[Samba] double segfault in smbd 3.0.21a
Blindauer Emmanuel
samba at agat.net
Tue Jan 10 00:06:09 GMT 2006
Hi
I'm able to reproduce a segfault in smbd, with security=ads , using normal
login or kerberos.
samba 3.0.21a compiled from source, on debian stable.
here are the backtrace:
For the kerberos part, using "smbclient //server/share -k"
Using host libthread_db library "/lib/tls/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 1077522240 (LWP 26945)]
0x4020f3ae in waitpid () from /lib/tls/libc.so.6
#0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6
#1 0x401a4d12 in system () from /lib/tls/libc.so.6
#2 0x081fc648 in smb_panic2 ()
#3 0x081fc5bb in smb_panic ()
#4 0x081e9cf3 in fault_report ()
#5 0x081e9d68 in sig_fault ()
#6 <signal handler called>
#7 0x401ce487 in fseek () from /lib/tls/libc.so.6
#8 0x400ae2cc in krb5_ktfile_get_next () from /usr/lib/libkrb5.so.3
#9 0x400add4c in krb5_kt_next_entry () from /usr/lib/libkrb5.so.3
#10 0x08275daf in ads_keytab_verify_ticket ()
#11 0x08276828 in ads_verify_ticket ()
#12 0x080b4802 in reply_spnego_kerberos ()
#13 0x080b5738 in reply_spnego_negotiate ()
#14 0x080b5db0 in reply_sesssetup_and_X_spnego ()
#15 0x080b62c6 in reply_sesssetup_and_X ()
#16 0x080dda92 in switch_message ()
#17 0x080ddb42 in construct_reply ()
#18 0x080dde8e in process_smb ()
#19 0x080debe9 in smbd_process ()
#20 0x0828850b in main ()
For the normal login, i.e. "smbclient //server/share -U username"
Using host libthread_db library "/lib/tls/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 1077522240 (LWP 26935)]
0x4020f3ae in waitpid () from /lib/tls/libc.so.6
#0 0x4020f3ae in waitpid () from /lib/tls/libc.so.6
#1 0x401a4d12 in system () from /lib/tls/libc.so.6
#2 0x081fc648 in smb_panic2 ()
#3 0x081fc5bb in smb_panic ()
#4 0x081e9cf3 in fault_report ()
#5 0x081e9d68 in sig_fault ()
#6 <signal handler called>
#7 0x4000770a in _dl_unload_cache () from /lib/ld-linux.so.2
#8 0x40007edf in _dl_lookup_symbol () from /lib/ld-linux.so.2
#9 0x4026fdb9 in __libc_dlclose () from /lib/tls/libc.so.6
#10 0x4000c016 in _dl_catch_error () from /lib/ld-linux.so.2
#11 0x4026fc68 in __libc_dlsym () from /lib/tls/libc.so.6
#12 0x4024db81 in __nss_lookup_function () from /lib/tls/libc.so.6
#13 0x4024d8c3 in __nss_next () from /lib/tls/libc.so.6
#14 0x4020eb49 in getpwnam_r () from /lib/tls/libc.so.6
#15 0x4020e441 in getpwnam () from /lib/tls/libc.so.6
#16 0x081ec962 in sys_getpwnam ()
#17 0x081f0a7f in getpwnam_alloc ()
#18 0x081eefbb in Get_Pwnam_internals ()
#19 0x081ef29c in Get_Pwnam_alloc ()
#20 0x082385ca in smb_getpwnam ()
#21 0x08238489 in fill_sam_account ()
#22 0x08238854 in make_server_info_info3 ()
#23 0x08233f98 in check_winbind_security ()
#24 0x08230f88 in check_ntlm_password ()
#25 0x0823a036 in auth_ntlmssp_check_password ()
#26 0x08115054 in ntlmssp_server_auth ()
#27 0x08114480 in ntlmssp_update ()
#28 0x0823a36e in auth_ntlmssp_update ()
#29 0x080b592a in reply_spnego_auth ()
#30 0x080b5e0d in reply_sesssetup_and_X_spnego ()
#31 0x080b62c6 in reply_sesssetup_and_X ()
#32 0x080dda92 in switch_message ()
#33 0x080ddb42 in construct_reply ()
#34 0x080dde8e in process_smb ()
#35 0x080debe9 in smbd_process ()
#36 0x0828850b in main ()
and here my smb.conf:
# ./testparm
Load smb config files from /usr/local/samba/lib/smb.conf
Processing section "[web$]"
Loaded services file OK.
WARNING: passdb expand explicit = yes is deprecated
'winbind separator = +' might cause problems with group membership.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = DPTINFO
realm = DPTINFO.URS.LOCAL
server string = %h server (Extranet, Samba %v)
security = ADS
allow trusted domains = No
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
use kerberos keytab = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 10000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
ldap admin dn = cn=admin,dc=iutinfo,dc=local
ldap idmap suffix = ou=Idmap
ldap suffix = dc=iutinfo,dc=local
panic action = /usr/share/samba/panic-action %d
idmap backend = ldap:ldap://ldap.urs.fr
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind cache time = 0
winbind use default domain = Yes
invalid users = root
More information about the samba
mailing list