name_send(resolve_ctx, &s->hostname, c->event_ctx);
+       cresolve_req = resolve_name_send(resolve_ctx, s, &s->hostname, c->event_ctx);
        if (composite_nomem(cresolve_req, c)) return c;
 
        composite_continue(c, cresolve_req, continue_name_resolved, c);

diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c
index 64a5b92e90afb5b7fc0f3d1737a3463ceb62a9e9..d8bd6d29380d04d89843b557e242c1a0d81a06bf 100644 (file)
--- a/source4/librpc/rpc/dcerpc_sock.c
+++ b/source4/librpc/rpc/dcerpc_sock.c
@@ -488,7 +488,7 @@ struct composite_context* dcerpc_pipe_open_tcp_send(struct dcerpc_connection *co
        s->resolve_ctx     = resolve_ctx;
 
        make_nbt_name_server(&name, server);
-       resolve_req = resolve_name_send(resolve_ctx, &name, c->event_ctx);
+       resolve_req = resolve_name_send(resolve_ctx, s, &name, c->event_ctx);
        composite_continue(c, resolve_req, continue_ip_resolve_name, c);
        return c;
 }

diff --git a/source4/nbt_server/wins/wins_dns_proxy.c b/source4/nbt_server/wins/wins_dns_proxy.c
index cd605907a8cdea29e1bfe57b524ce35397ccbf93..4ebfc05fd7678e86c0bf9d9fe8d4cf4fb9eea649 100644 (file)
--- a/source4/nbt_server/wins/wins_dns_proxy.c
+++ b/source4/nbt_server/wins/wins_dns_proxy.c
@@ -87,7 +87,7 @@ void nbtd_wins_dns_proxy_query(struct nbt_name_socket *nbtsock,
        if (resolve_ctx == NULL) goto failed;
        resolve_context_add_host_method(resolve_ctx);
 
-       creq = resolve_name_send(resolve_ctx, name, iface->nbtsrv->task->event_ctx);
+       creq = resolve_name_send(resolve_ctx, s, name, iface->nbtsrv->task->event_ctx);
        if (!creq) goto failed;
 
        creq->async.fn          = nbtd_wins_dns_proxy_handler;

diff --git a/source4/winbind/wb_dom_info_trusted.c b/source4/winbind/wb_dom_info_trusted.c
index 5223b166aa80b07bfddeba55f3125d9981ed4db2..c3bc754f69585e472dfee00ca3a199bafca53c45 100644 (file)
--- a/source4/winbind/wb_dom_info_trusted.c
+++ b/source4/winbind/wb_dom_info_trusted.c
@@ -195,7 +195,7 @@ static void trusted_dom_info_recv_dcname(struct rpc_request *req)
        if (*state->info->dcs[0].name == '\\') state->info->dcs[0].name++;
        
        make_nbt_name(&name, state->info->dcs[0].name, 0x20);
-       ctx = resolve_name_send(lp_resolve_context(state->service->task->lp_ctx), 
+       ctx = resolve_name_send(lp_resolve_context(state->service->task->lp_ctx), state,
                                &name, state->service->task->event_ctx);
 
        composite_continue(state->ctx, ctx, trusted_dom_info_recv_dcaddr,