Winbindd crashes when doing a challenge/response authentication for a user with umlaut character(s). Test Setup: NT4 PDC (SP6a) german running under VMWare with DOMAIN as domain name Samba 3.0.0 Beta 3 with the following smb.conf interfaces = 172.16.172.1/255.255.255.0 password server = NT4PDCSP6IE6 workgroup = DOMAIN netbios name = SAMBA bind interfaces only = yes winbind enable local accounts = no winbind trusted domains only = yes winbind use default domain = yes security = domain encrypt passwords = yes debug level = 0 idmap uid = 10000-50000 idmap gid = 10000-50000 unix charset = iso-8859-1 display charset = iso-8859-1 Now join the domain with (replace <password> with the actual password): net join member -S NT4PDCSP6IE6 -U Administrator%<password> Then set the auth user with: wbinfo --set-auth-user=Administrator%<password> Create two users on the NT4 PDC, named "Meier" and "Möller", both with a password of "12345" (users don't need to change password at next logon). Now start winbindd as root: winbindd -i Then do in another shell (again as root) the following (and note that for both users plaintext authentication does succeed): # wbinfo --authenticate=Meier%12345 plaintext password authentication succeeded challenge/response password authentication succeeded # wbinfo --authenticate=Möller%12345 plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user Möller with challenge/response # Note that it may take a few repeated attempts to authenticate "Möller" with wbinfo (as shown above) to crash winbindd. The resulting crash of winbindd during processing of "Möller" then is: winbindd version 3.0.0beta3 started. Copyright The Samba Team 2000-2003 Conversion error: Illegal multibyte sequence() winbindd_pam_auth_crap: pull_utf8_talloc failed! =============================================================== INTERNAL ERROR: Signal 11 in pid 26320 (3.0.0beta3) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== PANIC: internal error BACKTRACE: 1 stack frames: #0 /tmp/samba3/sbin/winbindd(smb_panic+0x11c) [0x80cec4c] Aborted Note that there are different error messages returned during various attempts to authenticate "Möller": # wbinfo --authenticate=Möller%12345 plaintext password authentication succeeded challenge/response password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user # wbinfo --authenticate=Möller%12345 plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user Möller with challenge/response I'll provide a winbindd level 10 debug of the crash on request (email).
It's much better if you can attach any logs in Bugzilla rather than sending to jerry by private email. Thanks for the detailed problem description.
cc bartlett, reassign to me.
Created attachment 63 [details] fix character set conversion for winbindd_pam_auth_crap() I have attached a patch. Can you test it out? It seems to work for me. Mr Bartlet, what do you think of this? The bug was that we were assuming that the user/domain/workstation name was in utf8 codepage when in fact it is in unix codepage. The fix is to not do any character conversion chicanery before passing the parameters to cli_netlogon_sam_network_logon() where they are converted from CH_UNIX to CH_UCS2. The equivalent fix does not need to be applied to winbindd_pam_auth() as it doesn't contain any character set conversion code at all!
This must be fixed before we release 3.0.
The UTF8 stuff was added becouse I wanted external tools using the winbind pipe to not have to figure out what charset 'unix' was. However, as it only ever applied to the challenge/response function, and we provide the helper for that anyway, we can probably just drop it. We should perhaps provide a function that returns the 'unix' charset name. Make sure you 'fix' the various client tools while you are at it (ntlm_auth, auth_winbindd in particular). Andrew Bartlett
Having winbindd always use UTF8 sounds like a good solution. I am not in favour of adding another winbindd command to get the current character set - yuck. wbinfo and smbd are also users of this particular function.
The attachment https://bugzilla.samba.org/attachment.cgi?id=63&action=view doesn't fix the bug for me. Maybe it works with current CVS as it applied with offsets but it does not wirk with 3.0.0beta3. The crash is still there: wbinfo -a Möller%12345 plaintext password authentication succeeded challenge/response password authentication failed Could not authenticate user Möller with challenge/response results in: Conversion error: Illegal multibyte sequence() winbindd_pam_auth_crap: pull_utf8_talloc failed! [24513]: pam auth crap domain: DOMAIN user: (null) =============================================================== INTERNAL ERROR: Signal 11 in pid 24511 (3.0.0beta3) Please read the appendix Bugs of the Samba HOWTO collection =============================================================== PANIC: internal error BACKTRACE: 1 stack frames: #0 /tmp/samba3/sbin/winbindd(smb_panic+0x11c) [0x80cec4c] Aborted Just FYI: # patch -p0 < /tmp/samba3.patch patching file nsswitch/winbindd_pam.c Hunk #1 succeeded at 257 (offset 49 lines). Hunk #3 succeeded at 303 (offset 49 lines). # make Using FLAGS = -O3 -fomit-frame-pointer -funroll-loops -fexpensive-optimizations -fschedule-insns2 -fcse-follow-jumps -fcse-skip-blocks -frerun-cse-after-loop -frerun-loop-opt -fgcse -fgcse-lm -fgcse-sm -fdelete-null-pointer-checks -falign-loops -falign-jumps -falign-functions -mcpu=pentiumpro -march=pentiumpro -mmmx -minline-all-stringops -I/usr/local/openldap/include -Iinclude -I/tmp/samba-3.0.0beta3/source/include -I/tmp/samba-3.0.0beta3/source/ubiqx -I/tmp/samba-3.0.0beta3/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/local/openldap/include -I/tmp/samba-3.0.0beta3/source LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared -s -L/usr/local/openldap/lib LDFLAGS = -s -L/usr/local/openldap/lib Compiling nsswitch/winbindd_pam.c Linking bin/winbindd
I haven't tried the patch against beta3, but it should work. Did you restart winbindd before rerunning wbinfo? The code that produces the "pull_utf8_talloc failed" message should have been removed by the patch.
Sorry, your patch fixes the problem. /me must remember to copy winbindd to the _correct_ directory (/me ducks and looks for the brown paper bag).
No worries. I am testing a more correct patch now.
I've applied the inverse patch to the one I submitted previously. The fix turns out to be to change wbinfo to convert arguments to utf8. My previous patch removed the utf8 support in the winbindd server.
originally reported against 3.0.0beta3. CLeaning out non-production release versions.
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
database cleanup