[Samba] double segfault in smbd 3.0.21a

Blindauer Emmanuel samba at agat.net
Tue Jan 10 00:33:42 GMT 2006 

After regenerating my keytab (net ads keytab flush && net ads keytab create) 
the two crash are gone.

Emmanuel

Le Mardi 10 Janvier 2006 01:06, Blindauer Emmanuel a écrit :
> Hi
> I'm able to reproduce a segfault in smbd, with security=ads , using normal
> login or kerberos.
> samba 3.0.21a compiled from source, on debian stable.
>
> here are the backtrace:
>
>
> For the kerberos part, using "smbclient //server/share -k"
>
> Using host libthread_db library "/lib/tls/libthread_db.so.1".
> `system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
> [Thread debugging using libthread_db enabled]
> [New Thread 1077522240 (LWP 26945)]
> 0x4020f3ae in waitpid () from /lib/tls/libc.so.6
> #0  0x4020f3ae in waitpid () from /lib/tls/libc.so.6
> #1  0x401a4d12 in system () from /lib/tls/libc.so.6
> #2  0x081fc648 in smb_panic2 ()
> #3  0x081fc5bb in smb_panic ()
> #4  0x081e9cf3 in fault_report ()
> #5  0x081e9d68 in sig_fault ()
> #6  <signal handler called>
> #7  0x401ce487 in fseek () from /lib/tls/libc.so.6
> #8  0x400ae2cc in krb5_ktfile_get_next () from /usr/lib/libkrb5.so.3
> #9  0x400add4c in krb5_kt_next_entry () from /usr/lib/libkrb5.so.3
> #10 0x08275daf in ads_keytab_verify_ticket ()
> #11 0x08276828 in ads_verify_ticket ()
> #12 0x080b4802 in reply_spnego_kerberos ()
> #13 0x080b5738 in reply_spnego_negotiate ()
> #14 0x080b5db0 in reply_sesssetup_and_X_spnego ()
> #15 0x080b62c6 in reply_sesssetup_and_X ()
> #16 0x080dda92 in switch_message ()
> #17 0x080ddb42 in construct_reply ()
> #18 0x080dde8e in process_smb ()
> #19 0x080debe9 in smbd_process ()
> #20 0x0828850b in main ()
>
> For the normal login, i.e. "smbclient //server/share -U username"
>
> Using host libthread_db library "/lib/tls/libthread_db.so.1".
> `system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
> [Thread debugging using libthread_db enabled]
> [New Thread 1077522240 (LWP 26935)]
> 0x4020f3ae in waitpid () from /lib/tls/libc.so.6
> #0  0x4020f3ae in waitpid () from /lib/tls/libc.so.6
> #1  0x401a4d12 in system () from /lib/tls/libc.so.6
> #2  0x081fc648 in smb_panic2 ()
> #3  0x081fc5bb in smb_panic ()
> #4  0x081e9cf3 in fault_report ()
> #5  0x081e9d68 in sig_fault ()
> #6  <signal handler called>
> #7  0x4000770a in _dl_unload_cache () from /lib/ld-linux.so.2
> #8  0x40007edf in _dl_lookup_symbol () from /lib/ld-linux.so.2
> #9  0x4026fdb9 in __libc_dlclose () from /lib/tls/libc.so.6
> #10 0x4000c016 in _dl_catch_error () from /lib/ld-linux.so.2
> #11 0x4026fc68 in __libc_dlsym () from /lib/tls/libc.so.6
> #12 0x4024db81 in __nss_lookup_function () from /lib/tls/libc.so.6
> #13 0x4024d8c3 in __nss_next () from /lib/tls/libc.so.6
> #14 0x4020eb49 in getpwnam_r () from /lib/tls/libc.so.6
> #15 0x4020e441 in getpwnam () from /lib/tls/libc.so.6
> #16 0x081ec962 in sys_getpwnam ()
> #17 0x081f0a7f in getpwnam_alloc ()
> #18 0x081eefbb in Get_Pwnam_internals ()
> #19 0x081ef29c in Get_Pwnam_alloc ()
> #20 0x082385ca in smb_getpwnam ()
> #21 0x08238489 in fill_sam_account ()
> #22 0x08238854 in make_server_info_info3 ()
> #23 0x08233f98 in check_winbind_security ()
> #24 0x08230f88 in check_ntlm_password ()
> #25 0x0823a036 in auth_ntlmssp_check_password ()
> #26 0x08115054 in ntlmssp_server_auth ()
> #27 0x08114480 in ntlmssp_update ()
> #28 0x0823a36e in auth_ntlmssp_update ()
> #29 0x080b592a in reply_spnego_auth ()
> #30 0x080b5e0d in reply_sesssetup_and_X_spnego ()
> #31 0x080b62c6 in reply_sesssetup_and_X ()
> #32 0x080dda92 in switch_message ()
> #33 0x080ddb42 in construct_reply ()
> #34 0x080dde8e in process_smb ()
> #35 0x080debe9 in smbd_process ()
> #36 0x0828850b in main ()
>
>
> and here my smb.conf:
>
> # ./testparm
> Load smb config files from /usr/local/samba/lib/smb.conf
> Processing section "[web$]"
> Loaded services file OK.
> WARNING: passdb expand explicit = yes is deprecated
> 'winbind separator = +' might cause problems with group membership.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
>
> [global]
>         workgroup = DPTINFO
>         realm = DPTINFO.URS.LOCAL
>         server string = %h server (Extranet, Samba %v)
>         security = ADS
>         allow trusted domains = No
>         passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n .
>         use kerberos keytab = Yes
>         syslog = 0
>         log file = /var/log/samba/log.%m
>         max log size = 10000
>         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>         dns proxy = No
>         ldap admin dn = cn=admin,dc=iutinfo,dc=local
>         ldap idmap suffix = ou=Idmap
>         ldap suffix = dc=iutinfo,dc=local
>         panic action = /usr/share/samba/panic-action %d
>         idmap backend = ldap:ldap://ldap.urs.fr
>         idmap uid = 10000-20000
>         idmap gid = 10000-20000
>         template homedir = /home/%U
>         template shell = /bin/bash
>         winbind separator = +
>         winbind cache time = 0
>         winbind use default domain = Yes
>         invalid users = root

More information about the samba mailing list