sessionid.tdb missing after build and client read failutre
Esh, Andrew
AEsh at tricord.com
Wed Jul 3 14:45:51 GMT 2002
I think I see the problem. The code is reaching line 532 of smbd/service.c
with conn->user set to NULL. I was looking for reasons that this can occur,
and I noticed that conn_free is called whenever there is an error. Right
after that, the function returns immediately with a NULL result. This is not
done in one case:
smbd/service.c, make_connection_snum(510)
} else {
conn_free(conn);
*status = NT_STATUS_NO_SUCH_GROUP;
DEBUG(1,("Couldn't find group %s\n",gname));
}
conn->free will NULL the user pointer. I don't see what would prevent the
code from running from that point straight into "initialise_groups", which
needs conn->user to be set.
Don't we need this instead?
Index: service.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/service.c,v
retrieving revision 1.93
diff -u -c -r1.93 service.c
cvs server: conflicting specifications of output style
*** service.c 2 Jul 2002 06:34:27 -0000 1.93
--- service.c 3 Jul 2002 21:35:58 -0000
***************
*** 511,516 ****
--- 511,517 ----
conn_free(conn);
*status = NT_STATUS_NO_SUCH_GROUP;
DEBUG(1,("Couldn't find group %s\n",gname));
+ return NULL;
}
}
#endif /* HAVE_GETGRNAM */
-----Original Message-----
From: David Shapiro [mailto:david.shapiro at btitele.com]
Sent: Wednesday, July 03, 2002 4:04 PM
To: 'Esh, Andrew'
Subject: RE: sessionid.tdb missing after build and client read failutre
I am trying my best here Andrew (no knowledge of gdb). Now I went into
frame 4 and printed timebuf there:
(gdb) bt
#0 0xff1736dc in strftime () from /usr/lib/libc.so.1
#1 0x136ee4 in timestring (hires=1) at lib/time.c:688
#2 0x133170 in dbghdr (level=0, file=0x1c18e0 "lib/fault.c", func=0x1c18f0
"fault_report", line=36) at lib/debug.c:951
#3 0x13324c in fault_report (sig=11) at lib/fault.c:36
#4 0x1333b8 in sig_fault (sig=11) at lib/fault.c:61
#5 <signal handler called>
#6 0xff132e84 in strcmp () from /usr/lib/libc.so.1
#7 0xff194efc in process_cstr () from /usr/lib/libc.so.1
#8 0xfefe20c0 in _nss_files_do_all () from /usr/lib/nss_files.so.1
#9 0xff149290 in nss_search () from /usr/lib/libc.so.1
#10 0xff194bf8 in _getgroupsbymember () from /usr/lib/libc.so.1
#11 0xff140c20 in initgroups () from /usr/lib/libc.so.1
#12 0x6b5f0 in initialise_groups (user=0x0, uid=0, gid=0) at
smbd/sec_ctx.c:187
#13 0x75a68 in make_connection_snum (snum=2, vuser=0x2cf398, password={
data = 0x40757365 <Address 0x40757365 out of bounds>, length =
1920139264, free = 0x1ea400 <pipe_names+376>},
dev=0x0, status=0xffbeec04) at smbd/service.c:532
#14 0x76898 in make_connection (service_in=0xffbef430 "SAMBA_CONF",
password={data = 0x25c5b8 "", length = 1,
free = 0x1422bc <free_data_blob>}, dev=0xffbef020 "A:", vuid=101,
status=0xffbeec04) at smbd/service.c:826
#15 0x4f184 in reply_tcon_and_X (conn=0x0, inbuf=0x26af68 "",
outbuf=0x28b3b8 "", length=94, bufsize=61440)
at smbd/reply.c:257
#16 0x7386c in switch_message (type=117, inbuf=0x26af68 "", outbuf=0x28b3b8
"", size=94, bufsize=61440)
at smbd/process.c:768
#17 0x738f8 in construct_reply (inbuf=0x26af68 "", outbuf=0x28b3b8 "",
size=94, bufsize=61440) at smbd/process.c:797
#18 0x73bd8 in process_smb (inbuf=0x26af68 "", outbuf=0x28b3b8 "") at
smbd/process.c:875
#19 0x74644 in smbd_process () at smbd/process.c:1269
#20 0x357c8 in main (argc=0, argv=0xffbefbe4) at smbd/server.c:887
(gdb) frame 4
#4 0x1333b8 in sig_fault (sig=11) at lib/fault.c:61
61 fault_report(sig);
(gdb)
#4 0x1333b8 in sig_fault (sig=11) at lib/fault.c:61
61 fault_report(sig);
(gdb)
#4 0x1333b8 in sig_fault (sig=11) at lib/fault.c:61
61 fault_report(sig);
(gdb)
#4 0x1333b8 in sig_fault (sig=11) at lib/fault.c:61
61 fault_report(sig);
(gdb) step
Single stepping until exit from function strftime,
which has no line number information.
timestring (hires=1) at lib/time.c:689
689 slprintf(TimeBuf+strlen(TimeBuf),
(gdb) print TimeBuf
$2 = "2002/07/03 16:47:53\000779974", '\000' <repeats 229 times>
(gdb)
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Wednesday, July 03, 2002 4:56 PM
To: 'David Shapiro'
Subject: RE: sessionid.tdb missing after build and client read failutre
No, the setting of that parameter merely tells me what path the code took.
The "no" setting simply confirms my guess of which line of code caused the
problem.
-----Original Message-----
From: David Shapiro [mailto:david.shapiro at btitele.com]
Sent: Wednesday, July 03, 2002 3:44 PM
To: 'Esh, Andrew'
Subject: RE: sessionid.tdb missing after build and client read failutre
It is set to no. I copied an smbd from another server that is still working
that I did not run a cvs upgrade on, and stopped and started samba. I can
access the shares with that version by the way. Does the newer version
require we set debug to yes?
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Wednesday, July 03, 2002 4:32 PM
To: 'David Shapiro'
Subject: RE: sessionid.tdb missing after build and client read failutre
If you do a ' testparm | grep "debug hires timestamp" ' and hit return
twice, what does it say it's set to?
-----Original Message-----
From: David Shapiro [mailto:david.shapiro at btitele.com]
Sent: Wednesday, July 03, 2002 3:28 PM
To: 'Esh, Andrew'
Subject: RE: sessionid.tdb missing after build and client read failutre
I have no idea if it is turned on. Does it need to be? How would I check?
# date
Wed Jul 3 16:20:31 EDT 2002
David
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Wednesday, July 03, 2002 4:23 PM
To: 'David Shapiro'
Subject: RE: sessionid.tdb missing after build and client read failutre
BTW: Do you have hi-res timestamps turned on in smb.conf?
-----Original Message-----
From: David Shapiro [mailto:david.shapiro at btitele.com]
Sent: Wednesday, July 03, 2002 3:03 PM
To: 'Esh, Andrew'; David Shapiro; 'Andrew Bartlett'
Cc: 'Richard Sharpe'; 'samba-technical at lists.samba.org'
Subject: RE: sessionid.tdb missing after build and client read failutre
I recompiled with CFLAGS option -g and ran again:
313 fmtint (buffer, &currlen, maxlen,
value, 10, min, max, flags);
(gdb)
314 break;
(gdb)
368 break;
(gdb)
400 state = DP_S_DEFAULT;
(gdb)
401 flags = cflags = min = 0;
(gdb)
402 max = -1;
(gdb)
408 break; /* some picky compilers need this */
(gdb)
185 switch(state) {
(gdb)
187 if (ch == '%')
(gdb)
190 dopr_outch (buffer, &currlen,
maxlen, ch);
(gdb)
192 break;
(gdb)
408 break; /* some picky compilers need this */
(gdb)
185 switch(state) {
(gdb)
408 break; /* some picky compilers need this */
(gdb)
411 if (maxlen != 0) {
(gdb)
412 if (currlen < maxlen - 1)
(gdb)
413 buffer[currlen] = '\0';
(gdb)
419 }
(gdb)
vsnprintf (str=0x15 <Address 0x15 out of bounds>, count=1023, fmt=0x1c482e
"", args=0xffbef50c) at lib/snprintf.c:777
777 }
(gdb)
dbgtext (format_str=0x1c4818 "got smb length of %d\n") at lib/debug.c:982
982 format_debug_text( msgbuf );
(gdb)
985 } /* dbgtext */
(gdb)
read_smb_length_return_keepalive (fd=13, inbuf=0x26af68 "", timeout=0) at
lib/util_sock.c:541
541 return(len);
(gdb)
542 }
(gdb)
receive_smb (fd=13, buffer=0x26af68 "", timeout=0) at lib/util_sock.c:588
588 if (len < 0) {
(gdb)
607 if (len > (BUFFER_SIZE + LARGE_WRITEX_HDR_SIZE)) {
(gdb)
624 ret = read_socket_data(fd,buffer+4,len);
(gdb)
625 if (ret != len) {
(gdb)
632 return(True);
(gdb)
633 }
(gdb)
receive_message_or_smb (buffer=0x26af68 "", buffer_len=131137,
timeout=60000) at smbd/process.c:271
271 }
(gdb)
smbd_process () at smbd/process.c:1267
1267 num_echos = smb_echo_count;
(gdb)
1269 process_smb(InBuffer, OutBuffer);
(gdb)
Program received signal SIGSEGV, Segmentation fault.
0xff132e84 in strcmp () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function strcmp,
which has no line number information.
0xff1544ec in _tzload () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _tzload,
which has no line number information.
0xff152df8 in _ltzset_u () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _ltzset_u,
which has no line number information.
0xff152994 in mktime () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function mktime,
which has no line number information.
0xff1736dc in strftime () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function strftime,
which has no line number information.
timestring (hires=0) at lib/time.c:709
709 }
(gdb)
dbghdr (level=0, file=0x1c18e0 "lib/fault.c", func=0x1c18f0 "fault_report",
line=36) at lib/debug.c:956
956 errno = old_errno;
(gdb)
957 return( True );
(gdb)
958 }
(gdb)
fault_report (sig=11) at lib/fault.c:37
37 DEBUG(0,("INTERNAL ERROR: Signal %d in pid %d
(%s)",sig,(int)sys_getpid(),VERSION));
(gdb)
38 DEBUG(0,("\nPlease read the file BUGS.txt in the
distribution\n"));
(gdb)
39
DEBUG(0,("===============================================================\n"
));
(gdb)
41 smb_panic("internal error");
(gdb)
Program received signal SIGABRT, Aborted.
0xff19c724 in _libc_kill () from /usr/lib/libc.so.1
(gdb)
Single stepping until exit from function _libc_kill,
which has no line number information.
procfs: couldn't stop process 84866: wait returned -1
-----Original Message-----
From: Esh, Andrew [mailto:AEsh at tricord.com]
Sent: Tuesday, July 02, 2002 11:10 AM
To: 'David Shapiro'; 'Andrew Bartlett'
Cc: 'Richard Sharpe'; 'samba-technical at lists.samba.org'
Subject: RE: sessionid.tdb missing after build and client read failutre
Don't step at that point. The process has already run the CPU into the wrong
segment, or accessed memory using a bad pointer. Stepping will only destroy
information.
Do a 'bt' instead. That will dump the call stack, and show what path the
code ran to get to this point. What I expect to see is somewhere above the
strcmp routine, a Samba routine will call strcmp with a bad pointer, or a
non-terminated string buffer. We need to know which routine did that.
-----Original Message-----
From: David Shapiro [ mailto:david.shapiro at btitele.com
<mailto:david.shapiro at btitele.com> ]
Sent: Tuesday, July 02, 2002 9:17 AM
To: 'Andrew Bartlett'; David Shapiro
Cc: 'Richard Sharpe'; 'samba-technical at lists.samba.org'
Subject: RE: sessionid.tdb missing after build and client read failutre
Trying to get better at this gdb here. I see a segmentation fault:
which has no line number information.
Program received signal SIGSEGV, Segmentation fault.
0xff132e84 in strcmp () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function strcmp,
which has no line number information.
0xff1544ec in _tzload () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function _tzload,
which has no line number information.
0xff152df8 in _ltzset_u () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function _ltzset_u,
which has no line number information.
0xff152994 in mktime () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function mktime,
which has no line number information.
0xff1736dc in strftime () from /usr/lib/libc.so.1
(gdb) step
Single stepping until exit from function strftime,
which has no line number information.
0x136db0 in timestring ()
(gdb) step
Single stepping until exit from function timestring,
-----Original Message-----
From: Andrew Bartlett [ mailto:abartlet at samba.org
<mailto:abartlet at samba.org> ]
Sent: Tuesday, July 02, 2002 9:01 AM
To: David Shapiro
Cc: 'Andrew Bartlett'; 'Richard Sharpe';
'samba-technical at lists.samba.org'
Subject: Re: sessionid.tdb missing after build and client read failutre
David Shapiro wrote:
>
> Thank you Andrew. I was looking at joining because it was mentioned that
to
> get sessionid.tdb, you needed to join domain. I looked ing smbd.log and
saw
> a connection from davidsha, and then in my workstation log and saw at the
> bottom:
>
> ===============================================================
> [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(37)
> INTERNAL ERROR: Signal 11 in pid 8127 (3.0-alpha17)
> Please read the file BUGS.txt in the distribution
> [2002/07/02 08:40:53, 0] lib/fault.c:fault_report(39)
> ===============================================================
>
> I also keep getting an xterm session pop up that says:
>
> xterm: Can't execvp /usr/local/bin/gdb
>
> I think this comes from the line in smb.conf:
>
> panic action = /usr/openwin/bin/xterm -display $DISPLAY -e
> /usr/local/bin/gbd -p %d
>
> gdb is in /usr/local/bin. What does it mean it can't execvp it?
I dunno - but just make it a simple 'panic action = /bin/sleep 9000' and
attach manually. Then lets look at it from there.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org <http://samba.org> http://build.samba.org
<http://build.samba.org> http://hawkerc.net <http://hawkerc.net>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the samba-technical
mailing list