Bug 3399 - net rpc vampire on NT4 PDC results in Segmentation fault
net rpc vampire on NT4 PDC results in Segmentation fault
Status: RESOLVED DUPLICATE of bug 3390
Product: Samba 3.0
Classification: Unclassified
Component: net utility
3.0.21
x86 Windows 2000
: P3 major
: none
Assigned To: Jim McDonough
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-01-12 15:09 UTC by Petter Osterlund
Modified: 2006-01-12 15:22 UTC (History)
0 users

See Also:


Attachments
Traces from net -d 200 rpc vampire (246.62 KB, application/x-gzip)
2006-01-12 15:11 UTC, Petter Osterlund
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Petter Osterlund 2006-01-12 15:09:12 UTC
Have an NT4 PDC, Samba 3.0.21, LDAP 2.0.27, RH 8.0.
First I experimented with samba as PDC. Now I tried to go ahead
and migrate from the real PDC(FSERV/FYRPLUS).

/usr/local/samba/bin/net -d 0 rpc vampire -S fserv
Fetching DOMAIN database
Segmentation fault

/usr/local/samba/bin/net -d 200 rpc vampire -S fserv 2>&1 | tail -10
[2006/01/13 01:14:44, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  11458 uni_max_len: 00000030
[2006/01/13 01:14:44, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  1145c offset     : 00000000
[2006/01/13 01:14:44, 5] rpc_parse/parse_prs.c:prs_uint32(703)
                  11460 uni_str_len: 00000030
[2006/01/13 01:14:44, 5] rpc_parse/parse_prs.c:dbg_rw_punival(875)
                  11464 buffer     : m.:. . . . . . . . . . . . . . . . . . . . .d... . . . . . . . . . . . . . . . . . . . . . . . .
[2006/01/13 01:14:44, 5] rpc_parse/parse_prs.c:prs_uint32(703)
              114c4 pwd_len: 00000044

I have added my own traces and found out that the crash is due
to dereferencing a NULL pointer when dealing with the first accounts
password field;

parse_net.c: net_io_sam_account_info()
   if (!prs_hash1(ps, ps->data_offset, len))

parse_prs.c:prs_hash1()
    SamOEMhash((uchar *) q, (const unsigned char *)ps->sess_key, len);

I also found out that it is ps->sess_key that is 0 ==> Segmentation fault.

I have commented out the call to SamOEMhash() and the migration can complete.
The passords are not correct but all users, computers and groups are now in my LDAP server.

But then it would be nice to get all passwords as well, naturally.

regards Petter
Comment 1 Petter Osterlund 2006-01-12 15:11:07 UTC
Created attachment 1676 [details]
Traces from net -d 200 rpc vampire
Comment 2 Gerald (Jerry) Carter 2006-01-12 15:22:03 UTC
I expect this is a duplicate.

*** This bug has been marked as a duplicate of 3390 ***