Bug 5117 - Samba server crashes during mount from a client
Summary: Samba server crashes during mount from a client
Status: RESOLVED WONTFIX
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: File Services (show other bugs)
Version: 3.0.7
Hardware: Other Linux
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-04 11:02 UTC by Martin Mokrejs
Modified: 2007-12-07 02:03 UTC (History)
0 users

See Also:


Attachments
smb.conf (636 bytes, text/plain)
2007-12-06 13:31 UTC, Martin Mokrejs
no flags Details
samba-crash.txt (67.27 KB, text/plain)
2007-12-06 13:53 UTC, Martin Mokrejs
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Mokrejs 2007-12-04 11:02:00 UTC
Hi,
  I get the following error with samba 3.0.23c and 3.0.27a on an embedded linux system. It started to happed after I edited the file defining shares and privileges for each user. This I see in the log:

[2007/12/04 16:44:54, 0, pid=14439] lib/util.c:smb_panic(1592)
  PANIC (pid 14439): substitutions failed
  
[2007/12/04 16:44:54, 0, pid=14439] lib/util.c:log_stack_trace(1749)
  unable to produce a stack trace on this platform
[2007/12/04 16:44:54, 0, pid=14439] lib/fault.c:dump_core(173)
  dumping core in /var/log/cores/smbd


# mount -t smbfs -o codepage=cp1250,iocharset=utf8,lfs,rw,workgroup=RNAlab,ip=10.5.2.72,username=mmokrejs,password=blah,uid=mmokrejs,gid=users //10.5.2.72/mmokrejs /mnt/smb/rnalabdsk/mmokrejs
Receiving SMB: Server stopped responding
25282: tree connect failed: Call returned zero bytes (EOF)
SMB connection failed
#


It turns out the 'only user=Yes' line causes the crash, I have to remove the line to be able to mount the share.

[MMOKREJS]
path=/shares/internal/MMOKREJS
force user=mmokrejs
force group=mmokrejs
valid users=mmokrejs
write list=mmokrejs
only user=Yes
#security mask=0777
#force security mode=0
#directory security mask=0777
#force directory security mode=0



On the server there is:

# ls -la /shares/internal/MMOKREJS/
total 252
drwx------  2 mmokrejs rnalab     4096 Dec  4 17:04 .
drwxr-xr-x 16 root     root       4096 Dec  7  2006 ..
...
Comment 1 Volker Lendecke 2007-12-06 13:19:44 UTC
Can you please upload your full smb.conf and a full debug level 10 log of smbd leading to that failure?

Thanks,

Volker
Comment 2 Martin Mokrejs 2007-12-06 13:31:16 UTC
Created attachment 3025 [details]
smb.conf
Comment 3 Martin Mokrejs 2007-12-06 13:53:02 UTC
Created attachment 3026 [details]
samba-crash.txt
Comment 4 Martin Mokrejs 2007-12-06 14:13:38 UTC
OK, so a user www-data in smbpasswd had UID 0, while in /etc/passwd had UID=33 and GIG=33. In /etc/group it had a line with GID 33. It seems it is related to this and the debug output should be improved.

I have corrected the wrong GID in smbpasswd file but still smbd crashes. I don't see any problem with other users so I need better debug. ;-)
Comment 5 Martin Mokrejs 2007-12-06 14:21:33 UTC
And, if the probloematic option in the shares definitions is removed and user is connected to the share, I get around the crashing code:

pdb_set_profile_path: setting profile path \\rnalabdsk\mmokrejs\profile, was 
pdb_set_workstations: setting workstations , was 
account_policy_get: name: password history, val: 0
pdb_set_user_sid: setting user sid S-1-5-21-1714360636-294838229-2465520557-3004
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1714360636-294838229-2465520557-3004 from rid 3004
lookup_global_sam_rid: looking up RID 513.
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
push_conn_ctx(0) : conn_ctx_stack_ndx = 1
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
NT user token: (NULL)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
smbpasswd_getsampwrid: search by sid: S-1-5-21-1714360636-294838229-2465520557-513
startsmbfilepwent_internal: opening file /var/private/smbpasswd
getsmbfilepwent: returning passwd entry for user www-data, uid 33
getsmbfilepwent: returning passwd entry for user mmokrejs, uid 1002
getsmbfilepwent: returning passwd entry for user martin, uid 1003
getsmbfilepwent: returning passwd entry for user tom, uid 1004
getsmbfilepwent: returning passwd entry for user vasek, uid 1005
getsmbfilepwent: returning passwd entry for user gavunek, uid 1006
getsmbfilepwent: returning passwd entry for user mrouta, uid 1007
getsmbfilepwent: returning passwd entry for user zuzana, uid 1008
getsmbfilepwent: returning passwd entry for user cerny, uid 1009
getsmbfilepwent: returning passwd entry for user hruska, uid 1010
getsmbfilepwent: returning passwd entry for user katka, uid 1011
getsmbfilepwent: returning passwd entry for user hlubucek, uid 1012
getsmbfilepwent: returning passwd entry for user peesk, uid 1013
getsmbfilepwent: returning passwd entry for user ahmad, uid 1014
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
Can't find a unix id for an unmapped group
pdb_set_group_sid: setting group sid S-1-5-21-1714360636-294838229-2465520557-513
pdb_set_group_sid_from_rid:
        setting group sid S-1-5-21-1714360636-294838229-2465520557-513 from rid 513
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
is_share_read_only_for_user: share MMOKREJS is read-write for unix user mmokrejs
get_share_security: using default secdesc for MMOKREJS
se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1714360636-294838229-2465520557-3004.
se_access_check: user sid is S-1-5-21-1714360636-294838229-2465520557-3004
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-15
se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2
se_access_check: access (2) granted.
get_share_security: using default secdesc for MMOKREJS
se_map_generic(): mapped mask 0x10000000 to 0x001f01ff
se_access_check: requested access 0x00000002, for NT token with 6 entries and first sid S-1-5-21-1714360636-294838229-2465520557-3004.
se_access_check: user sid is S-1-5-21-1714360636-294838229-2465520557-3004
se_access_check: also S-1-22-2-1002
se_access_check: also S-1-1-0
se_access_check: also S-1-5-2
se_access_check: also S-1-5-11
se_access_check: also S-1-22-2-15
se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-1-0 mask = 101f01ff, current desired = 2
se_access_check: access (2) granted.
gid_to_sid: local 1002 -> S-1-22-2-1002
Comment 6 Volker Lendecke 2007-12-06 15:25:08 UTC
Ok, the behaviour could be improved, but "only user" according to the docs only makes sense with "security = share" and looking at the source you also need "username =" in the share definition. So I'm closing this as invalid, you should be fine with "valid users = username".

Volker
Comment 7 Martin Mokrejs 2007-12-07 01:47:53 UTC
Hi Volker,
  thanks for the explanation. But, I disagree. First of all, teh daemon should not crash, regardless the config file settings. Second, the docs are so vast that it is not possible for a user to figure out that some options are incompatible with each other, and also that is a job for the software to figure iout their precedence. So, please improve the error message and make sure the daemon does not crash when this setup happens again.
Comment 8 Volker Lendecke 2007-12-07 02:03:53 UTC
First, it is not a crash but a panic on an invalid configuration. Second, there are millions of ways that you can misconfigure Samba, some of them lead to a panic, some of them lead to an insecure system and more of them lead to malfunctioning servers. There is no way that we can catch all misconfigurations.

If you are particularly concerned about this one, please submit a patch to smbd and at your option to the documentation.

Thanks,

Volker