From Elrond@Wunder-Nett.org Tue Mar 14 06:01:05 2000

Date: Mon, 13 Mar 2000 18:16:51 +0100
From: Elrond <Elrond@Wunder-Nett.org>
To: Luke Kenneth Casson Leighton <lkcl@samba.org>
Subject: netlogond: crash and ggroup membership

Hi Luke,

netlogond crashes, when my workstation tries to change its
trust-account password. I tracked this to some point and
fixed those points. Since my workstation only tries to
change the pw every 15 minutes, testing is quite
timeconsuming and I didn't yet test my last fix, that I did
in this area.

After some funny errors (most notable: root is in Domain
Admins, but I couldn't change any thing in the
network-settings), I noticed, that netlogond didn't
transmit _any_ group memberships, when I logged into the
workstation, I found this and fixed it.

Could you please take a look at the following functions:
- direct_samr_userinfo
- _net_srv_pwset

I modified both, but I'm not too sure, I did it the right
way.

[lkcl: looks good, elrond.  explains why groups didn't get set up!]

diff --git a/source/netlogond/srv_netlogon_nt.c b/source/netlogond/srv_netlogon_nt.c
index 1f33002933bbd264eb8a952d91632f1929c2f464..aaeff700380e2bfa554ac239cc059ce23be19b56 100644 (file)
--- a/source/netlogond/srv_netlogon_nt.c
+++ b/source/netlogond/srv_netlogon_nt.c
@@ -52,7 +52,15 @@ static uint32 direct_samr_userinfo(const UNISTR2 * uni_user,
        uint32 status_pwd = NT_STATUS_NOPROBLEMO;
        uint32 status_grp = NT_STATUS_NOPROBLEMO;
 
-       ZERO_STRUCTP(ctr);
+       if (ctr == NULL)
+       {
+               return NT_STATUS_INVALID_PARAMETER;
+       }
+
+       if (!set)
+       {
+               ZERO_STRUCTP(ctr);
+       }
 
        status_sam = _samr_connect(NULL, 0x02000000, &sam_pol);
        if (status_sam == NT_STATUS_NOPROBLEMO)
@@ -82,7 +90,7 @@ static uint32 direct_samr_userinfo(const UNISTR2 * uni_user,
        }
        if (status_usr == NT_STATUS_NOPROBLEMO)
        {
-               if (set && gids != NULL && num_grps != NULL)
+               if (!set && gids != NULL && num_grps != NULL)
                {
                        status_grp = _samr_query_usergroups(&usr_pol,
                                                            num_grps, gids);
@@ -93,8 +101,7 @@ static uint32 direct_samr_userinfo(const UNISTR2 * uni_user,
                }
                else
                {
-                       status_pwd =
-                               _samr_query_userinfo(&usr_pol, level, ctr);
+                       status_pwd = _samr_query_userinfo(&usr_pol, level, ctr);
                }
        }
        if (status_usr == NT_STATUS_NOPROBLEMO)
@@ -109,6 +116,11 @@ static uint32 direct_samr_userinfo(const UNISTR2 * uni_user,
                return status_pwd;
        }
 
+       if (status_usr != NT_STATUS_NOPROBLEMO)
+       {
+               return status_usr;
+       }
+
        if (status_grp != NT_STATUS_NOPROBLEMO)
        {
                return status_grp;
@@ -694,6 +706,7 @@ uint32 _net_srv_pwset(const DOM_CLNT_INFO * clnt_id,
        unsigned char hash3_pwd[16];
        uint32 status_pwd;
 
+       const UNISTR2 *uni_trust_name;
        fstring trust_name;
        struct dcinfo dc;
        const UNISTR2 *uni_samusr;
@@ -702,8 +715,8 @@ uint32 _net_srv_pwset(const DOM_CLNT_INFO * clnt_id,
 
        ZERO_STRUCT(dc);
 
-       uni_samusr = &(clnt_id->login.uni_comp_name);
-       unistr2_to_ascii(trust_name, uni_samusr, sizeof(trust_name) - 1);
+       uni_trust_name = &(clnt_id->login.uni_comp_name);
+       unistr2_to_ascii(trust_name, uni_trust_name, sizeof(trust_name) - 1);
 
        if (!cred_get(remote_pid, global_sam_name, trust_name, &dc))
        {
@@ -720,16 +733,24 @@ uint32 _net_srv_pwset(const DOM_CLNT_INFO * clnt_id,
 
        memcpy(&(dc.srv_cred), &(dc.clnt_cred), sizeof(dc.clnt_cred));
 
-       unistr2_to_ascii(trust_acct, &(clnt_id->login.uni_acct_name),
-                        sizeof(trust_acct) - 1);
+       uni_samusr = &(clnt_id->login.uni_acct_name);
+       unistr2_to_ascii(trust_acct, uni_samusr, sizeof(trust_acct) - 1);
 
        DEBUG(3, ("Server Password Set Wksta:[%s]\n", trust_acct));
 
+       /* get info for trust account */
+       ZERO_STRUCT(ctr);
        become_root(True);
        status_pwd = direct_samr_userinfo(uni_samusr, 0x12, &ctr,
                                          NULL, NULL, False);
        unbecome_root(True);
 
+       if (status_pwd != NT_STATUS_NOPROBLEMO)
+       {
+               free_samr_userinfo_ctr(&ctr);
+               return status_pwd;
+       }
+
        acb_info = ctr.info.id12->acb_info;
 
        if (IS_BITS_SET_SOME
@@ -770,12 +791,6 @@ uint32 _net_srv_pwset(const DOM_CLNT_INFO * clnt_id,
                }
        }
 
-       if (status_pwd != NT_STATUS_NOPROBLEMO)
-       {
-               free_samr_userinfo_ctr(&ctr);
-               return status_pwd;
-       }
-
        /* Some debug output, needed an iterater variable */
        {
                int i;