Problem with AD membership in an AD with more the 100.000 group (possible regression in 4.12?)

Andrew Bartlett abartlet at samba.org
Tue May 18 03:15:15 UTC 2021 

On Mon, 2021-05-17 at 19:18 +0200, Dr. Hansjörg Maurer via samba-
technical wrote:
> Hi
> 
>   - sorry for the noise, did not find the "plain switch" for our
> mail 
> gateway -
> here the original mail (hopefully)
> samba 4.12.3 on CentOS-8
> I am  trying to run a wbinfo -g on an AD memberserver in an  AD with 
> more the 100.000 groups and it shows no output
> 
> The samba logs shows
>    list_groups XXX
> [2021/05/17 14:21:49.826967,  1]
> ../../librpc/ndr/ndr.c:632(_ndr_pull_error)
>    ndr_pull_array_size: ndr_pull_error(Range Error): More than 65535
> NDR 
> tokens stored for array_size at ../../librpc/ndr/ndr.c:1093
> 

Ouch.  This isn't good.

While of course you could locally patch to increase the limit, I'm
really not sure what to do here, because the way the NDR tokens are
handled, some of the behaviour is N^2, so large numbers are a really
bad idea.

Can you attach a debugger and break on that line?  (It might take some
trial/error to find the right process).  It would be helpful to know
exactly which structure can't be parsed.  If it is this one from
winbind.idl:
     NTSTATUS wbint_QueryGroupList(
	[out] wbint_Principals *groups
	);

Then we have more hope of being able to modify the structure to be less
resource-consuming.

I wonder if changing to a different string type would help.  Thankfully
this isn't a public protocol, so we can be flexible.

Try the attached patch.  It uses an encoding that stores the strings as
<num bytes><string> rather than <num bytes><pointer> .... <string>,
which needs these 'tokens' to get between the stages.

Andrew Bartlett
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba

Samba Development and Support, Catalyst IT - Expert Open Source
Solutions




-------------- next part --------------
A non-text attachment was scrubbed...
Name: less-unique-pointers-in-winbind.patch
Type: text/x-patch
Size: 1087 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20210518/6df5dc27/less-unique-pointers-in-winbind.bin>

More information about the samba-technical mailing list