Bug 5736 - winbind failed to function with primary domain which has trusted domains
Summary: winbind failed to function with primary domain which has trusted domains
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.2
Hardware: x86 Linux
: P3 critical
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-04 17:09 UTC by James Ding
Modified: 2008-09-04 17:18 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description James Ding 2008-09-04 17:09:27 UTC
In a domain that has trusted domains, run winbindd with -i option, you will see the following error message. The root cause is in winbindd_ads.c, there is a struct should be zeroedbefore using it. Here is the fix:

source/winbindd/winbindd_ads.c ====
@@ -1249,6 +1249,7 @@
 
                        /* add to the trusted domain cache */
 
+                       memset(&d, 0, sizeof(d));
                        fstrcpy( d.name,  trusts.array[i].netbios_name);
                        fstrcpy( d.alt_name, trusts.array[i].dns_name);
                        if (trusts.array[i].sid) {


......
tdb_unpack(d, 171) -> 4
tdb_unpack(fffddd, 167) -> 30
unpack_tdc_domains: Unpacking domain BUILTIN () SID S-1-5-32, flags = 0x0, attribs = 0x0, type = 0x0
tdb_unpack(fffddd, 137) -> 63
unpack_tdc_domains: Unpacking domain XXXXXXXXX () SID S-1-5-21-XXXX-XXXX-XXXX, flags = 0x0, attribs = 0x0, type = 0x0
tdb_unpack(fffddd, 74) -> 74
unpack_tdc_domains: Unpacking domain XXXXXXXXX (XXXXXXXXXXXXXXXXXX) SID S-1-5-21-XXXX-XXXX-XXXX, flags = 0x0, attribs = 0x0, type = 0x0
pack_tdc_domains: Packing 4 trusted domains
tdb_pack_va(d, 0) -> 4
tdb_pack_va(fffddd, -4) -> 30
tdb_pack_va(fffddd, -34) -> 63
tdb_pack_va(fffddd, -97) -> 74
ERROR: string overflow by 1 (256 - 255) in safe_strcpy [S-XXX-XX-XXXXXXXXXXXXXX-XXXXXXXXXXX-X-XXXXXXXXXX]
tdb_pack_va(fffddd, -171) -> 281
tdb_pack_va(d, 452) -> 4
pack_tdc_domains: Packing domain BUILTIN ()
tdb_pack_va(fffddd, 448) -> 30
pack_tdc_domains: Packing domain XXXXXXXXX ()
tdb_pack_va(fffddd, 418) -> 63
pack_tdc_domains: Packing domain XXXXXXXXX (XXXXXXXXXXXXXXXXXX)
tdb_pack_va(fffddd, 355) -> 74
pack_tdc_domains: Packing domain XXXXXXXXXXXXX ()
ERROR: string overflow by 1 (256 - 255) in safe_strcpy [S-XXX-XX-XXXXXXXXXXXXXX-XXXXXXXXXXX-X-XXXXXXXXXX]
tdb_pack_va(fffddd, 281) -> 281
*** glibc detected *** double free or corruption (!prev): 0x8043be90 ***
===============================================================
INTERNAL ERROR: Signal 6 in pid 6978 (3.2.2)
Please read the Trouble-Shooting section of the Samba3-HOWTO

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
===============================================================
PANIC (pid 6978): internal error
BACKTRACE: 22 stack frames:
 #0 /opt/samba/sbin/winbindd(log_stack_trace+0x2d) [0x8011237c]
 #1 /opt/samba/sbin/winbindd(smb_panic+0x80) [0x801124b8]
 #2 /opt/samba/sbin/winbindd [0x800fcdca]
 #3 [0xb7f68420]
 #4 /lib/tls/i686/cmov/libc.so.6(abort+0x109) [0xb7ccbfb9]
 #5 /lib/tls/i686/cmov/libc.so.6 [0xb7cffe0a]
 #6 /lib/tls/i686/cmov/libc.so.6 [0xb7d0769f]
 #7 /lib/tls/i686/cmov/libc.so.6(__libc_free+0x82) [0xb7d07742]
 #8 /usr/lib/libtalloc.so.1(talloc_free+0x24c) [0xb7ded9c0]
 #9 /opt/samba/sbin/winbindd(wcache_tdc_add_domain+0x348) [0x800664c0]
 #10 /opt/samba/sbin/winbindd [0x8008326f]
 #11 /opt/samba/sbin/winbindd [0x80068c6b]
 #12 /opt/samba/sbin/winbindd(winbindd_dual_list_trusted_domains+0xd2) [0x800775d2]
 #13 /opt/samba/sbin/winbindd [0x8008ab63]
 #14 /opt/samba/sbin/winbindd(async_request+0x1b9) [0x8008c13a]
 #15 /opt/samba/sbin/winbindd(init_child_connection+0x2bd) [0x800613a5]
 #16 /opt/samba/sbin/winbindd(async_domain_request+0x139) [0x8008c3c3]
 #17 /opt/samba/sbin/winbindd [0x8006161b]
 #18 /opt/samba/sbin/winbindd(rescan_trusted_domains+0x49) [0x80061a19]
 #19 /opt/samba/sbin/winbindd(main+0xe3f) [0x8005757c]
 #20 /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xc8) [0xb7cb6ea8]
 #21 /opt/samba/sbin/winbindd [0x80054e81]
dumping core in /log/cores/winbindd
Destroying timed event 80462868 "async_request_timeout"
Could not receive async reply from child pid 6978
Could not receive trustdoms
Already reaped child 6978 died
Comment 1 Jeremy Allison 2008-09-04 17:12:45 UTC
Perfect catch - thanks !
Jeremy.
Comment 2 Jeremy Allison 2008-09-04 17:18:22 UTC
Fixed - thanks !
Jeremy.