thr3ads.net - samba - [Samba] Possible bug in samba-2.2.8a-1... [Apr 2003]

If this information is useful, please help other people find it:
Share via:
Administrador de la Red
2003-Apr-16 17:35 UTC
[Samba] Possible bug in samba-2.2.8a-1...

Hi,
I found what seems to be a bug in smbd (and smbclient?) from  samba-2.2.8a-1.
Scenario is the following:
All users have accounts in linux box "mate", with homes mounted via
NFS
from linux box "fserver". mate and fserver run samba-2.2.8a-1, mate
ONLY
validates passwords and has no shares; fserver in turn, ONLY shares [homes]
and [netlogon], but has no users, so samba uses "password server =
mate" AND
"root directory = /mhomes"

The problem is that the server segfaults when the client issues a dir command.
gets and puts have no problem, just dir or ls.

The problem arises because the file /mhomes/etc/mtab is symlinked to /etc/mtab,
if I just copy /etc/mtab to /mhomes/etc/mtab the server runs fine.

Older versions (2.0.3) of smbd run OK in the chroot'd environment.

Here I provide more info:

fserver and mate run RedHat Linux 6.x with libc updated to 
glibc-2.1.3-29.i386.rpm

samba compiled in fserver with:
rpm --rebuild samba-2.2.8a-1.src.rpm

and installed with:
rpm -Uvh --replacepkgs --replacefiles samba-2.2.8a-1.i386.rpm


fserver smb.conf:
-----------------------------
[global]

interfaces = 157.92.22.10/24
socket address = 157.92.22.10
bind interfaces only = yes
root directory = /mhomes
   workgroup = WORKGROUP
hosts allow = 157.92.22. 127.
   printcap name = /etc/printcap
   load printers = yes
   printing = bsd	
   max log size = 50
	security = server
	password server = mate
   socket options = TCP_NODELAY 
   local master = yes
   os level = 33
   domain master = yes 
   preferred master = yes
   domain logons = yes
   logon script = %U.bat
   wins support = yes
   dns proxy = no 
[homes]
   comment = Home Directories
   browseable = no
   writable = yes
[netlogon]
   comment = Network Logon Service
   path = /netlogon
   guest ok = yes
   writable = no
   share modes = no
-------------------------------

Client is mate and runs:
smbclient   //fserver/rcoss -U rcoss

Server is fserver and the logfile log.mate shows:
[2003/04/15 16:14:21, 0] lib/fault.c:fault_report(38)
  ==============================================================[2003/04/15
16:14:21, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 17579 (2.2.8a)
  Please read the file BUGS.txt in the distribution
[2003/04/15 16:14:21, 0] lib/fault.c:fault_report(41)
  ==============================================================[2003/04/15
16:14:21, 0] lib/util.c:smb_panic(1094)
  PANIC: internal error



Output from smbclient is:
----------------------
smb: \>dir
...[snipped]
...
...
 wea.pl                              A     2073  Mon Apr 14 19:50:42 2003
Error in dskattr: Call returned zero bytes (EOF)

smb: \> Segmentation fault (core dumped)
-----------------------

Older versions of smbclient , 2.0.3, get same error but don't segfault:
----------------------
smb: \>dir
...[snipped]
...
...
 wea.pl                              A    2073  Mon Apr 14 20:50:42 2003
Error in dskattr: code 0
smb: \> read_data: read failure. Error = Broken pipe
Broken pipe
--------------------------

Output from gdb /usr/sbin/smbd PID is:
---------------------------
...
This GDB was configured as "i386-redhat-linux"...
(no debugging symbols found)...

/mhomes/etc/17579: No such file or directory.
Attaching to program `/usr/sbin/smbd', Pid 17579
Reading symbols from /lib/libdl.so.2...done.
Reading symbols from /lib/libnsl.so.1...done.
Reading symbols from /lib/libpam.so.0...done.
Reading symbols from /usr/lib/libpopt.so.0...done.
Reading symbols from /lib/libc.so.6...done.
Reading symbols from /lib/ld-linux.so.2...done.
Reading symbols from /lib/libnss_files.so.2...done.
Reading symbols from /lib/libnss_nisplus.so.2...done.
Reading symbols from /lib/libnss_nis.so.2...done.
0x400f10de in __select ()
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
fgets_unlocked (buf=0x824eea8 "p0\023@p0\023@\200?3\233b??\001",
n=4096,
    fp=0x0) at iofgets_u.c:44
iofgets_u.c:44: No such file or directory.
(gdb) where
#0  fgets_unlocked (buf=0x824eea8 "p0\023@p0\023@\200?3\233b??\001",
n=4096,
    fp=0x0) at iofgets_u.c:44
#1  0x400f1bce in __getmntent_r (stream=0x0, mp=0x4013655c, 
    buffer=0x824eea8 "p0\023@p0\023@\200?3\233b??\001", bufsiz=4096)
    at mntent_r.c:102
#2  0x400f1b1f in getmntent (stream=0x0) at mntent.c:53
#3  0x81511c0 in disk_quotas ()
#4  0x806e98f in session_yield ()
#5  0x806ec6d in sys_disk_free ()
#6  0x809dea2 in vfswrap_disk_free ()
#7  0x8085a4a in reply_dskattr ()
#8  0x80a428d in respond_to_all_remaining_local_messages ()
#9  0x80a431a in respond_to_all_remaining_local_messages ()
#10 0x80a44a4 in process_smb ()
#11 0x80a4dcf in smbd_process ()
#12 0x806ace8 in main ()
#13 0x4005c9cb in __libc_start_main (main=0x806a5e0 <main>, argc=2, 
    argv=0xbffffd64, init=0x806898c <_init>, fini=0x81541bc <_fini>,
    rtld_fini=0x4000aea0 <_dl_fini>, stack_end=0xbffffd5c)
    at ../sysdeps/generic/libc-start.c:92

------------------------------

Output from strace  -f /usr/sbin/smbd -i -d 2 :
------------------------
...
...
stat("./curr.doc", {st_mode=033607, st_size=0, ...}) = 0
stat("./listacasamiento.xls", {st_mode=033613, st_size=0, ...}) = 0
stat("./licit2003.zip", {st_mode=033650, st_size=0, ...}) = 0
stat("./wea.pl", {st_mode=033722, st_size=0, ...}) = 0
send(11, "\0\0\3\214\377SMB2\0\0\0\0\210A\0"..., 912, 0) = 912
select(20, [9 11 19], NULL, NULL, {60, 0}) = 1 (in [11], left {59, 880000})
read(11, "\0\0\0#", 4)                  = 4
read(11, "\377SMB\200\0\0\0\0\10\1\0\0\0\0"..., 35) = 35
gettimeofday({1050510946, 443001}, NULL) = 0
statfs(".", {f_type="EXT2_SUPER_MAGIC", f_bsize=1024,
f_blocks=1949119, f_bfree=274728, f_files=65280, f_ffree=24610, f_namelen=255}})
= 0
stat(".", {st_mode=030210, st_size=0, ...}) = 0
open("/proc/mounts", O_RDONLY)          = -1 ENOENT (No such file or
directory)
open("/etc/mtab", O_RDONLY)             = -1 ELOOP (Too many levels of
symbolic links)
geteuid()                               = 200
stat(".", {st_mode=030210, st_size=0, ...}) = 0
open("/etc/mtab", O_RDONLY)             = -1 ELOOP (Too many levels of
symbolic links)
--- SIGSEGV (Segmentation fault) ---
write(1, "================================"...,
64==============================================================) = 64
write(1, "INTERNAL ERROR: Signal 11 in pid"..., 48INTERNAL ERROR:
Signal 11 in pid 18206 (2.2.8a)
) = 48
write(1, "Please read the file BUGS.txt in"..., 50Please read the file
BUGS.txt in the distribution
) = 50
write(1, "================================"...,
64==============================================================) = 64
write(1, "PANIC: internal error\n", 22PANIC: internal error
) = 22
SYS_175(0x1, 0xbfffeb38, 0, 0x8, 0x1)   = 0
getpid()                                = 18206
kill(18206, SIGABRT)                    = 0
--- SIGABRT (Aborted) ---
+++ killed by SIGABRT +++

-----------------------------

I can provide more info and testing if needed.

BTW, How can I tell which set of files must be replicated in the
chroot'd directory?

Thanks in advance,

Rodolfo Cossalter
System Administrator
Universidad de Buenos Aires
Seemingly Similar Threads

Search for more apparently analagous threads
samba - Apr 2003 - Possible bug in samba-2.2.8a-1...

[Samba] Possible bug in samba-2.2.8a-1...

Seemingly Similar Threads

Wisdom of the Ancients
