Bug 2211854

Summary: net offlinejoin requestodj segfaults when kerberos method = secrets and keytab
Product: Red Hat Enterprise Linux 9 Reporter: Christian Heimes <cheimes>
Component: sambaAssignee: Guenther Deschner <gdeschner>
Status: CLOSED MIGRATED QA Contact: sssd-qe
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.2CC: aboscatt, asn, dkarpele, gdeschner, pfilipen
Target Milestone: rcKeywords: MigratedToJIRA
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-09-05 12:07:42 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1905927    
Bug Blocks: 2076589    

Description Christian Heimes 2023-06-02 10:03:44 UTC 
Description of problem:
Offline domain join with "net offlinejoin requestodj" crashes with a segfault when /etc/samba/smb.conf has "kerberos method" set to "secrets and keytab". My smb.conf has a Kerberos method configured so that I can request a keytab with "net ads keytab create" after join.

Version-Release number of selected component (if applicable):
samba-common-tools-4.17.5-102.el9.x86_64

How reproducible:
always

Steps to Reproduce:
1. Request an ODJ blob: "net offlinejoin provision domain=windows.test machine_name='CLIENT' savefile=client.odj --use-krb5-ccache=KCM:0"
2. Configure /etc/samba/smb.conf
   [global]
       workgroup = WINDOWS
       realm = WINDOWS.TEST
       security = ads
       kerberos method = secrets and keytab
3. Attempt to join the host with "net offlinejoin requestodj loadfile=client.odj"

Actual results:
===============================================================
INTERNAL ERROR: Signal 11: Segmentation fault in pid 22514 (4.17.5)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 22514): Signal 11: Segmentation fault in 4.17.5
BACKTRACE: 16 stack frames:
 #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7f0387bef454]
 #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7f0387befa0d]
 #2 /usr/lib64/samba/libgenrand-samba4.so(+0x1bd8) [0x7f0387befbd8]
 #3 /lib64/libc.so.6(+0x54df0) [0x7f0387254df0]
 #4 /usr/lib64/samba/libads-samba4.so(ads_search+0x7) [0x7f03886a1a57]
 #5 /usr/lib64/samba/libads-samba4.so(ads_find_machine_acct+0x107) [0x7f03886a2e77]
 #6 /usr/lib64/samba/libads-samba4.so(ads_get_service_principal_names+0x49) [0x7f03886a4399]
 #7 /usr/lib64/samba/libads-samba4.so(ads_keytab_create_default+0xca) [0x7f03886b016a]
 #8 /lib64/libnetapi.so.1(libnet_Join+0x1431) [0x7f03884ad1e1]
 #9 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin_l+0x239) [0x7f03884b7159]
 #10 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin+0xe5) [0x7f03884af615]
 #11 net(net_offlinejoin_requestodj+0xd9) [0x55b76a9f12e9]
 #12 net(main+0xa63) [0x55b76a996763]
 #13 /lib64/libc.so.6(+0x3feb0) [0x7f038723feb0]
 #14 /lib64/libc.so.6(__libc_start_main+0x80) [0x7f038723ff60]
 #15 net(_start+0x25) [0x55b76a9969e5]
Can not dump core: corepath not set up

Expected results:
Successfully requested Offline Domain Join

Additional info:
The problem is a that the ads argument is NULL. Either libnet_join_post_processing_ads_sync() needs a check for r->in.ads == NULL or r->in.ads needs to be set up for offline join, too.

$ gdb net -ex 'run offlinejoin requestodj loadfile=client.odj'
0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
    at ../../source3/libads/ldap.c:1419
1419            return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
(gdb) bt
#0  0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
    at ../../source3/libads/ldap.c:1419
#1  0x00007f99f3776e77 in ads_find_machine_acct (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, machine=machine@entry=0x55eca5ceab70 "CLIENT")
    at ../../source3/libads/ldap.c:1540
#2  0x00007f99f3778399 in ads_get_service_principal_names (mem_ctx=0x55eca5d27210, ads=0x0, machine_name=0x55eca5ceab70 "CLIENT", spn_array=0x7ffe82aa0278, 
    num_spns=0x7ffe82aa0270) at ../../source3/libads/ldap.c:2142
#3  0x00007f99f378416a in ads_keytab_create_default (ads=0x0) at ../../source3/libads/kerberos_keytab.c:553
#4  0x00007f99f35811e1 in libnet_join_create_keytab (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:908
#5  libnet_join_post_processing_ads_sync (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:1080
#6  libnet_join_post_processing (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:2483
#7  libnet_Join (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:3035
#8  0x00007f99f358b159 in NetRequestOfflineDomainJoin_backend (odj_provision_data=0x55eca5cfc4e0, win7blob=0x7ffe82aa05f0, ctx=0x55eca5ce30f0)
    at ../../source3/lib/netapi/joindomain.c:864
#9  NetRequestOfflineDomainJoin_l (ctx=0x55eca5ce30f0, r=<optimized out>) at ../../source3/lib/netapi/joindomain.c:935
#10 0x00007f99f3583615 in NetRequestOfflineDomainJoin (provision_bin_data=0x55eca5cfdeb0 "\377\376A", provision_bin_data_size=5724, options=options@entry=1073741824, 
    windows_path=windows_path@entry=0x0) at ../../source3/lib/netapi/libnetapi.c:383
#11 0x000055eca48262e9 in net_offlinejoin_requestodj (c=0x55eca5cdf1c0, argc=<optimized out>, argv=<optimized out>) at ../../source3/utils/net_offlinejoin.c:281
#12 0x000055eca47cb763 in main (argc=4, argv=0x7ffe82aa12f8) at ../../source3/utils/net.c:1364
Comment 2 Andreas Schneider 2023-06-06 11:48:23 UTC 
Assinging to gd as he is the author of that code.
Comment 5 Andreas Schneider 2023-06-06 14:19:24 UTC 
We try to address handling keytabs correctly with:

https://gitlab.com/samba-team/samba/-/merge_requests/1999
Comment 6 RHEL Program Management 2023-09-05 12:03:52 UTC 
Issue migration from Bugzilla to Jira is in process at this time. This will be the last message in Jira copied from the Bugzilla bug.
Comment 7 RHEL Program Management 2023-09-05 12:07:42 UTC 
This BZ has been automatically migrated to the issues.redhat.com Red Hat Issue Tracker. All future work related to this report will be managed there.

Due to differences in account names between systems, some fields were not replicated.  Be sure to add yourself to Jira issue's "Watchers" field to continue receiving updates and add others to the "Need Info From" field to continue requesting information.

To find the migrated issue, look in the "Links" section for a direct link to the new issue location. The issue key will have an icon of 2 footprints next to it, and begin with "RHEL-" followed by an integer.  You can also find this issue by visiting https://issues.redhat.com/issues/?jql= and searching the "Bugzilla Bug" field for this BZ's number, e.g. a search like:

"Bugzilla Bug" = 1234567

In the event you have trouble locating or viewing this issue, you can file an issue by sending mail to rh-issues.
Comment 8 Red Hat Bugzilla 2024-01-04 04:25:14 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days