r10321: Fix winbindd recursion bug found by Ingo Steuwer <steuwer@univention.de>.
authorJeremy Allison <jra@samba.org>
Mon, 19 Sep 2005 18:49:18 +0000 (18:49 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:03:40 +0000 (11:03 -0500)
Jeremy.

source/nsswitch/pam_winbind.c
source/nsswitch/wb_common.c
source/nsswitch/winbind_client.h
source/nsswitch/winbindd_nss.h

index 8d4f59101cb7c18311c66de20bdbd1a1b91de9d4..a87ccb4972e18dd7a36bdfc2a3afd9e6b8c4bf3d 100644 (file)
@@ -106,7 +106,7 @@ static int pam_winbind_request(enum winbindd_cmd req_type,
        /* Fill in request and send down pipe */
        init_request(request, req_type);
        
-       if (write_sock(request, sizeof(*request)) == -1) {
+       if (write_sock(request, sizeof(*request), 0) == -1) {
                _pam_log(LOG_ERR, "write to socket failed!");
                close_sock();
                return PAM_SERVICE_ERR;
index 5ed0b9161e7c49e50c7793ed04c38d5af486fc66..6d09666525f7f2f142fbd189078ac57c2ff1a8e1 100644 (file)
@@ -284,7 +284,7 @@ static int winbind_named_pipe_sock(const char *dir)
 
 /* Connect to winbindd socket */
 
-int winbind_open_pipe_sock(void)
+static int winbind_open_pipe_sock(int recursing)
 {
 #ifdef HAVE_UNIXSOCKET
        static pid_t our_pid;
@@ -302,12 +302,17 @@ int winbind_open_pipe_sock(void)
                return winbindd_fd;
        }
 
+       if (recursing) {
+               return -1;
+       }
+
        if ((winbindd_fd = winbind_named_pipe_sock(WINBINDD_SOCKET_DIR)) == -1) {
                return -1;
        }
 
        /* version-check the socket */
 
+       request.flags = WBFLAG_RECURSE;
        if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
                close_sock();
                return -1;
@@ -315,6 +320,7 @@ int winbind_open_pipe_sock(void)
 
        /* try and get priv pipe */
 
+       request.flags = WBFLAG_RECURSE;
        if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
                int fd;
                if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) {
@@ -333,7 +339,7 @@ int winbind_open_pipe_sock(void)
 
 /* Write data to winbindd socket */
 
-int write_sock(void *buffer, int count)
+int write_sock(void *buffer, int count, int recursing)
 {
        int result, nwritten;
        
@@ -341,7 +347,7 @@ int write_sock(void *buffer, int count)
        
  restart:
        
-       if (winbind_open_pipe_sock() == -1) {
+       if (winbind_open_pipe_sock(recursing) == -1) {
                return -1;
        }
        
@@ -534,7 +540,7 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
 
        init_request(request, req_type);
        
-       if (write_sock(request, sizeof(*request)) == -1) {
+       if (write_sock(request, sizeof(*request), request->flags & WBFLAG_RECURSE) == -1) {
                return NSS_STATUS_UNAVAIL;
        }
        
index ec20cd78ef4ad3f8f5830d6475ff74b373162ed2..1d3d379af00d0f35b57eef58c6db7ae41b467244 100644 (file)
@@ -8,8 +8,7 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response);
 NSS_STATUS winbindd_request_response(int req_type, 
                            struct winbindd_request *request,
                            struct winbindd_response *response);
-int winbind_open_pipe_sock(void);
-int write_sock(void *buffer, int count);
+int write_sock(void *buffer, int count, int recursing);
 int read_reply(struct winbindd_response *response);
 void close_sock(void);
 void free_response(struct winbindd_response *response);
index cf0fae74a069210524ba5f1f02531d7fd440c0aa..d012811d379b4f20e7f5409ade0c608ba31d1595 100644 (file)
@@ -172,6 +172,8 @@ typedef struct winbindd_gr {
 
 /* This is a flag that can only be sent from parent to child */
 #define WBFLAG_IS_PRIVILEGED            0x0400
+/* Flag to say this is a winbindd internal send - don't recurse. */
+#define WBFLAG_RECURSE                 0x0800
 
 /* Winbind request structure */