Samba4 Anonymous LDAP bind backtrace
Dave Fenwick
djf at assetsw.com
Fri Jun 30 04:19:11 GMT 2006
Samba4 compiled with ./configure.developer and a clean installation of
ASSETSW and ASSETSW.COM domains. Sources pulled from SVN on 27 Jun
2006.
Binding to LDAP with a simple anonymous bind with:
ldapsearch -b "DC=ASSETSW,DC=COM" -v -x -h localhost "(objectClass=*)"
Produces the following traceback:
#0 0x0860a67a in dom_sid_compare (sid1=0x4, sid2=0xa680c28)
at libcli/security/dom_sid.c:68
i = 0
#1 0x0860a733 in dom_sid_equal (sid1=0x4, sid2=0xa680c28)
at libcli/security/dom_sid.c:84
No locals.
#2 0x08609623 in security_token_is_sid (token=0xa680cf0, sid=0xa680c28)
at libcli/security/security_token.c:85
No locals.
#3 0x08609688 in security_token_is_sid_string (token=0xa680cf0,
sid_string=0x8757b7e "S-1-5-18") at
libcli/security/security_token.c:97
ret = 8
sid = (struct dom_sid *) 0xa680c28
#4 0x086096d0 in security_token_is_system (token=0xa680cf0)
at libcli/security/security_token.c:105
No locals.
#5 0x084db71f in what_is_user (module=0xa67d9f8)
at dsdb/samdb/ldb_modules/kludge_acl.c:68
session_info = (struct auth_session_info *) 0xa680c68
#6 0x084db9ab in kludge_acl_search_async (module=0xa67d9f8,
req=0xa67d7b8)
at dsdb/samdb/ldb_modules/kludge_acl.c:162
ac = (struct kludge_acl_async_context *) 0xa693420
down_req = (struct ldb_request *) 0x8653b50
ret = 2327943
#7 0x084c5564 in ldb_next_request (module=0xa67d9f8, request=0xa67d7b8)
at lib/ldb/common/ldb_modules.c:356
No locals.
#8 0x084c95b5 in rootdse_search (module=0xa67da40, req=0xa67d7b8)
at dsdb/samdb/ldb_modules/rootdse.c:185
ac = (struct rootdse_async_context *) 0xa67c2b3
down_req = (struct ldb_request *) 0x84beaed
ret = 174572200
#9 0x084bf195 in ldb_request (ldb=0xa692028, req=0xa67d7b8)
at lib/ldb/common/ldb.c:416
module = (struct ldb_module *) 0xa67da40
ret = 0
#10 0x080fea95 in ldapsrv_SearchRequest (call=0xa6806e8)
at ldap_server/ldap_backend.c:254
req = (struct ldap_SearchRequest *) 0xa67ce18
ent = (struct ldap_SearchResEntry *) 0x1
done = (struct ldap_Result *) 0x0
ent_r = (struct ldapsrv_reply *) 0xbf92cae8
done_r = (struct ldapsrv_reply *) 0x8653b50
local_ctx = (void *) 0xa67f008
samdb = (struct ldb_context *) 0xa692028
basedn = (struct ldb_dn *) 0xa67eee0
res = (struct ldb_result *) 0xa67c2a8
lreq = (struct ldb_request *) 0xa67d7b8
scope = LDB_SCOPE_SUBTREE
attrs = (const char **) 0x0
errstr = 0x0
success_limit = 0
result = -1
ldb_ret = -1
i = -1080898792
j = 140853914
__FUNCTION__ = "ldapsrv_SearchRequest"
#11 0x081006c3 in ldapsrv_do_call (call=0xa6806e8) at
ldap_server/ldap_backend.c:755
No locals.
#12 0x080fcd7f in ldapsrv_process_message (conn=0xa65fa18,
msg=0xa67ce10)
at ldap_server/ldap_server.c:84
call = (struct ldapsrv_call *) 0xa6806e8
status = {v = 140834208}
blob = {data = 0x8778a78 "à}w\bÐÆ\034", length = 3214068680}
enable_wrap = false
__FUNCTION__ = "ldapsrv_process_message"
#13 0x080fd0b2 in ldapsrv_decode_plain (conn=0xa65fa18, blob={data =
0x0, length = 0})
at ldap_server/ldap_server.c:163
asn1 = {
data = 0xa680f38
"0;\002\001\002c6\004\021DC=ASSETSW,DC=COM\n\001\002\n\001",
length = 61, ofs = 61, nesting = 0x0, has_error = false}
msg = (struct ldap_message *) 0xa67ce10
#14 0x080fd2f3 in ldapsrv_decode (private=0xa65fa18, blob=
---Type <return> to continue, or q <return> to quit---q
{data = 0xa67d7b8 "", length Quit
) at ldap_server/ldap_server.c:222
conn = (struct ldapsrv_connection *) 0xa65fa18
#15 0x084e7720 in packet_recv (pc=0xa65fa88) at lib/stream/packet.c:356
npending = 61
status = {v = 0}
nread = 61
blob = {data = 0xa67d7b8 "", length = 61}
__FUNCTION__ = "packet_recv"
#16 0x080fd3df in ldapsrv_recv (c=0xa6904e8, flags=1) at
ldap_server/ldap_server.c:256
conn = (struct ldapsrv_connection *) 0xa65fa18
#17 0x0810dec3 in stream_io_handler (ev=0xa653ab8, fde=0xa68fb10,
flags=1,
private=0xa6904e8) at smbd/service_stream.c:94
conn = (struct stream_connection *) 0xa6904e8
#18 0x0853c9c8 in epoll_event_loop (std_ev=0xa653af8, tvalp=0xbf92ce54)
at lib/events/events_standard.c:276
fde = (struct fd_event *) 0xa68fb10
flags = 1
ret = 1
i = 0
events = {{events = 1, data = {ptr = 0xa68fb10, fd = 174652176,
u32 = 174652176, u64 = 174652176}}, {events = 1, data = {ptr =
0xa65a768,
fd = 174434152, u32 = 174434152, u64 = 749069750027790184}}, {
events = 174406344, data = {ptr = 0x8778a78, fd = 142051960, u32 =
142051960,
u64 = 13804322135582673528}}, {events = 140854141, data = {ptr =
0xa653af8,
fd = 174406392, u32 = 174406392, u64 = 610108522707106552}},
{events = 2424982,
data = {ptr = 0x864ae56, fd = 140815958, u32 = 140815958,
u64 = 13804322273020390998}}, {events = 4294967295, data = {ptr =
0xbf92ce08,
fd = -1080898040, u32 = 3214069256, u64 = 604814128150924808}}, {
events = 3214069324, data = {ptr = 0xa65be34, fd = 174439988, u32 =
174439988,
u64 = 13804322341773491764}}, {events = 140819241, data = {ptr =
0xbf92cdf8,
fd = -1080898056, u32 = 3214069240, u64 = 610108525746769400}}}
destruction_count = 0
timeout = 612
#19 0x0853d4b8 in std_event_loop_once (ev=0xa653ab8)
at lib/events/events_standard.c:595
std_ev = (struct std_event_context *) 0xa653af8
tval = {tv_sec = 0, tv_usec = 611894}
#20 0x0853d52b in std_event_loop_wait (ev=0xa653ab8)
at lib/events/events_standard.c:612
std_ev = (struct std_event_context *) 0xa653af8
#21 0x0853c2b2 in event_loop_wait (ev=0xa653ab8) at
lib/events/events.c:156
No locals.
#22 0x0809cf1a in binary_smbd_main (binary_name=0x8689fd3 "smbd",
argc=4,
argv=0xbf92d0e4) at smbd/server.c:293
interactive = true
opt = -1
pc = 0xa64f008
static_init = {0x80a08d4 <server_service_rpc_init>,
0x80f3cca <server_service_wrepl_init>, 0x80fb6e1
<server_service_kdc_init>,
0x80fdff2 <server_service_ldap_init>, 0x810136d
<server_service_nbtd_init>,
0x8104da2 <server_service_smb_init>, 0x810561e
<server_service_web_init>,
0x8108977 <server_service_winbind_init>, 0x8488e44
<server_service_auth_init>,
0x810d0ac <server_service_cldapd_init>, 0}
shared_init = (init_module_fn *) 0x0
event_ctx = (struct event_context *) 0xa653ab8
status = {v = 0}
model = 0xa64f208 "single"
max_runtime = 0
long_options = {{longName = 0x0, shortName = 0 '\0', argInfo =
4,
arg = 0xdd8d00, val = 0, descrip = 0x8689dfe "Help options:",
argDescrip = 0x0}, {
longName = 0x8689e0c "interactive", shortName = 105 'i', argInfo =
0, arg = 0x0,
val = 1000, descrip = 0x8689e18 "Run interactive (not a daemon)",
argDescrip = 0x0}, {longName = 0x8689e37 "model", shortName = 77
'M',
argInfo = 1, arg = 0x0, val = 1001, descrip = 0x8689e3d "Select
process model",
argDescrip = 0x8689e52 "MODEL"}, {longName = 0x8689e58
"maximum-runtime",
shortName = 0 '\0', argInfo = 2, arg = 0xbf92cfcc, val = 0,
descrip = 0x8689e68 "set maximum runtime of the server process, till
autotermination", argDescrip = 0x8689ea8 "seconds"}, {longName =
0x0,
shortName = 0 '\0',
argInfo = 4, arg = 0x8778f40, val = 0,
descrip = 0x8689eb0 "Common samba options:", argDescrip = 0x0},
{longName = 0x0,
shortName = 0 '\0', argInfo = 4, arg = 0x8779040, val = 0,
descrip = 0x8689eb0 "Common samba options:", argDescrip = 0x0},
{longName = 0x0,
shortName = 0 '\0', argInfo = 0, arg = 0x0, val = 0, descrip = 0x0,
---Type <return> to continue, or q <return> to quit---
argDescrip = 0x0}}
__FUNCTION__ = "binary_smbd_main"
#23 0x0809cf81 in main (argc=4, argv=0xbf92d0e4) at smbd/server.c:304
No locals.
More information about the samba-technical
mailing list