Bug 9204 - samba-tool/python segfault in libndr.so.0.0.1 when using samdb.schema_format_value
samba-tool/python segfault in libndr.so.0.0.1 when using samdb.schema_format_...
Status: NEW
Product: Samba 4.0
Classification: Unclassified
Component: Python
x64 Linux
: P5 normal
: ---
Assigned To: Samba QA Contact
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2012-09-24 21:09 UTC by Alexander Wuerstlein
Modified: 2013-11-01 14:38 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Wuerstlein 2012-09-24 21:09:15 UTC
I've tried to extend 'samba-tool user create' to map unix UIDs to the SID of the newly created user. For this I've added the following code to samba4/scripting/samba/netcmd/user.py at the end of cmd_user_create:

            samdb = SamDB(url=H, session_info=system_session(),
                          credentials=creds, lp=lp)
            samdb.newuser(username, password,
                          useusernameascn=use_username_as_cn, userou=userou, surname=surname, givenname=given_name, initials=initials,
                          profilepath=profile_path, homedrive=home_drive, scriptpath=script_path, homedirectory=home_directory,
                          jobtitle=job_title, department=department, company=company, description=description,
                          mailaddress=mail_address, internetaddress=internet_address,
                          telephonenumber=telephone_number, physicaldeliveryoffice=physical_delivery_office)
            if match_unix_uid:
                #idmap = IDmapDB(lp=lp)
                sids = samdb.search(samdb.get_default_basedn(), scope=ldb.SCOPE_SUBTREE,
                        expression=("(&(objectClass=user)(samaccountname=%s))" % username),
                if (len(sids) != 1):
                        raise CommandError("Failed to set Unix UID for '%s'" % username, e)
                #pwent = pwd.getpwnam(username)
                self.outf.write("before sambd.schema_format_value: %s\n" % sids[0])
                sid = samdb.schema_format_value("objectSid", sids[0])
                #sid = str(sids[0])
                #self.outf.write("%s\n" % sid)
                #self.outf.write("User '%s' matched to UID '%u' and SID '%s'\n" % (username,pwent[2],sid))
                #idmap.setup_name_mapping(sid, idmap.TYPE_UID, pwent[2])

        except Exception, e:
            raise CommandError("Failed to add user '%s': " % username, e)

        self.outf.write("User '%s' created successfully\n" % username)

Only the lines after 'if match_unix_uid' are new, commented lines have been excluded to find the bug. The segfault seems to happen in the sid = samdb.schema_format_value(...)-line. Linux dmesg of the segfault is as follows:

[190972.013015] python[29187]: segfault at 0 ip 00007f45c954156d sp 00007fffcde089e0 error 4 in libndr.so.0.0.1[7f45c9539000+19000]
[191020.280895] python[29224]: segfault at 0 ip 00007f8c8c15456d sp 00007fff733dccf0 error 4 in libndr.so.0.0.1[7f8c8c14c000+19000]
[191245.544410] python[29273]: segfault at 0 ip 00007f4ead92256d sp 00007fff68dc2f40 error 4 in libndr.so.0.0.1[7f4ead91a000+19000]
[191269.279055] python[29288]: segfault at 0 ip 00007fedc061756d sp 00007fffe138e7f0 error 4 in libndr.so.0.0.1[7fedc060f000+19000]

Valgrind doesn't tell me anything, but I'm not sure if it would work with python at all:

# /opt/samba4/bin/samba-tool user create --match-unix-uid testy foo
before sambd.schema_format_value: Message({'dn': Dn('CN=testy,CN=Users,DC=ad,DC=cip,DC=cs,DC=fau,DC=de'), 'objectSid': MessageElement(['\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00;\x08z\x13\xc1\x1a\x06\xb7\xa1\x1b\xb4Cv\x04\x00\x00'])})
zsh: segmentation fault  /opt/samba4/bin/samba-tool user create --match-unix-uid testy foo

The usage of schema_format_value is analogous to Ldb.searchOne in samba/__init__.py line 131, but since I have no clue of python beyond the most trivial stuff, I'm not sure if I'm just using it wrong.
Comment 1 Alexander Wuerstlein 2012-09-24 21:17:56 UTC
Okay, sorry for my non-existent python and code-reading skills, searchone in samba/__init__.py is not the same after all.

When I use it right and change the offending line to
sid = samdb.schema_format_value("objectSid", sids[0]["objectSid"][0])
in my code, the error disappears.

Sorry for the possible bugspam, but perhaps the segfault is wort fixing nonetheless.
Comment 2 Jelmer Vernooij 2013-11-01 14:38:11 UTC
The segfault is indeed worth fixing, even if this is an incorrect use of the function - it should raise an exception if it's not getting the right input.