Commit e07f8901ec95aab8c36965000de185d99e642644 removed the required handling for empty DNS domain names. As for NT domains the dns_name will be NULL, causing the talloc_steal() to also return NULL, which causes _wbint_ListTrustedDomains return NT_STATUS_NO_MEMORY with an only partially initialized struct netr_DomainTrust: as out->array[n].sid is not yet initialized correctly, when NDR-pushing the result, the ndr_push() can crash. To reproduce I used the following hack on master: diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index f5ca2ee37a32..09962c8b8738 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -775,7 +775,7 @@ sub provision_ad_member template homedir = /home/%D/%G/%U auth event notification = true password server = $dcvars->{SERVER} - winbind scan trusted domains = no + winbind scan trusted domains = yes winbind offline logon = $option_offline_logon allow dcerpc auth level connect:lsarpc = yes diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index d7a665abbc6d..4922a0e61d24 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1493,6 +1493,11 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, continue; } + if (strequal("SAMBA2003", trust->netbios_name)) { + DBG_ERR("XXXXXXX HACK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n"); + trust->dns_name = NULL; + } + /* add to the trusted domain cache */ Then: $ make -j testenv SELFTEST_TESTENV=ad_member SCREEN=1 This results in an an reliable error to list trusted domains, so wbinfo -m doesn't list them, and sometimes it crashes when eg the domain sid pointer is garbage: 2023-12-08T14:07:42.759416+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: trusted_domains: XXXXXXX HACK!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: =============================================================== 2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD) 2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting 2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: =============================================================== 2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames: 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8] Have patches, need bugnumber.
This bug was referenced in samba master: 340753a2554ce9a842a6c90d684fb0510def81a1 15c07723765c6863a0ada9dfbaaa204604500907 449a968d3d18633e05db7d00ab76c7a52b04a54c 9b2920fd367d26cfbf6f6f442a5c01fae4734abd 95bb2acbf066049f92c16836a2cdaea3aae829cc 60ac5b03ef15de73744e0f86507849fb4b55d96f 9d933abd9e578de74bd4c5a8bcfcf6924262a8e2 d0cdc81aa99031b0c067c7f8cf2ec0dc99d57da5 5420af6942307e045be1317edc323ee3ff9f379b 9725aa932e24622566baf208586d1fe03885da9f 645a725603ca03f27c1347b1e2ed9fea94a6319d 3a95e135472a495a90637e5dc0f9e3c8de052ff9 53ca19851dbfc3cab7345424c029a7c90745e24a 000bbede59e4ca78427fa57b56fa251d4d779adb 201edcb5c6138488959e54e7df88007d010f1cfb
Created attachment 18231 [details] Patch for 4.19 cherry-picked from master
Created attachment 18232 [details] Patch for 4.18 backported from master