Bug 14691 - selftest/skip claims incorrectly that unixinfo pipe contains getpwuid() call which can hang via nss_winbindd on an AD DC
Summary: selftest/skip claims incorrectly that unixinfo pipe contains getpwuid() call ...
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.14.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-04-19 08:43 UTC by Andrew Bartlett
Modified: 2021-08-31 01:36 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrew Bartlett 2021-04-19 08:43:26 UTC
This has been long documented as:

selftest/skip:^samba4.rpc.unixinfo # This contains a server-side getpwuid call which hangs the server when nss_winbindd is in use

I see no reason why this wouldn't be the case in production either.

The unixinfo pipe should just be removed.

CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)
Comment 1 Volker Lendecke 2021-08-24 07:16:50 UTC
At the time the unixinfo pipe went in the idea was to create basically a replacement for nss_ldap or NIS for nsswitch using winbind against a Samba DC, even a classic one would have done it. Unfortunately that never materialized, but I still like the idea.
Comment 2 Andrew Bartlett 2021-08-26 04:34:49 UTC
The selftest comment appears to be in error.  Removing embargo and submitting a patch to remove the selftest skip entry.
Comment 3 Andrew Bartlett 2021-08-26 04:43:50 UTC
(In reply to Volker Lendecke from comment #1)
Yeah, it was and (contrary to my earlier dismissive comment) is still a good idea, needing someone to champion.  We should make Samba the best AD DC for Samba, not just a windows look-a-like.

I'm glad it isn't actually a problem for now, which gives everyone some time.

What do you think we should do in the meantime?  We could make it only operate in a selftest build, to reduce the surface and allow incompatible changes.
Comment 4 Volker Lendecke 2021-08-26 06:13:16 UTC
(In reply to Andrew Bartlett from comment #3)
> What do you think we should do in the meantime?  We could make it only
> operate in a selftest build, to reduce the surface and allow incompatible
> changes.

Sure, restricting it to DEVELOPER only is fine by me. Once MR1948 goes in this will even be easier: Just don't build rpcd_unixinfo (or the source4 equivalent) without --enable-selftest. We can then re-enable it once someone found the time to add the client code to winbind.
Comment 5 Samba QA Contact 2021-08-31 00:13:08 UTC
This bug was referenced in samba master:

638c6d423e78ae7b4429c7157c7e86af2313936a
Comment 6 Andrew Bartlett 2021-08-31 01:36:23 UTC
(In reply to Volker Lendecke from comment #4)
Thanks.  Looks like is is being built as a module so should be easy to handle.