samba - Mar 2016 - Segmentation Fault when trying to set root samba password, IPA as a backend

On 02/03/16 00:44, Jeremy Allison wrote:
> On Tue, Mar 01, 2016 at 10:11:15PM +0000, Rowland penny wrote:
>> On 01/03/16 21:35, Garming Sam wrote:
>>> Hi Rowland,
>>>
>>> This new segfault seems unrelated to the previous one. It's
probably
>>> something like a double free, which typically shouldn't be that
hard to
>>> fix. If you try running the tool under valgrind, it should provide
>>> enough information to fix the issue.
>>>
>>>
>>> Cheers,
>>>
>>> Garming
>>>
>> Who or what is 'valgrind' ?
>> I know what a 'valvegrinder' is, but I don't think you mean
this :-D
> :-).
>
> Install the valgrind tool from your local repository.
>
>> Or to put it another way, How?
>> I am quite prepared to try and get the required info, but somebody
>> else is going to have to write the 'C' code.
> I'll help :-).
>
> Do:
>
> valgrind bin/smbpasswd <parameters>
>
> and valgrind should print out the source code
> line where we mess up.
OK, here is the output:

root at testpdc:~# nano /usr/local/samba/etc/smb.conf
root at testpdc:~# valgrind /usr/local/samba/bin/smbpasswd -a ldap02
==2405== Memcheck, a memory error detector
==2405== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al.
==2405== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info
==2405== Command: /usr/local/samba/bin/smbpasswd -a ldap02
==2405=New SMB password:
Retype new SMB password:
==2408===2408== HEAP SUMMARY:
==2408==     in use at exit: 180,041 bytes in 987 blocks
==2408==   total heap usage: 5,737 allocs, 4,750 frees, 1,643,712 bytes 
allocated
==2408===2408== LEAK SUMMARY:
==2408==    definitely lost: 0 bytes in 0 blocks
==2408==    indirectly lost: 0 bytes in 0 blocks
==2408==      possibly lost: 38,178 bytes in 139 blocks
==2408==    still reachable: 141,863 bytes in 848 blocks
==2408==         suppressed: 0 bytes in 0 blocks
==2408== Rerun with --leak-check=full to see details of leaked memory
==2408===2408== For counts of detected and suppressed errors, rerun with: -v
==2408== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Added user ldap02.
==2405== Invalid read of size 4
==2405==    at 0x56AB52A: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB548: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB55C: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid read of size 4
==2405==    at 0x56AB56F: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd4 is 4 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405== Invalid free() / delete / delete[] / realloc()
==2405==    at 0x482B3A8: free (vg_replace_malloc.c:473)
==2405==    by 0x5686820: ber_memfree_x (in 
/usr/lib/i386-linux-gnu/liblber-2.4.so.2.10.3)
==2405==    by 0x56AB5AA: ldap_mods_free (in 
/usr/lib/i386-linux-gnu/libldap_r-2.4.so.2.10.3)
==2405==    by 0x5728963: ldapmod_destructor (smbldap.c:266)
==2405==    by 0x4A61AA3: _talloc_free_internal (talloc.c:1046)
==2405==    by 0x4A6287F: _talloc_free_children_internal (talloc.c:1525)
==2405==    by 0x4A61C02: _talloc_free_internal (talloc.c:1072)
==2405==    by 0x4A62BEC: _talloc_free (talloc.c:1647)
==2405==    by 0x10BFCD: main (smbpasswd.c:631)
==2405==  Address 0x5f17dd0 is 0 bytes inside a block of size 16 free'd
==2405==    at 0x482C2D4: realloc (vg_replace_malloc.c:692)
==2405==    by 0x48777F7: realloc_array (util.c:754)
==2405==    by 0x5728B31: smbldap_set_mod_internal (smbldap.c:325)
==2405==    by 0x57290B6: smbldap_set_mod (smbldap.c:392)
==2405==    by 0x4A9FC2B: ldapsam_create_user (pdb_ldap.c:5304)
==2405==    by 0x4ABB376: pdb_create_user (pdb_interface.c:542)
==2405==    by 0x4AACBF9: local_password_change (passdb.c:745)
==2405==    by 0x10B29B: password_change (smbpasswd.c:264)
==2405==    by 0x10BA77: process_root (smbpasswd.c:466)
==2405==    by 0x10BF9C: main (smbpasswd.c:627)
==2405===2405===2405== HEAP SUMMARY:
==2405==     in use at exit: 179,738 bytes in 980 blocks
==2405==   total heap usage: 6,523 allocs, 5,544 frees, 2,273,909 bytes 
allocated
==2405===2405== LEAK SUMMARY:
==2405==    definitely lost: 348 bytes in 2 blocks
==2405==    indirectly lost: 1,868 bytes in 45 blocks
==2405==      possibly lost: 35,708 bytes in 109 blocks
==2405==    still reachable: 141,814 bytes in 824 blocks
==2405==         suppressed: 0 bytes in 0 blocks
==2405== Rerun with --leak-check=full to see details of leaked memory
==2405===2405== For counts of detected and suppressed errors, rerun with: -v
==2405== ERROR SUMMARY: 11 errors from 5 contexts (suppressed: 0 from 0)
root at testpdc:~#


Rowland

On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny
wrote:
> OK, here is the output:
Can you try the attached (UNTESTED!) patch?

Thanks,

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------

On Fri, Mar 04, 2016 at 10:53:17AM +0100, Volker Lendecke
wrote:
> On Wed, Mar 02, 2016 at 09:23:34AM +0000, Rowland penny wrote:
> > OK, here is the output:
> 
> Can you try the attached (UNTESTED!) patch?
> 
> Thanks,
Gna, should have at least compiled it....

New patch :-)

Volker

-- 
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
-------------- next part --------------

On 16:47:40 wrote Rowland penny:
> /usr/local/samba/bin/smbpasswd -a ldap02
as far as i remember this has never worked! According to the man page 
this call should add a user to the *local* smb password store. And this 
is by default /etc/samba/smbpasswd and not any ldap backend.

If one wish to use any ldap backend more params are needed. RTFM

-- 

Regards
	Harry Jede

On 06/03/16 15:53, Harry Jede wrote:
> On 16:47:40 wrote Rowland penny:
>> /usr/local/samba/bin/smbpasswd -a ldap02
> as far as i remember this has never worked! According to the man page
> this call should add a user to the *local* smb password store. And this
> is by default /etc/samba/smbpasswd and not any ldap backend.
>
> If one wish to use any ldap backend more params are needed. RTFM
>
In that case, how am I adding users that don't exist in /etc/passwd to 
ldap with 'smbpasswd -a username' ?

Perhaps you need to read the manpage again, pay particular attention to 
ldapsam:editposix

Rowland