samba - Aug 2008 - Question on : Winbindd dumps core in find_builtin_domain () at nsswitch/winbindd_util.c:673

We are seeing winbindd dumping core in find_builtin_domain () at
nsswitch/winbindd_util.c:673.
We have analyzed the core and found that when there are no built domains it
sends smb_panic().
Looking in to the built domain we found that the built domain is being
overwritten.
Following is the stack trace from the system, 
#0  0xb7cb8866 in raise () from /lib/libc.so.6 
#1  0xb7cb9f23 in abort () from /lib/libc.so.6 
#2  0x800b20ca in dump_core () at lib/fault.c:184 
#3  0x800c68f8 in smb_panic (why=0x801ccb80 "Could not find BUILTIN
domain\n")
at lib/util.c:1618 
#4  0x80042750 in find_builtin_domain () at nsswitch/winbindd_util.c:673 
#5  0x8006af52 in winbindd_gettoken_async (mem_ctx=0x80236000, 
user_sid=0x8024caa0, cont=0x8003cb90 <getgroups_tokensids_recv>, 
    private_data=0x8024ca90) at nsswitch/winbindd_async.c:1049 
#6  0x8003ca89 in getgroups_usersid_recv (private_data=0x8024ca90, success=1, 
sid=0xbfd177a8, type=SID_NAME_USER) 
    at nsswitch/winbindd_group.c:1203 
#7  0x8006885f in lookupname_recv (mem_ctx=0x80236000, success=1, 
response=0x802bb9fc, c=0x8003ca10, private_data=0x8024ca90) 
    at nsswitch/winbindd_async.c:664 
#8  0x800677b7 in do_async_recv (private_data=0x802bb2a8, success=1) at 
nsswitch/winbindd_async.c:57 
#9  0x80065942 in async_reply_recv (private_data=0x802a8770, success=1) at 
nsswitch/winbindd_dual.c:211 
#10 0x80039808 in rw_callback (event=0x802a97bc, flags=1) at 
nsswitch/winbindd.c:376 
#11 0x80038c9d in main (argc=1140850688, argv=0x3400000b) at 
nsswitch/winbindd.c:810 

We code changes to fix this issue and verified that it is not dumping any more. 
Following is the patch , 
--- nsswitch/winbindd_cm.c.old   2008-05-15 13:22:13.000000000 +0530 
+++ nsswitch/winbindd_cm.c       2008-05-15 13:21:55.000000000 +0530 
@@ -1691,6 +1691,10 @@ 
                return; 
        } 

+       if (sid_equal(&domain->sid, &global_sid_Builtin)) { 
+               domain->active_directory = False; 
+               goto done; 
+       } 
        result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
                                         SEC_RIGHTS_MAXIMUM_ALLOWED, &pol); 

Can anybody tell me if this has been fixed in any of the recent patches ? 


Thanks, 
Tukaram

On Sat, Aug 23, 2008 at 02:49:25AM -0600, Tukaram Laxmeshwar
wrote:
> We code changes to fix this issue and verified that it is not dumping any
more.
> Following is the patch , 
> --- nsswitch/winbindd_cm.c.old   2008-05-15 13:22:13.000000000 +0530 
> +++ nsswitch/winbindd_cm.c       2008-05-15 13:21:55.000000000 +0530 
> @@ -1691,6 +1691,10 @@ 
>                 return; 
>         } 
> 
> +       if (sid_equal(&domain->sid, &global_sid_Builtin)) { 
> +               domain->active_directory = False; 
> +               goto done; 
> +       } 
>         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
>                                          SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
> 
> Can anybody tell me if this has been fixed in any of the recent patches ? 
No, very likely that is not changed.

Your patch might fix it, but to me it seems the wrong place
to fix. For S-1-5-32 we should *never* end up in that
routine. How does winbind get there? For internal domains we
should never connect to the network.

Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20080825/5a42ae3e/attachment.bin

Hi Volker,

This is happening in our specific Active Directory setup. It is reaching this
path finally and overwriting the builtin domain. This is causing the dump later.
We have a bug raised in Novell on this issue  (bug #292609, not sure whether you
will be able to access this.).

regards,
Har Gagan Sahai
>>> Volker Lendecke <Volker.Lendecke@SerNet.DE> 08/25/08 1:56 PM
>>>
On Sat, Aug 23, 2008 at 02:49:25AM -0600, Tukaram Laxmeshwar
wrote:
> We code changes to fix this issue and verified that it is not dumping any
more.
> Following is the patch , 
> --- nsswitch/winbindd_cm.c.old   2008-05-15 13:22:13.000000000 +0530 
> +++ nsswitch/winbindd_cm.c       2008-05-15 13:21:55.000000000 +0530 
> @@ -1691,6 +1691,10 @@ 
>                 return; 
>         } 
> 
> +       if (sid_equal(&domain->sid, &global_sid_Builtin)) { 
> +               domain->active_directory = False; 
> +               goto done; 
> +       } 
>         result = rpccli_lsa_open_policy2(cli, mem_ctx, True, 
>                                          SEC_RIGHTS_MAXIMUM_ALLOWED,
&pol);
> 
> Can anybody tell me if this has been fixed in any of the recent patches ? 
No, very likely that is not changed.

Your patch might fix it, but to me it seems the wrong place
to fix. For S-1-5-32 we should *never* end up in that
routine. How does winbind get there? For internal domains we
should never connect to the network.

Volker