s3:rpc_server/lsa: we need to normalize the trustAuth* blobs before storing them
authorStefan Metzmacher <metze@samba.org>
Sat, 31 Jan 2015 10:45:12 +0000 (11:45 +0100)
committerGünther Deschner <gd@samba.org>
Mon, 30 Mar 2015 11:41:25 +0000 (13:41 +0200)
The number of current and previous elements need to match and we have to
fill TRUST_AUTH_TYPE_NONE if needed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
source3/rpc_server/lsa/srv_lsa_nt.c

index a989f4b359918cd81d1800c287e0a1af106522c0..ef1896302454826429fcbc3dd06b14b034944611 100644 (file)
@@ -1706,6 +1706,51 @@ static NTSTATUS get_trustauth_inout_blob(TALLOC_CTX *mem_ctx,
 {
        enum ndr_err_code ndr_err;
 
+       if (iopw->current.count != iopw->count) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (iopw->previous.count > iopw->current.count) {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (iopw->previous.count == 0) {
+               /*
+                * If the previous credentials are not present
+                * we need to make a copy.
+                */
+               iopw->previous = iopw->current;
+       }
+
+       if (iopw->previous.count < iopw->current.count) {
+               struct AuthenticationInformationArray *c = &iopw->current;
+               struct AuthenticationInformationArray *p = &iopw->previous;
+
+               /*
+                * The previous array needs to have the same size
+                * as the current one.
+                *
+                * We may have to fill with TRUST_AUTH_TYPE_NONE
+                * elements.
+                */
+               p->array = talloc_realloc(mem_ctx, p->array,
+                                  struct AuthenticationInformation,
+                                  c->count);
+               if (p->array == NULL) {
+                       return NT_STATUS_NO_MEMORY;
+               }
+
+               while (p->count < c->count) {
+                       struct AuthenticationInformation *a =
+                               &p->array[p->count++];
+
+                       *a = (struct AuthenticationInformation) {
+                               .LastUpdateTime = p->array[0].LastUpdateTime,
+                               .AuthType = TRUST_AUTH_TYPE_NONE,
+                       };
+               }
+       }
+
        ndr_err = ndr_push_struct_blob(trustauth_blob, mem_ctx,
                                       iopw,
                                       (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob);