samba - Nov 2001 - winbind trouble, maybe PDC too.

A quick preamble.  SAMBA 2.2.2, Redhat 6.2, Mandrake 8.1 Windows NT4.0sp6a
PDC

Here is an excerpt from my winbind log.

Sending a packet of len 50 to (192.168.1.255) on port 137
Received a packet of len 62 from (192.168.1.20) port 137
nmb packet from 192.168.1.20(137) header: id=5433 opcode=Query(0)
response=Yes
    header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
    header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
    answers: nmb_name=DOMAIN<1c> rr_type=32 rr_class=1 ttl=300000
    answers   0 char ......   hex E000C0A8000A
Got a positive name query response from 192.168.1.20 ( 192.168.1.20 )
bind succeeded on port 0
Sending a packet of len 50 to (192.168.1.20) on port 137
Sending a packet of len 50 to (192.168.1.20) on port 137
could not find any domain controllers for domain DOMAIN



NMAP shows ports 137,138 and 139 as being open on both my client machine and
my NTsp6a PDC.  smbpasswd -j DOMAIN -r PDC -U blahblah woked alright, it
said i joined the domain.  If in my smb.conf file that I have password
server = *, then nothing works and the log say DOMAIN PASSWORD SERVER NOT
FOUND.  password server = PDC works though.  It appears that my PDC is not
responding to requests from the my samba box.  Broadcast, LMHOSTS, and WINS
have all been tried.  Everytime my PDC's IP is resolved, followed by the
message of not being able to find any domain controllers.  Any clues out
there??

Thanks

Hans

On Tue, Nov 27, 2001 at 02:09:14PM -0800, Hans Rasmussen
wrote:
> A quick preamble.  SAMBA 2.2.2, Redhat 6.2, Mandrake 8.1 Windows NT4.0sp6a
> PDC
> 
> Here is an excerpt from my winbind log.
> 
> Sending a packet of len 50 to (192.168.1.255) on port 137
> Received a packet of len 62 from (192.168.1.20) port 137
> nmb packet from 192.168.1.20(137) header: id=5433 opcode=Query(0)
> response=Yes
>     header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
>     header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
>     answers: nmb_name=DOMAIN<1c> rr_type=32 rr_class=1 ttl=300000
>     answers   0 char ......   hex E000C0A8000A
> Got a positive name query response from 192.168.1.20 ( 192.168.1.20 )
> bind succeeded on port 0
> Sending a packet of len 50 to (192.168.1.20) on port 137
> Sending a packet of len 50 to (192.168.1.20) on port 137
> could not find any domain controllers for domain DOMAIN
> 
> 
> 
> NMAP shows ports 137,138 and 139 as being open on both my client machine
and
> my NTsp6a PDC.  smbpasswd -j DOMAIN -r PDC -U blahblah woked alright, it
> said i joined the domain.  If in my smb.conf file that I have password
> server = *, then nothing works and the log say DOMAIN PASSWORD SERVER NOT
> FOUND.  password server = PDC works though.  It appears that my PDC is not
> responding to requests from the my samba box.  Broadcast, LMHOSTS, and WINS
> have all been tried.  Everytime my PDC's IP is resolved, followed by
the
> message of not being able to find any domain controllers.  Any clues out
> there??
I've just fixed this bug in the 2.2 and HEAD CVS sources.

The problem it seems is that a PDC seems sometimes not to respond
to a node status request on the '*#0' name (which we use to get the
"real" NetBIOS name of the PDC/BDC). I changed the lookup
code to request on the DOMAIN#1b name instead and it will respond
to a node status on this name.

Jeremy.

Here is a set of fixes for winbind - it avoid using getenv when
running suid (when using the nsswitch modules), and also adds a lock 
for being used in multithreaded apps.

--- samba-2.2.2/source/nsswitch/wb_common.c.winsfixes	Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/wb_common.c	Tue Nov 13 18:13:19 2001
@@ -25,6 +25,19 @@
 
 #include "winbind_nss_config.h"
 #include "winbindd_nss.h"
+#include <unistd.h>
+#include <sys/types.h>
+
+/*
+ * Use __secure_getenv() on glibc, use getenv only when not running setuid
otherwise
+ */
+
+#ifdef __GLIBC__
+#define getenv(foo) __secure_getenv(foo)
+#else
+#define getenv(foo) ((getuid()==geteuid())&&(getgid()==getegid())) ?
getenv(foo): NULL
+#endif
+
 
 /* Global variables.  These are effectively the client state information */
 
@@ -328,6 +341,7 @@
 
 	/* Check for our tricky environment variable */
 
+        
 	if (getenv(WINBINDD_DONT_ENV)) {
 		return NSS_STATUS_NOTFOUND;
 	}
--- samba-2.2.2/source/nsswitch/winbind_nss.c.winsfixes	Sat Oct 13 17:09:29 2001
+++ samba-2.2.2/source/nsswitch/winbind_nss.c	Tue Nov 13 18:16:54 2001
@@ -24,6 +24,7 @@
 
 #include "winbind_nss_config.h"
 #include "winbindd_nss.h"
+#include <pthread.h>
 
 /* Prototypes from common.c */
 
@@ -282,6 +283,13 @@
 static int ndx_pw_cache;                 /* Current index into pwd cache */
 static int num_pw_cache;                 /* Current size of pwd cache */
 
+/*
+ * Mutex for the globals above
+ */
+
+static pthread_mutex_t globalsmutex=PTHREAD_MUTEX_INITIALIZER;
+
+
 /* Rewind "file pointer" to start of ntdom password database */
 
 NSS_STATUS
@@ -290,12 +298,13 @@
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: setpwent\n", getpid());
 #endif
-
-	if (num_pw_cache > 0) {
+        pthread_mutex_lock(&globalsmutex);
+        if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
 		free_response(&getpwent_response);
 	}
 
+        pthread_mutex_unlock(&globalsmutex);
 	return winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
 }
 
@@ -307,13 +316,13 @@
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: endpwent\n", getpid());
 #endif
-
-	if (num_pw_cache > 0) {
+        pthread_mutex_lock(&globalsmutex);
+        if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
 		free_response(&getpwent_response);
 	}
-
-	return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+        pthread_mutex_unlock(&globalsmutex);
+        return winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
 }
 
 /* Fetch the next password entry from ntdom password database */
@@ -328,9 +337,11 @@
 	struct winbindd_request request;
 	static int called_again;
 
+        
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: getpwent\n", getpid());
 #endif
+        pthread_mutex_lock(&globalsmutex);
 
 	/* Return an entry from the cache if we have one, or if we are
 	   called again because we exceeded our static buffer.  */
@@ -370,6 +381,7 @@
 		/* Check data is valid */
 
 		if (pw_cache == NULL) {
+                        pthread_mutex_unlock(&globalsmutex);
 			return NSS_STATUS_NOTFOUND;
 		}
 
@@ -381,7 +393,8 @@
 		if (ret == NSS_STATUS_TRYAGAIN) {
 			called_again = True;
 			*errnop = errno = ERANGE;
-			return ret;
+                        pthread_mutex_unlock(&globalsmutex);
+                        return ret;
 		}
 
 		*errnop = errno = 0;
@@ -395,8 +408,8 @@
 			free_response(&getpwent_response);
 		}
 	}
-
-	return ret;
+        pthread_mutex_unlock(&globalsmutex);
+        return ret;
 }
 
 /* Return passwd struct from uid */

-- 
Trond Eivind Glomsr?d
Red Hat, Inc.