TNG 0.12 Samrd Stack Trace & patch attached.

Michael Breuer mbreuer at siac.com
Thu Mar 9 20:56:09 GMT 2000 

This may be related to the on-going login issues.  Looking at the core file, it seems that the proximate cause of the PANIC is a an
attempt to print a debug level 10 message at domain_namemap.c:700.  Working backward, "unix_name" at groupunix.c:117 is not a valid
pointer.  In this trace, the value of "i" (loop iterator) is 1.

Again...working backward... in groupunix.c:245, the call to getgrgid is not validated.  A "NULL" return (group not found) is not
good.  In fact, the code here was looking for a group which was defined in /etc/passwd, but not in /etc/group.

Checking further... it seems that at least on my system, I'm misconfigured and getting groups from NIS and passwd from files.  So I
have users without valid groups, and groups without valid users.

The attached patch covers the case of a NULL group, but not the case of a missing or invalid user within the group (i.e., I'm still
trapping).

In the second case (which I haven't patched), I still fail at domain_namemap.c:700 with a bogus unix_usr_name.  It seems that IRIX
is returning a bad value when misconfigured (as noted before).
-------------- next part --------------
int  _kill(<stripped>) ["kill.s":15]
int  _raise(<stripped>) ["raise.c":27]
int  abort(<stripped>) ["abort.c":52]
void  smb_panic(unsigned char * why = 0x5feba610 = "internal error") ["util.c":2384]
void  fault_report(int  sig = 11) ["fault.c":46]
void  sig_fault(int  sig = 11) ["fault.c":70]
int  _sigtramp(<stripped>) ["sigtramp.s":71]
int  strlen(<stripped>) ["strlen.s":58]
int  _doprnt(<stripped>) ["doprnt.c":1337]
int  _vsnprintf(<stripped>) ["vsnprintf.c":35]
int  vslprintf(unsigned char * str = 0x7fff1c88 = "lookupsmbpwnam: unix user name p oracle\n", int  n = 1023, unsigned char * format = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", va_list  ap = 0x7fff20a8 = "") ["slprintf.c":32]
BOOL  dbgtext(unsigned char * format_str = 0x5fdda6a8 = "lookupsmbpwnam: unix user name %s\n", void  ... = <void>) ["debug.c":571]
BOOL  lookupsmbpwnam(unsigned char * unix_usr_name = 0x61656c42, DOM_NAME_MAP * grp = 0x7fff2128) ["domain_namemap.c":700]
BOOL  get_unixgroup_members(struct group * grp = 0x7fff21e8, int * num_mem = 0x7fff26e8, DOMAIN_GRP_MEMBER ** members = 0x7fff26e4) ["groupunix.c":117]
DOMAIN_GRP * getgrpunixpwent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupunix.c":245]
DOMAIN_GRP * getgroupent(int * vp = 0x100543e8, DOMAIN_GRP_MEMBER ** mem = 0x7fff26e4, int * num_mem = 0x7fff26e8) ["groupdb.c":343]
BOOL  iterate_getusergroupsnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grps = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":239]
BOOL  getusergroupsntnam(unsigned char * user_name = 0x5fdddb30 = "root", DOMAIN_GRP ** grp = 0x7fff2790, int * num_grps = 0x7fff2848) ["groupdb.c":436]
unsigned int  _samr_query_usergroups(POLICY_HND * pol = 0x7fff2850, unsigned int * num_groups = 0x7fff2848, DOM_GID ** gids = 0x7fff2844) ["srv_samr_passdb.c":2174]
BOOL  api_samr_query_usergroups(rpcsrv_struct * p = 0x1005a3f0, prs_struct * data = 0x1005a3f0, prs_struct * rdata = 0x1005a420) ["srv_samr.c":882]
BOOL  api_rpc_command(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":689]
BOOL  api_rpcTNP(rpcsrv_struct * l = 0x1005a3f0, unsigned char * rpc_name = 0x10029018 = "api_samr_rpc", struct api_struct * api_rpc_cmds = 0x1002a208) ["srv_pipe_srv.c":723]
BOOL  api_samr_rpc(rpcsrv_struct * p = 0x1005a3f0) ["srv_samr.c":1160]
BOOL  api_pipe_request(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * resp = 0x1005a484) ["srv_pipe_srv.c":473]
BOOL  rpc_redir_local(rpcsrv_struct * l = 0x1005a3f0, prs_struct * req = 0x1005a454, prs_struct * resp = 0x1005a484, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":603]
BOOL  rpc_local(rpcsrv_struct * l = 0x1005a3f0, unsigned char * data = 0x10058138 = "\005", int  len = 44, unsigned char * name = 0x7fff2d70 = "samr") ["srv_pipe_srv.c":750]
void  process_msrpc(rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr", prs_struct * pdu = 0x7fff2c20) ["msrpcd_process.c":167]
void  msrpcd_process(msrpc_service_fns * fn = 0x1002a1d8, rpcsrv_struct * l = 0x1005a3f0, unsigned char * name = 0x7fff2d70 = "samr") ["msrpcd_process.c":515]
int  main(int  argc = 2, unsigned char ** argv = 0x7fff2f24) ["msrpcd.c":568]
int  __start(<stripped>) ["crt1text.s":177]
-------------- next part --------------
diff -c -r samba-tng-alpha.0.12/source/groupdb/groupunix.c samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c
*** samba-tng-alpha.0.12/source/groupdb/groupunix.c	Tue Feb  8 12:36:42 2000
--- samba-tng-alpha.0.12.PATCH/source/groupdb/groupunix.c	Thu Mar  9 15:11:57 2000
***************
*** 170,175 ****
--- 170,176 ----
  	/* Static buffers we will return. */
  	static DOMAIN_GRP gp_buf;
  	struct group unix_grp;
+ 	struct group *tmp_unix_grp;
  	struct unix_entries *grps = (struct unix_entries *)vp;
  
  	if (grps == NULL)
***************
*** 240,248 ****
  	{
  		(*mem) = NULL;
  		(*num_mem) = 0;
! 
! 		memcpy(&unix_grp, getgrgid(unix_grp.gr_gid), sizeof(unix_grp));
! 		get_unixgroup_members(&unix_grp, num_mem, mem);
  	}
  
  	{
--- 241,251 ----
  	{
  		(*mem) = NULL;
  		(*num_mem) = 0;
! 		if ((tmp_unix_grp=getgrgid(unix_grp.gr_gid)) != NULL) {
! 			memcpy(&unix_grp, tmp_unix_grp, sizeof(unix_grp));
! 			get_unixgroup_members(&unix_grp, num_mem, mem);
! 		}
! 			
  	}
  
  	{

More information about the samba-ntdom mailing list