From eb093c5d2ac77889215356ffabb915861cd4e9d5 Mon Sep 17 00:00:00 2001 From: Amit Kumar Date: Fri, 31 May 2019 18:57:52 +0530 Subject: [PATCH] s3:winbind: Don't abort when receiving a NULL SID Source code in winbind_rpc.c states that if the trusted domain has no SID, winbindd just aborts the session. This happens with MIT Kerberos realm added as trust to AD and winbindd just returns without processing further as there is no SID returned for the Linux system having kerberos support. This fix makes winbindd to skip the domain having NULL SID instead of aborting the request completely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13913 Signed-off-by: Amit Kumar Reviewed-by: Andreas Schneider Reviewed-by: Guenther Deschner Reviewed-by: Ralph Boehme --- source3/winbindd/winbindd_rpc.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index ffbaabcfe49..793ebe0df56 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -952,26 +952,24 @@ NTSTATUS rpc_trusted_domains(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } + if (dom_list_ex.domains[i].sid == NULL) { + DBG_ERR("Trusted domain %s has no SID, " + "skipping!\n", + trust->dns_name); + continue; + } + if (has_ex) { trust->netbios_name = talloc_move(array, &dom_list_ex.domains[i].netbios_name.string); trust->dns_name = talloc_move(array, &dom_list_ex.domains[i].domain_name.string); - if (dom_list_ex.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->dns_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } sid_copy(sid, dom_list_ex.domains[i].sid); } else { trust->netbios_name = talloc_move(array, &dom_list.domains[i].name.string); trust->dns_name = NULL; - if (dom_list.domains[i].sid == NULL) { - DEBUG(0, ("Trusted Domain %s has no SID, aborting!\n", trust->netbios_name)); - return NT_STATUS_INVALID_NETWORK_RESPONSE; - } - sid_copy(sid, dom_list.domains[i].sid); } -- 2.47.3