git.samba.org / kai / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3d7521c)
s4-lsarpc Fix segfaults found by the samba4.rpc.lsa.forest test
authorAndrew Bartlett <abartlet@samba.org>
Wed, 7 Dec 2011 03:38:56 +0000 (14:38 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 12 Dec 2011 11:57:07 +0000 (12:57 +0100)
This allows us to move this test to knownfail from skip

selftest/knownfail patch | blob | history
selftest/skip patch | blob | history
source4/rpc_server/lsa/dcesrv_lsa.c patch | blob | history

diff --git a/selftest/knownfail b/selftest/knownfail
index 754ffb30c15069a930e699b2bff066b361995185..589a784298cd4ab2efedb65d30cb5dbe00bc8210 100644 (file)
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -106,3 +106,4 @@
 ^samba4.ldap.acl.*.AclSearchTests.test_search4$  # ACL search behaviour not enabled by default
 ^samba4.ldap.acl.*.AclSearchTests.test_search5$  # ACL search behaviour not enabled by default
 ^samba4.ldap.acl.*.AclSearchTests.test_search6$  # ACL search behaviour not enabled by default
+^samba4.rpc.lsa.forest                                                 # Not fully provided by Samba 4
diff --git a/selftest/skip b/selftest/skip
index 8771b676d3d61d2a00ded920e4761a661cc4cdaf..8ff2e60511ed1c1df5469a6265b9aacd94e67806 100644 (file)
--- a/selftest/skip
+++ b/selftest/skip
@@ -75,7 +75,6 @@
 ^samba4.rpc.frsapi                                                     # Not provided by Samba 4
 ^samba4.rpc.ntsvcs                                                     # Not provided by Samba 4
 ^samba4.rpc.dfs                                                                # Not provided by Samba 4
-^samba4.rpc.lsa.forest                                                 # Not provided by Samba 4
 ^samba4.*.base.samba3.*                                                # Samba3-specific test
 ^samba4.*.raw.samba3.*                                         # Samba3-specific test
 ^samba4.rpc..*samba3.*                                         # Samba3-specific test
diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c
index 5acdfe8046081f43617ed6d3dbf39ed3e11af82c..acab1874af08f6bb038b27ca82a918c7e9a378cf 100644 (file)
--- a/source4/rpc_server/lsa/dcesrv_lsa.c
+++ b/source4/rpc_server/lsa/dcesrv_lsa.c
@@ -1525,7 +1525,7 @@ static NTSTATUS update_trust_user(TALLOC_CTX *mem_ctx,
        }
 
        /* entry exists, just modify secret if any */
-       if (in->count == 0) {
+       if (in == NULL || in->count == 0) {
                return NT_STATUS_OK;
        }
 
@@ -1601,6 +1601,7 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
        uint32_t *enc_types = NULL;
        DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob;
        struct trustDomainPasswords auth_struct;
+       struct AuthenticationInformationArray *current_passwords = NULL;
        NTSTATUS nt_status;
        struct ldb_message **msgs;
        struct ldb_message *msg;
@@ -1695,18 +1696,21 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
 
        /* TODO: should we fetch previous values from the existing entry
         * and append them ? */
-       if (auth_struct.incoming.count) {
+       if (auth_info_int && auth_struct.incoming.count) {
                nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
                                                     &auth_struct.incoming,
                                                     &trustAuthIncoming);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        return nt_status;
                }
+
+               current_passwords = &auth_struct.incoming;
+
        } else {
                trustAuthIncoming = data_blob(NULL, 0);
        }
 
-       if (auth_struct.outgoing.count) {
+       if (auth_info_int && auth_struct.outgoing.count) {
                nt_status = get_trustauth_inout_blob(dce_call, mem_ctx,
                                                     &auth_struct.outgoing,
                                                     &trustAuthOutgoing);
@@ -1831,17 +1835,15 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
        }
        in_transaction = true;
 
-       ret = ldb_modify(p_state->sam_ldb, msg);
-       if (ret != LDB_SUCCESS) {
-               DEBUG(1,("Failed to modify trusted domain record %s: %s\n",
-                        ldb_dn_get_linearized(msg->dn),
-                        ldb_errstring(p_state->sam_ldb)));
-               if (ret == LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
-                       nt_status = NT_STATUS_ACCESS_DENIED;
-               } else {
-                       nt_status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+       if (msg->num_elements) {
+               ret = ldb_modify(p_state->sam_ldb, msg);
+               if (ret != LDB_SUCCESS) {
+                       DEBUG(1,("Failed to modify trusted domain record %s: %s\n",
+                                ldb_dn_get_linearized(msg->dn),
+                                ldb_errstring(p_state->sam_ldb)));
+                       nt_status = dsdb_ldb_err_to_ntstatus(ret);
+                       goto done;
                }
-               goto done;
        }
 
        if (add_incoming || del_incoming) {
@@ -1854,12 +1856,13 @@ static NTSTATUS setInfoTrustedDomain_base(struct dcesrv_call_state *dce_call,
                        goto done;
                }
 
+               /* We use trustAuthIncoming.data to incidate that auth_struct.incoming is valid */
                nt_status = update_trust_user(mem_ctx,
                                              p_state->sam_ldb,
                                              p_state->domain_dn,
                                              del_incoming,
                                              netbios_name,
-                                             &auth_struct.incoming);
+                                             current_passwords);
                if (!NT_STATUS_IS_OK(nt_status)) {
                        goto done;
                }
Kai's WIP code