10275 – net ads status segfaults

Bug 10275 - net ads status segfaults

Summary: net ads status segfaults

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.6
Classification:	Unclassified
Component:	Winbind (show other bugs)
Version:	3.6.20
Hardware:	All All

Importance:	P5 normal
Target Milestone:	---
Assignee:	Michael Adam
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-11-18 11:42 UTC by drookie
Modified:	2014-06-13 19:35 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description drookie 2013-11-18 11:42:24 UTC

net ads status segfaults

samba installed from FreeBSD ports with GCC.

env:

[emz@wizard:/<2>samba/smb_krb5]# gcc46 -v
Using built-in specs.
COLLECT_GCC=gcc46
COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc46/gcc/x86_64-portbld-freebsd10.0/4.6.3/lto-wrapper
Target: x86_64-portbld-freebsd10.0
Configured with: ./../gcc-4.6.3/configure --disable-bootstrap --disable-nls --libdir=/usr/local/lib/gcc46 --libexecdir=/usr/local/libexec/gcc46 --program-suffix=46 --with-as=/usr/local/bin/as --with-gmp=/usr/local --with-gxx-include-dir=/usr/local/lib/gcc46/include/c++/ --with-ld=/usr/local/bin/ld --with-pkgversion='FreeBSD Ports Collection' --with-system-zlib --with-ecj-jar=/usr/local/share/java/ecj-4.5.jar --enable-languages=c,c++,objc,fortran,java --prefix=/usr/local --mandir=/usr/local/man --infodir=/usr/local/info/gcc46 --build=x86_64-portbld-freebsd10.0
Thread model: posix
gcc version 4.6.3 (FreeBSD Ports Collection)

uname:

FreeBSD wizard.hq.norma.perm.ru 10.0-BETA1 FreeBSD 10.0-BETA1 #1 r257042: Tue Oct 29 11:02:45 YEKT 2013     emz@ravenholm:/usr/obj/usr/src/sys/WIZARD  amd64

Config:

[global]
workgroup = SOFTLAB
machine password timeout = 0
netbios name = WIZARD
server string = Samba 3.6.20 on FreeBSD 10.0-BETA1
hosts allow = 192.168.0.0/16 127.0.0.0/8 172.16.0.0/16 fd00::/16
guest account = pcguest
map to guest = bad user
log level = 0 winbind:4
log file = /var/log/samba/log.%m
max log size = 100

security = ads
realm = NORMA.COM

encrypt passwords = yes
socket options = TCP_NODELAY
dns proxy = no
local master = no
domain master = no
os level = 0
interfaces = vlan1 vlan5 vlan15 lo0
bind interfaces only = yes
syslog = 0
deadtime = 15
wins server = 192.168.3.34
printcap name = cups
printing = BSD
unix charset = KOI8-R
dos charset = 866

password server = 192.168.3.45
idmap uid = 20000-30000
idmap gid = 20000-30000
winbind cache time = 1200
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind separator = +
encrypt passwords = yes
template shell = /sbin/nologin

[test]
comment = Test Directory
path = /usr/local/public/test
guest ok = yes
guest only = yes
browseable = yes

backtrace:

[emz@wizard:/<2>samba/smb_krb5]# net ads status
net: sha1 checksum failed
Аварийное завершение(core dumped)
[emz@wizard:/<2>samba/smb_krb5]# gdb /usr/local/bin/net net.core 
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
Core was generated by `net'.
Program terminated with signal 6, Aborted.
Reading symbols from /usr/local/lib/libexecinfo.so.1...done.
Loaded symbols for /usr/local/lib/libexecinfo.so.1
Reading symbols from /lib/libmd.so.6...done.
Loaded symbols for /lib/libmd.so.6
Reading symbols from /usr/lib/librt.so.1...done.
Loaded symbols for /usr/lib/librt.so.1
Reading symbols from /lib/libthr.so.3...done.
Loaded symbols for /lib/libthr.so.3
Reading symbols from /usr/local/lib/libpopt.so.0...done.
Loaded symbols for /usr/local/lib/libpopt.so.0
Reading symbols from /usr/lib/libgssapi.so.10...done.
Loaded symbols for /usr/lib/libgssapi.so.10
Reading symbols from /usr/lib/libheimntlm.so.11...done.
Loaded symbols for /usr/lib/libheimntlm.so.11
Reading symbols from /usr/lib/libkrb5.so.11...done.
Loaded symbols for /usr/lib/libkrb5.so.11
Reading symbols from /usr/lib/libhx509.so.11...done.
Loaded symbols for /usr/lib/libhx509.so.11
Reading symbols from /usr/lib/libcom_err.so.5...done.
Loaded symbols for /usr/lib/libcom_err.so.5
Reading symbols from /lib/libcrypto.so.7...done.
Loaded symbols for /lib/libcrypto.so.7
Reading symbols from /usr/lib/libasn1.so.11...done.
Loaded symbols for /usr/lib/libasn1.so.11
Reading symbols from /usr/lib/libwind.so.11...done.
Loaded symbols for /usr/lib/libwind.so.11
Reading symbols from /usr/lib/libheimbase.so.11...done.
Loaded symbols for /usr/lib/libheimbase.so.11
Reading symbols from /usr/lib/libroken.so.11...done.
Loaded symbols for /usr/lib/libroken.so.11
Reading symbols from /lib/libcrypt.so.5...done.
Loaded symbols for /lib/libcrypt.so.5
Reading symbols from /usr/local/lib/libldap-2.4.so.8...done.
Loaded symbols for /usr/local/lib/libldap-2.4.so.8
Reading symbols from /usr/local/lib/liblber-2.4.so.8...done.
Loaded symbols for /usr/local/lib/liblber-2.4.so.8
Reading symbols from /lib/libreadline.so.8...done.
Loaded symbols for /lib/libreadline.so.8
Reading symbols from /lib/libncurses.so.8...done.
Loaded symbols for /lib/libncurses.so.8
Reading symbols from /usr/local/lib/libtalloc.so.2...done.
Loaded symbols for /usr/local/lib/libtalloc.so.2
Reading symbols from /usr/local/lib/libtevent.so.0...done.
Loaded symbols for /usr/local/lib/libtevent.so.0
Reading symbols from /usr/local/lib/libtdb.so.1...done.
Loaded symbols for /usr/local/lib/libtdb.so.1
Reading symbols from /usr/local/lib/libwbclient.so.0...done.
Loaded symbols for /usr/local/lib/libwbclient.so.0
Reading symbols from /lib/libz.so.6...done.
Loaded symbols for /lib/libz.so.6
Reading symbols from /lib/libc.so.7...done.
Loaded symbols for /lib/libc.so.7
Reading symbols from /lib/libm.so.5...done.
Loaded symbols for /lib/libm.so.5
Reading symbols from /usr/local/lib/libintl.so.9...done.
Loaded symbols for /usr/local/lib/libintl.so.9
Reading symbols from /usr/lib/private/libheimipcc.so.11...done.
Loaded symbols for /usr/lib/private/libheimipcc.so.11
Reading symbols from /usr/lib/libfetch.so.6...done.
Loaded symbols for /usr/lib/libfetch.so.6
Reading symbols from /usr/local/lib/libsasl2.so.3...done.
Loaded symbols for /usr/local/lib/libsasl2.so.3
Reading symbols from /usr/lib/libssl.so.7...done.
Loaded symbols for /usr/lib/libssl.so.7
Reading symbols from /usr/lib/i18n/libiconv_std.so.4...done.
Loaded symbols for /usr/lib/i18n/libiconv_std.so.4
Reading symbols from /usr/lib/i18n/libUTF1632.so.4...done.
Loaded symbols for /usr/lib/i18n/libUTF1632.so.4
Reading symbols from /usr/lib/i18n/libmapper_parallel.so.4...done.
Loaded symbols for /usr/lib/i18n/libmapper_parallel.so.4
Reading symbols from /usr/lib/i18n/libmapper_std.so.4...done.
Loaded symbols for /usr/lib/i18n/libmapper_std.so.4
Reading symbols from /usr/local/lib/nss_winbind.so.1...done.
Loaded symbols for /usr/local/lib/nss_winbind.so.1
Reading symbols from /libexec/ld-elf.so.1...done.
Loaded symbols for /libexec/ld-elf.so.1
#0  0x0000000804a51d9a in thr_kill () from /lib/libc.so.7
[New Thread 806006400 (LWP 100152/net)]
(gdb) bt
#0  0x0000000804a51d9a in thr_kill () from /lib/libc.so.7
#1  0x0000000804b18ea9 in abort () from /lib/libc.so.7
#2  0x0000000802111f2c in krb5_abortx () from /usr/lib/libkrb5.so.11
#3  0x00000008021242f4 in krb5_hmac () from /usr/lib/libkrb5.so.11
#4  0x0000000802124099 in krb5_generate_random_keyblock () from /usr/lib/libkrb5.so.11
#5  0x0000000802124256 in krb5_hmac () from /usr/lib/libkrb5.so.11
#6  0x00000008021244c9 in krb5_create_checksum () from /usr/lib/libkrb5.so.11
#7  0x00000008021243d7 in krb5_create_checksum () from /usr/lib/libkrb5.so.11
#8  0x00000008021107ff in krb5_padata_add () from /usr/lib/libkrb5.so.11
#9  0x00000008021108bc in krb5_mk_req_extended () from /usr/lib/libkrb5.so.11
#10 0x00000000005eec12 in ads_krb5_mk_req (context=0x8060aa280, auth_context=0x7fffffffc768, ap_req_options=4, 
    principal=0x80602be00 "ldap/hq-dc.norma.com@NORMA.COM", ccache=0x8060b10c0, outbuf=0x7fffffffc780, 
    expire_time=0x8060b6ad8, impersonate_princ_s=0x0) at libsmb/clikrb5.c:259
#11 0x00000000005eefac in cli_krb5_get_ticket (mem_ctx=0x80601a0e0, 
    principal=0x80602be00 "ldap/hq-dc.norma.com@NORMA.COM", time_offset=0, ticket=0x7fffffffc840, 
    session_key_krb5=0x7fffffffc8a0, extra_ap_opts=0, ccname=0x0, tgs_expire=0x8060b6ad8, impersonate_princ_s=0x0)
    at libsmb/clikrb5.c:259
#12 0x00000000005f1757 in spnego_gen_krb5_negTokenInit (ctx=0x80601a0e0, 
    principal=0x80602be00 "ldap/hq-dc.norma.com@NORMA.COM", time_offset=0, targ=0x7fffffffc8d0, 
    session_key_krb5=0x7fffffffc8a0, extra_ap_opts=0, expire_time=0x8060b6ad8) at libsmb/clispnego.c:54
#13 0x0000000000b2dc10 in ads_sasl_spnego_rawkrb5_bind (ads=0x8060b6a80, 
    principal=0x80602be00 "ldap/hq-dc.norma.com@NORMA.COM") at libads/sasl.c:57
#14 0x0000000000b2dd87 in ads_sasl_spnego_krb5_bind (ads=0x8060b6a80, p=0x7fffffffc990) at libads/sasl.c:57
#15 0x0000000000b2e176 in ads_sasl_spnego_bind (ads=0x8060b6a80) at libads/sasl.c:57
#16 0x0000000000b2f2ef in ads_sasl_bind (ads=0x8060b6a80) at libads/sasl.c:57
#17 0x0000000000b2287a in ads_connect (ads=0x8060b6a80) at libads/ldap.c:67
#18 0x00000000004a466c in ads_startup_int (c=0x80601c260, only_own_domain=true, auth_flags=0, ads_ret=0x7fffffffcd38)
    at utils/net_ads.c:49
#19 0x00000000004a4886 in ads_startup (c=0x80601c260, only_own_domain=true, ads=0x7fffffffcd38) at utils/net_ads.c:49
#20 0x00000000004a6a8e in net_ads_status (c=0x80601c260, argc=0, argv=0x806024098) at utils/net_ads.c:49
#21 0x00000000004e1ec7 in net_run_function (c=0x80601c260, argc=1, argv=0x806024090, whoami=0xbd9ee3 "net ads", 
    table=0x7fffffffcdf0) at utils/net_util.c:116
#22 0x00000000004aa527 in net_ads (c=0x80601c260, argc=1, argv=0x806024090) at utils/net_ads.c:49
#23 0x00000000004e1ec7 in net_run_function (c=0x80601c260, argc=2, argv=0x806024088, whoami=0xbd73e5 "net", 
    table=0x107e280) at utils/net_util.c:116
#24 0x00000000004a3985 in main (argc=3, argv=0x7fffffffda68) at utils/net.c:62
(gdb)

Comment 1 drookie 2013-11-18 11:44:35 UTC

This is entirely weird to me, but after removing "wins server" I was able to join a domain, and "net ads status" stopped producing crashes.

Comment 2 Björn Jacke 2014-06-13 17:36:27 UTC

from the net output and from the krb5_hmac in the backtrace I wonder if this is related to the system md5 library being used. Is this still happening with recent samba releases? What does "ldd net" say, which libraries are being linked in?

Comment 3 drookie 2014-06-13 19:35:36 UTC

Nope, thanks. This is also (like net ads join) resolved.