From: Samuel Cabrero Date: Wed, 13 Apr 2022 09:31:45 +0000 (+0200) Subject: s3:winbind: Do not use domain's private data to store the ADS_STRUCT X-Git-Tag: talloc-2.3.4~385 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3cb256439e9ceece26c2de82293c43486543e0cb;p=thirdparty%2Fsamba.git s3:winbind: Do not use domain's private data to store the ADS_STRUCT The ADS_STRUCT is not allocated using talloc and there are many places casting this pointer directly so use a typed pointer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046 Signed-off-by: Samuel Cabrero Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider --- diff --git a/source3/winbindd/winbindd.h b/source3/winbindd/winbindd.h index 762844502e5..3cc88367b90 100644 --- a/source3/winbindd/winbindd.h +++ b/source3/winbindd/winbindd.h @@ -44,6 +44,7 @@ #define WB_REPLACE_CHAR '_' struct winbind_internal_pipes; +struct ads_struct; struct winbindd_cli_state { struct winbindd_cli_state *prev, *next; /* Linked list pointers */ @@ -161,6 +162,7 @@ struct winbindd_domain { struct { struct winbind_internal_pipes *samr_pipes; + struct ads_struct *ads_conn; } backend_data; /* A working DC */ diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 6f01ef6e334..d350f160223 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -269,10 +269,10 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) } DEBUG(10,("ads_cached_connection\n")); - ads_cached_connection_reuse((ADS_STRUCT **)&domain->private_data); + ads_cached_connection_reuse(&domain->backend_data.ads_conn); - if (domain->private_data) { - return (ADS_STRUCT *)domain->private_data; + if (domain->backend_data.ads_conn != NULL) { + return domain->backend_data.ads_conn; } /* the machine acct password might have change - fetch it every time */ @@ -303,7 +303,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) } status = ads_cached_connection_connect( - (ADS_STRUCT **)&domain->private_data, + &domain->backend_data.ads_conn, domain->alt_name, domain->name, NULL, password, realm, @@ -322,7 +322,7 @@ static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain) return NULL; } - return (ADS_STRUCT *)domain->private_data; + return domain->backend_data.ads_conn; } /* Query display info for a realm. This is the basic user list fn */ diff --git a/source3/winbindd/winbindd_ndr.c b/source3/winbindd/winbindd_ndr.c index 36901776b98..94ce9d73747 100644 --- a/source3/winbindd/winbindd_ndr.c +++ b/source3/winbindd/winbindd_ndr.c @@ -147,6 +147,9 @@ void ndr_print_winbindd_domain(struct ndr_print *ndr, ndr_print_ptr(ndr, "backend_data.samr_pipes", r->backend_data.samr_pipes); + ndr_print_ptr(ndr, + "backend_data.ads_conn", + r->backend_data.ads_conn); ndr_print_string(ndr, "dcname", r->dcname); ndr_print_sockaddr_storage(ndr, "dcaddr", &r->dcaddr); ndr_print_time_t(ndr, "last_seq_check", r->last_seq_check); diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 418166af657..78bc6c932f3 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -748,7 +748,6 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, fstring name_namespace, name_domain, name_user; time_t ticket_lifetime = 0; time_t renewal_until = 0; - ADS_STRUCT *ads; time_t time_offset = 0; const char *user_ccache_file; struct PAC_LOGON_INFO *logon_info = NULL; @@ -791,9 +790,8 @@ static NTSTATUS winbindd_raw_kerberos_login(TALLOC_CTX *mem_ctx, /* 2nd step: * get kerberos properties */ - if (domain->private_data) { - ads = (ADS_STRUCT *)domain->private_data; - time_offset = ads->auth.time_offset; + if (domain->backend_data.ads_conn != NULL) { + time_offset = domain->backend_data.ads_conn->auth.time_offset; }