2211854 – net offlinejoin requestodj segfaults when kerberos method = secrets and keytab

Bug 2211854 - net offlinejoin requestodj segfaults when kerberos method = secrets and keytab [NEEDINFO]

Summary: net offlinejoin requestodj segfaults when kerberos method = secrets and keytab

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	9.2
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Guenther Deschner
QA Contact:	sssd-qe
Docs Contact:
URL:
Whiteboard:
Depends On:	1905927
Blocks:	2076589
TreeView+	depends on / blocked

Reported:	2023-06-02 10:03 UTC by Christian Heimes
Modified:	2023-07-04 12:24 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:
Flags:	cheimes: needinfo? (gdeschner) aboscatt: needinfo? (gdeschner)

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Gitlab	samba-team samba merge_requests 1999	None	opened	Draft: Implement 'update keytab' for winbind and tools	2023-06-12 18:08:43 UTC
Red Hat Issue Tracker	RHELPLAN-158964	None	None	None	2023-06-05 11:22:28 UTC
Samba Project	15389	None	None	None	2023-06-06 09:01:48 UTC
Samba Project	15414	None	None	None	2023-07-04 12:17:13 UTC

Description Christian Heimes 2023-06-02 10:03:44 UTC

Description of problem:
Offline domain join with "net offlinejoin requestodj" crashes with a segfault when /etc/samba/smb.conf has "kerberos method" set to "secrets and keytab". My smb.conf has a Kerberos method configured so that I can request a keytab with "net ads keytab create" after join.

Version-Release number of selected component (if applicable):
samba-common-tools-4.17.5-102.el9.x86_64

How reproducible:
always

Steps to Reproduce:
1. Request an ODJ blob: "net offlinejoin provision domain=windows.test machine_name='CLIENT' savefile=client.odj --use-krb5-ccache=KCM:0"
2. Configure /etc/samba/smb.conf
   [global]
       workgroup = WINDOWS
       realm = WINDOWS.TEST
       security = ads
       kerberos method = secrets and keytab
3. Attempt to join the host with "net offlinejoin requestodj loadfile=client.odj"

Actual results:
===============================================================
INTERNAL ERROR: Signal 11: Segmentation fault in pid 22514 (4.17.5)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 22514): Signal 11: Segmentation fault in 4.17.5
BACKTRACE: 16 stack frames:
 #0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7f0387bef454]
 #1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7f0387befa0d]
 #2 /usr/lib64/samba/libgenrand-samba4.so(+0x1bd8) [0x7f0387befbd8]
 #3 /lib64/libc.so.6(+0x54df0) [0x7f0387254df0]
 #4 /usr/lib64/samba/libads-samba4.so(ads_search+0x7) [0x7f03886a1a57]
 #5 /usr/lib64/samba/libads-samba4.so(ads_find_machine_acct+0x107) [0x7f03886a2e77]
 #6 /usr/lib64/samba/libads-samba4.so(ads_get_service_principal_names+0x49) [0x7f03886a4399]
 #7 /usr/lib64/samba/libads-samba4.so(ads_keytab_create_default+0xca) [0x7f03886b016a]
 #8 /lib64/libnetapi.so.1(libnet_Join+0x1431) [0x7f03884ad1e1]
 #9 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin_l+0x239) [0x7f03884b7159]
 #10 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin+0xe5) [0x7f03884af615]
 #11 net(net_offlinejoin_requestodj+0xd9) [0x55b76a9f12e9]
 #12 net(main+0xa63) [0x55b76a996763]
 #13 /lib64/libc.so.6(+0x3feb0) [0x7f038723feb0]
 #14 /lib64/libc.so.6(__libc_start_main+0x80) [0x7f038723ff60]
 #15 net(_start+0x25) [0x55b76a9969e5]
Can not dump core: corepath not set up

Expected results:
Successfully requested Offline Domain Join

Additional info:
The problem is a that the ads argument is NULL. Either libnet_join_post_processing_ads_sync() needs a check for r->in.ads == NULL or r->in.ads needs to be set up for offline join, too.

$ gdb net -ex 'run offlinejoin requestodj loadfile=client.odj'
0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
    at ../../source3/libads/ldap.c:1419
1419            return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
(gdb) bt
#0  0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
    at ../../source3/libads/ldap.c:1419
#1  0x00007f99f3776e77 in ads_find_machine_acct (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, machine=machine@entry=0x55eca5ceab70 "CLIENT")
    at ../../source3/libads/ldap.c:1540
#2  0x00007f99f3778399 in ads_get_service_principal_names (mem_ctx=0x55eca5d27210, ads=0x0, machine_name=0x55eca5ceab70 "CLIENT", spn_array=0x7ffe82aa0278, 
    num_spns=0x7ffe82aa0270) at ../../source3/libads/ldap.c:2142
#3  0x00007f99f378416a in ads_keytab_create_default (ads=0x0) at ../../source3/libads/kerberos_keytab.c:553
#4  0x00007f99f35811e1 in libnet_join_create_keytab (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:908
#5  libnet_join_post_processing_ads_sync (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:1080
#6  libnet_join_post_processing (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:2483
#7  libnet_Join (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:3035
#8  0x00007f99f358b159 in NetRequestOfflineDomainJoin_backend (odj_provision_data=0x55eca5cfc4e0, win7blob=0x7ffe82aa05f0, ctx=0x55eca5ce30f0)
    at ../../source3/lib/netapi/joindomain.c:864
#9  NetRequestOfflineDomainJoin_l (ctx=0x55eca5ce30f0, r=<optimized out>) at ../../source3/lib/netapi/joindomain.c:935
#10 0x00007f99f3583615 in NetRequestOfflineDomainJoin (provision_bin_data=0x55eca5cfdeb0 "\377\376A", provision_bin_data_size=5724, options=options@entry=1073741824, 
    windows_path=windows_path@entry=0x0) at ../../source3/lib/netapi/libnetapi.c:383
#11 0x000055eca48262e9 in net_offlinejoin_requestodj (c=0x55eca5cdf1c0, argc=<optimized out>, argv=<optimized out>) at ../../source3/utils/net_offlinejoin.c:281
#12 0x000055eca47cb763 in main (argc=4, argv=0x7ffe82aa12f8) at ../../source3/utils/net.c:1364

Comment 2 Andreas Schneider 2023-06-06 11:48:23 UTC

Assinging to gd as he is the author of that code.

Comment 5 Andreas Schneider 2023-06-06 14:19:24 UTC

We try to address handling keytabs correctly with:

https://gitlab.com/samba-team/samba/-/merge_requests/1999

Note You need to log in before you can comment on or make changes to this bug.