s3:libads: avoid changing ADS->server.workgroup

ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().

The result are corrupted domain values in the debug output.

Valgrind shows this:

 Invalid read of size 1
    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
    by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
    by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
    by 0x5D2ED3F: dbgtext (debug.c:1881)
    by 0x4BFFB50: ads_find_dc (ldap.c:570)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4BFF0AF: ads_try_connect (ldap.c:299)
    by 0x4BFF40E: cldap_ping_list (ldap.c:367)
    by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
    by 0x4BFFA91: ads_find_dc (ldap.c:556)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Block was alloc'd at
    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x60B250E: strdup (strdup.c:42)
    by 0x4FF1492: smb_xstrdup (util.c:743)
    by 0x4C10E62: ads_init (ads_struct.c:148)
    by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index ff67ad28a2a92e72735b5b02cdb7ac4b2dfa1b37..4d4afb279c8c56ebc9e20e654a7b759990ef20f5 100644 (file)
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -280,12 +280,12 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 
        /* Fill in the ads->config values */
 
+       ADS_TALLOC_CONST_FREE(ads->config.workgroup);
        ADS_TALLOC_CONST_FREE(ads->config.realm);
        ADS_TALLOC_CONST_FREE(ads->config.bind_path);
        ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name);
        ADS_TALLOC_CONST_FREE(ads->config.server_site_name);
        ADS_TALLOC_CONST_FREE(ads->config.client_site_name);
-       ADS_TALLOC_CONST_FREE(ads->server.workgroup);
 
        if (!check_cldap_reply_required_flags(cldap_reply->server_type,
                                              ads->config.flags)) {
@@ -301,6 +301,13 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
                goto out;
        }
 
+       ads->config.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
+       if (ads->config.workgroup == NULL) {
+               DBG_WARNING("Out of memory\n");
+               ret = false;
+               goto out;
+       }
+
        ads->config.realm = talloc_asprintf_strupper_m(ads,
                                                       "%s",
                                                       cldap_reply->dns_domain);
@@ -339,13 +346,6 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
                }
        }
 
-       ads->server.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
-       if (ads->server.workgroup == NULL) {
-               DBG_WARNING("Out of memory\n");
-               ret = false;
-               goto out;
-       }
-
        ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
        ads->ldap.ss = *ss;
 

diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index 4f3a387556a6c7a15b6cf338ac90d47cadfed1ef..d10e5b4dc77e8b5b6b2eebc364a534fb3d85a6bf 100644 (file)
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -59,6 +59,7 @@ interface ads
 
        typedef [nopull,nopush] struct {
                nbt_server_type flags; /* cldap flags identifying the services. */
+               string workgroup;
                string realm;
                string bind_path;
                string ldap_server_name;

diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index d95a20974162c1314419061746389991ebe79f14..43fa0261ad9b65539fb8fe51edfecc357997611d 100644 (file)
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -521,6 +521,11 @@ static int net_ads_info_json(ADS_STRUCT *ads)
                goto failure;
        }
 
+       ret = json_add_string (&jsobj, "Workgroup", ads->config.workgroup);
+       if (ret != 0) {
+               goto failure;
+       }
+
        ret = json_add_string (&jsobj, "Realm", ads->config.realm);
        if (ret != 0) {
                goto failure;
@@ -627,6 +632,7 @@ static int net_ads_info(struct net_context *c, int argc, const char **argv)
 
        d_printf(_("LDAP server: %s\n"), addr);
        d_printf(_("LDAP server name: %s\n"), ads->config.ldap_server_name);
+       d_printf(_("Workgroup: %s\n"), ads->config.workgroup);
        d_printf(_("Realm: %s\n"), ads->config.realm);
        d_printf(_("Bind Path: %s\n"), ads->config.bind_path);
        d_printf(_("LDAP port: %d\n"), ads->ldap.port);