Smbd 2.0.7 crash, security=share, HP-UX 11.0, 64 bits

Laurent Menu laurent.menu at temic.fr
Tue Oct 17 11:24:33 GMT 2000 

Hi,

I tried to fix this but I can't get it : when in security=share model on
a HP-UX 11 64 bits (9000/800/L2000-44), smbd crashes in an amazing way :

- from a PC NT 4.0 point of view :
	net use  \\openmail\essai1 toto1
	=> OK
	net use \\openmail\essai2 toto2
	=> crash ! Error 59
	( Creating other connections will work, then crash, then work and so on
).
 
- from the server point of view : first connection is OK, the second
kill the smbd process with a #11 signal (seg fault ?)

- smbd is OK with security=server.


As far as I've drilled down the problem, the smbd process dies on the
second call to the initgroups() function in setup_groups()
(smbd/password.c) :
	- the first call to init_group is OK for the essai1 connection,
	- the second connection (to essai2) dumps the core

The amazing details are :
	- it seems the crash occurs in the OS level function initgroups()	
	- the same smbd 2.0.7 binary does *not* crash on a 32 bit platform
(9000/856/E55)

I asked HP support about that and had no solution. No real support
'cause they distribute their (as far as  I know) own copy of samba :
CIF. [ From my point of view they'd better support the actual
developpment : SAMBA! It's another sort of problem ! ] :-( 

I guess a way to bypass the problem would be to completely rewrite the
setup_groups with no calls to initgroups and getgroups. I'd like to
avoid that.

I included in this message :
- the step1 log file corresponding to the first connection (essai1)
- the step2 log file corresponding to the crashing second connection
(essai2)
- the setup_groups function extracted from the password.c file cause I
added a bunch of DEBUG lines and some other garbage  to tracks the
origin of the core dump
- both smb.conf and smb.openmail.conf (I use a lot of netbios aliases)

Am I missing something ?

Is there some other solution to the problem except patching ?:
	- compilation options ?
	- configuration option to avoid the second call to initgroups ?
	- patch to the initgroups() function ?

thank you for your help,
Regards,

Laurent Menu
-------------- next part --------------
// original file is smbd/password.c
//============================ 

// LM : first part of file deleted to keep it shorter

/****************************************************************************
Setup the groups a user belongs to.
****************************************************************************/
int setup_groups(char *user, uid_t uid, gid_t gid, int *p_ngroups, gid_t **p_groups)
{
	int i,ngroups;
	gid_t grp = 0;
	gid_t *groups = NULL;
//	char tmpuser[256],*org=user,*dest=tmpuser;
	
/*	DEBLM("YOYOYOYOYOYOY ====\n");
	DEBUG(1,("PRELM ======= DEBUT\n"));
	initgroups("lmenu",0);
	DEBUG(1,("PRELM ======= TEMRINE\n"));

	DEBLM("=============\n STEP1\n");
*/
	DEBUG(1,("LM ======= User=%s, gid=%d\n getuid=%d, geteuid=%d\n",user,gid,getuid(),geteuid()));
//	DEBLM("=============\n STEP1\n");
	if (initgroups(user,gid)==-1)
	{
//	DEBLM("=============\n STEP apres initgroooup perdu \n");
	DEBUG(1,("LM ======= apres initgroup merdu"));
		DEBUG(0,("Unable to initgroups. Error was %s\n", strerror(errno) ));
		if (getuid() == 0)
		{
			if (gid < 0 || gid > 32767 || uid < 0 || uid > 32767)
			{
				DEBUG(0,("This is probably a problem with the account %s\n", user));
			}
		}
		return -1;
	}

	DEBUG(1,("LM ====== dans setup_group, STEP2\n"));
	ngroups = sys_getgroups(0,&grp);
	DEBUG(1,("LM ====== dans setup_group, STEP3\n"));
	if (ngroups <= 0)
	{
		ngroups = groups_max();
	}

	if((groups = (gid_t *)malloc(sizeof(gid_t)*ngroups)) == NULL)
	{
		DEBUG(0,("setup_groups malloc fail !\n"));
		return -1;
	}

	DEBUG(1,("LM ====== dans setup_group, STEP4\n"));
	ngroups = sys_getgroups(ngroups,groups);
	DEBUG(1,("LM ====== dans setup_group, STEP5\n"));

	(*p_ngroups) = ngroups;
	(*p_groups) = groups;

	DEBUG( 1, ( "%s is in %d groups: ", user, ngroups ) );
	for (i = 0; i < ngroups; i++ )
	{
		DEBUG( 1, ( "%s%d", (i ? ", " : ""), (int)groups[i] ) );
	}
	DEBUG( 1, ( "\n" ) );

	return 0;
}

// LM : remaining part of the smbd/password.c file deleted to keep it shorter

-------------- next part --------------
[2000/10/17 10:24:34, 2] lib/interface.c:(83)
  added interface ip=192.168.111.11 bcast=192.168.111.255 nmask=255.255.255.0
[2000/10/17 10:24:34, 2] lib/interface.c:(83)
  added interface ip=172.29.102.33 bcast=172.29.255.255 nmask=255.255.0.0
[2000/10/17 10:24:34, 3] lib/interface.c:(63)
  not adding duplicate interface 172.29.102.37
[2000/10/17 10:24:34, 3] lib/interface.c:(63)
  not adding duplicate interface 172.29.102.41
[2000/10/17 10:24:34, 3] smbd/process.c:(618)
  Transaction 1 of length 174
[2000/10/17 10:24:34, 3] smbd/process.c:(448)
  switch message SMBnegprot (pid 21397)
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [XENIX CORE]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [MICROSOFT NETWORKS 1.03]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [LANMAN1.0]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [Windows for Workgroups 3.1a]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [LM1.2X002]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [LANMAN2.1]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(341)
  Requested protocol [NT LM 0.12]
[2000/10/17 10:24:34, 3] smbd/negprot.c:(424)
  Selected protocol NT LM 0.12
[2000/10/17 10:24:34, 3] smbd/process.c:(618)
  Transaction 2 of length 148
[2000/10/17 10:24:34, 3] smbd/process.c:(448)
  switch message SMBsesssetupX (pid 21397)
[2000/10/17 10:24:34, 3] smbd/reply.c:(804)
  Domain=[MHS]  NativeOS=[Windows NT 1381] NativeLanMan=[]
[2000/10/17 10:24:34, 3] smbd/reply.c:(809)
  sesssetupX:name=[PCNTCN14]
[2000/10/17 10:24:34, 3] smbd/reply.c:(946)
  Registered username SMBGUEST for guest access
[2000/10/17 10:24:34, 3] smbd/process.c:(775)
  Chained message
[2000/10/17 10:24:34, 3] smbd/process.c:(448)
  switch message SMBtconX (pid 21397)
[2000/10/17 10:24:34, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:24:34, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:24:34, 2] lib/access.c:(257)
  Allowed connection from pcntcn14 (172.29.232.164)
[2000/10/17 10:24:34, 3] smbd/password.c:(849)
  ACCEPTED: guest account and guest ok
[2000/10/17 10:24:34, 3] smbd/service.c:(441)
  Connect path is /tmp
[2000/10/17 10:24:34, 3] lib/doscalls.c:(342)
  dos_ChDir to /tmp
[2000/10/17 10:24:34, 3] smbd/service.c:(552)
  pcntcn14 (172.29.232.164) connect to service IPC$ as user SMBGUEST (uid=4299, gid=4299) (pid 21397)
[2000/10/17 10:24:34, 3] lib/doscalls.c:(342)
  dos_ChDir to /tmp/samba
[2000/10/17 10:24:34, 3] smbd/reply.c:(357)
  tconX service=ipc$ user=SMBGUEST
[2000/10/17 10:24:34, 3] smbd/process.c:(618)
  Transaction 3 of length 155
[2000/10/17 10:24:34, 3] smbd/process.c:(448)
  switch message SMBsesssetupX (pid 21397)
[2000/10/17 10:24:34, 3] smbd/reply.c:(804)
  Domain=[MHS]  NativeOS=[Windows NT 1381] NativeLanMan=[]
[2000/10/17 10:24:34, 3] smbd/reply.c:(809)
  sesssetupX:name=[GSALVIN]
[2000/10/17 10:24:34, 3] smbd/reply.c:(946)
  Registered username gsalvin for guest access
[2000/10/17 10:24:34, 3] smbd/process.c:(775)
  Chained message
[2000/10/17 10:24:34, 3] smbd/process.c:(448)
  switch message SMBtconX (pid 21397)
[2000/10/17 10:24:34, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:24:34, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:24:34, 2] lib/access.c:(257)
  Allowed connection from pcntcn14 (172.29.232.164)
[2000/10/17 10:24:34, 3] smbd/password.c:(833)
  ACCEPTED: user list username and given password ok
[2000/10/17 10:24:34, 3] smbd/service.c:(441)
  Connect path is /tmp/samba/share/essai1
[2000/10/17 10:24:34, 1] smbd/service.c:(451)
  LM ====== avant setup_groups
[2000/10/17 10:24:34, 1] smbd/password.c:(187)
  LM ======= User=toto1, gid=4300
   getuid=0, geteuid=0
[2000/10/17 10:24:34, 1] smbd/password.c:(204)
  LM ====== dans setup_group, STEP2
[2000/10/17 10:24:34, 1] smbd/password.c:(206)
  LM ====== dans setup_group, STEP3
[2000/10/17 10:24:34, 1] smbd/password.c:(218)
  LM ====== dans setup_group, STEP4
[2000/10/17 10:24:34, 1] smbd/password.c:(220)
  LM ====== dans setup_group, STEP5
[2000/10/17 10:24:34, 1] smbd/password.c:(225)
  toto1 is in 1 groups: 4300
[2000/10/17 10:24:34, 1] smbd/service.c:(454)
  LM ====== APRES setup_groups
[2000/10/17 10:24:34, 3] lib/doscalls.c:(342)
  dos_ChDir to /tmp/samba/share/essai1
[2000/10/17 10:24:34, 1] smbd/service.c:(552)
  pcntcn14 (172.29.232.164) connect to service essai1 as user toto1 (uid=30000, gid=4300) (pid 21397)
[2000/10/17 10:24:34, 3] lib/doscalls.c:(342)
  dos_ChDir to /tmp/samba
[2000/10/17 10:24:34, 3] smbd/reply.c:(357)
  tconX service=essai1 user=toto1
-------------- next part --------------
======== THIS ONE for the crash 
[2000/10/17 10:25:50, 3] smbd/process.c:(618)
  Transaction 4 of length 79
[2000/10/17 10:25:50, 3] smbd/process.c:(448)
  switch message SMBtconX (pid 21397)
[2000/10/17 10:25:50, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:25:50, 3] lib/util.c:(1758)
  Get_Hostbyname: Unknown host. 
[2000/10/17 10:25:50, 2] lib/access.c:(257)
  Allowed connection from pcntcn14 (172.29.232.164)
[2000/10/17 10:25:50, 3] smbd/password.c:(833)
  ACCEPTED: user list username and given password ok
[2000/10/17 10:25:50, 3] smbd/service.c:(441)
  Connect path is /tmp/samba/share/essai2
[2000/10/17 10:25:50, 1] smbd/service.c:(451)
  LM ====== avant setup_groups
[2000/10/17 10:25:50, 1] smbd/password.c:(187)
  LM ======= User=toto2, gid=4300
   getuid=0, geteuid=0
[2000/10/17 10:25:50, 0] lib/fault.c:(40)
  ===============================================================
[2000/10/17 10:25:50, 0] lib/fault.c:(41)
  INTERNAL ERROR: Signal 11 in pid 21397 (2.0.7)
  Please read the file BUGS.txt in the distribution
[2000/10/17 10:25:50, 0] lib/fault.c:(43)
  ===============================================================
[2000/10/17 10:25:50, 0] lib/util.c:(2381)
  PANIC: internal error
-------------- next part --------------
   workgroup = MHS
   guest account= SMBGUEST
   log file = /tmp/samba/%m.om.log
   #debug level = 1
   log level = 3
   max log size = 5 
   lock directory = /tmp/samba/locks
   locking = yes

   security = SHARE
   password level = 4

   hosts allow = 172.29.0.0 / 255.255.0.0
   socket options = TCP_NODELAY 
   domain master = no

   read size = 65535
   read raw = yes
   read prediction = True 
   write raw = yes
   shared mem size = 3000000
   max xmit = 65535
   fake oplocks=no

  printcap name = /soft/samba/lib/printers.txt
  printing = hpux

; elections LM 17/6/98
  local master = no
  domain master = no
  preferred master = no
  os level = 26

  oplocks=no

;force group = MONK
;force user = MONK
;create mask = 660
;directory mask = 770
writable = yes
public = no

; revalidate = yes

;======================================================
[essai1]
comment =  ESSAI LM 1
path = /tmp/samba/share/essai1
writable = yes
valid users = toto1
username = toto1

;======================================================
[essai2]
comment =  ESSAI LM 2
path = /tmp/samba/share/essai2
writable = yes
valid users = toto2
username = toto2

-------------- next part --------------
[global]
   netbios name = LAUREL
   netbios aliases = OPENMAIL
   server string = LAUREL SMB.CONF
   workgroup=MHS

include = /soft/samba/lib/smb.%L.conf

More information about the samba mailing list