Bug 11882 - samba-tool demote fails (BAD_NC) due to PIDL string handling in python bindings
samba-tool demote fails (BAD_NC) due to PIDL string handling in python bindings
Product: Samba 4.1 and newer
Classification: Unclassified
All All
: P5 normal
: ---
Assigned To: Andrew Bartlett
Samba QA Contact
Depends on:
Blocks: 10734 11818
  Show dependency treegraph
Reported: 2016-04-29 22:25 UTC by Andrew Bartlett
Modified: 2016-07-30 02:06 UTC (History)
4 users (show)

See Also:

WIP patch for master (5.32 KB, patch)
2016-04-29 22:28 UTC, Andrew Bartlett
no flags Details
Correction of patch 0001-samba-tool-domain-demote-Fix-error-handling-and-erro.bin (2.05 KB, patch)
2016-07-08 13:27 UTC, glorang
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2016-04-29 22:25:25 UTC
Our python bindings do not maintain a reference to the memory used by the strings that we assign to the underlying C structures.

That allows the structures to point to memory in a use-after-free situation, if python chooses to GC those strings and re-use the memory.
Comment 1 Andrew Bartlett 2016-04-29 22:28:16 UTC
Created attachment 12049 [details]
WIP patch for master

This attached patch should fix the issue.  We need to add tests before this hits master.
Comment 2 Miguel Medalha 2016-05-07 17:15:54 UTC
After applying this patch to 4.4.2 I was able to successfully demote an AD DC. Before the patch all demotion attempts failed.
Comment 3 Andrew Bartlett 2016-05-07 19:53:56 UTC
Patches for the talloc string handling have been written, so this will be merged with some other DRS patches shortly.
Comment 4 Ricardo Pardim Claus 2016-07-01 17:56:12 UTC
I have the same problem, but in version 4.4.4.
Could someone confirm me if there is a patch for Samba 4.4.4?
Comment 5 glorang 2016-07-08 13:27:35 UTC
Created attachment 12264 [details]
Correction of patch 0001-samba-tool-domain-demote-Fix-error-handling-and-erro.bin

Attached patch fixes demotion with 4.4.4. It seems the patch 0001-samba-tool-domain-demote-Fix-error-handling-and-erro.bin from https://lists.samba.org/archive/samba-technical/2016-April/113572.html is incomplete as there is second reference to "e".

The addition of "logger" in "remove_dc.remove_sysvol_references" was taken from upstream.

With this patch the demotion is successful, though all DNS entries still exist, not sure if this should happen?
Comment 6 Enrico Manzini 2016-07-27 15:06:58 UTC
Hi, sorry for ignorance, but how can i apply this Patches?
Comment 7 Andrew Bartlett 2016-07-29 02:43:05 UTC
Fixed in f6c79072ca50e05a68b73a80a0ebd635a9bac068 in Samba 4.5rc1