Reproduce conditions are: - vfs objects = full_audit - access to msdfs link The reason of this issue is from NULL reference at smb_full_audit_connect() when accessing to msdfs link. in vfs_full_audit.c:audit_prefix(): result = talloc_sub_advanced(ctx, lp_servicename(SNUM(conn)), conn->session_info->unix_name, // <- conn->session_info is NULL How about using current_user.conn->session_info in msdfs case BACKTRACE: 30 stack frames: #0 /usr/local/samba-3.6/sbin/smbd(log_stack_trace+0x2b) [0xb71266ce] #1 /usr/local/samba-3.6/sbin/smbd(smb_panic+0x7f) [0xb712653d] #2 /usr/local/samba-3.6/sbin/smbd(+0x4beef8) [0xb7113ef8] #3 /usr/local/samba-3.6/sbin/smbd(+0x4bef09) [0xb7113f09] #4 [0xb6c37400] #5 /usr/local/samba-3.6/lib/vfs/full_audit.so(+0x3dcf) [0xb6627dcf] #6 /usr/local/samba-3.6/lib/vfs/full_audit.so(+0x412c) [0xb662812c] #7 /usr/local/samba-3.6/sbin/smbd(smb_vfs_call_connect+0x3a) [0xb6d9444f] #8 /usr/local/samba-3.6/sbin/smbd(create_conn_struct+0x458) [0xb6dbab3d] #9 /usr/local/samba-3.6/sbin/smbd(get_referred_path+0x52d) [0xb6dbc4bb] #10 /usr/local/samba-3.6/sbin/smbd(setup_dfs_referral+0x18e) [0xb6dbd263] #11 /usr/local/samba-3.6/sbin/smbd(+0x123339) [0xb6d78339] #12 /usr/local/samba-3.6/sbin/smbd(+0x123dc5) [0xb6d78dc5] #13 /usr/local/samba-3.6/sbin/smbd(reply_trans2+0x8c1) [0xb6d7976a] #14 /usr/local/samba-3.6/sbin/smbd(+0x153776) [0xb6da8776] #15 /usr/local/samba-3.6/sbin/smbd(+0x153901) [0xb6da8901] #16 /usr/local/samba-3.6/sbin/smbd(+0x153c35) [0xb6da8c35] #17 /usr/local/samba-3.6/sbin/smbd(+0x154f32) [0xb6da9f32] #18 /usr/local/samba-3.6/sbin/smbd(+0x154fa8) [0xb6da9fa8] #19 /usr/local/samba-3.6/sbin/smbd(run_events_poll+0x62d) [0xb713a096] #20 /usr/local/samba-3.6/sbin/smbd(+0x152cc3) [0xb6da7cc3] #21 /usr/local/samba-3.6/sbin/smbd(smbd_process+0xc70) [0xb6dac6d8] #22 /usr/local/samba-3.6/sbin/smbd(+0x8ca88e) [0xb751f88e] #23 /usr/local/samba-3.6/sbin/smbd(run_events_poll+0x62d) [0xb713a096] #24 /usr/local/samba-3.6/sbin/smbd(+0x4e5326) [0xb713a326] #25 /usr/local/samba-3.6/sbin/smbd(_tevent_loop_once+0xdd) [0xb713b298] #26 /usr/local/samba-3.6/sbin/smbd(+0x8cb400) [0xb7520400] #27 /usr/local/samba-3.6/sbin/smbd(main+0x10d7) [0xb752154f] #28 /lib/i686/cmov/libc.so.6(__libc_start_main+0xe6) [0xb6a06ca6] #29 /usr/local/samba-3.6/sbin/smbd(+0xb3771) [0xb6d08771]
Created attachment 8359 [details] patch for v3-6-test patch for v3-6-test
I think a better way to fix this is to ensure that conn->session_info cannot be NULL.. Jeremy.
Created attachment 8360 [details] Different patch for 3.6.x. Can you try this patch instead ? I think it should fix all areas where we're assuming conn->session_info != NULL Jeremy.
(In reply to comment #2) > I think a better way to fix this is to ensure that conn->session_info cannot be > NULL.. > Actually, I think to same way too. I'll try fix another way. Thank you.
I've just confirmed your patch, there were no problems also in other vfs module. Thank you.
Hi, your patch looks like there are no problem with DFS connect case, but I found dubious in other case such as that called from _srvsvc_NetGetFileSecurity() if (session_info != NULL) { vfs_user = conn->session_info->unix_name;// <- May be conn->session_info is NULL conn->session_info = copy_serverinfo(conn, session_info); We need to fix follows: if (session_info != NULL) { conn->session_info = copy_serverinfo(conn, session_info); vfs_user = conn->session_info->unix_name; Thank you.
(In reply to comment #6) > Hi, your patch looks like there are no problem with DFS connect case, > but I found dubious in other case such as that called from > _srvsvc_NetGetFileSecurity() > > if (session_info != NULL) { > vfs_user = conn->session_info->unix_name;// <- May be conn->session_info is > NULL > conn->session_info = copy_serverinfo(conn, session_info); > > We need to fix follows: > if (session_info != NULL) { > conn->session_info = copy_serverinfo(conn, session_info); > vfs_user = conn->session_info->unix_name; > > Thank you. Or, actually you want to write follows: if (session_info != NULL) { vfs_user = session_info->unix_name; conn->session_info = copy_serverinfo(conn, session_info);