-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-9.2.0
-
None
-
Impediment
-
Low
-
rhel-sst-idm-sssd
-
ssg_idm
-
1
-
True
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
Offline domain join with "net offlinejoin requestodj" crashes with a segfault when /etc/samba/smb.conf has "kerberos method" set to "secrets and keytab". My smb.conf has a Kerberos method configured so that I can request a keytab with "net ads keytab create" after join.
Version-Release number of selected component (if applicable):
samba-common-tools-4.17.5-102.el9.x86_64
How reproducible:
always
Steps to Reproduce:
1. Request an ODJ blob: "net offlinejoin provision domain=windows.test machine_name='CLIENT' savefile=client.odj --use-krb5-ccache=KCM:0"
2. Configure /etc/samba/smb.conf
[global]
workgroup = WINDOWS
realm = WINDOWS.TEST
security = ads
kerberos method = secrets and keytab
3. Attempt to join the host with "net offlinejoin requestodj loadfile=client.odj"
Actual results:
===============================================================
INTERNAL ERROR: Signal 11: Segmentation fault in pid 22514 (4.17.5)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
PANIC (pid 22514): Signal 11: Segmentation fault in 4.17.5
BACKTRACE: 16 stack frames:
#0 /usr/lib64/samba/libgenrand-samba4.so(log_stack_trace+0x34) [0x7f0387bef454]
#1 /usr/lib64/samba/libgenrand-samba4.so(smb_panic+0xd) [0x7f0387befa0d]
#2 /usr/lib64/samba/libgenrand-samba4.so(+0x1bd8) [0x7f0387befbd8]
#3 /lib64/libc.so.6(+0x54df0) [0x7f0387254df0]
#4 /usr/lib64/samba/libads-samba4.so(ads_search+0x7) [0x7f03886a1a57]
#5 /usr/lib64/samba/libads-samba4.so(ads_find_machine_acct+0x107) [0x7f03886a2e77]
#6 /usr/lib64/samba/libads-samba4.so(ads_get_service_principal_names+0x49) [0x7f03886a4399]
#7 /usr/lib64/samba/libads-samba4.so(ads_keytab_create_default+0xca) [0x7f03886b016a]
#8 /lib64/libnetapi.so.1(libnet_Join+0x1431) [0x7f03884ad1e1]
#9 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin_l+0x239) [0x7f03884b7159]
#10 /lib64/libnetapi.so.1(NetRequestOfflineDomainJoin+0xe5) [0x7f03884af615]
#11 net(net_offlinejoin_requestodj+0xd9) [0x55b76a9f12e9]
#12 net(main+0xa63) [0x55b76a996763]
#13 /lib64/libc.so.6(+0x3feb0) [0x7f038723feb0]
#14 /lib64/libc.so.6(__libc_start_main+0x80) [0x7f038723ff60]
#15 net(_start+0x25) [0x55b76a9969e5]
Can not dump core: corepath not set up
Expected results:
Successfully requested Offline Domain Join
Additional info:
The problem is a that the ads argument is NULL. Either libnet_join_post_processing_ads_sync() needs a check for r->in.ads == NULL or r->in.ads needs to be set up for offline join, too.
$ gdb net -ex 'run offlinejoin requestodj loadfile=client.odj'
0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
at ../../source3/libads/ldap.c:1419
1419 return ads_do_search(ads, ads->config.bind_path, LDAP_SCOPE_SUBTREE,
(gdb) bt
#0 0x00007f99f3775a57 in ads_search (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, expr=0x55eca5d48820 "(samAccountName=CLIENT$)", attrs=attrs@entry=0x7ffe82aa0110)
at ../../source3/libads/ldap.c:1419
#1 0x00007f99f3776e77 in ads_find_machine_acct (ads=ads@entry=0x0, res=res@entry=0x7ffe82aa01d8, machine=machine@entry=0x55eca5ceab70 "CLIENT")
at ../../source3/libads/ldap.c:1540
#2 0x00007f99f3778399 in ads_get_service_principal_names (mem_ctx=0x55eca5d27210, ads=0x0, machine_name=0x55eca5ceab70 "CLIENT", spn_array=0x7ffe82aa0278,
num_spns=0x7ffe82aa0270) at ../../source3/libads/ldap.c:2142
#3 0x00007f99f378416a in ads_keytab_create_default (ads=0x0) at ../../source3/libads/kerberos_keytab.c:553
#4 0x00007f99f35811e1 in libnet_join_create_keytab (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:908
#5 libnet_join_post_processing_ads_sync (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:1080
#6 libnet_join_post_processing (r=0x55eca5d00d40, mem_ctx=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:2483
#7 libnet_Join (mem_ctx=0x55eca5d00d40, r=0x55eca5d00d40) at ../../source3/libnet/libnet_join.c:3035
#8 0x00007f99f358b159 in NetRequestOfflineDomainJoin_backend (odj_provision_data=0x55eca5cfc4e0, win7blob=0x7ffe82aa05f0, ctx=0x55eca5ce30f0)
at ../../source3/lib/netapi/joindomain.c:864
#9 NetRequestOfflineDomainJoin_l (ctx=0x55eca5ce30f0, r=<optimized out>) at ../../source3/lib/netapi/joindomain.c:935
#10 0x00007f99f3583615 in NetRequestOfflineDomainJoin (provision_bin_data=0x55eca5cfdeb0 "\377\376A", provision_bin_data_size=5724, options=options@entry=1073741824,
windows_path=windows_path@entry=0x0) at ../../source3/lib/netapi/libnetapi.c:383
#11 0x000055eca48262e9 in net_offlinejoin_requestodj (c=0x55eca5cdf1c0, argc=<optimized out>, argv=<optimized out>) at ../../source3/utils/net_offlinejoin.c:281
#12 0x000055eca47cb763 in main (argc=4, argv=0x7ffe82aa12f8) at ../../source3/utils/net.c:1364