Bug 5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).
Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: Winbind
3.2.4
x86 Linux
: P3 normal
: ---
Assigned To: Samba Bugzilla Account
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-16 13:08 UTC by Davide Sfriso
Modified: 2008-11-18 06:17 UTC (History)
0 users

See Also:


Attachments
Winbindd core. (133.02 KB, application/octet-stream)
2008-11-16 13:09 UTC, Davide Sfriso
no flags Details
(my PDC) Samba's configuration file. (25.78 KB, text/plain)
2008-11-16 13:10 UTC, Davide Sfriso
no flags Details
Winbindd log file. (25.78 KB, text/plain)
2008-11-16 13:11 UTC, Davide Sfriso
no flags Details
The patch for "sam_lookup_groupmem" in winbindd/winbindd_passdb.c (561 bytes, patch)
2008-11-16 13:12 UTC, Davide Sfriso
no flags Details
Samba's configuration file. (6.88 KB, text/plain)
2008-11-17 11:02 UTC, Davide Sfriso
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Davide Sfriso 2008-11-16 13:08:50 UTC
Winbindd dies when running "getent group" on a PDC based on Samba 3.2.4 with
"ldapsam:editposix" enabled (see attachments).
The crash of Winbindd happens when getent tries to enumerate the users members of a group
where there are computer accounts (like "domain users" group).

I think it's a problem of "sam_lookup_groupmem", in "winbindd_passdb.c", that do not sets properly the pointers in 
"**name_types" and "***names" (the concept also applies to Samba 3.3.0pre2, I think)

I propose the attached patch ("winbindd_passdb.patch")

--- winbindd_passdb.c	2008-09-18 08:49:02.000000000 +0200
+++ Pwinbindd_passdb.c	2008-11-16 17:33:06.000000000 +0100
@@ -638,13 +638,13 @@ static NTSTATUS sam_lookup_groupmem(stru
 				  sid_type_lookup(lsa_names[i].type)));
 			continue;
 		}
-		if (!((*names)[i] = talloc_strdup((*names),
+		if (!((*names)[num_mapped] = talloc_strdup((*names),
 						  lsa_names[i].name))) {
 			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		(*name_types)[i] = lsa_names[i].type;
+		(*name_types)[num_mapped] = lsa_names[i].type;
 
 		num_mapped += 1;
 	}

The tests were performed on Debian Lenny, with
 Linux 2.6.26/2.6.27.4  (compiled from source)
 openldap-2.4.11        (compiled from source)
 nss_ldap-263           (compiled from source)
 Samba 3.2.4            (compiled from source)

Regards,
Davide Sfriso.
PS: I'm sorry for my bad english.
Comment 1 Davide Sfriso 2008-11-16 13:09:47 UTC
Created attachment 3739 [details]
Winbindd core.
Comment 2 Davide Sfriso 2008-11-16 13:10:33 UTC
Created attachment 3740 [details]
(my PDC) Samba's configuration file.
Comment 3 Davide Sfriso 2008-11-16 13:11:02 UTC
Created attachment 3741 [details]
Winbindd log file.
Comment 4 Davide Sfriso 2008-11-16 13:12:07 UTC
Created attachment 3742 [details]
The patch for "sam_lookup_groupmem" in winbindd/winbindd_passdb.c
Comment 5 Davide Sfriso 2008-11-17 11:02:30 UTC
Created attachment 3743 [details]
Samba's configuration file.
Comment 6 Jeremy Allison 2008-11-17 17:35:43 UTC
This looks perfectly correct - thanks for the patch ! Applying to 3.2.x and 3.3.x and master git branches !
Jeremy.
Comment 7 Jeremy Allison 2008-11-17 17:40:55 UTC
Applied to all git branches.
Jeremy.
Comment 8 Davide Sfriso 2008-11-18 06:17:50 UTC
Hi Jeremy,
a big thank to you and to entire team for Samba!

Ciao,
Davide.