[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Sat Jan 20 14:24:02 UTC 2024


The branch, master has been updated
       via  201edcb5c61 winbindd: fix listing trusted domains with NT trusts
       via  000bbede59e selftest: test listing trusted domains that includes an NT4 domain
       via  53ca19851db s4/rpc_server: return NULL dns_name for NT4 trusts
       via  3a95e135472 selftest: add a test for NT4 trusts
       via  645a725603c selftest: create trust between fl2008r2dc and nt4_dc
       via  9725aa932e2 selftest: rename a variable in setup_fl2008r2dc()
       via  5420af69423 selftest: do early exit in setup_fl2008r2dc() if provision_fl2008r2dc() fails
       via  d0cdc81aa99 selftest: fix domain name of nt4_dc_smb1 environment
       via  9d933abd9e5 winbindd: call add_trusted_domains_dc() in smbcontrol reload-config handler
       via  60ac5b03ef1 winbindd: make add_trusted_domains_dc() public
       via  95bb2acbf06 winbindd: also apply schannel logic as an NT4 DC
       via  9b2920fd367 net: create creds for other domain
       via  449a968d3d1 net: support NT4 trusts in "net rpc trust create"
       via  15c07723765 net: fix credentials in trustdom establish
       via  340753a2554 net: remove a newline
      from  c82a267b2a1 s3:passdb: smbpasswd reset permissions only if not 0600

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 201edcb5c6138488959e54e7df88007d010f1cfb
Author: Ralph Boehme <slow at samba.org>
Date:   Sat Jan 13 11:40:55 2024 +0100

    winbindd: fix listing trusted domains with NT trusts
    
    Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
    which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
    returns NULL, which causes _wbint_ListTrustedDomains to return
    NT_STATUS_NO_MEMORY.
    
    To make things worse, at that point the new struct netr_DomainTrust is not yet
    initialized correctly and the "out->count = n + 1" already increased the array
    counter at the start of the loop without initializing it.
    
    Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
    crash when accesssing the ununitialized values:
    
    2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
    2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
    2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
    2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
    2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
    92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
    2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
    2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]
    
    Deferring assignment of r->out.domains->array and r->out.domains->count to the
    end of the function ensures we don't return inconsistent state in case of an
    error.
    
    Also, r->out.domains is already set by the NDR layer, no need to create and
    assign a struct netr_DomainTrustList object.
    
    Using talloc_move() ensures we don't leave dangling pointers. Better to crash
    reliably on accessing NULL, then accessing some unknown memory via a wild
    pointer. As talloc_move() can't fail, there's no need to check the return value.
    
    And using a struct initializer ensures all members are properly initialized.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224

commit 000bbede59e4ca78427fa57b56fa251d4d779adb
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jan 18 17:42:33 2024 +0100

    selftest: test listing trusted domains that includes an NT4 domain
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 53ca19851dbfc3cab7345424c029a7c90745e24a
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jan 18 19:12:34 2024 +0100

    s4/rpc_server: return NULL dns_name for NT4 trusts
    
    That's what Windows returns for an NT4 trust:
    
      array: struct netr_DomainTrust
          netbios_name             : *
              netbios_name             : 'NT4TRUST'
          dns_name                 : NULL
          trust_flags              : 0x00000020 (32)
                 0: NETR_TRUST_FLAG_IN_FOREST
                 0: NETR_TRUST_FLAG_OUTBOUND
                 0: NETR_TRUST_FLAG_TREEROOT
                 0: NETR_TRUST_FLAG_PRIMARY
                 0: NETR_TRUST_FLAG_NATIVE
                 1: NETR_TRUST_FLAG_INBOUND
                 0: NETR_TRUST_FLAG_MIT_KRB5
                 0: NETR_TRUST_FLAG_AES
          parent_index             : 0x00000000 (0)
          trust_type               : LSA_TRUST_TYPE_DOWNLEVEL (1)
          trust_attributes         : 0x00000000 (0)
                 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
                 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
                 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
                 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
                 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
                 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
                 0: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
                 0: LSA_TRUST_ATTR