TNG 0.12 Samrd Stack Trace & patch attached.
Michael Breuer
mbreuer at siac.com
Thu Mar 9 20:56:09 GMT 2000
This may be related to the on-going login issues. Looking at the core file, it seems that the proximate cause of the PANIC is a an
attempt to print a debug level 10 message at domain_namemap.c:700. Working backward, "unix_name" at groupunix.c:117 is not a valid
pointer. In this trace, the value of "i" (loop iterator) is 1.
Again...working backward... in groupunix.c:245, the call to getgrgid is not validated. A "NULL" return (group not found) is not
good. In fact, the code here was looking for a group which was defined in /etc/passwd, but not in /etc/group.
Checking further... it seems that at least on my system, I'm misconfigured and getting groups from NIS and passwd from files. So I
have users without valid groups, and groups without valid users.
The attached patch covers the case of a NULL group, but not the case of a missing or invalid user within the group (i.e., I'm still
trapping).
In the second case (which I haven't patched), I still fail at domain_namemap.c:700 with a bogus unix_usr_name. It seems that IRIX
is returning a bad value when misconfigured (as noted before).
-------------- next part --------------
int _kill(<stripped>) ["kill.s":15]
int _raise(<stripped>) ["raise.c":27]
int abort(<stripped>) ["abort.c":52]
void smb_panic(unsigned char * why = 0x5feba610 = "internal error") ["util.c":2384]
void fault_report(int sig = 11) ["fault.c":46]
void sig_fault(int sig = 11) ["fault.c":70]
int _sigtramp(<stripped>) ["sigtramp.s":71]
int strlen(<stripped>) ["strlen.s":58]
int _doprnt(<stripped>) ["doprnt.c":1337]
int _vsnprintf(<stripped>) ["vsnprintf.c":35]
int vslprintf(unsigned char * str = 0x7fff1c88 = "lookupsmbpwnam: unix user name p oracle\n", int n = 1023, unsigned char * format = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", va_list ap = 0x7fff20a8 = "") ["slprintf.c":32]
BOOL dbgtext(unsigned char * format_str = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", void ... = <void>) ["debug.c":571]
BOOL lookupsmbpwnam(unsigned char * unix_usr_name = 0x61656c42, DOM_NAME_MAP * grp = 0x7fff2128) ["domain_namemap.c":700]
BOOL get_unixgroup_members(struct group * grp = 0x7fff21e8, int * num_mem = 0x7fff26e8, DOMAIN_GRP_MEMBER ** members = 0x7fff26e4) ["groupunix.c":117]
DOMAIN_GRP * getgrpunixpwent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupunix.c":245]
DOMAIN_GRP * getgroupent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupdb.c":343]
BOOL iterate_getusergroupsnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grps = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":239]
BOOL getusergroupsntnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grp = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":436]
unsigned int _samr_query_usergroups(POLICY_HND * pol = 0x7fff2850, unsigned int * num_groups = 0x7fff2848, DOM_GID ** gids = 0x7fff2844) ["srv_samr_passdb.c":2174]
BOOL api_samr_query_usergroups(rpcsrv_struct * p = 0x1005a3f0, prs_struct * data = 0x1005a3f0, prs_struct * rdata = 0x1005a420) ["srv_samr.c":882]
BOOL api_rpc_command(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":689]
BOOL api_rpcTNP(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":723]
BOOL api_samr_rpc(rpcsrv_struct * p = 0x1005a3f0) ["srv_samr.c":1160]
BOOL api_pipe_request(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * resp = 0x1005a484) ["srv_pipe_srv.c":473]
BOOL rpc_redir_local(rpcsrv_struct * l = 0x1005a3f0, prs_struct * req = 0x1005a454, prs_struct * resp = 0x1005a484, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":603]
BOOL rpc_local(rpcsrv_struct * l = 0x1005a3f0, unsigned char * data = 0x10058138 = "\005", int len = 44, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":750]
void process_msrpc(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * pdu = 0x7fff2c20) ["msrpcd_process.c":167]
void msrpcd_process(msrpc_service_fns * fn = 0x1002a1d8, rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr") ["msrpcd_process.c":515]
int main(int argc = 2, unsigned char ** argv = 0x7fff2f24) ["msrpcd.c":568]
int __start(<stripped>) ["crt1text.s":177]
-------------- next part --------------
diff -c -r samba-tng-alpha.0.12/source/groupdb/groupunix.c samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c
*** samba-tng-alpha.0.12/source/groupdb/groupunix.c Tue Feb 8 12:36:42 2000
--- samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c Thu Mar 9 15:11:57 2000
***************
*** 170,175 ****
--- 170,176 ----
/* Static buffers we will return. */
static DOMAIN_GRP gp_buf;
struct group unix_grp;
+ struct group *tmp_unix_grp;
struct unix_entries *grps = (struct unix_entries *)vp;
if (grps == NULL)
***************
*** 240,248 ****
{
(*mem) = NULL;
(*num_mem) = 0;
!
! memcpy(&unix_grp, getgrgid(unix_grp.gr_gid), sizeof(unix_grp));
! get_unixgroup_members(&unix_grp, num_mem, mem);
}
{
--- 241,251 ----
{
(*mem) = NULL;
(*num_mem) = 0;
! if ((tmp_unix_grp=getgrgid(unix_grp.gr_gid)) != NULL) {
! memcpy(&unix_grp, tmp_unix_grp, sizeof(unix_grp));
! get_unixgroup_members(&unix_grp, num_mem, mem);
! }
!
}
{
More information about the samba-ntdom
mailing list