[Patches] The way to remove gensec_update_ev()

Andrew Bartlett abartlet at samba.org
Mon May 29 01:38:50 UTC 2017


On Wed, 2017-05-17 at 14:43 +0200, Stefan Metzmacher via samba-
technical wrote:
> Hi,
> 
> here's the next chunk on top.
> 
> Both are combined the following branch:
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/
> master3-gensec-ok
> 
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/
> master3-gensec-tmp
> contains the change for the LDAP server, which also pass a private
> autobuild, but it needs some more tests to be written.
> 
> While
> https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/
> master3-gensec
> contains the unfinished parts:
> - source4/libcli/smb_composite/sesssetup.c
> - source4/lib/http/http_auth.c
> - auth/gensec/spnego.c
> 
> While auth/gensec/spnego.c is the most difficult and time consuming
> part.

I'm sorry to say, but there is a regression in 
65655f24842b864f32136c7ffed446223d416512 

s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>

I've got an AD domain that times out due to a trust that is down, and
on that domain it changes from:

Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.252.190[6009,seal,target_hostname=WIN2012R2-7.ad-
2....co.nz,abstract_syntax=e3514235-4b06-11d1-ab04-
00c04fc2dcd2/0x00000004,localaddress=192.168.252.1]
NT_STATUS_IO_TIMEOUT
Join failed - cleaning up
Could not find machine account in secrets database: Failed to fetch
machine account password for AD-2 from both secrets.ldb (Could not find
entry to match filter: '(&(flatname=AD-2)(objectclass=primaryDomain))'
base: 'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4576) and from
/data/samba/samba4/prefix/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RUTH,OU=Domain Controllers,DC=ad-2,....,DC=co,DC=nz
Deleted CN=RUTH,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=ad-2,.....,DC=co,DC=nz
ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout}
The specified I/O operation on %hs was not completed before the time-
out period expired.')
  File "bin/python/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/domain.py", line 677, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
  File "bin/python/samba/join.py", line 1275, in join_DC
    ctx.do_join()
  File "bin/python/samba/join.py", line 1181, in do_join
    ctx.join_add_objects()
  File "bin/python/samba/join.py", line 618, in join_add_objects
    ctx.join_add_ntdsdsa()
  File "bin/python/samba/join.py", line 549, in join_add_ntdsdsa
    ctx.DsAddEntry([rec])
  File "bin/python/samba/join.py", line 444, in DsAddEntry
    ctx.drsuapi_connect()
  File "bin/python/samba/join.py", line 422, in drsuapi_connect
    ctx.drsuapi = drsuapi.drsuapi(binding_string, ctx.lp, ctx.creds)

to SIGABRT with:

==15975== Invalid read of size 8
==15975==    at 0xCAEB4E9: gensec_update_cleanup (gensec.c:471)
==15975==    by 0x70F7F7F: tevent_req_cleanup (tevent_req.c:139)
==15975==    by 0x70F8263: tevent_req_received (tevent_req.c:253)
==15975==    by 0x70F7EB9: tevent_req_destructor (tevent_req.c:107)
==15975==    by 0x69578BD: _tc_free_internal (talloc.c:1078)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6957D5A: _talloc_free_internal (talloc.c:1174)
==15975==    by 0x6959022: _talloc_free (talloc.c:1716)
==15975==    by 0xA036CC7: dcerpc_pipe_connect_b_recv
(dcerpc_connect.c:1116)
==15975==    by 0xA036F78: continue_pipe_connect_b
(dcerpc_connect.c:1207)
==15975==    by 0xD6EF182: composite_error (composite.c:114)
==15975==    by 0xA036928: dcerpc_connect_timeout_handler
(dcerpc_connect.c:1009)
==15975==    by 0x70FE311: tevent_common_loop_timer_delay
(tevent_timed.c:369)
==15975==    by 0x70FFE24: epoll_event_loop (tevent_epoll.c:659)
==15975==    by 0x7100699: epoll_event_loop_once (tevent_epoll.c:930)
==15975==    by 0x70FD395: std_event_loop_once (tevent_standard.c:114)
==15975==    by 0x70F61C5: _tevent_loop_once (tevent.c:721)
==15975==    by 0xD91760F: smb_krb5_send_and_recv_func_int
(krb5_init_context.c:342)
==15975==    by 0xD9179A5: smb_krb5_send_and_recv_func
(krb5_init_context.c:431)
==15975==    by 0xF353620: krb5_sendto (send_to_kdc.c:391)
==15975==    by 0xF353D50: krb5_sendto_context (send_to_kdc.c:626)
==15975==    by 0xF3365F7: krb5_init_creds_get (init_creds_pw.c:1959)
==15975==    by 0xF3368D0: krb5_get_init_creds_password
(init_creds_pw.c:2038)
==15975==  Address 0x5e516b0 is 224 bytes inside a block of size 232
free'd
==15975==    at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==15975==    by 0x6957CB6: _tc_free_internal (talloc.c:1148)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6958BF8: _tc_free_children_internal (talloc.c:1593)
==15975==    by 0x6957AEE: _tc_free_internal (talloc.c:1104)
==15975==    by 0x6957D5A: _talloc_free_internal (talloc.c:1174)
==15975==    by 0x6959022: _talloc_free (talloc.c:1716)
==15975==    by 0xA036CC7: dcerpc_pipe_connect_b_recv
(dcerpc_connect.c:1116)
==15975==    by 0xA036F78: continue_pipe_connect_b
(dcerpc_connect.c:1207)
==15975==    by 0xD6EF182: composite_error (composite.c:114)
==15975==    by 0xA036928: dcerpc_connect_timeout_handler
(dcerpc_connect.c:1009)
==15975==    by 0x70FE311: tevent_common_loop_timer_delay
(tevent_timed.c:369)
==15975==    by 0x70FFE24: epoll_event_loop (tevent_epoll.c:659)
==15975==    by 0x7100699: epoll_event_loop_once (tevent_epoll.c:930)
==15975==    by 0x70FD395: std_event_loop_once (tevent_standard.c:114)
==15975==    by 0x70F61C5: _tevent_loop_once (tevent.c:721)
==15975==    by 0xD91760F: smb_krb5_send_and_recv_func_int
(krb5_init_context.c:342)
==15975==    by 0xD9179A5: smb_krb5_send_and_recv_func
(krb5_init_context.c:431)
==15975==    by 0xF353620: krb5_sendto (send_to_kdc.c:391)
==15975==    by 0xF353D50: krb5_sendto_context (send_to_kdc.c:626)
==15975==    by 0xF3365F7: krb5_init_creds_get (init_creds_pw.c:1959)
==15975==    by 0xF3368D0: krb5_get_init_creds_password
(init_creds_pw.c:2038)
==15975==    by 0xEAA7153: smb_krb5_kinit_password_ccache
(krb5_samba.c:1890)
==15975==    by 0xA258B53: kinit_to_ccache (kerberos_util.c:351)
==15975==    by 0xA2545D4: cli_credentials_get_named_ccache
(credentials_krb5.c:558)
==15975==    by 0xA254691: cli_credentials_get_ccache
(credentials_krb5.c:581)
==15975==    by 0xA254B17: cli_credentials_get_client_gss_creds
(credentials_krb5.c:703)
==15975==    by 0xCAEF276: gensec_gssapi_client_creds
(gensec_gssapi.c:316)
==15975==    by 0xCAEFA50: gensec_gssapi_update_internal
(gensec_gssapi.c:463)
==15975==    by 0xCAF17DD: gensec_gssapi_update_send
(gensec_gssapi.c:1053)
==15975==    by 0xCAEB200: gensec_update_ev (gensec.c:353)
==15975==  Block was alloc'd at
==15975==    at 0x4C2BBAF: malloc (vg_replace_malloc.c:299)
==15975==    by 0x6956D20: __talloc_with_prefix (talloc.c:698)
==15975==    by 0x6956EB2: __talloc (talloc.c:739)
==15975==    by 0x69572C8: _talloc_named_const (talloc.c:896)
==15975==    by 0x695A69A: _talloc_zero (talloc.c:2341)
==15975==    by 0xCAECFCC: gensec_start (gensec_start.c:580)
==15975==    by 0xCAED36E: gensec_client_start (gensec_start.c:665)
==15975==    by 0xA02A06F: dcerpc_bind_auth_send (dcerpc_auth.c:339)
==15975==    by 0xA02D3C3: dcerpc_pipe_auth_send (dcerpc_util.c:698)
==15975==    by 0xA0367EC: continue_pipe_connect (dcerpc_connect.c:976)
==15975==    by 0xA0365CA: continue_pipe_connect_ncacn_ip_tcp
(dcerpc_connect.c:908)
==15975==    by 0xD6EF292: composite_done (composite.c:143)
==15975==    by 0xA03523F: continue_pipe_open_ncacn_ip_tcp
(dcerpc_connect.c:360)
==15975==    by 0xD6EF292: composite_done (composite.c:143)
==15975==    by 0xA02EEC7: continue_ip_open_socket (dcerpc_sock.c:273)
==15975==    by 0xD6EF292: composite_done (composite.c:143)
==15975==    by 0xA02E796: continue_socket_connect (dcerpc_sock.c:118)
==15975==    by 0xD6EF292: composite_done (composite.c:143)
==15975==    by 0xD6F1814: socket_connect_handler (connect.c:131)
==15975==    by 0x7100061: epoll_event_loop (tevent_epoll.c:728)
==15975==    by 0x7100699: epoll_event_loop_once (tevent_epoll.c:930)
==15975==    by 0x70FD395: std_event_loop_once (tevent_standard.c:114)
==15975==    by 0x70F61C5: _tevent_loop_once (tevent.c:721)
==15975==    by 0xD6EF020: composite_wait (composite.c:58)
==15975==    by 0xA036FE5: dcerpc_pipe_connect_recv
(dcerpc_connect.c:1226)
==15975==    by 0xA0370B5: dcerpc_pipe_connect (dcerpc_connect.c:1251)
==15975==    by 0x9A027E1: py_dcerpc_interface_init_helper
(pyrpc_util.c:217)
==15975==    by 0x20C4EF4A: interface_drsuapi_new (py_drsuapi.c:47159)
==15975==    by 0x1F5112: type_call.lto_priv.96 (typeobject.c:749)
==15975==    by 0x1EF672: PyObject_Call (abstract.c:2547)
==15975==    by 0x208E2E: do_call (ceval.c:4569)
==15975==    by 0x208E2E: call_function (ceval.c:4374)
==15975==    by 0x208E2E: PyEval_EvalFrameEx (ceval.c:2989)
==15975==    by 0x208C1E: fast_function (ceval.c:4437)
==15975==    by 0x208C1E: call_function (ceval.c:4372)
==15975==    by 0x208C1E: PyEval_EvalFrameEx (ceval.c:2989)
==15975== 


-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba







More information about the samba-technical mailing list