Bug 3755 - net rap groupmemberlist does not handle ERRmoredata
net rap groupmemberlist does not handle ERRmoredata
Status: RESOLVED LATER
Product: Samba 3.0
Classification: Unclassified
Component: Client Tools
3.0.20b
x64 Linux
: P3 normal
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-04 19:28 UTC by Anthony David
Modified: 2006-05-05 02:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Anthony David 2006-05-04 19:28:11 UTC
Synopsis:
======

A GroupMemberList request to an Win2003 SP1 server running Active Directory completes prematurely, resulting in an incomplete list of members. For a particular group with 3,659 users, the samba net(8) command returns only 3,119 users.


Background.
========

A Win2k3 SP1 proxy server was replaced with a SLES9 SP3 proxy server server.

A perl script was ported that made the following call

Win32::NetAdmin::GroupGetMembers($dc, $grp, \@users) or 
		print Win32::FormatMessage( Win32::NetAdmin::GetError() ); 

to retrieve all users of a given group ($grp)

This call was replaced with the following:-

   open FH, "/usr/bin/net rap -S $server groupmember list \"$grp\"  -U$account%$password|";

        @users=<FH>;
        close(FH);

Using the samba net(8) subcommand that makes a NetGroupGetUsers() call to achieve the desired functionality.

For most groups, this works fine.

Specific Problem:
===========

For a group with 3,659 users (as retrieved by the Win32::NetAdmin::groupGetMembers call above) the net(8) command (verified from a bash shell) returns only 3,119 users with a return code 234 ( interpreted as "ERRmoredata" by samba).




Software details:
===========


davida@avonbeg:~> rpm -q samba
samba-3.0.20b-3.4
davida@avonbeg:~> uname -r
2.6.5-7.252-smp


Possible code problem:
======================

In source/libsamba/clirap2.c (has not changed in recent samba versions including current 3.0 subversion tree)

The ERRmoredata result is expected as seen below, but I could not see any logic to retrieve the extra data.

 ...
 
 }
  if (rdata) {
    if (res == 0 || res == ERRmoredata) {
      int i, count;
      fstring username;
      p = rparam + WORDSIZE + WORDSIZE;
      GETWORD(p, count);

      for (i=0,p=rdata; i<count; i++) {
   GETSTRINGF(p, username, RAP_USERNAME_LEN);
   fn(username, state);
      }

...

Debug Log details:
============

I don't want to supply a complete unedited log as there is information about our internal network that I am sure the security section would need to clear before I provide it. The following gives some information, including the error code. Please let me know if there needs to be more info.

Using the -d 10 debugging level on the command, the following (edited) log was produced

[2006/04/24 14:49:55, 5] lib/debug.c:debug_dump_status(368)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
[2006/04/24 14:49:55, 3] param/loadparm.c:lp_load(4202)
  lp_load: refreshing parameters
[2006/04/24 14:49:55, 3] param/loadparm.c:init_globals(1388)
 Initialising global parameters
[2006/04/24 14:49:55, 3] param/params.c:pm_process(574)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2006/04/24 14:49:55, 3] param/loadparm.c:do_section(3664)
  Processing section "[global]"
  doing parameter interfaces = eth0
  doing parameter server string = AVONBEG
  doing parameter winbind separator = +
  doing parameter winbind cache time = 10
  doing parameter workgroup = CORP
  doing parameter password server = 192.168.1.5
  doing parameter security = domain
  doing parameter winbind uid = 10000-20000
  doing parameter winbind gid = 10000-20000
  doing parameter winbind use default domain = yes
  doing parameter log level = 3
[2006/04/24 14:49:55, 4] param/loadparm.c:lp_load(4233)
  pm_process() returned Yes
[2006/04/24 14:49:55, 7] param/loadparm.c:lp_servicenumber(4346)
  lp_servicenumber: couldn't find homes
[2006/04/24 14:49:55, 10] param/loadparm.c:set_server_role(4151)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2006/04/24 14:49:55, 5] lib/iconv.c:smb_register_charset(103)

...
(Deleted libiconv stuff)

  Netbios name list:-
  my_netbios_names[0]="AVONBEG"
[2006/04/24 14:49:55, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.1.15 192.168.1.255 nmask=255.255.255.0
[2006/04/24 14:49:55, 10] libsmb/namequery.c:internal_resolve_name(1028)
  internal_resolve_name: looking up jackaroo#20
[2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lib/samba/gencache.tdb
[2006/04/24 14:49:55, 5] tdb/tdbutil.c:tdb_log(767)
  tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/gencache.tdb: Perm
ission denied
[2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(70)
  Attempt to open gencache.tdb has failed.
[2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_lmhosts(855)
  resolve_lmhosts: Attempting lmhosts lookup for name jackaroo<0x20>
[2006/04/24 14:49:55, 4] libsmb/namequery.c:getlmhostsent(606)
  getlmhostsent: lmhost entry: 127.0.0.1 localhost
[2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_wins(752)
  resolve_wins: Attempting wins lookup for name jackaroo<0x20>
[2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_wins(755)
  resolve_wins: WINS server resolution selected and no WINS servers listed.
[2006/04/24 14:49:55, 3] libsmb/namequery.c:resolve_hosts(917)
  resolve_hosts: Attempting host lookup for name jackaroo<0x20>
[2006/04/24 14:49:55, 10] libsmb/namequery.c:remove_duplicate_addrs2(320)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lib/samba/gencache.tdb
[2006/04/24 14:49:55, 5] tdb/tdbutil.c:tdb_log(767)
 tdb(unnamed): tdb_open_ex: could not open file /var/lib/samba/gencache.tdb: Perm
ission denied
[2006/04/24 14:49:55, 5] lib/gencache.c:gencache_init(70)
  Attempt to open gencache.tdb has failed.
[2006/04/24 14:49:55, 10] libsmb/namequery.c:internal_resolve_name(1145)
  internal_resolve_name: returning 1 addresses: 192.168.1.5:0
[2006/04/24 14:49:58, 3] libsmb/cliconnect.c:cli_start_connection(1407)
  Connecting to host=jackaroo
[2006/04/24 14:49:58, 3] lib/util_sock.c:open_socket_out(867)
  Connecting to 192.168.1.5 at port 445
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_KEEPALIVE = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_REUSEADDR = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_BROADCAST = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option TCP_NODELAY = 1
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option TCP_KEEPCNT = 9
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option TCP_KEEPIDLE = 7200
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option TCP_KEEPINTVL = 75
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option IPTOS_LOWDELAY = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option IPTOS_THROUGHPUT = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_SNDBUF = 16384
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_RCVBUF = 87380
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_SNDLOWAT = 1
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_RCVLOWAT = 1
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
  socket option SO_SNDTIMEO = 0
[2006/04/24 14:49:58, 5] lib/util_sock.c:print_socket_options(203)
 socket option SO_RCVTIMEO = 0
[2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(132)
  write_socket(3,183)
[2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(135)
  write_socket(3,183) wrote 183
[2006/04/24 14:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(615)
  got smb length of 182
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(454)
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(464)
  size=182
  smb_com=0x72
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=55297
  smb_tid=0
  smb_pid=27047
  smb_uid=0
  smb_mid=1
  smt_wct=17
  smb_vwv[ 0]=    8 (0x8)
  smb_vwv[ 1]=12807 (0x3207)
  smb_vwv[ 2]=  256 (0x100)
  smb_vwv[ 3]= 1024 (0x400)
  smb_vwv[ 4]=   65 (0x41)
  smb_vwv[ 5]=    0 (0x0)
  smb_vwv[ 6]=  256 (0x100)
  smb_vwv[ 7]=    0 (0x0)
  smb_vwv[ 8]=    0 (0x0)
  smb_vwv[ 9]=64768 (0xFD00)
  smb_vwv[10]=  499 (0x1F3)
  smb_vwv[11]=56192 (0xDB80)
  smb_vwv[12]=41059 (0xA063)
  smb_vwv[13]=23177 (0x5A89)
  smb_vwv[14]=50791 (0xC667)
  smb_vwv[15]=43009 (0xA801)
  smb_vwv[16]=  253 (0xFD)
  smb_bcc=113

...[Deleted listing showing retrieval of thousands of accounts -  more details available if required]


  [1F0] 00 00 00 00 00 00 00 00  63 61 72 64 64 65 00 00  ........ cardde..
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270)
  simple_packet_signature: sequence number 5
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_check_incoming_message(416)
  client_check_incoming_message: seq 5: got good SMB signature of
[2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053)
  [000] E3 D3 C1 14 07 92 81 68                           .......h
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(454)
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(464)
  size=15427
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=55301
  smb_tid=4102
  smb_pid=27047
  smb_uid=8194
  smb_mid=5
  smt_wct=10
  smb_vwv[ 0]=    8 (0x8)
  smb_vwv[ 1]=65499 (0xFFDB)
  smb_vwv[ 2]=    0 (0x0)
  smb_vwv[ 3]=    0 (0x0)
  smb_vwv[ 4]=   56 (0x38)
  smb_vwv[ 5]=    8 (0x8)
  smb_vwv[ 6]=15371 (0x3C0B)
  smb_vwv[ 7]=   56 (0x38)
  smb_vwv[ 8]=50128 (0xC3D0)
  smb_vwv[ 9]=    0 (0x0)
  smb_bcc=15372
[2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053)
  [000] 00 65 69 68 75 69 00 00  00 00 00 00 00 00 00 00  .eihui.. ........

...

  [1F0] 00 00 00 00 00 00 00 00  63 61 72 64 64 65 00 00  ........ cardde..
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:cli_signing_trans_stop(556)
  cli_signing_trans_stop: freeing mid = 5, reply_seq_num = 5, send_seq_num = 4 data->send_se
q_num = 6
[2006/04/24 14:49:58, 1] libsmb/clirap2.c:cli_NetGroupGetUsers(538)
  NetGroupGetUsers gave error 234
[2006/04/24 14:49:58, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/lib64/samba/en_US.UTF-8.msg: No such file or directory
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270)
  simple_packet_signature: sequence number 6
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_sign_outgoing_message(340)
  client_sign_outgoing_message: sent SMB signature of
[2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053)
  [000] 4C AC DD FA D4 C5 A1 8E                           L.......
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:store_sequence_for_reply(74)
  store_sequence_for_reply: stored seq = 7 mid = 6
[2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(132)
  write_socket(3,39)
[2006/04/24 14:49:58, 6] libsmb/clientgen.c:write_socket(135)
  write_socket(3,39) wrote 39
[2006/04/24 14:49:58, 10] lib/util_sock.c:read_smb_length_return_keepalive(615)
  got smb length of 35
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(454)
[2006/04/24 14:49:58, 5] lib/util.c:show_msg(464)
  size=35
  smb_com=0x71
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=136
  smb_flg2=55301
  smb_tid=4102
  smb_pid=27047
  smb_uid=8194
  smb_mid=6
  smt_wct=0
  smb_bcc=0
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:get_sequence_for_reply(87)
  get_sequence_for_reply: found seq = 7 mid = 6
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:simple_packet_signature(270)
  simple_packet_signature: sequence number 7
[2006/04/24 14:49:58, 10] libsmb/smb_signing.c:client_check_incoming_message(416)
  client_check_incoming_message: seq 7: got good SMB signature of
[2006/04/24 14:49:58, 10] lib/util.c:dump_data(2053)
  [000] 8A E4 A0 17 24 25 55 6D                           ....$%Um
[2006/04/24 14:49:58, 2] utils/net.c:main(873)
  return code = 234
Comment 1 Volker Lendecke 2006-05-05 02:40:37 UTC
The rap commands are largely unmaintained, as against Windows you can always use the 'net rpc group members' command that should achieve the same. Can you try that please?

I'm closing this with "later", if 'net rpc group members' does not work for you, please re-open, appending logs and a sniff of the traffic to AD.

Volker