Setting idmap_ad schema mode to "SFU" when the Domain lacks SFU extensions can cause crash. WIP fix is here: https://gitlab.com/samba-team/devel/samba/-/commits/anodos325-idmap-ad-rfc2307-fallback Basic idea is that we should fall back to rfc2307 schema mode if get_posix_schema_names() fails to look up one of the schema names, and log an error message. Backtrace as follows: (gdb) bt #0 0x00000008115c3a7a in thr_kill () from /lib/libc.so.7 #1 0x00000008115c3a44 in __raise (s=6) at /truenas-releng/freenas/_BE/os/lib/libc/gen/raise.c:52 #2 0x00000008115c39b9 in abort () at /truenas-releng/freenas/_BE/os/lib/libc/stdlib/abort.c:65 #3 0x000000080634a49c in dump_core () at ../../source3/lib/dumpcore.c:338 #4 0x000000080633ab9b in smb_panic_s3 (why=<optimized out>) at ../../source3/lib/util.c:847 #5 0x0000000802d86f47 in smb_panic (why=0x191fc <error: Cannot access memory at address 0x191fc>) at ../../lib/util/fault.c:174 #6 0x0000000802d8732e in fault_report (sig=11) at ../../lib/util/fault.c:88 #7 0x0000000802d86f29 in sig_fault (sig=102908) at ../../lib/util/fault.c:99 #8 0x0000000810ed2cf0 in handle_signal (actp=0x7fffffffbc00, sig=11, info=0x7fffffffbff0, ucp=0x7fffffffbc80) at /truenas-releng/freenas/_BE/os/lib/libthr/thread/thr_sig.c:246 #9 0x0000000810ed22bf in thr_sighandler (sig=11, info=0x7fffffffbff0, _ucp=0x7fffffffbc80) at /truenas-releng/freenas/_BE/os/lib/libthr/thread/thr_sig.c:189 #10 <signal handler called> #11 strlen (str=0x0) at /truenas-releng/freenas/_BE/os/lib/libc/string/strlen.c:100 #12 0x000000081400eebc in tldap_search_send (mem_ctx=<optimized out>, ev=0x813c56e20, ld=0x813c4da60, base=<optimized out>, scope=<optimized out>, filter=0x4 <error: Cannot access memory at address 0x4>, attrs=0x7fffffffcc50, num_attrs=4, attrsonly=0, sctrls=0x0, num_sctrls=0, cctrls=<optimized out>, num_cctrls=<optimized out>, timelimit=0, sizelimit=0, deref=0) at ../../source3/lib/tldap.c:1791 #13 0x000000081400f680 in tldap_search_all_send (mem_ctx=0x813c216c0, ev=0x813c56e20, ld=0x813c4da60, base=0x813c4d8e0 "DC=ixsupport,DC=internal", scope=2, filter=0x813c5bc60 "(&(|(sAMAccountType=805306368)(sAMAccountType=805306369)(sAMAccountType=805306370)(sAMAccountType=268435456)(sAMAccountType=536870912))(|(objectSid=\\01\\05\\00\\00\\00\\00\\00\\05\\15\\00\\00\\00\\99\\8B=\\ED\\1BS\\0"..., attrs=0x7fffffffcc50, num_attrs=4, attrsonly=<optimized out>, sctrls=<optimized out>, num_sctrls=<optimized out>, cctrls=<optimized out>, num_cctrls=<optimized out>, timelimit=<optimized out>, sizelimit=<optimized out>, deref=<optimized out>) at ../../source3/lib/tldap.c:1898 #14 tldap_search (ld=<optimized out>, base=0x813c4d8e0 "DC=ixsupport,DC=internal", scope=2, filter=<optimized out>, attrs=0x7fffffffcc50, num_attrs=4, attrsonly=0, sctrls=0x0, num_sctrls=0, cctrls=0x0, num_cctrls=0, timelimit=0, sizelimit=0, deref=0, mem_ctx=0x813c21840, pmsgs=0x7fffffffcb38) at ../../source3/lib/tldap.c:1991 #15 0x00000008140171fe in idmap_ad_sids_to_unixids (dom=<optimized out>, ids=<optimized out>) at ../../source3/winbindd/idmap_ad.c:830 #16 0x0000000814015242 in idmap_ad_sids_to_unixids_retry (dom=0x813c4faa0, ids=0x813c47f90) at ../../source3/winbindd/idmap_ad.c:952 #17 0x000000000108805f in _wbint_Sids2UnixIDs (p=<optimized out>, r=<optimized out>) at ../../source3/winbindd/winbindd_dual_srv.c:209 #18 0x00000000010ce052 in api_wbint_Sids2UnixIDs (p=0x7fffffffce40) at librpc/gen_ndr/srv_winbind.c:391 #19 0x00000000010872ea in winbindd_dual_ndrcmd (domain=<optimized out>, state=0x7fffffffe8e8) at ../../source3/winbindd/winbindd_dual_ndr.c:369 #20 0x0000000001086855 in child_process_request (child=<optimized out>, state=0x7fffffffe8e8) at ../../source3/winbindd/winbindd_dual.c:748 #21 child_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=0x7fffffffe8e0) at ../../source3/winbindd/winbindd_dual.c:1655 #22 0x00000008036167ed in tevent_common_invoke_fd_handler (fde=0x813c4f3a0, flags=<optimized out>, removed=0x0) at ../../lib/tevent/tevent_fd.c:138 #23 0x00000008036195e4 in poll_event_loop_poll (ev=0x813c56060, tvalp=<optimized out>) at ../../lib/tevent/tevent_poll.c:569 #24 poll_event_loop_once (ev=0x813c56060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:626 #25 0x0000000803615a11 in _tevent_loop_once (ev=0x813c56060, location=0x10f1b92 "../../source3/winbindd/winbindd_dual.c:1870") at ../../lib/tevent/tevent.c:772 #26 0x000000000108357b in fork_domain_child (child=0x13364d8 <static_idmap_child>) at ../../source3/winbindd/winbindd_dual.c:1870 #27 wb_child_request_waited (subreq=<optimized out>) at ../../source3/winbindd/winbindd_dual.c:241 #28 0x0000000803616c57 in tevent_common_invoke_immediate_handler (im=0x813c4cfe0, removed=0x0) at ../../lib/tevent/tevent_immediate.c:166 #29 0x0000000803616cb4 in tevent_common_loop_immediate (ev=<optimized out>) at ../../lib/tevent/tevent_immediate.c:203 #30 0x0000000803618eca in poll_event_loop_once (ev=0x813c56060, location=<optimized out>) at ../../lib/tevent/tevent_poll.c:617 #31 0x0000000803615a11 in _tevent_loop_once (ev=0x813c56060, location=0x10dcb20 "../../source3/winbindd/winbindd.c:1912") at ../../lib/tevent/tevent.c:772 #32 0x000000000105382b in main (argc=<optimized out>, argv=<optimized out>) at ../../source3/winbindd/winbindd.c:1912 struct idmap_ad_schema_names had NULL for uid, gid, gecos, etc. (gdb) frame 15 #15 0x00000008140171fe in idmap_ad_sids_to_unixids (dom=<optimized out>, ids=<optimized out>) at ../../source3/winbindd/idmap_ad.c:830 830 rc = tldap_search(ctx->ld, ctx->default_nc, TLDAP_SCOPE_SUB, filter, (gdb) p *ctx.schema $4 = {name = 0x813cf4000 "msSFU30Name", uid = 0x0, gid = 0x0, gecos = 0x0, dir = 0x0, shell = 0x0} (gdb) p ctx.schema $5 = (struct idmap_ad_schema_names *) 0x813cf3e20 But things went south here: (gdb) frame 12 #12 0x000000081400eebc in tldap_search_send (mem_ctx=<optimized out>, ev=0x813c56e20, ld=0x813c4da60, base=<optimized out>, scope=<optimized out>, filter=0x4 <error: Cannot access memory at address 0x4>, attrs=0x7fffffffcc50, num_attrs=4, attrsonly=0, sctrls=0x0, num_sctrls=0, cctrls=<optimized out>, num_cctrls=<optimized out>, timelimit=0, sizelimit=0, deref=0) at ../../source3/lib/tldap.c:1791 warning: Source file is more recent than executable. 1791 if (!asn1_write_OctetString(state->out, attrs[i], strlen(attrs[i]))) goto encoding_error; (gdb) p attrs[0] $6 = 0x81401ac7e "sAMAccountType" (gdb) p attrs[1] $7 = 0x81401ac8d "objectSid" (gdb) p attrs[2] $8 = 0x0
Oh, good catch, thanks! Proposed change looks reasonable.
Created attachment 16110 [details] Patch for 4.11 and 4.12 cherry-picked from master
(In reply to Ralph Böhme from comment #2) Pushed to autobuild-v4-{12,11}-test.
(In reply to Karolin Seeger from comment #3) Pushed to both branches. Closing out bug report. Thanks!