[Samba] FreeBSD, Libmd5, samba 4.9.4 & "smbclient -L" (using password) -> core dump

Peter Eriksson peter at ifm.liu.se
Thu Dec 27 21:26:11 UTC 2018 

I just noticed that smbclient from Samba 4.9.4 /built by myself) on FreeBSD 11.2 coredumps when called like this:

	smbclient -L <hostname>

> % /liu/pkg/samba/4.9.4-liu/bin/smbclient -L filur00
> Enter username at AD.LIU.SE's password:
> Abort (core dumped)

… if it is linked against /usr/local/lib/libmd5.so (which is part of “libwww”). If I remove libmd5.so and recompile things work as it should…

> % /liu/pkg/samba/4.9.4-test/bin/smbclient -L filur00
> Enter username at AD.LIU.SE's password:
> Anonymous login successful
> 
>	Sharename       Type      Comment
>	---------       ----      -------
>	DATA4           Disk      foo
>	IPC$            IPC       IPC Service (Filur00 File Server)
> Reconnecting with SMB1 for workgroup listing.
> smbXcli_negprot_smb1_done: No compatible protocol selected by server.
> protocol negotiation failed: NT_STATUS_INVALID_NETWORK_RESPONSE
> Failed to connect with SMB1 -- no workgroup available

Is this a known issue, and/or is there some easy way to disable the “libmd5.so” detection code in the configure step? (Other than not having libwww installed that is :-).

> # pkg info libwww
> libwww-5.4.2
> Name           : libwww
> Version        : 5.4.2
> Installed on   : Sun Dec 16 23:53:05 2018 CET
> Origin         : www/libwww
> Architecture   : FreeBSD:11:amd64
> Prefix         : /usr/local
> Categories     : devel www
> Licenses       : W3C
> Maintainer     : dbaio at FreeBSD.org
> WWW            : http://www.w3.org/Library/
> Comment        : W3C Reference Library
> Shared Libs required:
> 	libexpat.so.1
> Shared Libs provided:
> 	libwwwapp.so.0
> 	libpics.so.0
> 	libwwwmime.so.0
> 	libwwwnews.so.0
> 	libwwwxml.so.0
> 	libwwwinit.so.0
> 	libwwwutils.so.0
> 	libwwwmux.so.0
> 	libwwwhtml.so.0
> 	libwwwgopher.so.0
> 	libwwwdir.so.0
> 	libwwwssl.so.0
> 	libwwwhttp.so.0
> 	libmd5.so.0
> 	libwwwtrans.so.0
> 	libwwwtelnet.so.0
> 	libwwwstream.so.0
> 	libwwwcore.so.0
> 	libwwwftp.so.0
> 	libwwwzip.so.0
> 	libwwwfile.so.0
> 	libwwwcache.so.0
> Annotations    :
> 	FreeBSD_version: 1102000
> 	repo_type      : binary
> 	repository     : FreeBSD

GDB backtrace:

(gdb) bt
#0  0x000000080495898a in kill () from /lib/libc.so.7
#1  0x0000000804958940 in ?? () from /lib/libc.so.7
#2  0x00000008049588b0 in __stack_chk_fail () from /lib/libc.so.7
#3  0x000000080314572b in hmac_md5_final (digest=digest at entry=0x7fffffffd320 "\a\203f\243y6f\331\063$\027\004 at CD\252\005\226\263\003\b", ctx=0x7fffffffd190,
    ctx at entry=0x0) at ../lib/crypto/hmacmd5.c:101
#4  0x00000008092a01a0 in ntv2_owf_gen (owf=owf at entry=0x811a49430 "\347\305\335 ", <incomplete sequence \350\356>, user_in=<optimized out>,
    domain_in=<optimized out>, kr_buf=kr_buf at entry=0x7fffffffd320 "\a\203f\243y6f\331\063$\027\004 at CD\252\005\226\263\003\b") at ../libcli/auth/smbencrypt.c:241
#5  0x00000008092a0807 in SMBNTLMv2encrypt_hash (mem_ctx=mem_ctx at entry=0x811a1d780, user=<optimized out>, domain=<optimized out>,
    nt_hash=nt_hash at entry=0x811a49430 "\347\305\335 ", <incomplete sequence \350\356>, server_chal=server_chal at entry=0x7fffffffd3f0,
    server_timestamp=server_timestamp at entry=0x811a85a08, names_blob=0x7fffffffd530, lm_response=0x7fffffffd410, nt_response=0x7fffffffd420, lm_session_key=0x0,
    user_session_key=0x7fffffffd440) at ../libcli/auth/smbencrypt.c:493
#6  0x0000000803b34e4b in cli_credentials_get_ntlm_response (cred=0x811a8b060, mem_ctx=mem_ctx at entry=0x811a850b0, flags=flags at entry=0x7fffffffd604, challenge=...,
    server_timestamp=0x811a85a08, target_info=..., _lm_response=0x7fffffffd660, _nt_response=0x7fffffffd670, _lm_session_key=0x7fffffffd690,
    _session_key=0x7fffffffd680) at ../auth/credentials/credentials_ntlm.c:135
#7  0x0000000808866cd7 in ntlmssp_client_challenge (gensec_security=0x811a57f60, out_mem_ctx=0x811a85030, in=..., out=0x811a85040)
    at ../auth/ntlmssp/ntlmssp_client.c:630
#8  0x0000000808864e8b in gensec_ntlmssp_update_send (mem_ctx=<optimized out>, ev=0x811a582e0, gensec_security=0x811a57f60, in=...)
    at ../auth/ntlmssp/ntlmssp.c:210
#9  0x000000080886f9b8 in gensec_update_send (mem_ctx=<optimized out>, ev=0x811a582e0, gensec_security=0x811a57f60, in=...) at ../auth/gensec/gensec.c:433
#10 0x0000000808862848 in gensec_spnego_update_send (mem_ctx=<optimized out>, ev=0x811a582e0, gensec_security=<optimized out>, in=...)
    at ../auth/gensec/spnego.c:1722
#11 0x000000080886f9b8 in gensec_update_send (mem_ctx=<optimized out>, ev=0x811a582e0, gensec_security=0x811a57360, in=...) at ../auth/gensec/gensec.c:433
#12 0x0000000801d648c5 in cli_session_setup_gensec_local_next (req=0x811a84780) at ../source3/libsmb/cliconnect.c:1008
#13 0x0000000801d64a79 in cli_session_setup_gensec_remote_done (subreq=<optimized out>) at ../source3/libsmb/cliconnect.c:1131
#14 0x0000000801d6394f in cli_sesssetup_blob_done (subreq=<optimized out>) at ../source3/libsmb/cliconnect.c:845
#15 0x0000000801b34fc9 in smb2cli_session_setup_done (subreq=<optimized out>) at ../libcli/smb/smb2cli_session.c:213
#16 0x0000000808649f37 in tevent_common_invoke_immediate_handler () from /usr/local/lib/libtevent.so.0
#17 0x0000000808649f94 in tevent_common_loop_immediate () from /usr/local/lib/libtevent.so.0
#18 0x000000080864c17c in ?? () from /usr/local/lib/libtevent.so.0
#19 0x0000000808648e4e in _tevent_loop_once () from /usr/local/lib/libtevent.so.0
#20 0x000000080864ac0b in tevent_req_poll () from /usr/local/lib/libtevent.so.0
#21 0x00000008052349de in tevent_req_poll_ntstatus (req=req at entry=0x811a84080, ev=ev at entry=0x811a582e0, status=status at entry=0x7fffffffdbf4)
    at ../lib/util/tevent_ntstatus.c:109
#22 0x0000000801d66efd in cli_session_setup_creds (cli=<optimized out>, creds=creds at entry=0x811a8b060) at ../source3/libsmb/cliconnect.c:1795
#23 0x0000000801d82728 in do_connect (ctx=ctx at entry=0x811a1d1e0, server=<optimized out>, server at entry=0x811a46250 "filur00", share=<optimized out>,
    auth_info=auth_info at entry=0x811a3e200, force_encrypt=force_encrypt at entry=false, max_protocol=max_protocol at entry=13, port=0, name_type=32, pcli=0x7fffffffdcf0)
    at ../source3/libsmb/clidfs.c:232
#24 0x0000000801d82b35 in cli_cm_connect (ctx=ctx at entry=0x811a1d1e0, referring_cli=referring_cli at entry=0x0, server=server at entry=0x811a46250 "filur00",
    share=<optimized out>, auth_info=auth_info at entry=0x811a3e200, force_encrypt=force_encrypt at entry=false, max_protocol=13, port=0, name_type=32,
   0) at ../source3/libsmb/clidfs.c:335
#25 0x0000000801d82cbf in cli_cm_open (ctx=0x811a1d1e0, referring_cli=0x0, server=0x811a46250 "filur00", share=<optimized out>, auth_info=0x811a3e200, force_encrypt=<optimized out>, max_protocol=13, port=0, n
ame_type=32, pcli=0x12473a0 <cli>) at ../source3/libsmb/clidfs.c:437
#26 0x000000000102a9c0 in do_host_query (query_host=0x811a46250 "filur00") at ../source3/client/client.c:6574
#27 main (argc=<optimized out>, argv=<optimized out>) at ../source3/client/client.c:6574


- Peter

More information about the samba mailing list