95 lines
2.9 KiB
Diff
95 lines
2.9 KiB
Diff
From a3cca16fac5d834f2f29e1daa31ced38938fada9 Mon Sep 17 00:00:00 2001
|
|
From: Stefan Metzmacher <metze@samba.org>
|
|
Date: Fri, 11 Sep 2020 12:52:40 +0200
|
|
Subject: [PATCH 013/266] CVE-2020-25717 wb_sids2xids: call
|
|
wb_parent_idmap_setup_send/recv as the first step
|
|
|
|
This isn't really used yet, but it will in the next commits.
|
|
|
|
Also idmap_child_handle() will soon assert that
|
|
wb_parent_idmap_setup_send/recv() was called before it's used.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
|
|
|
|
(cherry picked from commit d42aaeba6e0820acd17f204ff7ab6d1aede1b303)
|
|
|
|
Conflict:NA
|
|
Reference:https://gitlab.com/samba-team/samba/-/commit/a3cca16fac5d834f2f29e1daa31ced38938fada9
|
|
---
|
|
source3/winbindd/wb_sids2xids.c | 34 +++++++++++++++++++++++++++++----
|
|
1 file changed, 30 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/source3/winbindd/wb_sids2xids.c b/source3/winbindd/wb_sids2xids.c
|
|
index b47856520ea..59f6ba5891e 100644
|
|
--- a/source3/winbindd/wb_sids2xids.c
|
|
+++ b/source3/winbindd/wb_sids2xids.c
|
|
@@ -29,6 +29,8 @@
|
|
struct wb_sids2xids_state {
|
|
struct tevent_context *ev;
|
|
|
|
+ const struct wb_parent_idmap_config *cfg;
|
|
+
|
|
struct dom_sid *sids;
|
|
uint32_t num_sids;
|
|
|
|
@@ -58,7 +60,7 @@ struct wb_sids2xids_state {
|
|
struct wbint_TransIDArray ids;
|
|
};
|
|
|
|
-
|
|
+static void wb_sids2xids_idmap_setup_done(struct tevent_req *subreq);
|
|
static bool wb_sids2xids_in_cache(struct dom_sid *sid, struct id_map *map);
|
|
static void wb_sids2xids_lookupsids_done(struct tevent_req *subreq);
|
|
static void wb_sids2xids_done(struct tevent_req *subreq);
|
|
@@ -126,15 +128,39 @@ struct tevent_req *wb_sids2xids_send(TALLOC_CTX *mem_ctx,
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
|
|
- subreq = wb_lookupsids_send(state, ev, state->non_cached,
|
|
- state->num_non_cached);
|
|
+ subreq = wb_parent_idmap_setup_send(state, state->ev);
|
|
if (tevent_req_nomem(subreq, req)) {
|
|
return tevent_req_post(req, ev);
|
|
}
|
|
- tevent_req_set_callback(subreq, wb_sids2xids_lookupsids_done, req);
|
|
+ tevent_req_set_callback(subreq, wb_sids2xids_idmap_setup_done, req);
|
|
return req;
|
|
}
|
|
|
|
+static void wb_sids2xids_idmap_setup_done(struct tevent_req *subreq)
|
|
+{
|
|
+ struct tevent_req *req = tevent_req_callback_data(
|
|
+ subreq, struct tevent_req);
|
|
+ struct wb_sids2xids_state *state = tevent_req_data(
|
|
+ req, struct wb_sids2xids_state);
|
|
+ NTSTATUS status;
|
|
+
|
|
+ status = wb_parent_idmap_setup_recv(subreq, &state->cfg);
|
|
+ TALLOC_FREE(subreq);
|
|
+ if (tevent_req_nterror(req, status)) {
|
|
+ return;
|
|
+ }
|
|
+ SMB_ASSERT(state->cfg->num_doms > 0);
|
|
+
|
|
+ subreq = wb_lookupsids_send(state,
|
|
+ state->ev,
|
|
+ state->non_cached,
|
|
+ state->num_non_cached);
|
|
+ if (tevent_req_nomem(subreq, req)) {
|
|
+ return;
|
|
+ }
|
|
+ tevent_req_set_callback(subreq, wb_sids2xids_lookupsids_done, req);
|
|
+}
|
|
+
|
|
static bool wb_sids2xids_in_cache(struct dom_sid *sid, struct id_map *map)
|
|
{
|
|
struct unixid id;
|
|
--
|
|
2.23.0
|
|
|