packages/samba
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
samba/backport-0004-CVE-2020-25717-winbindd-defer-the-setup_child-from-i.patch
haochenstar 8378df4821 fix CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2016-2124,CVE-2021-3738 
(cherry picked from commit aee849c6c0708056f62f6445e3b5274d1cec6408)
2022-01-19 11:41:35 +08:00

97 lines
2.8 KiB
Diff
Raw Blame History

From 3812930e641d10d1ead10b52ddc7240dd585d0f6 Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Fri, 11 Sep 2020 15:42:42 +0200
Subject: [PATCH 016/266] CVE-2020-25717 winbindd: defer the setup_child() from
init_idmap_child()
At startup we trigger a wb_parent_idmap_setup_send() and make
sure setup_child() is called just before wb_parent_idmap_setup_recv()
finished.
This makes sure our view of the idmap config in the parent matches
what we have in the child.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14539
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
(cherry picked from commit 28e020c0a863411cfa95e3b1ed943d922b8635bd)
---
source3/winbindd/winbindd_idmap.c | 45 ++++++++++++++++++++++++++++---
1 file changed, 42 insertions(+), 3 deletions(-)
Conflict:NA
Reference:https://git.samba.org/samba.git/?p=samba.git;a=patch;h=3812930e641d10d1ead10b52ddc7240dd585d0f6
diff --git a/source3/winbindd/winbindd_idmap.c b/source3/winbindd/winbindd_idmap.c
index 14836e3b8a0..3e2461478a9 100644
--- a/source3/winbindd/winbindd_idmap.c
+++ b/source3/winbindd/winbindd_idmap.c
@@ -81,11 +81,44 @@ static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = {
}
};
+static void init_idmap_child_done(struct tevent_req *subreq);
+
void init_idmap_child(void)
{
- setup_child(NULL, &static_idmap_child,
- idmap_dispatch_table,
- "log.winbindd", "idmap");
+ struct tevent_req *subreq = NULL;
+
+ subreq = wb_parent_idmap_setup_send(global_event_context(),
+ global_event_context());
+ if (subreq == NULL) {
+ /*
+ * This is only an optimization, so we're free to
+ * to ignore errors
+ */
+ DBG_ERR("wb_parent_idmap_setup_send() failed\n");
+ return;
+ }
+ tevent_req_set_callback(subreq, init_idmap_child_done, NULL);
+ DBG_DEBUG("wb_parent_idmap_setup_send() started\n");
+}
+
+static void init_idmap_child_done(struct tevent_req *subreq)
+{
+ const struct wb_parent_idmap_config *cfg = NULL;
+ NTSTATUS status;
+
+ status = wb_parent_idmap_setup_recv(subreq, &cfg);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ /*
+ * This is only an optimization, so we're free to
+ * to ignore errors
+ */
+ DBG_ERR("wb_parent_idmap_setup_recv() failed %s\n",
+ nt_errstr(status));
+ return;
+ }
+
+ DBG_DEBUG("wb_parent_idmap_setup_recv() finished\n");
}
struct wb_parent_idmap_setup_state {
@@ -306,6 +339,12 @@ static void wb_parent_idmap_setup_lookupname_next(struct tevent_req *req)
next_domain:
if (state->dom_idx == state->cfg->num_doms) {
+ /*
+ * We're done, so start the idmap child
+ */
+ setup_child(NULL, &static_idmap_child,
+ idmap_dispatch_table,
+ "log.winbindd", "idmap");
tevent_req_done(req);
return;
}
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink