From c95c6632244555916c3ff7a972346250cdf8ca82 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 8 Dec 2023 13:07:19 +0100 Subject: [PATCH 01/16] selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables We should start using those in future. So we can distinguish which privileges we want. Currently DC_USERNAME is the Administrator. Whatever possible should use DOMIAN_USER instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c) --- selftest/target/Samba.pm | 4 ++++ selftest/target/Samba3.pm | 24 ++++++++++++++++++++++++ selftest/target/Samba4.pm | 8 ++++++++ 3 files changed, 36 insertions(+) diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index a2018a040587..057b43b38ee4 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -941,6 +941,10 @@ my @exported_envvars = ( "PASSWORD", "DC_USERNAME", "DC_PASSWORD", + "DOMAIN_ADMIN", + "DOMAIN_ADMIN_PASSWORD", + "DOMAIN_USER", + "DOMAIN_USER_PASSWORD", # UID/GID for rfc2307 mapping tests "UID_RFC2307TEST", diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index acee7dc68f08..d9afcb139837 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1006,6 +1006,10 @@ sub provision_ad_member $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; # forest trust $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; @@ -1171,6 +1175,10 @@ sub setup_ad_member_rfc2307 $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; return $ret; } @@ -1267,6 +1275,10 @@ sub setup_admem_idmap_autorid $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; return $ret; } @@ -1365,6 +1377,10 @@ sub setup_ad_member_idmap_rid $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; return $ret; } @@ -1464,6 +1480,10 @@ sub setup_ad_member_idmap_ad $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; @@ -1556,6 +1576,10 @@ sub setup_ad_member_oneway $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; $ret->{DC_USERNAME} = $dcvars->{USERNAME}; $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; + $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; + $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; + $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; + $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 5687d2a85872..11974e454fe8 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -587,6 +587,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) $ctx->{realm} = uc($realm); $ctx->{dnsname} = lc($realm); $ctx->{samsid} = $samsid; + $ctx->{domain_admin} = "Administrator"; + $ctx->{domain_admin_password} = $password; + $ctx->{domain_user} = "alice"; + $ctx->{domain_user_password} = "Secret007"; $ctx->{functional_level} = $functional_level; @@ -903,6 +907,10 @@ nogroup:x:65534:nobody DOMAIN => $ctx->{domain}, USERNAME => $ctx->{username}, DC_USERNAME => $ctx->{username}, + DOMAIN_ADMIN => $ctx->{domain_admin}, + DOMAIN_ADMIN_PASSWORD => $ctx->{domain_admin_password}, + DOMAIN_USER => $ctx->{domain_user}, + DOMAIN_USER_PASSWORD => $ctx->{domain_user_password}, REALM => $ctx->{realm}, DNSNAME => $ctx->{dnsname}, SAMSID => $ctx->{samsid}, -- 2.43.0 From 5b5317ab01cc8f8ee1a069f91f5cbef9085d8b2a Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 10 Jan 2024 15:03:49 +0100 Subject: [PATCH 02/16] net: remove a newline BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 340753a2554ce9a842a6c90d684fb0510def81a1) --- source3/utils/net_rpc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 1405f773838e..6973d73fb835 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6555,7 +6555,6 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, TALLOC_CTX *mem_ctx; NTSTATUS nt_status, result; struct dom_sid *domain_sid; - char* domain_name; char* acct_name; fstring pdc_name; -- 2.43.0 From 1f73de0fa56a2b22663eec05bd119e9d3f779329 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 10 Jan 2024 15:06:14 +0100 Subject: [PATCH 03/16] net: fix credentials in trustdom establish This was broken by ea071d278a614f17b5417d3ff98e1b8d1fd8970d. I guess the whole opt_user_specified dance should be ripped out, but that's a fix for another day. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 15c07723765c6863a0ada9dfbaaa204604500907) --- source3/utils/net_rpc.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 6973d73fb835..b16123c49476 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6557,6 +6557,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, struct dom_sid *domain_sid; char* domain_name; char* acct_name; + const char *pwd = NULL; fstring pdc_name; union lsa_PolicyInformation *info = NULL; struct dcerpc_binding_handle *b; @@ -6587,6 +6588,7 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, SAFE_FREE(acct_name); return -1; } + cli_credentials_set_username(c->creds, acct_name, CRED_SPECIFIED); /* * opt_workgroup will be used by connection functions further, @@ -6596,9 +6598,6 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, c->opt_workgroup = smb_xstrdup(domain_name); }; - c->opt_user_name = acct_name; - c->opt_user_specified = true; - /* find the domain controller */ if (!net_find_pdc(&server_ss, pdc_name, domain_name)) { DEBUG(0, ("Couldn't find domain controller for domain %s\n", domain_name)); @@ -6704,7 +6703,9 @@ static int rpc_trustdom_establish(struct net_context *c, int argc, * Store the password in secrets db */ - if (!pdb_set_trusteddom_pw(domain_name, c->opt_password, domain_sid)) { + pwd = cli_credentials_get_password(c->creds); + + if (!pdb_set_trusteddom_pw(domain_name, pwd, domain_sid)) { DEBUG(0, ("Storing password for trusted domain failed.\n")); cli_shutdown(cli); talloc_destroy(mem_ctx); -- 2.43.0 From 3c7c24974a55544ca0d6ee1adcfa0f087574f8a3 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 13 Jan 2024 08:51:48 +0100 Subject: [PATCH 04/16] net: support NT4 trusts in "net rpc trust create" BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 449a968d3d18633e05db7d00ab76c7a52b04a54c) --- source3/utils/net_rpc_trust.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c index 9cfce005e560..1d77c7500403 100644 --- a/source3/utils/net_rpc_trust.c +++ b/source3/utils/net_rpc_trust.c @@ -116,6 +116,18 @@ static NTSTATUS create_trust(TALLOC_CTX *mem_ctx, struct lsa_CreateTrustedDomainEx2 r; struct lsa_TrustDomainInfoInfoEx trustinfo; struct policy_handle trustdom_handle; + bool is_nt4 = trust_name_dns == NULL; + + if (!is_nt4) { + fprintf(stdout, "Creating AD trust\n"); + trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL; + trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE; + } else { + fprintf(stdout, "Creating NT4 trust\n"); + trustinfo.trust_type = LSA_TRUST_TYPE_DOWNLEVEL; + trustinfo.trust_attributes = 0; + trust_name_dns = trust_name; + } trustinfo.sid = domsid; trustinfo.netbios_name.string = trust_name; @@ -124,10 +136,6 @@ static NTSTATUS create_trust(TALLOC_CTX *mem_ctx, trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND | LSA_TRUST_DIRECTION_OUTBOUND; - trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL; - - trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE; - r.in.policy_handle = pol_hnd; r.in.info = &trustinfo; r.in.auth_info_internal = authinfo; @@ -404,7 +412,7 @@ static void print_trust_usage(void) "\totheruser=Admin user in other domain\n" "\totherdomainsid=SID of other domain\n" "\tother_netbios_domain=NetBIOS/short name of other domain\n" - "\totherdomain=Full/DNS name of other domain\n" + "\totherdomain=Full/DNS name of other domain (if not used, create an NT4 trust)\n" "\ttrustpw=Trust password\n" "\nExamples:\n" "\tnet rpc trust create otherserver=oname otheruser=ouser -S lname -U luser\n" @@ -484,10 +492,14 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc, dom_data[1].domain_name = other_dom_data->domain_name; dom_data[1].dns_domain_name = other_dom_data->dns_domain_name; + if (dom_data[1].dns_domain_name == NULL) { + fprintf(stdout, "No DNS domain name passed, " + "assuming NT4 trust!\n"); + } + if (dom_data[1].domsid == NULL || (op == TRUST_CREATE && - (dom_data[1].domain_name == NULL || - dom_data[1].dns_domain_name == NULL))) { + (dom_data[1].domain_name == NULL))) { DEBUG(0, ("Missing required argument.\n")); usage(); goto done; -- 2.43.0 From b7b4d65fac355c1c4f176680a1f709c39629135e Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sun, 14 Jan 2024 08:34:17 +0100 Subject: [PATCH 05/16] net: create creds for other domain BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 9b2920fd367d26cfbf6f6f442a5c01fae4734abd) --- source3/utils/net_rpc_trust.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source3/utils/net_rpc_trust.c b/source3/utils/net_rpc_trust.c index 1d77c7500403..2a8e9875df1f 100644 --- a/source3/utils/net_rpc_trust.c +++ b/source3/utils/net_rpc_trust.c @@ -484,8 +484,10 @@ static int rpc_trust_common(struct net_context *net_ctx, int argc, } other_net_ctx->opt_host = other_dom_data->host; - other_net_ctx->opt_user_name = other_dom_data->user_name; - other_net_ctx->opt_user_specified = true; + other_net_ctx->creds = cli_credentials_init(other_net_ctx); + cli_credentials_parse_string(other_net_ctx->creds, + other_dom_data->user_name, + CRED_SPECIFIED); } else { dom_data[1].domsid = dom_sid_parse_talloc(mem_ctx, other_dom_data->domain_sid_str); -- 2.43.0 From 4b724aa989b2c27097816761d1b4d03746a14f02 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Tue, 16 Jan 2024 15:36:01 +0100 Subject: [PATCH 06/16] winbindd: also apply schannel logic as an NT4 DC This applies the same logic we already added in 06601b3a9293db35feda1b033fa864dc1a764164 for AD DCs wrt to IPC authentication when running as an NT4 DC in cm_prepare_connection(). Similarily adjust the check in cm_connect_lsa() added in 3e17a3b7cd4083299037ba9377931bea792b2d18 and in cm_connect_netlogon_transport() added by 532a14dc684e7a6d8c584d5671a4ebbad00aa4fc for cm_connect_netlogon_transport(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 95bb2acbf066049f92c16836a2cdaea3aae829cc) --- source3/winbindd/winbindd_cm.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 0d0d4d416013..65b48fa462aa 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -701,7 +701,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, enum smb_signing_setting smb_sign_client_connections = lp_client_ipc_signing(); - if (IS_AD_DC) { + if (IS_DC) { if (domain->secure_channel_type == SEC_CHAN_NULL) { /* * Make sure we don't even try to @@ -805,7 +805,7 @@ static NTSTATUS cm_prepare_connection(struct winbindd_domain *domain, try_ipc_auth = true; } - if (IS_AD_DC) { + if (IS_DC) { /* * As AD DC we only use netlogon and lsa * using schannel over an anonymous transport @@ -2863,7 +2863,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, TALLOC_FREE(conn->lsa_pipe); - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -2989,7 +2989,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, goto done; } - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -3003,7 +3003,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, anonymous: - if (IS_AD_DC) { + if (IS_DC) { /* * Make sure we only use schannel as AD DC. */ @@ -3122,7 +3122,7 @@ static NTSTATUS cm_connect_netlogon_transport(struct winbindd_domain *domain, *cli = NULL; - if (IS_AD_DC) { + if (IS_DC) { if (domain->secure_channel_type == SEC_CHAN_NULL) { /* * Make sure we don't even try to -- 2.43.0 From 6b8c5f98140430ff84e8420e07d06fc4f031f5d8 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 18 Jan 2024 15:38:10 +0100 Subject: [PATCH 07/16] winbindd: make add_trusted_domains_dc() public BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 60ac5b03ef15de73744e0f86507849fb4b55d96f) --- source3/winbindd/winbindd_proto.h | 1 + source3/winbindd/winbindd_util.c | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index bfa114c32916..082493680e89 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -353,6 +353,7 @@ void winbindd_msg_reload_services_parent(struct messaging_context *msg, NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself, const char *logfilename); struct winbindd_domain *wb_child_domain(void); +bool add_trusted_domains_dc(void); /* The following definitions come from winbindd/winbindd_group.c */ bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr, diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index b4c53ba971c5..7f02081a41c8 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -47,8 +47,6 @@ * Winbind daemon for NT domain authentication nss module. **/ -static bool add_trusted_domains_dc(void); - /* The list of trusted domains. Note that the list can be deleted and recreated using the init_domain_list() function so pointers to individual winbindd_domain structures cannot be made. Keep a copy of @@ -853,7 +851,7 @@ static bool migrate_secrets_tdb_to_ldb(struct winbindd_domain *domain) return true; } -static bool add_trusted_domains_dc(void) +bool add_trusted_domains_dc(void) { struct winbindd_domain *domain = NULL; struct pdb_trusted_domain **domains = NULL; -- 2.43.0 From 221ba1be4877aec397a831d3c010f856d248ed4c Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 18 Jan 2024 15:38:45 +0100 Subject: [PATCH 08/16] winbindd: call add_trusted_domains_dc() in smbcontrol reload-config handler This allows reloading trust info on an NT4 DC without restarting winbindd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (backported from commit 9d933abd9e578de74bd4c5a8bcfcf6924262a8e2) [slow@samba.org: changed context] --- source3/winbindd/winbindd_dual.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index d053977033f7..40339a9ba7b2 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -944,6 +944,7 @@ void winbindd_msg_reload_services_parent(struct messaging_context *msg, .msg_type = msg_type, .data = data, }; + bool ok; DBG_DEBUG("Got reload-config message\n"); @@ -952,6 +953,11 @@ void winbindd_msg_reload_services_parent(struct messaging_context *msg, winbindd_reload_services_file((const char *)private_data); + ok = add_trusted_domains_dc(); + if (!ok) { + DBG_ERR("add_trusted_domains_dc() failed\n"); + } + forall_children(winbind_msg_relay_fn, &state); } -- 2.43.0 From 9c6e32d4f802b5778a7d76551e0561544b6db671 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 10 Jan 2024 18:13:46 +0100 Subject: [PATCH 09/16] selftest: fix domain name of nt4_dc_smb1 environment It had the same workgroup as the nt4_dc environment: $ grep workgroup st/nt4_dc/lib/server.conf st/nt4_dc_smb1/lib/server.conf st/nt4_dc/lib/server.conf: workgroup = SAMBA-TEST st/nt4_dc_smb1/lib/server.conf: workgroup = SAMBA-TEST BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit d0cdc81aa99031b0c067c7f8cf2ec0dc99d57da5) --- selftest/target/Samba3.pm | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d9afcb139837..dec6ba7b7f73 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -262,7 +262,7 @@ sub check_env($$) sub setup_nt4_dc { - my ($self, $path, $more_conf, $server) = @_; + my ($self, $path, $more_conf, $domain, $server) = @_; print "PROVISIONING NT4 DC..."; @@ -312,12 +312,15 @@ sub setup_nt4_dc if (defined($more_conf)) { $nt4_dc_options = $nt4_dc_options . $more_conf; } + if (!defined($domain)) { + $domain = "SAMBA-TEST"; + } if (!defined($server)) { $server = "LOCALNT4DC2"; } my $vars = $self->provision( prefix => $path, - domain => "SAMBA-TEST", + domain => $domain, server => $server, password => "localntdc2pass", extra_options => $nt4_dc_options); @@ -352,7 +355,7 @@ sub setup_nt4_dc_smb1 client min protocol = CORE server min protocol = LANMAN1 "; - return $self->setup_nt4_dc($path, $conf, "LCLNT4DC2SMB1"); + return $self->setup_nt4_dc($path, $conf, "NT4SMB1", "LCLNT4DC2SMB1"); } sub setup_nt4_dc_smb1_done -- 2.43.0 From 7283bf81d4a1b3fcd8077ba14b7b076a73b3d59d Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 11 Jan 2024 12:02:43 +0100 Subject: [PATCH 10/16] selftest: do early exit in setup_fl2008r2dc() if provision_fl2008r2dc() fails No change in behaviour. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 5420af6942307e045be1317edc323ee3ff9f379b) --- selftest/target/Samba4.pm | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 11974e454fe8..52d2b56b43ed 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2563,22 +2563,22 @@ sub setup_fl2008r2dc my $env = $self->provision_fl2008r2dc($path); - if (defined $env) { - if (not defined($self->check_or_start($env, "standard"))) { - return undef; - } + if (!defined $env) { + return $env; + } - my $upn_array = ["$env->{REALM}.upn"]; - my $spn_array = ["$env->{REALM}.spn"]; + if (not defined($self->check_or_start($env, "standard"))) { + return undef; + } - if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { - return undef; - } + my $upn_array = ["$env->{REALM}.upn"]; + my $spn_array = ["$env->{REALM}.spn"]; - $env = $self->setup_trust($env, $dc_vars, "forest", ""); + if ($self->setup_namespaces($env, $upn_array, $spn_array) != 0) { + return undef; } - return $env; + return $self->setup_trust($env, $dc_vars, "forest", ""); } sub setup_vampire_dc -- 2.43.0 From f379cfb316708cf0cd07265a54d2aee0d991ff0e Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 18 Jan 2024 16:04:34 +0100 Subject: [PATCH 11/16] selftest: rename a variable in setup_fl2008r2dc() Prepares for adding another variable with a similar name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 9725aa932e24622566baf208586d1fe03885da9f) --- selftest/target/Samba4.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 52d2b56b43ed..07409bf8173a 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2559,7 +2559,7 @@ sub setup_fl2003dc sub setup_fl2008r2dc { - my ($self, $path, $dc_vars) = @_; + my ($self, $path, $ad_dc_vars) = @_; my $env = $self->provision_fl2008r2dc($path); @@ -2578,7 +2578,7 @@ sub setup_fl2008r2dc return undef; } - return $self->setup_trust($env, $dc_vars, "forest", ""); + return $self->setup_trust($env, $ad_dc_vars, "forest", ""); } sub setup_vampire_dc -- 2.43.0 From 66952c32ce8db1fe63fded900ebe01bf58c7e7cb Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 13 Jan 2024 08:48:54 +0100 Subject: [PATCH 12/16] selftest: create trust between fl2008r2dc and nt4_dc BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 645a725603ca03f27c1347b1e2ed9fea94a6319d) --- selftest/target/Samba.pm | 7 +++++ selftest/target/Samba4.pm | 57 ++++++++++++++++++++++++++++++++++++--- 2 files changed, 61 insertions(+), 3 deletions(-) diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index 057b43b38ee4..5b07981e8d0c 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -913,6 +913,13 @@ my @exported_envvars = ( "TRUST_E_BOTH_DOMAIN", "TRUST_E_BOTH_REALM", + # stuff related to a trusted NT4 domain, + # used for one-way trust fl2008r2dc <- nt4_dc + "NT4_TRUST_SERVER", + "NT4_TRUST_SERVER_IP", + "NT4_TRUST_DOMAIN", + "NT4_TRUST_DOMSID", + # domain controller stuff "DC_SERVER", "DC_SERVER_IP", diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index 07409bf8173a..411d5828215b 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -2355,7 +2355,7 @@ sub check_env($$) ad_dc_no_nss => ["dns_hub"], ad_dc_no_ntlm => ["dns_hub"], - fl2008r2dc => ["ad_dc"], + fl2008r2dc => ["ad_dc", "nt4_dc"], fl2003dc => ["ad_dc"], fl2000dc => ["ad_dc"], @@ -2559,7 +2559,7 @@ sub setup_fl2003dc sub setup_fl2008r2dc { - my ($self, $path, $ad_dc_vars) = @_; + my ($self, $path, $ad_dc_vars, $nt4_dc_vars) = @_; my $env = $self->provision_fl2008r2dc($path); @@ -2578,7 +2578,58 @@ sub setup_fl2008r2dc return undef; } - return $self->setup_trust($env, $ad_dc_vars, "forest", ""); + $env = $self->setup_trust($env, $ad_dc_vars, "forest", ""); + if (!defined $env) { + return undef; + } + + my $net = Samba::bindir_path($self, "net"); + my $smbcontrol = Samba::bindir_path($self, "smbcontrol"); + + my $trustpw = "TrUsTpW"; + $trustpw .= "$env->{SOCKET_WRAPPER_DEFAULT_IFACE}"; + $trustpw .= "$nt4_dc_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}"; + + my $cmd = ""; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$env->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$env->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net rpc trust create "; + $cmd .= "otherdomainsid=$nt4_dc_vars->{SAMSID} "; + $cmd .= "otherdomain=$nt4_dc_vars->{DOMAIN} "; + $cmd .= "other_netbios_domain=$nt4_dc_vars->{DOMAIN} "; + $cmd .= "trustpw=$trustpw "; + $cmd .= "$env->{CONFIGURATION} "; + $cmd .= "-U $env->{DOMAIN}/$env->{USERNAME}\%$env->{PASSWORD} "; + + if (system($cmd) != 0) { + warn("net rpc trust create failed\n$cmd"); + return undef; + } + + $cmd = ""; + $cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$nt4_dc_vars->{SOCKET_WRAPPER_DEFAULT_IFACE}\" "; + $cmd .= "SELFTEST_WINBINDD_SOCKET_DIR=\"$nt4_dc_vars->{SELFTEST_WINBINDD_SOCKET_DIR}\" "; + $cmd .= "$net rpc trustdom establish $env->{DOMAIN} -U/%$trustpw $nt4_dc_vars->{CONFIGURATION}"; + + if (system($cmd) != 0) { + warn("add failed\n$cmd"); + return undef; + } + + # Reload trusts + $cmd = "$smbcontrol winbindd reload-config $nt4_dc_vars->{CONFIGURATION}"; + + if (system($cmd) != 0) { + warn("add failed\n$cmd"); + return undef; + } + + $env->{NT4_TRUST_SERVER} = $nt4_dc_vars->{SERVER}; + $env->{NT4_TRUST_SERVER_IP} = $nt4_dc_vars->{SERVER_IP}; + $env->{NT4_TRUST_DOMAIN} = $nt4_dc_vars->{DOMAIN}; + $env->{NT4_TRUST_DOMSID} = $nt4_dc_vars->{DOMSID}; + + return $env; } sub setup_vampire_dc -- 2.43.0 From bd5609187f513cd486ca720311ae0fed66ce4d94 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Wed, 10 Jan 2024 14:50:05 +0100 Subject: [PATCH 13/16] selftest: add a test for NT4 trusts BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (backported from commit 3a95e135472a495a90637e5dc0f9e3c8de052ff9) [slow@samba.org: changed context] --- source3/script/tests/test_nt4_trust.sh | 31 ++++++++++++++++++++++++++ source3/selftest/tests.py | 4 ++++ 2 files changed, 35 insertions(+) create mode 100755 source3/script/tests/test_nt4_trust.sh diff --git a/source3/script/tests/test_nt4_trust.sh b/source3/script/tests/test_nt4_trust.sh new file mode 100755 index 000000000000..b3d6ca60dc75 --- /dev/null +++ b/source3/script/tests/test_nt4_trust.sh @@ -0,0 +1,31 @@ +#!/bin/sh + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh +. $incdir/common_test_fns.inc + +failed=0 + +wbinfo="$BINDIR/wbinfo" +smbclient="$BINDIR/smbclient" + +test_trust_wbinfo_m() { + i=0 + # Give the server some time to list trusted domains + while [ $i -lt 10 ] ; do + $wbinfo -m | grep SAMBA-TEST && return 0 + sleep 2 + i=$((i + 1)) + done + return 1 +} + +test_trust_smbclient() { + $smbclient //$NT4_TRUST_SERVER_IP/tmp -U "$DOMAIN/$DOMAIN_USER%$DOMAIN_USER_PASSWORD" -c quit || return 1 + return 0 +} + +testit "nt4trust_wbinfo_m" test_trust_wbinfo_m || failed=$(expr $failed + 1) +testit "nt4trust_smbclient" test_trust_smbclient || failed=$(expr $failed + 1) + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 72828c73f143..656f6ea7da10 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1798,6 +1798,10 @@ plantestsuite("samba3.blackbox.force-user-unlink", [os.path.join(samba3srcdir, "script/tests/test_force_user_unlink.sh")]) +plantestsuite("samba3.blackbox.nt4_trusts", + "fl2008r2dc", + [os.path.join(samba3srcdir, "script/tests/test_nt4_trust.sh")]) + def planclusteredmembertestsuite(tname, prefix): '''Define a clustered test for the clusteredmember environment''' -- 2.43.0 From def90d39ae0973c6e8ee0f0e738547cbae7c46a4 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 18 Jan 2024 19:12:34 +0100 Subject: [PATCH 14/16] s4/rpc_server: return NULL dns_name for NT4 trusts That's what Windows returns for an NT4 trust: array: struct netr_DomainTrust netbios_name : * netbios_name : 'NT4TRUST' dns_name : NULL trust_flags : 0x00000020 (32) 0: NETR_TRUST_FLAG_IN_FOREST 0: NETR_TRUST_FLAG_OUTBOUND 0: NETR_TRUST_FLAG_TREEROOT 0: NETR_TRUST_FLAG_PRIMARY 0: NETR_TRUST_FLAG_NATIVE 1: NETR_TRUST_FLAG_INBOUND 0: NETR_TRUST_FLAG_MIT_KRB5 0: NETR_TRUST_FLAG_AES parent_index : 0x00000000 (0) trust_type : LSA_TRUST_TYPE_DOWNLEVEL (1) trust_attributes : 0x00000000 (0) 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION 0: LSA_TRUST_ATTRIBUTE_PIM_TRUST 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION sid : * sid : S-1-5-21-4267984555-3675415144-1682400025 guid : 00000000-0000-0000-0000-000000000000 Even though when creating the trust the DNS name must not be NULL and the trustPartner and name attributes are set to the flatName in the trustedDomain object: dn: CN=NT4TRUST,CN=System,DC=wdom2,DC=site objectClass: top objectClass: leaf objectClass: trustedDomain cn: NT4TRUST distinguishedName: CN=NT4TRUST,CN=System,DC=wdom2,DC=site instanceType: 4 whenCreated: 20240118175040.0Z whenChanged: 20240118175040.0Z uSNCreated: 4939915 uSNChanged: 4939916 showInAdvancedViewOnly: TRUE name: NT4TRUST objectGUID: c2273b74-19ff-4f5a-b528-9e5ae21960dd securityIdentifier: S-1-5-21-4267984555-3675415144-1682400025 trustDirection: 1 trustPartner: NT4TRUST trustPosixOffset: 0 trustType: 1 trustAttributes: 0 flatName: NT4TRUST objectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=wdom2,DC=site isCriticalSystemObject: TRUE dSCorePropagationData: 16010101000000.0Z BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 53ca19851dbfc3cab7345424c029a7c90745e24a) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 3f312f1549f2..04fcbf0ff9ee 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -3952,8 +3952,6 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, ldb_dn_get_linearized(dom_res[i]->dn))); } - trusts->array[n].dns_name = talloc_steal(trusts->array, ldb_msg_find_attr_as_string(dom_res[i], "trustPartner", NULL)); - trusts->array[n].trust_flags = flags; if ((trust_flags & NETR_TRUST_FLAG_IN_FOREST) && !(flags & NETR_TRUST_FLAG_TREEROOT)) { @@ -3968,6 +3966,16 @@ static WERROR fill_trusted_domains_array(TALLOC_CTX *mem_ctx, ldb_msg_find_attr_as_uint(dom_res[i], "trustAttributes", 0); + if (trusts->array[n].trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { + trusts->array[n].dns_name = talloc_steal( + trusts->array, + ldb_msg_find_attr_as_string(dom_res[i], + "trustPartner", + NULL)); + } else { + trusts->array[n].dns_name = NULL; + } + if ((trusts->array[n].trust_type == LSA_TRUST_TYPE_MIT) || (trusts->array[n].trust_type == LSA_TRUST_TYPE_DCE)) { struct dom_sid zero_sid; -- 2.43.0 From e148da5007c40130c3572a5f0f50baa2d7aca551 Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Thu, 18 Jan 2024 17:42:33 +0100 Subject: [PATCH 15/16] selftest: test listing trusted domains that includes an NT4 domain BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 000bbede59e4ca78427fa57b56fa251d4d779adb) --- .../samba3.blackbox.list_nt4_trusts | 1 + selftest/target/Samba3.pm | 1 + source3/script/tests/test_list_nt4_trust.sh | 25 +++++++++++++++++++ source3/selftest/tests.py | 4 +++ 4 files changed, 31 insertions(+) create mode 100644 selftest/knownfail.d/samba3.blackbox.list_nt4_trusts create mode 100755 source3/script/tests/test_list_nt4_trust.sh diff --git a/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts b/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts new file mode 100644 index 000000000000..546e087b250d --- /dev/null +++ b/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts @@ -0,0 +1 @@ +^samba3.blackbox.list_nt4_trusts.nt4trust_wbinfo_m\(ad_member_idmap_ad\) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index dec6ba7b7f73..e1eceb5bcf74 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1413,6 +1413,7 @@ sub setup_ad_member_idmap_ad idmap config $dcvars->{TRUST_DOMAIN} : backend = ad idmap config $dcvars->{TRUST_DOMAIN} : range = 2000000-2999999 gensec_gssapi:requested_life_time = 5 + winbind scan trusted domains = yes "; my $ret = $self->provision( diff --git a/source3/script/tests/test_list_nt4_trust.sh b/source3/script/tests/test_list_nt4_trust.sh new file mode 100755 index 000000000000..03ee7fc7063a --- /dev/null +++ b/source3/script/tests/test_list_nt4_trust.sh @@ -0,0 +1,25 @@ +#!/bin/sh + +incdir=$(dirname $0)/../../../testprogs/blackbox +. $incdir/subunit.sh +. $incdir/common_test_fns.inc + +failed=0 + +wbinfo="$BINDIR/wbinfo" +smbclient="$BINDIR/smbclient" + +test_trust_wbinfo_m() { + i=0 + # Give the server some time to list trusted domains + while [ $i -lt 10 ] ; do + $wbinfo -m --verbose | grep "SAMBA-TEST" && return 0 + sleep 2 + i=$((i + 1)) + done + return 1 +} + +testit "nt4trust_wbinfo_m" test_trust_wbinfo_m || failed=$(expr $failed + 1) + +testok $0 $failed diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 656f6ea7da10..476d881f6a85 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -1802,6 +1802,10 @@ plantestsuite("samba3.blackbox.nt4_trusts", "fl2008r2dc", [os.path.join(samba3srcdir, "script/tests/test_nt4_trust.sh")]) +plantestsuite("samba3.blackbox.list_nt4_trusts", + "ad_member_idmap_ad", + [os.path.join(samba3srcdir, "script/tests/test_list_nt4_trust.sh")]) + def planclusteredmembertestsuite(tname, prefix): '''Define a clustered test for the clusteredmember environment''' -- 2.43.0 From e2df2f4763fb610bcd95f306b175b823561f8c2e Mon Sep 17 00:00:00 2001 From: Ralph Boehme Date: Sat, 13 Jan 2024 11:40:55 +0100 Subject: [PATCH 16/16] winbindd: fix listing trusted domains with NT trusts Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name) returns NULL, which causes _wbint_ListTrustedDomains to return NT_STATUS_NO_MEMORY. To make things worse, at that point the new struct netr_DomainTrust is not yet initialized correctly and the "out->count = n + 1" already increased the array counter at the start of the loop without initializing it. Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can crash when accesssing the ununitialized values: 2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: =============================================================== 2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD) 2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting 2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: =============================================================== 2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames: 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5] 92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b] 2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045] 2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd] Deferring assignment of r->out.domains->array and r->out.domains->count to the end of the function ensures we don't return inconsistent state in case of an error. Also, r->out.domains is already set by the NDR layer, no need to create and assign a struct netr_DomainTrustList object. Using talloc_move() ensures we don't leave dangling pointers. Better to crash reliably on accessing NULL, then accessing some unknown memory via a wild pointer. As talloc_move() can't fail, there's no need to check the return value. And using a struct initializer ensures all members are properly initialized. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224 (cherry picked from commit 201edcb5c6138488959e54e7df88007d010f1cfb) --- .../samba3.blackbox.list_nt4_trusts | 1 - source3/winbindd/winbindd_dual_srv.c | 58 ++++++++----------- 2 files changed, 25 insertions(+), 34 deletions(-) delete mode 100644 selftest/knownfail.d/samba3.blackbox.list_nt4_trusts diff --git a/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts b/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts deleted file mode 100644 index 546e087b250d..000000000000 --- a/selftest/knownfail.d/samba3.blackbox.list_nt4_trusts +++ /dev/null @@ -1 +0,0 @@ -^samba3.blackbox.list_nt4_trusts.nt4trust_wbinfo_m\(ad_member_idmap_ad\) diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c index aaa78a9cb6e6..d80886e127d8 100644 --- a/source3/winbindd/winbindd_dual_srv.c +++ b/source3/winbindd/winbindd_dual_srv.c @@ -2011,10 +2011,11 @@ NTSTATUS _wbint_ListTrustedDomains(struct pipes_struct *p, struct wbint_ListTrustedDomains *r) { struct winbindd_domain *domain = wb_child_domain(); - uint32_t i, n; + uint32_t i; NTSTATUS result; struct netr_DomainTrustList trusts; - struct netr_DomainTrustList *out = NULL; + uint32_t count = 0; + struct netr_DomainTrust *array = NULL; pid_t client_pid; if (domain == NULL) { @@ -2038,53 +2039,44 @@ NTSTATUS _wbint_ListTrustedDomains(struct pipes_struct *p, return result; } - out = talloc_zero(p->mem_ctx, struct netr_DomainTrustList); - if (out == NULL) { - return NT_STATUS_NO_MEMORY; - } - - r->out.domains = out; - for (i=0; isid == NULL) { continue; } - if (dom_sid_equal(trusts.array[i].sid, &global_sid_NULL)) { + if (dom_sid_equal(st->sid, &global_sid_NULL)) { continue; } - n = out->count; - out->array = talloc_realloc(out, out->array, - struct netr_DomainTrust, - n + 1); - if (out->array == NULL) { + array = talloc_realloc(r->out.domains, array, + struct netr_DomainTrust, + count + 1); + if (array == NULL) { return NT_STATUS_NO_MEMORY; } - out->count = n + 1; - out->array[n].netbios_name = talloc_steal( - out->array, trusts.array[i].netbios_name); - if (out->array[n].netbios_name == NULL) { - return NT_STATUS_NO_MEMORY; - } + dt = &array[count]; - out->array[n].dns_name = talloc_steal( - out->array, trusts.array[i].dns_name); - if (out->array[n].dns_name == NULL) { - return NT_STATUS_NO_MEMORY; - } + *dt = (struct netr_DomainTrust) { + .trust_flags = st->trust_flags, + .trust_type = st->trust_type, + .trust_attributes = st->trust_attributes, + .netbios_name = talloc_move(array, &st->netbios_name), + .dns_name = talloc_move(array, &st->dns_name), + }; - out->array[n].sid = dom_sid_dup(out->array, - trusts.array[i].sid); - if (out->array[n].sid == NULL) { + dt->sid = dom_sid_dup(array, st->sid); + if (dt->sid == NULL) { return NT_STATUS_NO_MEMORY; } - out->array[n].trust_flags = trusts.array[i].trust_flags; - out->array[n].trust_type = trusts.array[i].trust_type; - out->array[n].trust_attributes = trusts.array[i].trust_attributes; + count++; } + r->out.domains->array = array; + r->out.domains->count = count; return NT_STATUS_OK; } -- 2.43.0