Hello,
When running net rpc trustdom establish command for PDC trusts, I got
the following error with a core dump in 3.0.21c, on HP-UX and
3.0.21c-7.1.5-SUSE-SL10.0.
Couldn't connect to domain MY_DOM controller. Error was
NT_STATUS_ACCESS_DENIED.
bt
#0 0xc016f4d4 in memset () from /usr/lib/libc.2
#1 0x89ab8 in cli_send_trans ()
#2 0x83b0c in cli_api ()
#3 0x9715c in cli_get_pdc_name ()
#4 0x4e908 in rpc_trustdom_establish ()
#5 0x3c6d8 in net_run_function ()
#6 0x50760 in rpc_trustdom ()
#7 0x3c6d8 in net_run_function ()
#8 0x51188 in net_rpc ()
#9 0x3c6d8 in net_run_function ()
#10 0x3e15c in main ()
Look at the code in rpc_trustdom_establish() call in utils/net_rpc.c.
nt_status = connect_to_ipc_anonymous(&cli, &server_ip,
(char*)pdc_name);
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't connect to domain %s controller.
Error was %s.\n",
domain_name, nt_errstr(nt_status)));
}
/*
* Use NetServerEnum2 to make sure we're talking to a proper
server
*/
if (!cli_get_pdc_name(cli, domain_name, (char*)pdc_name)) {
DEBUG(0, ("NetServerEnum2 error: Couldn't find primary
domain controller\
for domain %s\n", domain_name));
}
During connect_to_ipc_anonymous() if cli_session_setup() failed, or
cli_send_tconX() failed, cli_full_connection() returned an error, and
executed cli_shuwdown(). Meanwhile, after connect_to_ipc_anonymous(),
only check/report error message, and pass cli into cli_get_pdc_name().
Here cli=NULL pointer. So I'm wondering why not to check cli pointer
before doing cli_get_pdc_name(). If executing the check on cli such as,
if (NT_STATUS_IS_ERR(nt_status)) {
DEBUG(0, ("Couldn't connect to domain %s controller.
Error was %s.\n",
domain_name, nt_errstr(nt_status)));
+ if (!cli) {
+ return False;
+ }
}
before doing cli_get_pdc_name(), the core dump may be avoided. But I'm
unsure it's safe for others.
Could somebody please help me, or advise any thoughts on how to fix
this?
Best Regards.
-Ying Li