Seg fault with "net sam mapunixgroup"

Wed May 27 01:52:39 MDT 2015

On 27/05/15 06:27, Abhidnya Joshi wrote:
> Hi,
>
> We are using Samba-4.1.16. We are getting seg fault always with "net sam mapunixgroup".
>
> The gdb shows stack as follows:
> (gdb)
> #0  0x00007f2fe4276451 in __strlen_sse2 () from /lib64/libc.so.6
> #1  0x00007f2fe5d87187 in tdb_pack_va (buf=0x8 <Address 0x8 out of bounds>,bufsize=0, fmt=0x7f2fe6c7666c "f", ap=0x7fffaefbe7a0) at ../source3/lib/util_tdb.c:98
> #2  0x00007f2fe5d87743 in tdb_pack (buf=<value optimized out>, bufsize=<value optimized out>, fmt=<value optimized out>) at ../source3/lib/util_tdb.c:138
> #3  0x00007f2fe6c54828 in add_mapping_entry (map=0x7f2fee274f60, flag=<value optimized out>) at ../source3/groupdb/mapping_tdb.c:148
> #4  0x00007f2fe6c51c82 in pdb_default_add_group_mapping_entry (methods=<value optimized out>, map=0x7f2fee274f60) at ../source3/groupdb/mapping.c:459
> #5  0x00007f2fe6c4e695 in pdb_add_group_mapping_entry (map=0x7f2fee274f60) at ../source3/passdb/pdb_interface.c:849
> #6  0x00007f2fec101aba in map_unix_group (c=<value optimized out>, argc=<value optimized out>, argv=0x7f2fee26f928) at ../source3/utils/net_sam.c:865
> #7  net_sam_mapunixgroup (c=<value optimized out>, argc=<value optimized out>, argv=0x7f2fee26f928) at ../source3/utils/net_sam.c:893
> #8  0x00007f2fec0fd3cc in net_sam (c=0x7f2fee26d360, argc=2,argv=0x7f2fee26f920) at ../source3/utils/net_sam.c:2280
> #9  0x00007f2fec0cbb56 in main (argc=5, argv=0x7fffaefbf648) at ../source3/utils/net.c:960
> (gdb) f 3
> #3  0x00007f2fe6c54828 in add_mapping_entry (map=0x7f2fee274f60, flag=<value optimized out>) at ../source3/groupdb/mapping_tdb.c:148
> 148     ../source3/groupdb/mapping_tdb.c: No such file or directory. in ../source3/groupdb/mapping_tdb.c
> (gdb) p map->sid_name_use
> $1 = SID_NAME_DOM_GRP
> (gdb) p map->comment
> $2 = 0x7f2fee2766d0 "Unix Group nogroup"
> (gdb) p map->gid
> $3 = 1004
> (gdb) p map->nt_name
> $4 = 0x0
> (gdb)
>
> It seems that strlen dumps core as map->nt_name is a NULL pointer.  I rerun this by populating nt_name the way earlier samba version (3.6.24) populates and it works.
> In map_unix_group function as:
>         if (map->nt_name == NULL) {
>                 map->nt_name = talloc_asprintf(map, "%s", grp->gr_name);
>                 DEBUG(10, ("Populate map->nt_name with %s\n", grp->gr_name));
>         }
>
> May I know if I am missing anything?
>
> Thanks and Regards
> Abhidnya Joshi
>

Well, apart from telling us what version of samba you are using, showing 
us your smb.conf and telling us why you are trying to map a group, no

Rowland