Description of problem: With rpcclient 4.17.0, the following command exits on error $ rpcclient --use-kerberos=desired root-dc.ad.test -c 'deletetrustdom testrelm.test' Cannot connect to server. Error was NT_STATUS_NOT_FOUND Version-Release number of selected component (if applicable): 4.17.0 on fedora 37 How reproducible: Always Steps to Reproduce: 1. install ipa server with $ ipa-server-install --domain testrelm.test --realm TESTRELM.TEST --setup-dns --no-dnssec-validation --auto-forwarders -a Secret123 -p Secret123 -U $ echo Secret123 | kinit admin $ ipa-adtrust-install --add-sids -a Secret123 --enable-compat -U $ ipa dnsforwardzone-add ad.test --forward-policy=only --forwarder=<IP address of root-dc.ad.test> 2. configure dns forwarder on AD side dnscmd 127.0.0.1 /ZoneAdd testrelm.test /Forwarder <IP address of IPA server> 3. Establish external trust $ ipa trust-add --type ad ad.test --range-type ipa-ad-trust --external=True --admin Administrator --passw ord 4. try to remove the trust from AD side: $ kinit Administrator $ rpcclient --use-kerberos=desired root-dc.ad.test -c 'deletetrustdom testrelm.test' Actual results: The rpcclient command fails Expected results: The command should work Additional info: When the command is run in debug mode, we see the following output: $ rpcclient --debuglevel 10 --debug-stdout --use-kerberos=desired root-dc.ad.test -c 'deletetrustdom testrelm.test' [...] internal_resolve_name: looking up ���y�U#20 (sitename (null)) convert_string_talloc_handle: Conversion error: Incomplete multibyte sequence resolve_lmhosts: Attempting lmhosts lookup for name ���y�U<0x20> getlmhostsent: lmhost entry: 127.0.0.1 localhost resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name ���y�U<0x20> resolve_hosts: getaddrinfo failed for name ���y�U [Name or service not known] name_resolve_bcast: Attempting broadcast lookup for name ���y�U<0x20> convert_string_talloc_handle: Conversion error: Incomplete multibyte sequence convert_string_handle: Conversion error: Incomplete multibyte sequence tstream_unix_connect failed: No such file or directory nmbd not around Cannot connect to server. Error was NT_STATUS_NOT_FOUND msg_dgm_ref_destructor: refs=(nil) $ It looks like the hostname is garbled. I don't know if this applies to rpcclient code but popt 1.19 fixed a memory leak and programs using popt may be broken if they were calling popFreeContext() and accessing the options after this call (see for instance https://bugzilla.redhat.com/show_bug.cgi?id=2100287) The issue with rpcclient was seen on freeipa nightly tests, and reported at https://pagure.io/freeipa/issue/9239
Can you try if instead of running rpcclient --use-kerberos=desired root-dc.ad.test -c 'deletetrustdom testrelm.test' give the hostname as part of a dcerpc binding string like: rpcclient --use-kerberos=desired ncacn_np:root-dc.ad.test -c 'deletetrustdom testrelm.test' makes a difference?
The result is the same. I really suspect that the issue is related to popt 1.19 because rpcclient is calling poptFreeContext and later on refers to values obtained with popt but that have been freed. Easy to see with a debugger, printing server before/after the call to poptFreeContext (https://github.com/samba-team/samba/blob/master/source3/rpcclient/rpcclient.c#L1249) produces different results. Before the free, the value is ok, but after the free it's completely random: (gdb) print(server) $1 = 0x5555556e0fa0 "ncacn_np:root-dc.ad.test" (gdb) n 1249 poptFreeContext(pc); (gdb) n 1250 samba_cmdline_burn(argc, argv); (gdb) print(server) $2 = 0x5555556e0fa0 "\340\304;"
This already has been addressed upstream: https://bugzilla.samba.org/show_bug.cgi?id=15205 We will get Samba 4.17.1 next week which will fix it.
FEDORA-2022-314a73e994 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2022-314a73e994
FEDORA-2022-314a73e994 has been pushed to the Fedora 38 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2022-1b0ba70aca has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b0ba70aca
FEDORA-2022-1b0ba70aca has been pushed to the Fedora 37 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2022-1b0ba70aca` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-1b0ba70aca See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2022-1b0ba70aca has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report.