Bug 2211854
| Summary: | net offlinejoin requestodj segfaults when kerberos method = secrets and keytab | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Christian Heimes <cheimes> |
| Component: | samba | Assignee: | Guenther Deschner <gdeschner> |
| Status: | NEW --- | QA Contact: | sssd-qe |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.2 | CC: | aboscatt, asn, dkarpele, gdeschner, pfilipen |
| Target Milestone: | rc | Flags: | cheimes:
needinfo?
(gdeschner) aboscatt: needinfo? (gdeschner) |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1905927 | ||
| Bug Blocks: | 2076589 | ||
Assinging to gd as he is the author of that code. We try to address handling keytabs correctly with: https://gitlab.com/samba-team/samba/-/merge_requests/1999 |
Description of problem: Offline domain join with "net offlinejoin requestodj" crashes with a segfault when /etc/samba/smb.conf has "kerberos method" set to "secrets and keytab". My smb.conf has a Kerberos method configured so that I can request a keytab with "net ads keytab create" after join. Version-Release number of selected component (if applicable): samba-common-tools-4.17.5-102.el9.x86_64 How reproducible: always Steps to Reproduce: 1. Request an ODJ blob: "net offlinejoin provision domain=windows.test machine_name='CLIENT' savefile=client.odj --use-krb5-ccache=KCM:0" 2. Configure /etc/samba/smb.conf [global] workgroup = WINDOWS realm = WINDOWS.TEST security = ads kerberos method = secrets and keytab 3. Attempt to join the host with "net offlinejoin requestodj loadfile=client.odj" Actual results: =============================================================== INTERNAL ERROR: Signal 11: Segmentation fault in pid 22514 (4.17.5) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting =============================================================== PANIC (pid 22514): Signal 11: Segmentation fault in 4.17.5 BACKTRACE: 16 stack frames: #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7f0387bef454] #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7f0387befa0d] #2 /usr/lib64/samba/libgenrand-samba4.so(+0x1bd8) [0x7f0387befbd8] #3 /lib64/libc.so.6(+0x54df0) [0x7f0387254df0] #4 /usr/lib64/samba/libads-samba4.so(ads_search+0x7) [0x7f03886a1a57] #5 /usr/lib64/samba/libads-samba4.so(ads_find_machine_acct+0x107) [0x7f03886a2e77] #6 /usr/lib64/samba/libads-samba4.so(ads_get_service_principal_names+0x49) [0x7f03886a4399] #7 /usr/lib64/samba/libads-samba4.so(ads_keytab_create_default+0xca) [0x7f03886b016a] #8 /lib64/libnetapi.so.1(libnet_Join+0x1431) [0x7f03884ad1e1] #9 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin_l+0x239) [0x7f03884b7159] #10 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin+0xe5) [0x7f03884af615] #11 net(net_offlinejoin_requestodj+0xd9) [0x55b76a9f12e9] #12 net(main+0xa63) [0x55b76a996763] #13 /lib64/libc.so.6(+0x3feb0) [0x7f038723feb0] #14 /lib64/libc.so.6(__libc_start_main+0x80) [0x7f038723ff60] #15 net(_start+0x25) [0x55b76a9969e5] Can not dump core: corepath not set up Expected results: Successfully requested Offline Domain Join Additional info: The problem is a that the ads argument is NULL. Either libnet_join_post_processing_ads_sync() needs a check for r->in.ads == NULL or r->in.ads needs to be set up for offline join, too. $ gdb net -ex 'run offlinejoin requestodj loadfile=client.odj' 0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110) at ../../source3/libads/ldap.c:1419 1419 return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE, (gdb) bt #0 0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110) at ../../source3/libads/ldap.c:1419 #1 0x00007f99f3776e77 in ads_find_machine_acct (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, machine=machine@entry=0x55eca5ceab70 "CLIENT") at ../../source3/libads/ldap.c:1540 #2 0x00007f99f3778399 in ads_get_service_principal_names (mem_ctx=0x55eca5d27210, ads=0x0, machine_name=0x55eca5ceab70 "CLIENT", spn_array=0x7ffe82aa0278, num_spns=0x7ffe82aa0270) at ../../source3/libads/ldap.c:2142 #3 0x00007f99f378416a in ads_keytab_create_default (ads=0x0) at ../../source3/libads/kerberos_keytab.c:553 #4 0x00007f99f35811e1 in libnet_join_create_keytab (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:908 #5 libnet_join_post_processing_ads_sync (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:1080 #6 libnet_join_post_processing (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:2483 #7 libnet_Join (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:3035 #8 0x00007f99f358b159 in NetRequestOfflineDomainJoin_backend (odj_provision_data=0x55eca5cfc4e0, win7blob=0x7ffe82aa05f0, ctx=0x55eca5ce30f0) at ../../source3/lib/netapi/joindomain.c:864 #9 NetRequestOfflineDomainJoin_l (ctx=0x55eca5ce30f0, r=<optimized out>) at ../../source3/lib/netapi/joindomain.c:935 #10 0x00007f99f3583615 in NetRequestOfflineDomainJoin (provision_bin_data=0x55eca5cfdeb0 "\377\376A", provision_bin_data_size=5724, options=options@entry=1073741824, windows_path=windows_path@entry=0x0) at ../../source3/lib/netapi/libnetapi.c:383 #11 0x000055eca48262e9 in net_offlinejoin_requestodj (c=0x55eca5cdf1c0, argc=<optimized out>, argv=<optimized out>) at ../../source3/utils/net_offlinejoin.c:281 #12 0x000055eca47cb763 in main (argc=4, argv=0x7ffe82aa12f8) at ../../source3/utils/net.c:1364