From 57d306d22e1027149c20029118f3c39e70e8a8a5 Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Tue, 9 Jul 2013 02:20:38 -0700 Subject: [PATCH] Bug: 9918 When creating the netlogon connection always set the credential Even if the connection don't support schannel we must set the credential otherwise when we will try to use them it will be segfault. Connection from winbindd process connected to the non primary domain (ie. that is to say all the domain but the one where samba joined) do not use schannel and are therefore affected by this. Any user on the same box where winbindd is running can crash the server by running wbinfo --krb5auth=SUBDOMAIN\foo, only SUBDOMAIN has to be valid any non existing users (ie. foo) will cause winbindd to crash. I have no idea what you could gain from the crash at least it's a local DOS at worst you can maybe gain root access. Found-by: Ravindra Channabasapa Signed-off-by: Matthieu Patou --- source3/winbindd/winbindd_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index edb2c7bac4..d7111da62c 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -2782,6 +2782,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, neg_flags |= NETLOGON_NEG_SCHANNEL; } + no_schannel: if (!get_trust_pw_hash(domain->name, mach_pwd, &account_name, &sec_chan_type)) { @@ -2811,7 +2812,6 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain, return NT_STATUS_ACCESS_DENIED; } - no_schannel: if ((lp_client_schannel() == False) || ((neg_flags & NETLOGON_NEG_SCHANNEL) == 0)) { /* -- 2.34.1