Bug 1857 - ldapsam_compat ldap backend completely broken
Summary: ldapsam_compat ldap backend completely broken
Status: CLOSED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.7
Hardware: All All
: P3 critical
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
: 1665 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-09-30 06:37 UTC by Fabien Chevalier
Modified: 2005-08-24 10:25 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fabien Chevalier 2004-09-30 06:37:16 UTC 
Hi all,

We upgraded a sarge system recently, acting as a PDC for a small network.
Smbd then started to segfault each time a user tryed to connect to the box,
resulting in a major outage.
This issue has been introduced somewhere between 3.0.5 and 3.0.7, as 3.0.5
works great.

This bug is referenced as #274155 for Debian.

Here is the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x401de764 in strdup () from /lib/tls/libc.so.6
(gdb) bt
#0  0x401de764 in strdup () from /lib/tls/libc.so.6
#1  0x080c7f2e in append_attr (attr_list=0xbfffee70, new_attr=0x0) at
passdb/pdb_ldap.c:1237
#2  0x080c7fbc in ldapsam_getsampwnam (my_methods=0x81d4310, user=0x81d4798,
sname=0x81c0660 "toto") at passdb/pdb_ldap.c:1256
#3  0x080bdb03 in context_getsampwnam (context=0x81d3b88, sam_acct=0x81d4798,
username=0x81c0660 "toto")  at passdb/pdb_interface.c:197
#4  0x080bfaa7 in pdb_getsampwnam (sam_acct=0x81d4798, username=0x81c0660
"toto") at passdb/pdb_interface.c:881
#5  0x080b8fda in local_password_change (user_name=0x81c0660 "toto",
local_flags=577, new_passwd=0x81d4500 "t",
    err_str=0xbffff350 "", err_str_len=1024, msg_str=0xbfffef50 "",
msg_str_len=1024) at passdb/passdb.c:972
#6  0x0806b950 in password_change (remote_mach=0x0, username=0x81c0660 "toto",
old_passwd=0x0, new_pw=0x81d4500 "t",
    local_flags=577) at utils/smbpasswd.c:289 #7  0x0806be4c in process_root
(local_flags=577) at utils/smbpasswd.c:453
#8  0x0806c21b in main (argc=5, argv=0xbffff854) at utils/smbpasswd.c:591
(gdb)

The issue is a strdup of null pointer.

Here is the patch that fixes this (tested, works like a charm :-) )

--- samba-3.0.7/source/passdb/pdb_ldap.c.orig 2004-09-29
22:57:47.000000000 +0100
+++ samba-3.0.7/source/passdb/pdb_ldap.c 2004-09-29
22:58:18.000000000 +0100
@@ -1253,7 +1253,8 @@
  int rc;
  
  attr_list = get_userattr_list( ldap_state->schema_ver );
- append_attr(&attr_list,
get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP));
+ if( ldap_state->schema_ver == SCHEMAVER_SAMBASAMACCOUNT )
+      append_attr(&attr_list,
get_userattr_key2string(ldap_state->schema_ver,LDAP_ATTR_MOD_TIMESTAMP));
  rc = ldapsam_search_suffix_by_name(ldap_state, sname, &result, attr_list);
  free_attr_list( attr_list );
 
Bye,

Fabien Chevalier
Comment 1 Tim Riley 2004-10-04 23:04:24 UTC 
Same problem occured running 3.0.7 on SLES 8, using the ldapsam_compat backend 
pointing to eDirectory.  Applying the patch fixed the issue.  Thanks Fabien!
Comment 2 Volker Lendecke 2004-10-05 04:08:05 UTC 
This has been fixed in the current subversion 3_0 tree. Will be fixed in 3.0.8.

Volker
Comment 3 Gerald (Jerry) Carter (dead mail address) 2004-11-09 06:01:34 UTC 
*** Bug 1665 has been marked as a duplicate of this bug. ***
Comment 4 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:25:34 UTC 
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.