Bug 10107 - winbind on DC with trusted AD domains crashes
Summary: winbind on DC with trusted AD domains crashes
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.1.0rc2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks: 9306
  Show dependency treegraph
 
Reported: 2013-08-22 15:29 UTC by Guenther Deschner
Modified: 2013-09-02 07:39 UTC (History)
3 users (show)

See Also:


Attachments
patchset for master (5.48 KB, patch)
2013-08-23 14:01 UTC, Guenther Deschner
metze: review-
Details
revised patchset for master (8.72 KB, patch)
2013-08-29 13:40 UTC, Guenther Deschner
obnox: review-
Details
updated patchset for master with review and 1 additional segfault protection (10.40 KB, patch)
2013-08-29 14:46 UTC, Michael Adam
gd: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Guenther Deschner 2013-08-22 15:29:24 UTC
When winbind is run on a DC and it has trust relationships to AD domains it crashes on a NULL pointer derreference. Patches to follow.
Comment 1 Guenther Deschner 2013-08-23 14:01:44 UTC
Created attachment 9158 [details]
patchset for master
Comment 2 Guenther Deschner 2013-08-23 14:15:13 UTC
Please note that this patchset restores behaviour we still have in 4.0.x. The patches became necessary after the refactoring of the ads cached connection code was done in master and 4.1. Without the patches and when run on a DC, winbind immediately crashes when trying to bring up an LDAP connection to a trusted AD DC. Not good :)
Comment 3 Stefan Metzmacher 2013-08-27 14:16:34 UTC
Comment on attachment 9158 [details]
patchset for master

I think we should not use
pdb_get_trusteddom_pw() and
secrets_fetch_machine_password() directly.

get_trust_pw_clear() should be used instead.
Comment 4 Karolin Seeger 2013-08-28 07:34:52 UTC
Günther, can you provide an updated patch or comment on Metze's reply, please?
This is a blocker for 4.1.0.
The release branch will be frozen in one week.
Comment 5 Michael Adam 2013-08-28 07:38:28 UTC
we first need to get it into master, btw.
Comment 6 Guenther Deschner 2013-08-29 13:40:02 UTC
Created attachment 9172 [details]
revised patchset for master
Comment 7 Michael Adam 2013-08-29 14:44:45 UTC
Comment on attachment 9172 [details]
revised patchset for master

last patch needs to be split up.
Comment 8 Michael Adam 2013-08-29 14:46:22 UTC
Created attachment 9173 [details]
updated patchset for master with review and 1 additional segfault protection

Updated patchset for master
Comment 9 Guenther Deschner 2013-08-29 14:53:11 UTC
Comment on attachment 9173 [details]
updated patchset for master with review and 1 additional segfault protection

looks great, thanks.
Comment 10 Guenther Deschner 2013-08-29 18:13:41 UTC
Same patchset also applies to 4.1, Karolin please add this patchset.
Comment 11 Karolin Seeger 2013-08-30 08:21:40 UTC
Pushed to autobuild-v4-1-test.
Comment 12 Karolin Seeger 2013-09-02 07:39:41 UTC
Pushed to v4-1-test.
Closing out bug report.

Thanks!