From 2f6476817051bf89028d78aa8d520f3087f6cbd2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 2 Nov 2011 10:55:27 +0100 Subject: [PATCH 1/3] libcli/auth: debug the given computer name creds might be NULL metze --- libcli/auth/schannel_state_tdb.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 7ec8b3f..12c1c5b 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -193,7 +193,7 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, if (schannel_required_for_call && !schannel_in_use) { DEBUG(0,("schannel_creds_server_step_check_tdb: " "client %s not using schannel for netlogon, despite negotiating it\n", - creds->computer_name )); + computer_name)); tdb_transaction_cancel(tdb); return NT_STATUS_ACCESS_DENIED; } -- 1.7.4.1 From ff35bd666fcef5f1d277079488c3241261cf2cac Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 2 Nov 2011 10:57:09 +0100 Subject: [PATCH 2/3] libcli/auth: only expose creds to the caller on success metze --- libcli/auth/schannel_state_tdb.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-) diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index 12c1c5b..eded80f 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -169,7 +169,7 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, struct netr_Authenticator *return_authenticator, struct netlogon_creds_CredentialState **creds_out) { - struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState *creds = NULL; NTSTATUS status; int ret; @@ -194,6 +194,7 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, DEBUG(0,("schannel_creds_server_step_check_tdb: " "client %s not using schannel for netlogon, despite negotiating it\n", computer_name)); + TALLOC_FREE(creds); tdb_transaction_cancel(tdb); return NT_STATUS_ACCESS_DENIED; } @@ -211,12 +212,12 @@ NTSTATUS schannel_creds_server_step_check_tdb(struct tdb_context *tdb, if (NT_STATUS_IS_OK(status)) { tdb_transaction_commit(tdb); if (creds_out) { - *creds_out = creds; - talloc_steal(mem_ctx, creds); + *creds_out = talloc_move(mem_ctx, &creds); } } else { tdb_transaction_cancel(tdb); } + TALLOC_FREE(creds); return status; } -- 1.7.4.1 From dcefc0ed7e9d90c1747be9c19facd7e2aa3e45da Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 2 Nov 2011 10:58:26 +0100 Subject: [PATCH 3/3] s3:rpc_server/srv_netlogon: make sure we don't use an unitialized variable metze --- source3/rpc_server/srv_netlog_nt.c | 12 ++++++++++-- 1 files changed, 10 insertions(+), 2 deletions(-) diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 1ebe361..972d902 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -977,7 +977,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, struct netr_ServerPasswordSet2 *r) { NTSTATUS status; - struct netlogon_creds_CredentialState *creds; + struct netlogon_creds_CredentialState *creds = NULL; struct samu *sampass; DATA_BLOB plaintext; struct samr_CryptPassword password_buf; @@ -992,9 +992,15 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, unbecome_root(); if (!NT_STATUS_IS_OK(status)) { + const char *computer_name = ""; + + if (creds && creds->computer_name) { + computer_name = creds->computer_name; + } + DEBUG(2,("_netr_ServerPasswordSet2: netlogon_creds_server_step " "failed. Rejecting auth request from client %s machine account %s\n", - r->in.computer_name, creds->computer_name)); + r->in.computer_name, computer_name)); TALLOC_FREE(creds); return status; } @@ -1004,6 +1010,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, netlogon_creds_arcfour_crypt(creds, password_buf.data, 516); if (!extract_pw_from_buffer(p->mem_ctx, password_buf.data, &plaintext)) { + TALLOC_FREE(creds); return NT_STATUS_WRONG_PASSWORD; } @@ -1012,6 +1019,7 @@ NTSTATUS _netr_ServerPasswordSet2(pipes_struct *p, status = netr_find_machine_account(p->mem_ctx, creds->account_name, &sampass); + TALLOC_FREE(creds); if (!NT_STATUS_IS_OK(status)) { return status; } -- 1.7.4.1