Problem with SAMR pipe (ChangePassword() Python binding)
Anatoliy Atanasov
anatoliy.atanasov at postpath.com
Mon Aug 24 04:02:10 MDT 2009
Hi Team,
Sorry to add info bit by bit, after restart of the samba process, I got this error, which should explain the previous "talloc_abort_double_free"
$ sudo /usr/local/samba/bin/net password set test -UAdministrator%test
Enter new password for account [SAMBA\test]:
ERROR: talloc_free with references at libnet/libnet_passwd.c:630
reference at libnet/libnet_rpc.c:419
reference at libnet/libnet_rpc.c:198
Anatoliy
> -----Original Message-----
> From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-
> bounces at lists.samba.org] On Behalf Of Anatoliy Atanasov
> Sent: Monday, August 24, 2009 12:36
> To: Nadezhda Ivanova; abartlet at samba.org
> Cc: samba-technical at lists.samba.org
> Subject: RE: Problem with SAMR pipe (ChangePassword() Python binding)
>
> Hi Team,
>
> Here is a detailed back trace:
> #0 0x00d70416 in __kernel_vsyscall ()
> #1 0x00826660 in raise () from /lib/libc.so.6
> #2 0x00828028 in abort () from /lib/libc.so.6
> #3 0x086716be in talloc_abort (reason=0x87824ac Bad talloc magic value -
> double free ) at ../lib/talloc/talloc.c:154
> #4 0x08671718 in talloc_abort_double_free () at
> ../lib/talloc/talloc.c:167
> #5 0x08671817 in talloc_chunk_from_ptr (ptr=0x9126040) at
> ../lib/talloc/talloc.c:186
> #6 0x0867292b in talloc_get_name (ptr=0x9126040) at
> ../lib/talloc/talloc.c:876
> #7 0x086729af in talloc_check_name (ptr=0x9126040, name=0x8684f00 struct
> composite_context ) at ../lib/talloc/talloc.c:895
> #8 0x08115297 in continue_smb_connect (ctx=0x911cfd8) at
> librpc/rpc/dcerpc_connect.c:68
> #9 0x082149d6 in composite_error (ctx=0x911cfd8, status={v = 3221225787})
> at libcli/composite/composite.c:116
> #10 0x08214a57 in composite_is_ok (ctx=0x911cfd8) at
> libcli/composite/composite.c:134
> #11 0x0814e237 in state_handler (c=0x911cfd8) at
> libcli/smb_composite/connect.c:429
> #12 0x0814e279 in request_handler (req=0x9114430) at
> libcli/smb_composite/connect.c:441
> #13 0x0815705a in smbcli_transport_dead (transport=0x911d938, status={v =
> 3221225787}) at libcli/raw/clitransport.c:153
> #14 0x08156bb4 in transport_destructor (transport=0x911d938) at
> libcli/raw/clitransport.c:56
> #15 0x086724d1 in _talloc_free_internal (ptr=0x911d938) at
> ../lib/talloc/talloc.c:545
> #16 0x08672652 in _talloc_free_internal (ptr=0x911d028) at
> ../lib/talloc/talloc.c:576
> #17 0x08672652 in _talloc_free_internal (ptr=0x911cfd8) at
> ../lib/talloc/talloc.c:576
> #18 0x08672652 in _talloc_free_internal (ptr=0x91135b8) at
> ../lib/talloc/talloc.c:576
> #19 0x08672652 in _talloc_free_internal (ptr=0x9113540) at
> ../lib/talloc/talloc.c:576
> #20 0x08672652 in _talloc_free_internal (ptr=0x911d4c0) at
> ../lib/talloc/talloc.c:576
> #21 0x08672de9 in _talloc_free (ptr=0x911d4c0, location=0x8685254
> librpc/rpc/dcerpc_connect.c:809 ) at ../lib/talloc/talloc.c:1072
> #22 0x08116b6a in dcerpc_pipe_connect_b_recv (c=0x911d4c0,
> mem_ctx=0x9114290, p=0x91143dc) at librpc/rpc/dcerpc_connect.c:809
> #23 0x080c08c6 in continue_pipe_connect (ctx=0x911d4c0) at
> libnet/libnet_rpc.c:145
> #24 0x082149d6 in composite_error (ctx=0x911d4c0, status={v = 3221225653})
> at libcli/composite/composite.c:116
> #25 0x08116800 in dcerpc_connect_timeout_handler (ev=0x9112750,
> te=0x911d510, t={tv_sec = 1251102639, tv_usec = 616891},
> private_data=0x911d4c0)
> at librpc/rpc/dcerpc_connect.c:715
> #26 0x086478ad in tevent_common_loop_timer_delay (ev=0x9112750) at
> ../lib/tevent/tevent_timed.c:254
> #27 0x08649d97 in epoll_event_loop (std_ev=0x91126b0, tvalp=0xbfae0d74) at
> ../lib/tevent/tevent_standard.c:279
> #28 0x0864a549 in std_event_loop_once (ev=0x9112750, location=0x86ad200
> libcli/composite/composite.c:60 ) at ../lib/tevent/tevent_standard.c:544
> #29 0x086469ff in _tevent_loop_once (ev=0x9112750, location=0x86ad200
> libcli/composite/composite.c:60 ) at ../lib/tevent/tevent.c:488
> #30 0x0821484e in composite_wait (c=0x9112e38) at
> libcli/composite/composite.c:60
> #31 0x080c0f87 in libnet_RpcConnectDC_recv (c=0x9112e38, ctx=0x9112af8,
> mem_ctx=0x9111e18, r=0xbfae0f80) at libnet/libnet_rpc.c:401
> #32 0x080c22fa in libnet_RpcConnect_recv (c=0x9112e38, ctx=0x9112af8,
> mem_ctx=0x9111e18, r=0xbfae0f80) at libnet/libnet_rpc.c:970
> #33 0x080c23ba in libnet_RpcConnect (ctx=0x9112af8, mem_ctx=0x9111e18,
> r=0xbfae0f80) at libnet/libnet_rpc.c:997
> #34 0x080bfaca in libnet_SetPassword_samr (ctx=0x9112af8,
> mem_ctx=0x9111e18, r=0xbfae0ff0) at libnet/libnet_passwd.c:517
> #35 0x080c00ad in libnet_SetPassword (ctx=0x9112af8, mem_ctx=0x9111e18,
> r=0xbfae0ff0) at libnet/libnet_passwd.c:659
> #36 0x080c0014 in libnet_SetPassword_generic (ctx=0x9112af8,
> mem_ctx=0x9111e18, r=0xbfae1070) at libnet/libnet_passwd.c:646
> #37 0x080c0085 in libnet_SetPassword (ctx=0x9112af8, mem_ctx=0x9111e18,
> r=0xbfae1070) at libnet/libnet_passwd.c:657
> #38 0x080bcbb9 in net_password_set (ctx=0x9111e18, argc=1, argv=0x91051ac)
> at utils/net/net_password.c:144
> #39 0x080bbfb9 in net_run_function (ctx=0x9111e18, argc=2, argv=0x91051a8,
> functable=0x8783960, usage_fn=0x80bcc94 <net_password_usage>) at
> utils/net/net.c:72
> #40 0x080bcc8e in net_password (ctx=0x9111e18, argc=2, argv=0x91051a8) at
> utils/net/net_password.c:164
> #41 0x080bbfb9 in net_run_function (ctx=0x9111e18, argc=3, argv=0x91051a4,
> functable=0x878bd20, usage_fn=0x80bc159 <net_usage>) at utils/net/net.c:72
> #42 0x080bc4a4 in binary_net (argc=4, argv=0xbfae1304) at
> utils/net/net.c:206
> #43 0x080bc55a in main (argcÊnnot access memory at address 0x7684
>
> I suspect the frame 22, where we have talloc_free(c); of the context
> passed to the function.
>
> Anatoliy
>
> > -----Original Message-----
> > From: samba-technical-bounces at lists.samba.org [mailto:samba-technical-
> > bounces at lists.samba.org] On Behalf Of Andrew Bartlett
> > Sent: Sunday, August 23, 2009 15:45
> > To: Nadezhda Ivanova
> > Cc: samba-technical at lists.samba.org
> > Subject: RE: Problem with SAMR pipe (ChangePassword() Python binding)
> >
> >On Sat, 2009-08-22 at 19:33 +0300, Nadezhda Ivanova wrote:
> > >Hi all,
> > >I played a bit with libnet_ChangePassword and here is what I get:
> > >The error message that happens to Zahari below does not appear if you
> > >sue a sudoer, so it's a basic permissions issue.
> >
> >This actually gives us a clue - as it should still work without root
> > permissions. What happens however is that when it can contact the
> > nbt_server, it will ask it to send a GetDC request to the target server,
> > in the hope of discovering it's name. This will trigger a response to
> > port 137, where the nbt_server is listening.
> >
> >If that fails, it will try a node status request. This may fail on a
> > system that doesn't support NBT, or perhaps something else goes wrong.
> > This is probably where the code triggers it's INVALID_PARAMETER error.
> >
> >> However, I get a crash, bith when using Zahari's python binding and
> > >when I use net password set or net password change
> >
> >Well, at least that means it can't be the bindings :-)
> >
> >>[root at dev bin]# ./net password change Administrator
> > >Password for [RUMBA\root]:
> > >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > >INTERNAL ERROR: Signal 6 in pid 28516 (4.0.0alpha9-GIT-6f69f16)
> > >Please read the file BUGS.txt in the distribution
> > >=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > >PANIC: internal error
> > >BACKTRACE: 49 stack frames:
> > > #0 ./net(call_backtrace+0x2b) [0x865a3ff]
> > > #1 ./net(smb_panic+0x296) [0x865a781]
> > > #2 ./net [0x865a94c]
> > > #3 ./net(fault_setup+0) [0x865a981]
> > > #4 [0x52f400]
> > > #5 /lib/libc.so.6(abort+0x188) [0x828028]
> > > #6 ./net [0x86716be]
> > > #7 ./net [0x8671718]
> > > #8 ./net [0x8671817]
> > > #9 ./net(talloc_get_name+0x1d) [0x867292b]
> > > #10 ./net(talloc_check_name+0x34) [0x86729af]
> > > #11 ./net [0x8115297]
> > > #12 ./net(composite_error+0xc1) [0x82149d6]
> > > #13 ./net(composite_is_ok+0x37) [0x8214a57]
> > > #14 ./net [0x814e237]
> > > #15 ./net [0x814e279]
> > > #16 ./net(smbcli_transport_dead+0x15c) [0x815705a]
> > > #17 ./net [0x8156bb4]
> > > #18 ./net [0x86724d1]
> > > #19 ./net [0x8672652]
> > > #20 ./net [0x8672652]
> > > #21 ./net [0x8672652]
> > > #22 ./net [0x8672652]
> > > #23 ./net [0x8672652]
> > > #24 ./net(_talloc_free+0xbe) [0x8672de9]
> > > #25 ./net(dcerpc_pipe_connect_b_recv+0x89) [0x8116b6a]
> > > #26 ./net [0x80c08c6]
> > > #27 ./net(composite_error+0xc1) [0x82149d6]
> > > #28 ./net [0x8116800]
> > > #29 ./net(tevent_common_loop_timer_delay+0x195) [0x86478ad]
> > > #30 ./net [0x8649d97]
> > > #31 ./net [0x864a549]
> > > #32 ./net(_tevent_loop_once+0xdf) [0x86469ff]
> > > #33 ./net(composite_wait+0x44) [0x821484e]
> > > #34 ./net [0x80c0f87]
> > > #35 ./net(libnet_RpcConnect_recv+0x88) [0x80c22fa]
> > > #36 ./net(libnet_RpcConnect+0x5e) [0x80c23ba]
> > > #37 ./net [0x80be820]
> > > #38 ./net(libnet_ChangePassword+0x76) [0x80bf007]
> > > #39 ./net [0x80bef75]
> > > #40 ./net(libnet_ChangePassword+0x51) [0x80befe2]
> > > #41 ./net [0x80bc8d8]
> > > #42 ./net(net_run_function+0xc5) [0x80bbfb9]
> > > #43 ./net(net_password+0x3f) [0x80bcc8e]
> > > #44 ./net(net_run_function+0xc5) [0x80bbfb9]
> > > #45 ./net [0x80bc4a4]
> > > #46 ./net(main+0x22) [0x80bc55a]
> > > #47 /lib/libc.so.6(__libc_start_main+0xe6) [0x8125d6]
> > > #48 ./net [0x80bbe61]
> > >Aborted
> > >
> >>Any ideas what might be the cause of this?
> >
> >Did it actually manage to connect before it crashed (see a wireshark
> > trace). This looks like our long-standing challenge with pulling down
> > RPC connections in Samba4 after the remote server drops the connection.
> >
> >Andrew Bartlett
> > --
> > Andrew Bartlett
> http://samba.org/~abartlet/
> > Authentication Developer, Samba Team http://samba.org
> > Samba Developer, Cisco Inc.
More information about the samba-technical
mailing list