Run: net rpc vampire -S ZEPHYR -U Administrator%none Script started on Tue 10 Jan 2006 18:26:53 EST (gdb) file net (gdb) set args rpc vampire -S ZEPHYR -U Administrator%none (gdb) (gdb) r Starting program: /usr/bin/net rpc vampire -S ZEPHYR -U Administrator%none Reading symbols from shared object read from target memory...done. Loaded system supplied DSO at 0xb7d24000 Fetching DOMAIN database Program received signal SIGSEGV, Segmentation fault. 0xb7e66b57 in smb_arc4_init (arc4_state_out=0xbf807080 "", key=0x0, keylen=16) at lib/arc4.c:42 42 j += (arc4_state_out[ind] + key[ind%keylen]); (gdb) bt #0 0xb7e66b57 in smb_arc4_init (arc4_state_out=0xbf807080 "", key=0x0, keylen=16) at lib/arc4.c:42 #1 0xb7db742e in SamOEMhash (data=0x0, key=0x0, len=0) at libsmb/smbdes.c:368 #2 0xb7db14f2 in prs_hash1 (ps=0x0, offset=6548, len=0) at rpc_parse/parse_prs.c:1408 #3 0xb7dd2ed0 in net_io_sam_delta_ctr (desc=Variable "desc" is not available. ) at rpc_parse/parse_net.c:2331 #4 0xb7dd3fa4 in net_io_r_sam_sync (desc=0x0, r_s=0xbf807500, ps=0xbf807580, depth=1) at rpc_parse/parse_net.c:3011 #5 0xb7e82272 in rpccli_netlogon_sam_sync (cli=0xb9f81778, mem_ctx=0xb9f80880, database_id=0, next_rid=0, num_deltas=0x0, hdr_deltas=0x0, deltas=0x0) at rpc_client/cli_netlogon.c:615 #6 0xb7d6ca49 in fetch_database (pipe_hnd=0xb9f81778, db_type=0, dom_sid= {sid_rev_num = 1 '\001', num_auths = 4 '\004', id_auth = "\000\000\000\000\000\005", sub_auths = {21, 2097366427, 912265223, 572944225, 0 <repeats 11 times>}}) at utils/net_rpc_samsync.c:1129 #7 0xb7d71f0f in rpc_vampire_internals (domain_sid=0xb9f80b10, domain_name=0xb9f80ac0 "SONDE", cli=0xb9f5fc48, pipe_hnd=0xb9f81778, mem_ctx=0xb9f80800, argc=0, argv=0xb9f1c1ac) at utils/net_rpc_samsync.c:2153 #8 0xb7d5f0c7 in run_rpc_command (cli_arg=0x0, pipe_idx=3, conn_flags=Variable "conn_flags" is not available. ) at utils/net_rpc.c:166 #9 0xb7d6ad3c in rpc_vampire (argc=0, argv=0x0) at utils/net_rpc.c:5741 #10 0xb7d57b07 in net_run_function (argc=1, argv=0xb9f1c1a8, table=0xbf809720, usage_fn=0xb7d6b44e <net_rpc_usage>) at utils/net.c:129 #11 0xb7d6b69d in net_rpc (argc=0, argv=0x0) at utils/net_rpc.c:6198 #12 0xb7d57b07 in net_run_function (argc=2, argv=0xb9f1c1a4, table=0xb7f102e0, usage_fn=0xb7d5d10e <net_help>) at utils/net.c:129 #13 0xb7d58e57 in main (argc=7, argv=0xbf809c14) at utils/net.c:874 (gdb) quit The program is running. Exit anyway? (y or n) y Script done on Tue 10 Jan 2006 18:29:34 EST
Let me add what I would have said if I wasn't so tired when I reported this one. 1. The platform is a fully yum updated Fedora 3 2. glibc-2.3.6-0.fc3.1 3. kernel-2.6.12-1.1381_FC3 4. I build the RPMS with the makerpms.sh script in the Samba tar ball. No tweaking of anything. 5. Problem is observed with Samba 3.0.21 and 3.0.21a 6. No problem with the Fedora supplied 3.0.14a 7. The PDC is Windows NT 4
Created attachment 1664 [details] copy session key *after* the ZERO_STRUCT
The patch fixes net rpc samdump (haven't tested vampire yet). Does it solve your problem?
Created attachment 1665 [details] simpler version of the patch
Fixed in subversion. Thanks for the good backtrace!
*Very* good work Gunther - I can't have tested this after the RPC rewrite. Hate the patch though..... I'll think about how else to fix it :-). Jeremy.
Ok, I was wrong Gunther. It is the best possible solution (damn you :-). Thanks :-). Jeremy.
Applied this patch within the Enterprise Samba 3.0.21a-26 RPM, and rebuilt under CentOS 4.x. The 'net rpc vampire' no longer segfaults now when replicating from a Windows NT 4.0 PDC. Thanks guys for the quick patch.
*** Bug 3399 has been marked as a duplicate of this bug. ***
We have rebuild the packages for SuSE Linux products includung the UnitedLinux 1, SuSE Linux Enterprise Server (SLES) 8 and 9. See ftp.SuSE.com/pub/projects/samba/3.0/ and download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ And we've got already posivtive feeedback.