Bug 4683 - Policy not found and crash smbd in api_lsa_lookup_sids()
Policy not found and crash smbd in api_lsa_lookup_sids()
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts
3.0.25a
x64 Linux
: P3 regression
: 3.0.25
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
: 4668 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-08 12:11 UTC by SATOH Fumiyasu
Modified: 2007-06-09 21:41 UTC (History)
1 user (show)

See Also:


Attachments
smbd log (log level = 10) (512.38 KB, text/plain)
2007-06-08 12:14 UTC, SATOH Fumiyasu
no flags Details
stack trace by gdb (7.26 KB, text/plain)
2007-06-08 12:15 UTC, SATOH Fumiyasu
no flags Details
packet data (wireshark/libpcap) (25.95 KB, application/cap)
2007-06-08 12:17 UTC, SATOH Fumiyasu
no flags Details
smb.conf (275 bytes, text/plain)
2007-06-08 12:18 UTC, SATOH Fumiyasu
no flags Details
Proposed patch: fix api_lsa_lookup_sids() crashing (958 bytes, patch)
2007-06-08 12:24 UTC, SATOH Fumiyasu
no flags Details
Patch (7.42 KB, patch)
2007-06-08 19:16 UTC, Jeremy Allison
no flags Details
Auxiliary patch (863 bytes, patch)
2007-06-08 19:28 UTC, Jeremy Allison
no flags Details
stack trace (17.57 KB, application/octet-stream)
2007-06-09 10:52 UTC, SATOH Fumiyasu
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description SATOH Fumiyasu 2007-06-08 12:11:11 UTC
I'm using Ruby/SMB module and libsmbclient.so to browse
files on Samba shares and its domain\owner information.

When I ask the smbd domain\owner for a file via libsmbclient
(i.e. query "system.nt_sec_desc.owner+" xattr by
clictx->getxattr() or smbc_getxattr()), the smbd crashes sometime.

I wrote a patch to prevent the smbd crashing, but I don't know
why api_lsa_lookup_sids() fails...

[2007/06/08 22:20:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(176)
  Policy not found: [000] 01 00 00 00 00 00 00 00  28 BF 65 30 F3 2A 00 00  ........ (.e0.*..
  [010] A0 BF 65 30                                       ..e0
[2007/06/08 22:20:36, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_sids
[2007/06/08 22:20:36, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00000000
[2007/06/08 22:20:36, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_trans_names names
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 32121 (3.0.25a)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/06/08 22:20:36, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 32121): internal error
[2007/06/08 22:20:36, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x60bf8c]
   #1 /usr/sbin/smbd(smb_panic+0x43) [0x60c073]
   #2 /usr/sbin/smbd [0x5f9ea2]
   #3 /lib/libpthread.so.0 [0x2b9633d10110]
   #4 /usr/sbin/smbd(prs_uint32+0x170) [0x4fba40]
   #5 /usr/sbin/smbd [0x5747b0]
   #6 /usr/sbin/smbd(lsa_io_r_lookup_sids+0x89) [0x575699]
   #7 /usr/sbin/smbd [0x514c7a]
   #8 /usr/sbin/smbd(api_rpcTNP+0x169) [0x56c4e9]
   #9 /usr/sbin/smbd(api_pipe_request+0x168) [0x56ca38]
   #10 /usr/sbin/smbd [0x566efe]
   #11 /usr/sbin/smbd [0x566f72]
   #12 /usr/sbin/smbd [0x473283]
   #13 /usr/sbin/smbd [0x473662]
   #14 /usr/sbin/smbd(reply_trans+0x705) [0x4744f5]
   #15 /usr/sbin/smbd [0x4c5884]
   #16 /usr/sbin/smbd(smbd_process+0x7b1) [0x4c6b31]
   #17 /usr/sbin/smbd(main+0xa20) [0x6bb6a0]
   #18 /lib/libc.so.6(__libc_start_main+0xf4) [0x2b9634e3f8e4]
   #19 /usr/sbin/smbd [0x45a229]
Comment 1 SATOH Fumiyasu 2007-06-08 12:14:41 UTC
Created attachment 2735 [details]
smbd log (log level = 10)
Comment 2 SATOH Fumiyasu 2007-06-08 12:15:44 UTC
Created attachment 2736 [details]
stack trace by gdb
Comment 3 SATOH Fumiyasu 2007-06-08 12:17:30 UTC
Created attachment 2737 [details]
packet data (wireshark/libpcap)
Comment 4 SATOH Fumiyasu 2007-06-08 12:18:35 UTC
Created attachment 2738 [details]
smb.conf
Comment 5 SATOH Fumiyasu 2007-06-08 12:24:08 UTC
Created attachment 2739 [details]
Proposed patch: fix api_lsa_lookup_sids() crashing
Comment 6 SATOH Fumiyasu 2007-06-08 12:32:37 UTC
Remember this proposed patch does NOT fix the "Policy not found" problem.

This bug can be reproduced by Samba 3.0.24 on Debian(i386 and amd64)
and Samba 3.0.25a on Debian(i386) too.
Comment 7 Jeremy Allison 2007-06-08 17:39:03 UTC
Jerry, this should be a showstopper for 3.0.25b,
I'm working on this.
Jeremy.
Comment 8 Jeremy Allison 2007-06-08 19:16:51 UTC
Created attachment 2740 [details]
Patch

This should fix it correctly - please let me know !
Thanks,
Jeremy.
Comment 9 Jeremy Allison 2007-06-08 19:28:29 UTC
Created attachment 2741 [details]
Auxiliary patch

Sorry, you'll need this patch to apply on top of the previous one.
Got bitten by a talloc hierarchy. Make sure we alloc
off the pipe ctx now ->names is part of the containing
struct.
Jeremy.
Comment 10 SATOH Fumiyasu 2007-06-09 10:52:50 UTC
Created attachment 2742 [details]
stack trace

I've tested Samba 3.0.25a plus Jeremy's patches and got
another crash problem. `rpcclient -c "lookupsids SID"`
always fails and crashes smbd.
Comment 11 Jeremy Allison 2007-06-09 13:26:02 UTC
Where you looking for the string "SID" or actually a valid SID.
Your report doesn't make this clear. I valgrinded my fixes in the SAMBA_3_0_25 tree and tested both valid and invalid SID lookups (which was how I found the auxiliary patch was needed). Both worked. Can you test out of the SAMBA_3_0_25 tree please as this is what will be in 3.0.25b ? In the meantime I'm trying to reproduce your problem.
Jeremy.
Comment 12 Jeremy Allison 2007-06-09 13:33:51 UTC
Ok, just tested out of the SAMBA_3_0_25 svn tree and can't reproduce your problem either with or without valgrind. I think there's probably another fix already in the SAMBA_3_0_25 tree that is needed. As we'll be releasing out of the cumulative patches in SAMBA_3_0_25 then I think this is fixed.
Jeremy.
Comment 13 Simo Sorce 2007-06-09 16:04:37 UTC
Jeremy,
can you check (and mark as duplicate) if this is the same bug as reported in #4668, to me they seem to deal with the same stuff and the stack trace seem identical.
Comment 14 SATOH Fumiyasu 2007-06-09 21:19:30 UTC
OK. I've tested SAMBA_3_0_25 r23407 and confirmed this bugs has been fixed.
Thank you!
Comment 15 Jeremy Allison 2007-06-09 21:41:41 UTC
*** Bug 4668 has been marked as a duplicate of this bug. ***