[Samba] Samba crash

SerNet Support Björn Baumbach samba at sernet.de
Thu Nov 8 02:09:14 MST 2012 

Hi Amir,

this is a known and fixed issue in Samba 3.6.6.
It was known as Bug 9004 https://bugzilla.samba.org/show_bug.cgi?id=9004

and has been fixed by
o   Andreas Schneider <asn at samba.org>
    * BUG 8944 and 8567: Don't lookup the system user in pdb.

Do you need a patch for 3.6.1?

As far as I know (I would need to test it) with this patch Samba logs
that the configured guest user is not available and does not start up
instead of crashing later.

Best regards,
Björn

On 11/07/2012 08:59 PM, Amir Shimoni wrote:
> Hi,
> 
> We are using the following configuration:
> 
> [global]
>         workgroup = FBX
>         passdb backend = tdbsam:/etc/samba/passdb.tdb
>         map to guest = Bad User
>         guest account = nasuser
>         security = user
>         syslog = 0
>         debuglevel = 2
>         debug pid = yes
>         kernel oplocks = no
>         create mask = 0777
>         time_audit:timeout = 10000
>         async smb echo handler  = yes
>         log writeable files on exit  = yes
> 
> [FABRIX]
> path = /mnt/fbx/
> comment = Fabrix LI4 Share
> available = yes
> browseable = yes
> writable = yes
> locking = no
> oplocks = no
> level2 oplocks = no
> dos filemode = yes
> kernel change notify = no
> force directory mode = 0777
> guest ok = yes
> case sensitive = yes
> vfs objects = time_audit fxfs_o_direct aio_pthread
> admin users = nasuser
> aio write size = 1
> aio read size = 1
> dfree cache time = 10
> 
> When the guest account does not exists on the server, init_guest_info()
> failing to init the guest_info and later when passing it from
> make_server_info_guest() to copy_serverinfo() the process crash on
> segmentation fault when trying to access it (dst->guest = src->guest;),
> you can see the crash stack below:
> 
> #0  0x00002b15679e4265 in raise () from /lib64/libc.so.6
> (gdb) bt
> #0  0x00002b15679e4265 in raise () from /lib64/libc.so.6
> #1  0x00002b15679e5d10 in abort () from /lib64/libc.so.6
> #2  0x00002b15647fbd7d in dump_core () at lib/fault.c:391
> #3  0x00002b156480ac65 in smb_panic (why=<value optimized out>) at
> lib/util.c:1133
> #4  0x00002b15647fc2ac in fault_report (sig=11) at lib/fault.c:53
> #5  sig_fault (sig=11) at lib/fault.c:76
> #6  <signal handler called>
> #7  copy_serverinfo (mem_ctx=<value optimized out>, src=0x0) at
> auth/auth_util.c:861
> #8  0x00002b156485bead in make_server_info_guest
> (mem_ctx=0x2b15798b5a40, server_info=0x7ffffd11d3a8) at auth/auth_util.c:939
> #9  0x00002b15645375a4 in do_map_to_guest (status=<value optimized out>,
> server_info=0x7ffffd11d3a8, user=0x2b15798b5910 "myurukov",
> domain=0x2b15798b5870 "myurukov-PC") at smbd/sesssetup.c:64
> #10 0x00002b15645376c4 in reply_spnego_ntlmssp (req=0x2b15798b65b0,
> vuid=100, auth_ntlmssp_state=0x2b15798a6970,
> ntlmssp_blob=0x7ffffd11d470, nt_status=..., OID=0x0, wrap=true) at
> smbd/sesssetup.c:497
> #11 0x00002b15645388ce in reply_spnego_auth (req=0x2b15798b65b0) at
> smbd/sesssetup.c:810
> #12 reply_sesssetup_and_X_spnego (req=0x2b15798b65b0) at
> smbd/sesssetup.c:1196
> #13 0x00002b1564538bd0 in reply_sesssetup_and_X (req=0x2b15798b65b0) at
> smbd/sesssetup.c:1358
> #14 0x00002b156456ea15 in switch_message (type=115 's',
> req=0x2b15798b65b0, size=292) at smbd/process.c:1573
> #15 0x00002b1564572cfb in construct_reply (sconn=0x2b1579899a50,
> inbuf=<value optimized out>, nread=292, unread_bytes=0, seqnum=0,
> encrypted=false, deferred_pcd=0x0) at smbd/process.c:1609
> #16 process_smb (sconn=0x2b1579899a50, inbuf=<value optimized out>,
> nread=292, unread_bytes=0, seqnum=0, encrypted=false, deferred_pcd=0x0)
> at smbd/process.c:1687
> #17 0x00002b1564572fcc in smbd_server_connection_read_handler
> (conn=0x2b1579899a50, fd=<value optimized out>) at smbd/process.c:2316
> #18 0x00002b156457303d in smbd_server_connection_handler (ev=<value
> optimized out>, fde=<value optimized out>, flags=1, private_data=<value
> optimized out>) at smbd/process.c:2333
> #19 0x00002b1564818f5a in run_events_poll (ev=0x2b1579899990,
> pollrtn=<value optimized out>, pfds=0x2b15798b3520, num_pfds=3) at
> lib/events.c:286
> #20 0x00002b1564571d0a in smbd_server_connection_loop_once
> (sconn=0x2b1579899a50) at smbd/process.c:1016
> #21 smbd_process (sconn=0x2b1579899a50) at smbd/process.c:3157
> #22 0x00002b1564a8936f in smbd_accept_connection (ev=<value optimized
> out>, fde=<value optimized out>, flags=<value optimized out>,
> private_data=<value optimized out>) at smbd/server.c:505
> #23 0x00002b1564818f5a in run_events_poll (ev=0x2b1579899990,
> pollrtn=<value optimized out>, pfds=0x2b15798c2a40, num_pfds=5) at
> lib/events.c:286
> #24 0x00002b156481938f in s3_event_loop_once (ev=0x2b1579899990,
> location=<value optimized out>) at lib/events.c:349
> #25 0x00002b15648196a9 in _tevent_loop_once (ev=0x2b1579899990,
> location=0x2b1564cae624 "smbd/server.c:838") at ../lib/tevent/tevent.c:494
> #26 0x00002b1564a8ac03 in smbd_parent_loop (argc=<value optimized out>,
> argv=<value optimized out>) at smbd/server.c:838
> #27 main (argc=<value optimized out>, argv=<value optimized out>) at
> smbd/server.c:1320
> 
> Thanks,
> Amir.


-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba mailing list