Bug 904 - smbd core dumped with USRMGR.EXE on change user
smbd core dumped with USRMGR.EXE on change user
Status: CLOSED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Domain Control
3.0.1
All FreeBSD
: P3 normal
: none
Assigned To: Samba Bugzilla Account
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-19 05:59 UTC by Alex Deiter
Modified: 2005-11-14 09:27 UTC (History)
0 users

See Also:


Attachments
patch for smbd core dumped with USRMGR.EXE on change user (504 bytes, patch)
2003-12-19 14:37 UTC, Alex Deiter
no flags Details
patch for smbd core dumped with USRMGR.EXE on change user (404 bytes, patch)
2003-12-21 22:08 UTC, Alex Deiter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Deiter 2003-12-19 05:59:25 UTC
On FreeBSD 5.1 with Samba 3.0.1 i got a panic every time on any user change 
(description or accounts flag or full name, etc) via USRMGR.EXE.

gdb backtrace:

(gdb) bt
#0  0x285b4dbf in kill () from /lib/libc.so.5
#1  0x285a9848 in raise () from /lib/libc.so.5
#2  0x28622042 in abort () from /lib/libc.so.5
#3  0x081bd44a in smb_panic () at lib/util.c:1422
#4  0x081aa34c in fault_report (sig=0) at lib/fault.c:41
#5  0x081aa3b1 in sig_fault (sig=0) at lib/fault.c:61
#6  <signal handler called>
#7  0x081b6f92 in base64_encode_data_blob (data=
      {data = 0x83ec200 "¨c¨U7\b§À§Û\030\b", length = 138330112, free = 
0xbfbfe6ac})
    at lib/util_str.c:1905
#8  0x081385aa in copy_id21_to_sam_passwd (to=0x83ec200, from=0x83ec000)
    at rpc_server/srv_samr_util.c:200
#9  0x081335b8 in set_user_info_21 (id21=0x83ec000, sid=0x0)
    at rpc_server/srv_samr_nt.c:2767
#10 0x08134022 in _samr_set_userinfo2 (p=0x0, q_u=0x0, r_u=0xbfbfe76c)
    at rpc_server/srv_samr_nt.c:3056
#11 0x0812af9e in api_samr_set_userinfo2 (p=0x8372000) at 
rpc_server/srv_samr.c:825
#12 0x0814279f in api_rpcTNP (p=0x8372000, rpc_name=0x837200e "samr",
    api_rpc_cmds=0x829e7c0, n_cmds=48) at rpc_server/srv_pipe.c:1530
#13 0x081424ba in api_pipe_request (p=0x8372000) at rpc_server/srv_pipe.c:1476
#14 0x0813bcc4 in process_request_pdu (p=0x8372000, rpc_in_p=0x0)
    at rpc_server/srv_pipe_hnd.c:669
#15 0x0813bf04 in process_complete_pdu (p=0x8372000) at 
rpc_server/srv_pipe_hnd.c:741
#16 0x0813c1f2 in process_incoming_data (p=0x8372000, data=0x837b010 "5\002", 
n=573)
    at rpc_server/srv_pipe_hnd.c:839
#17 0x0813c433 in write_to_internal_pipe (np_conn=0x8372000, data=0x837b010 "5
\002",
    n=589) at rpc_server/srv_pipe_hnd.c:878
#18 0x0813c38b in write_to_pipe (p=0x8328e00, data=0x837b000 "\005", n=589)
    at rpc_server/srv_pipe_hnd.c:861
#19 0x08087f1e in api_fd_reply (conn=0x836d000, vuid=100, outbuf=0x834c000 "",
    setup=0x8328e00, data=0x0, params=0x0, suwcnt=2, tdscnt=0, tpscnt=0, 
mdrcnt=1024,
    mprcnt=0) at smbd/ipc.c:306
#20 0x080881d5 in named_pipe (conn=0x836d000, vuid=100, outbuf=0x834c000 "",
    name=0xbfbfeb76 "", setup=0x8311910, data=0x837b000 "\005", params=0x0, 
suwcnt=2,
    tdscnt=589, tpscnt=0, msrcnt=0, mdrcnt=1024, mprcnt=0) at smbd/ipc.c:350
#21 0x08088cb8 in reply_trans (conn=0x836d000,
---Type <return> to continue, or q <return> to quit---
    inbuf=0xffffffff <Address 0xffffffff out of bounds>, outbuf=0x834c000 "", 
size=677,
    bufsize=131072) at smbd/ipc.c:558
#22 0x080c6bb8 in switch_message (type=37, inbuf=0x832b000 "", 
outbuf=0x834c000 "",
    size=677, bufsize=0) at smbd/process.c:767
#23 0x080c6c7e in construct_reply (inbuf=0x832b000 "", outbuf=0x834c000 "", 
size=0,
    bufsize=0) at smbd/process.c:797
#24 0x080c704f in process_smb (inbuf=0x832b000 "", outbuf=0x834c000 "")
    at smbd/process.c:897
#25 0x080c7c23 in smbd_process () at smbd/process.c:1328
#26 0x0822062f in main (argc=0, argv=0xbfbfeebc) at smbd/server.c:887
#27 0x080734a2 in _start ()
(gdb)

my testparm report:
Load smb config files from /usr/local/etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions

# Global parameters
[global]
        dos charset = 866
        unix charset = KOI8-R
        display charset = KOI8-R
        workgroup = CALLCENTER
        passdb backend = ldapsam:ldapi://%2fvar%2frun%2fopenldap%2fldapi/
        guest account = guest
        log level = 2
        log file = /var/log/samba/m.log
        domain logons = Yes
        ldap suffix = dc=komi,dc=mts,dc=ru
        ldap machine suffix = ou=Computers
        ldap user suffix = ou=People
        ldap group suffix = ou=Group
        ldap admin dn = cn=ldapmanager,dc=komi,dc=mts,dc=ru
        ldap passwd sync = Yes
        ldap delete dn = Yes
        admin users = @wheel
        printer admin = @wheel

[homes]
        read only = No
        browseable = No

[netlogon]
        path = /home/samba/netlogon

Thanks!
Comment 1 Alex Deiter 2003-12-19 06:50:55 UTC
smbd log with log level=10:

[2003/12/19 17:48:03, 10] passdb/pdb_get_set.c:pdb_set_init_flags(493)
  element 26 -> now SET
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(134)
  INFO_21 UNI_FULL_NAME: Domain Guest -> Domain Guest
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(142)
  INFO_21 UNI_HOME_DIR: \\sandra\guest -> \\sandra\guest
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(150)
  INFO_21 UNI_DIR_DRIVE:  ->
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(158)
  INFO_21 UNI_LOGON_SCRIPT:  ->
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(166)
  INFO_21 UNI_PROFILE_PATH: \\sandra\guest\profile -> \\sandra\guest\profile
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(174)
  INFO_21 UNI_ACCT_DESC: Domain Guest (MTS Komi) -> Domain Guest (MTS Komi) 
addon
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(182)
  INFO_21 UNI_WORKSTATIONS:  ->
[2003/12/19 17:48:03, 10] rpc_server/srv_samr_util.c:copy_id21_to_sam_passwd
(190)
  INFO_21 UNI_UNKNOWN_STR:  ->
[2003/12/19 17:48:03, 0] lib/fault.c:fault_report(36)
  ===============================================================
[2003/12/19 17:48:03, 0] lib/fault.c:fault_report(37)
  INTERNAL ERROR: Signal 11 in pid 87345 (3.0.1)
  Please read the appendix Bugs of the Samba HOWTO collection
[2003/12/19 17:48:03, 0] lib/fault.c:fault_report(39)
  ===============================================================
Comment 2 Alex Deiter 2003-12-19 14:37:23 UTC
Created attachment 331 [details]
patch for smbd core dumped with USRMGR.EXE on change user

patch for smbd core dumped with USRMGR.EXE on change user properties
Comment 3 Alex Deiter 2003-12-21 22:02:36 UTC
Comment on attachment 331 [details]
patch for smbd core dumped with USRMGR.EXE on change user

Sorry, this patch incorrect. Please see next patch
Comment 4 Alex Deiter 2003-12-21 22:08:28 UTC
Created attachment 333 [details]
patch for smbd core dumped with USRMGR.EXE on change user

path for base64 coding blob's zero length.
Comment 5 Gerald (Jerry) Carter 2004-03-16 11:49:01 UTC
This was fixed in 3.0.2 IIRC.
Comment 6 Gerald (Jerry) Carter 2005-08-24 10:17:33 UTC
sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.
Comment 7 Gerald (Jerry) Carter 2005-11-14 09:27:38 UTC
database cleanup