4683 – Policy not found and crash smbd in api_lsa_lookup_sids()

Bug 4683 - Policy not found and crash smbd in api_lsa_lookup_sids()

Summary: Policy not found and crash smbd in api_lsa_lookup_sids()

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	User/Group Accounts (show other bugs)
Version:	3.0.25a
Hardware:	x64 Linux

Importance:	P3 regression
Target Milestone:	3.0.25
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Duplicates (1):	4668 (view as bug list)
Depends on:
Blocks:

Reported:	2007-06-08 12:11 UTC by SATOH Fumiyasu
Modified:	2007-06-09 21:41 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
smbd log (log level = 10) (512.38 KB, text/plain) 2007-06-08 12:14 UTC, SATOH Fumiyasu	no flags	Details
stack trace by gdb (7.26 KB, text/plain) 2007-06-08 12:15 UTC, SATOH Fumiyasu	no flags	Details
packet data (wireshark/libpcap) (25.95 KB, application/cap) 2007-06-08 12:17 UTC, SATOH Fumiyasu	no flags	Details
smb.conf (275 bytes, text/plain) 2007-06-08 12:18 UTC, SATOH Fumiyasu	no flags	Details
Proposed patch: fix api_lsa_lookup_sids() crashing (958 bytes, patch) 2007-06-08 12:24 UTC, SATOH Fumiyasu	no flags	Details
Patch (7.42 KB, patch) 2007-06-08 19:16 UTC, Jeremy Allison	no flags	Details
Auxiliary patch (863 bytes, patch) 2007-06-08 19:28 UTC, Jeremy Allison	no flags	Details
stack trace (17.57 KB, application/octet-stream) 2007-06-09 10:52 UTC, SATOH Fumiyasu	no flags	Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description SATOH Fumiyasu 2007-06-08 12:11:11 UTC

I'm using Ruby/SMB module and libsmbclient.so to browse
files on Samba shares and its domain\owner information.

When I ask the smbd domain\owner for a file via libsmbclient
(i.e. query "system.nt_sec_desc.owner+" xattr by
clictx->getxattr() or smbc_getxattr()), the smbd crashes sometime.

I wrote a patch to prevent the smbd crashing, but I don't know
why api_lsa_lookup_sids() fails...

[2007/06/08 22:20:36, 4] rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(176)
  Policy not found: [000] 01 00 00 00 00 00 00 00  28 BF 65 30 F3 2A 00 00  ........ (.e0.*..
  [010] A0 BF 65 30                                       ..e0
[2007/06/08 22:20:36, 5] rpc_parse/parse_prs.c:prs_debug(84)
  000000 lsa_io_r_lookup_sids
[2007/06/08 22:20:36, 5] rpc_parse/parse_prs.c:prs_uint32(710)
      0000 ptr_dom_ref: 00000000
[2007/06/08 22:20:36, 6] rpc_parse/parse_prs.c:prs_debug(84)
      000004 lsa_io_trans_names names
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 32121 (3.0.25a)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(44)

  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/06/08 22:20:36, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/06/08 22:20:36, 0] lib/util.c:smb_panic(1632)
  PANIC (pid 32121): internal error
[2007/06/08 22:20:36, 0] lib/util.c:log_stack_trace(1736)
  BACKTRACE: 20 stack frames:
   #0 /usr/sbin/smbd(log_stack_trace+0x1c) [0x60bf8c]
   #1 /usr/sbin/smbd(smb_panic+0x43) [0x60c073]
   #2 /usr/sbin/smbd [0x5f9ea2]
   #3 /lib/libpthread.so.0 [0x2b9633d10110]
   #4 /usr/sbin/smbd(prs_uint32+0x170) [0x4fba40]
   #5 /usr/sbin/smbd [0x5747b0]
   #6 /usr/sbin/smbd(lsa_io_r_lookup_sids+0x89) [0x575699]
   #7 /usr/sbin/smbd [0x514c7a]
   #8 /usr/sbin/smbd(api_rpcTNP+0x169) [0x56c4e9]
   #9 /usr/sbin/smbd(api_pipe_request+0x168) [0x56ca38]
   #10 /usr/sbin/smbd [0x566efe]
   #11 /usr/sbin/smbd [0x566f72]
   #12 /usr/sbin/smbd [0x473283]
   #13 /usr/sbin/smbd [0x473662]
   #14 /usr/sbin/smbd(reply_trans+0x705) [0x4744f5]
   #15 /usr/sbin/smbd [0x4c5884]
   #16 /usr/sbin/smbd(smbd_process+0x7b1) [0x4c6b31]
   #17 /usr/sbin/smbd(main+0xa20) [0x6bb6a0]
   #18 /lib/libc.so.6(__libc_start_main+0xf4) [0x2b9634e3f8e4]
   #19 /usr/sbin/smbd [0x45a229]

Comment 1 SATOH Fumiyasu 2007-06-08 12:14:41 UTC

Created attachment 2735 [details]
smbd log (log level = 10)

Comment 2 SATOH Fumiyasu 2007-06-08 12:15:44 UTC

Created attachment 2736 [details]
stack trace by gdb

Comment 3 SATOH Fumiyasu 2007-06-08 12:17:30 UTC

Created attachment 2737 [details]
packet data (wireshark/libpcap)

Comment 4 SATOH Fumiyasu 2007-06-08 12:18:35 UTC

Created attachment 2738 [details]
smb.conf

Comment 5 SATOH Fumiyasu 2007-06-08 12:24:08 UTC

Created attachment 2739 [details]
Proposed patch: fix api_lsa_lookup_sids() crashing

Comment 6 SATOH Fumiyasu 2007-06-08 12:32:37 UTC

Remember this proposed patch does NOT fix the "Policy not found" problem.

This bug can be reproduced by Samba 3.0.24 on Debian(i386 and amd64)
and Samba 3.0.25a on Debian(i386) too.

Comment 7 Jeremy Allison 2007-06-08 17:39:03 UTC

Jerry, this should be a showstopper for 3.0.25b,
I'm working on this.
Jeremy.

Comment 8 Jeremy Allison 2007-06-08 19:16:51 UTC

Created attachment 2740 [details]
Patch

This should fix it correctly - please let me know !
Thanks,
Jeremy.

Comment 9 Jeremy Allison 2007-06-08 19:28:29 UTC

Created attachment 2741 [details]
Auxiliary patch

Sorry, you'll need this patch to apply on top of the previous one.
Got bitten by a talloc hierarchy. Make sure we alloc
off the pipe ctx now ->names is part of the containing
struct.
Jeremy.

Comment 10 SATOH Fumiyasu 2007-06-09 10:52:50 UTC

Created attachment 2742 [details]
stack trace

I've tested Samba 3.0.25a plus Jeremy's patches and got
another crash problem. `rpcclient -c "lookupsids SID"`
always fails and crashes smbd.

Comment 11 Jeremy Allison 2007-06-09 13:26:02 UTC

Where you looking for the string "SID" or actually a valid SID.
Your report doesn't make this clear. I valgrinded my fixes in the SAMBA_3_0_25 tree and tested both valid and invalid SID lookups (which was how I found the auxiliary patch was needed). Both worked. Can you test out of the SAMBA_3_0_25 tree please as this is what will be in 3.0.25b ? In the meantime I'm trying to reproduce your problem.
Jeremy.

Comment 12 Jeremy Allison 2007-06-09 13:33:51 UTC

Ok, just tested out of the SAMBA_3_0_25 svn tree and can't reproduce your problem either with or without valgrind. I think there's probably another fix already in the SAMBA_3_0_25 tree that is needed. As we'll be releasing out of the cumulative patches in SAMBA_3_0_25 then I think this is fixed.
Jeremy.

Comment 13 Simo Sorce 2007-06-09 16:04:37 UTC

Jeremy,
can you check (and mark as duplicate) if this is the same bug as reported in #4668, to me they seem to deal with the same stuff and the stack trace seem identical.

Comment 14 SATOH Fumiyasu 2007-06-09 21:19:30 UTC

OK. I've tested SAMBA_3_0_25 r23407 and confirmed this bugs has been fixed.
Thank you!

Comment 15 Jeremy Allison 2007-06-09 21:41:41 UTC

*** Bug 4668 has been marked as a duplicate of this bug. ***