Domain logon problems with 10.Mar.99 CVS source

Luke Kenneth Casson Leighton lkcl at switchboard.net
Thu Mar 11 19:02:24 GMT 1999 

ok, pls recompile with -g -g.  or do "./configure.developer"; make clean;
make.  but it looks like name is NULL, which don't wurk too well!

On Fri, 12 Mar 1999, Stefan Walter wrote:

> > 
> > I hope the change I asked Luke to make is not causing your problem. I
> > believe it is a memory corruption problem, in order to find it do the
> > following. This will depend on the kind of system you are using but try
> > this, assuming you are the only one trying to log onto the PDC. There should
> > be only 1 or 2 smbd processes running, if there is 1 then hitting
> > Ctrl-Alt-Del on your NT machine should start another one. For the process
> > that is the child of the other smbd run dbx -p <pid> and try to log in. Hit
> > return in dbx as it will stop when it it receives the SIGSEV. At this point
> > do a where and post the results here.
> 
> Ok, did this:
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0xc4bb4 in Get_Pwnam ()
> (gdb) where
> #0  0xc4bb4 in Get_Pwnam ()
> #1  0xc29f0 in nametouid ()
> #2  0xad7f0 in lookupsmbpwnam ()
> #3  0xb1dc0 in get_unixgroup_members ()
> #4  0xb2124 in getgrpunixpwent ()
> #5  0xafddc in getgroupent ()
> #6  0xafad0 in iterate_getusergroupsnam ()
> #7  0xaffcc in getusergroupsntnam ()
> #8  0x74878 in api_net_sam_logon ()
> #9  0x7e714 in api_rpc_command ()
> #10 0x7e810 in api_rpcTNP ()
> #11 0x74c10 in api_netlog_rpc ()
> #12 0x7e40c in api_pipe_request ()
> #13 0x7e510 in rpc_command ()
> #14 0x3c180 in api_fd_reply ()
> #15 0x3c8f0 in named_pipe ()
> #16 0x3d034 in reply_trans ()
> #17 0x5aaf4 in switch_message ()
> #18 0x5ab80 in construct_reply ()
> #19 0x5ad3c in process_smb ()
> #20 0x5b6c0 in smbd_process ()
> #21 0x2c9bc in main ()
> 
> smbd is running on a Sparc 5 and compiled with GCC 2.8.1, the disassembly 
> looks like this:
> 
> (gdb) disassemble 0xc4b9c
> Dump of assembler code for function Get_Pwnam:
> 0xc4b9c <Get_Pwnam>:    save  %sp, -240, %sp
> 0xc4ba0 <Get_Pwnam+4>:  call  0x6018c <lp_usernamelevel>
> 0xc4ba4 <Get_Pwnam+8>:  nop 
> 0xc4ba8 <Get_Pwnam+12>: cmp  %i0, 0
> 0xc4bac <Get_Pwnam+16>: be  0xc4cdc <Get_Pwnam+320>
> 0xc4bb0 <Get_Pwnam+20>: mov  %o0, %l1
> 0xc4bb4 <Get_Pwnam+24>: ldsb  [ %i0 ], %o0
> 0xc4bb8 <Get_Pwnam+28>: cmp  %o0, 0
> 0xc4bbc <Get_Pwnam+32>: be  0xc4cdc <Get_Pwnam+320>
> 0xc4bc0 <Get_Pwnam+36>: add  %fp, -144, %l0
> 0xc4bc4 <Get_Pwnam+40>: mov  %l0, %o0
> 0xc4bc8 <Get_Pwnam+44>: mov  %i0, %o1
> 0xc4bcc <Get_Pwnam+48>: call  0xc77d8 <StrnCpy>
> ..
> (gdb) disassemble 0xc29f0
> Dump of assembler code for function nametouid:
> 0xc29e0 <nametouid>:    save  %sp, -112, %sp
> 0xc29e4 <nametouid+4>:  mov  %i0, %o0
> 0xc29e8 <nametouid+8>:  call  0xc4b9c <Get_Pwnam>
> 0xc29ec <nametouid+12>: clr  %o1
> 0xc29f0 <nametouid+16>: cmp  %o0, 0
> ..
> 
> Some registers:
> 
> o0             0x0      0
> l0             0x0      0
> l1             0x0      0
> i0             0x6270727a       1651536506
> 
> Looks like i0 is incorrect and addressing memory at [%i0] causes the SIGSEGV:
> 
> (gdb) x 0x6270727a
> 0x6270727a <_end+1650381810>:   Cannot access memory at address 0x6270727a.
> 
> Seems like a memory corruption to me too:
> 
> 0> perl -e 'print "\x62\x70\x72\x7a\n";'
> bprz
> 0> ypcat group | fgrep bprz
> cocoon:*:10014:rys,wunderli,norrie,bprzydat,richwood,roehm
> 
> Remember my logfile sniplet?
> 
> >   4156    lookupsmbgrpnam: unix user group cocoon
> >   4157  [1999/03/10 18:14:49, 10] lib/domain_namemap.c:lookupsmbgrpgid(1270)
> >   4158    lookupsmbgrpgid: unix gid 10014
> >   4159  [1999/03/10 18:14:49, 10] lib/domain_namemap.c:lookupsmbpwnam(886)
> >   4160  [1999/03/10 18:14:49, 0] lib/fault.c:fault_report(40)
> 
> After some analysis I found out he wrong 'unix_name' originates from here:
> 
> ..
> BOOL get_unixgroup_members(struct group *grp,
>                                 int *num_mem, DOMAIN_GRP_MEMBER **members)
> {
>  ...
>         for (i = 0; (unix_name = grp->gr_mem[i]) != NULL; i++)
>                      ^^^^^^^^^^^^^^^^^^^^^^^^^^
>  
> I'll try to locate the place where the memory gets corrupted but this will take
> some time as I'm not familiar with the code yet.
> 
> Thanks so far!
> 
> - Stefan
> 
> --
> Stefan Walter - SysAdmin at D-INFK (StabSoft), ETH Zurich, Switzerland
> 
> 
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton  </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org"        > Samba Web site                </a>

=====================================================================
Luke Kenneth Casson Leighton        |  Direct Dial   : (678) 443-6183
Systems Engineer / ISS XForce Team  |  ISS Front Desk: (678) 443-6000
Internet Security Systems, Inc.     |  ISS Fax       : (678) 443-6477

http://www.iss.net/    *Adaptive Network Security for the Enterprise*
     ISS Connect   -   International User Conference   -  May '99
=====================================================================

More information about the samba-ntdom mailing list