Bug 5906 - Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).
Summary: Winbindd crash on 'getent group' (INTERNAL ERROR: Signal 11).
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.2
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 3.2.4
Hardware: x86 Linux
: P3 normal
Target Milestone: ---
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-11-16 13:08 UTC by Davide Sfriso
Modified: 2008-11-18 06:17 UTC (History)
0 users

See Also:

Attachments
Winbindd core. (133.02 KB, application/octet-stream)
2008-11-16 13:09 UTC, Davide Sfriso 		no flags Details
(my PDC) Samba's configuration file. (25.78 KB, text/plain)
2008-11-16 13:10 UTC, Davide Sfriso 		no flags Details
Winbindd log file. (25.78 KB, text/plain)
2008-11-16 13:11 UTC, Davide Sfriso 		no flags Details
The patch for "sam_lookup_groupmem" in winbindd/winbindd_passdb.c (561 bytes, patch)
2008-11-16 13:12 UTC, Davide Sfriso 		no flags Details
Samba's configuration file. (6.88 KB, text/plain)
2008-11-17 11:02 UTC, Davide Sfriso 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Davide Sfriso 2008-11-16 13:08:50 UTC 
Winbindd dies when running "getent group" on a PDC based on Samba 3.2.4 with
"ldapsam:editposix" enabled (see attachments).
The crash of Winbindd happens when getent tries to enumerate the users members of a group
where there are computer accounts (like "domain users" group).

I think it's a problem of "sam_lookup_groupmem", in "winbindd_passdb.c", that do not sets properly the pointers in 
"**name_types" and "***names" (the concept also applies to Samba 3.3.0pre2, I think)

I propose the attached patch ("winbindd_passdb.patch")

--- winbindd_passdb.c	2008-09-18 08:49:02.000000000 +0200
+++ Pwinbindd_passdb.c	2008-11-16 17:33:06.000000000 +0100
@@ -638,13 +638,13 @@ static NTSTATUS sam_lookup_groupmem(stru
 				  sid_type_lookup(lsa_names[i].type)));
 			continue;
 		}
-		if (!((*names)[i] = talloc_strdup((*names),
+		if (!((*names)[num_mapped] = talloc_strdup((*names),
 						  lsa_names[i].name))) {
 			TALLOC_FREE(tmp_ctx);
 			return NT_STATUS_NO_MEMORY;
 		}
 
-		(*name_types)[i] = lsa_names[i].type;
+		(*name_types)[num_mapped] = lsa_names[i].type;
 
 		num_mapped += 1;
 	}

The tests were performed on Debian Lenny, with
 Linux 2.6.26/2.6.27.4  (compiled from source)
 openldap-2.4.11        (compiled from source)
 nss_ldap-263           (compiled from source)
 Samba 3.2.4            (compiled from source)

Regards,
Davide Sfriso.
PS: I'm sorry for my bad english.
Comment 1 Davide Sfriso 2008-11-16 13:09:47 UTC 
Created attachment 3739 [details]
Winbindd core.
Comment 2 Davide Sfriso 2008-11-16 13:10:33 UTC 
Created attachment 3740 [details]
(my PDC) Samba's configuration file.
Comment 3 Davide Sfriso 2008-11-16 13:11:02 UTC 
Created attachment 3741 [details]
Winbindd log file.
Comment 4 Davide Sfriso 2008-11-16 13:12:07 UTC 
Created attachment 3742 [details]
The patch for "sam_lookup_groupmem" in winbindd/winbindd_passdb.c
Comment 5 Davide Sfriso 2008-11-17 11:02:30 UTC 
Created attachment 3743 [details]
Samba's configuration file.
Comment 6 Jeremy Allison 2008-11-17 17:35:43 UTC 
This looks perfectly correct - thanks for the patch ! Applying to 3.2.x and 3.3.x and master git branches !
Jeremy.
Comment 7 Jeremy Allison 2008-11-17 17:40:55 UTC 
Applied to all git branches.
Jeremy.
Comment 8 Davide Sfriso 2008-11-18 06:17:50 UTC 
Hi Jeremy,
a big thank to you and to entire team for Samba!

Ciao,
Davide.