Bug 208718

Summary: Update 3.0.23c-1.fc5 cannot understand "@group" in smb.conf
Product: [Fedora] Fedora Reporter: Luis Felipe Marzagao <lfelipebm>
Component: sambaAssignee: Jay Fenlason <fenlason>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: medium    
Version: 5CC: cat, fedora, jfeeney, jplans, rhbugzilla, zing
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
URL: http://www.fedoraforum.org/forum/showthread.php?t=125460
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-23 07:08:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Log saved in /var/log/samba related to the workstation
none
samba configuration file
none
smb daemon log
none
Patch to fix @groups crash
none
Diff against 3.0.23-1.fc5 spec file
none
Proof of concept for innetgr() crash
none
System info and gdb output for innetgr() PoC crash none

Description Luis Felipe Marzagao 2006-09-30 19:13:40 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pt-BR; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7

Description of problem:
I discovered, for an exemple, if you have a user group with 3 members (Alan, Baker, Clive), before 3.0.23c this line at smb.conf worked fine:
 
valid users = @user
 
But with 3.0.23c update it doesn't work anymore.
 
You have to replace the line like this:
 
valid users = Alan, Baker, Clive
 
I mean, replace the "@groupname" with the complete userlist of the group separated by commas.
 
It´s a quick solution, but some groups are big and it´s kind of hard to do that with all of them.
 
Apparently, other people are experiencing the same problem, as related at fedora forum (http://www.fedoraforum.org/forum/showthread.php?t=125460).
 
 
I´d appreciate any help or comments.
 
Attached my smb.conf and logs.
 
The workstation I´m trying to access the shares from is a Windows XP one, and it´s name is "rbsm204".
 
The user is "felipe" and he belongs to "admin" group.
 
I found this at my workstation log (attached):
 
[2006/09/30 14:58:35, 3] lib/util_sid.c:string_to_sid(223)

string_to_sid: Sid @admin does not start with 'S-'.

[2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(423)

Unable to get default yp domain, let's try without specifying it [2006/09/30 14:58:35, 5] smbd/password.c:user_in_netgroup(427)

looking for user felipe of domain (ANY) in netgroup admin [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(41)

===============================================================

[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(42)

INTERNAL ERROR: Signal 11 in pid 13861 (3.0.23c-1.fc5)

Please read the Trouble-Shooting section of the Samba3-HOWTO [2006/09/30 14:58:35, 0] lib/fault.c:fault_report(44)

From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf

[2006/09/30 14:58:35, 0] lib/fault.c:fault_report(45)

===============================================================

[2006/09/30 14:58:35, 0] lib/util.c:smb_panic(1614)

PANIC (pid 13861): internal error

[2006/09/30 14:58:35, 0] lib/util.c:log_stack_trace(1721)

BACKTRACE: 19 stack frames:

#0 smbd(log_stack_trace+0x2d) [0x8a78ad]

#1 smbd(smb_panic+0x5d) [0x8a79dd]

#2 smbd [0x89351a]

#3 [0xa5f420]

#4 /lib/libc.so.6(__strdup+0x1f) [0x346893]

#5 /lib/libnsl.so.1(nis_list+0x5d2) [0xc64b5f]

#6 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x8f) [0x51262e]

#7 /lib/libc.so.6(innetgr+0xb2) [0x3c1d05]

#8 smbd(user_in_netgroup+0x65) [0x6de1e5]

#9 smbd(token_contains_name_in_list+0x23d) [0x6e0bdd]

#10 smbd(change_to_user+0x4d2) [0x71f642]

#11 smbd [0x73eb38]

#12 smbd(make_connection+0x194) [0x73ffa4]

#13 smbd(reply_tcon_and_X+0x21d) [0x7038ed]

#14 smbd [0x73b0e0]

#15 smbd(smbd_process+0x7ab) [0x73c21b]

#16 smbd(main+0xbd0) [0x955f90]

#17 /lib/libc.so.6(__libc_start_main+0xdc) [0x2f24e4]

#18 smbd [0x6c6701]

[2006/09/30 14:58:35, 0] lib/fault.c:dump_core(173)

dumping core in /var/log/samba/cores/smbd



Version-Release number of selected component (if applicable):
samba-3.0.23c-1.fc5

How reproducible:
Always


Steps to Reproduce:
1. Insert, for example, any groups at smb.conf, such as valid users = @marketing
2. Everything works fine.
3. Update to samba 3.0.23c-1.fc5
4. Try to access the share containing the "@" from Windows XP
5. It wont´t access the share, altough it´s visible from explorer at Windows XP
6. Remove the "@" sign from smb.conf and replace it with the actual users from the group, separated by commas, such as "clive, celina, owen"
7. Access the share. It will work.

Actual Results:
"The share you specified is not accessible anymore"

Expected Results:
See the content

Additional info:
Comment 1 Luis Felipe Marzagao 2006-09-30 19:18:53 UTC 
Created attachment 137487 [details]
Log  saved in /var/log/samba related to the workstation

Windows XP machine name is "rbsm204".

User trying to access the shares is "felipe"

User "felipe" belongs to "admin"
Comment 2 Luis Felipe Marzagao 2006-09-30 19:22:40 UTC 
Created attachment 137488 [details]
samba configuration file

my smb.conf file, where you can see the "@" groups assigned
Comment 3 Luis Felipe Marzagao 2006-09-30 19:24:07 UTC 
Created attachment 137489 [details]
smb daemon log
Comment 4 Brandon Holbrook 2006-10-11 04:31:51 UTC 
I'm having the exact same issue, with the exact same error / stack trace.  I'm
glad your were able to narrow it down to the @group, though.  All my shares
reference @group so I thought all of samba was broken!  This is a pretty serious
bug...
Comment 5 Luis Felipe Marzagao 2006-10-11 22:29:03 UTC 
I agree with you. The reason I put it as a "normal" bug was that I could
workaround it... Hope the developers fix it as soon as possible. Cheers.
Comment 6 Graeme Fowler 2006-10-12 18:51:58 UTC 
See samba mailing list thread:

http://www.mail-archive.com/samba@lists.samba.org/msg77923.html

I duplicate the problem perfectly.

Will port patch from mailing list context, build RPM, test, and report back.
Comment 7 Graeme Fowler 2006-10-12 19:32:22 UTC 
Created attachment 138360 [details]
Patch to fix @groups crash

Patch to fix @groups crash ported from mailing list
Comment 8 Graeme Fowler 2006-10-12 19:34:17 UTC 
Created attachment 138362 [details]
Diff against 3.0.23-1.fc5 spec file

Diff against 3.0.23-1.fc5 spec file to integrate previous patch into RPM build.
Obviously this needs further work to get into dist as it's labelled with my
suffixes!
Comment 9 Graeme Fowler 2006-10-12 19:46:18 UTC 
Additional data:

Patch is in Samba SVN:
http://viewcvs.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0_23/source/auth/auth_util.c?rev=19008&r1=17875&r2=19008

Various comments in the RELEASE tree state "Staging for 3.0.23d..."
Comment 10 Luis Felipe Marzagao 2006-10-13 21:58:33 UTC 
Hi, Graeme.

First of all thanks for the efforts.

Are you 100% sure that this patch does the job?

I ask it because I had previously contacted Volker Lendeck, from samba.org, and
he said the patch contained at the mentioned mailing list had nothing to do with
this problem with groups:


My message for him

Quote:
"... Anyway, googleing I saw a discussion where you've posted a patch for samba
3.0.23c:

http://www.mail-archive.com/samba@l...g/msg78460.html

Unfortunatelly, I have no idea how to use or apply the patch... Worse, I have no
idea how to port it to fedora core 5...

I´d would really appreciate any comments or help.

Thank you very much for the attention."



And his answer was:

Quote:
"Please post your problems with more detailed info like your smb.conf and debug
level 10 logs of smbd to samba.
The patch I've posted for sure has nothing to do with your problem.

Volker"


I´d appreciate any comments!

Thanks again for your help!

Cheers,
Duli
Comment 11 Graeme Fowler 2006-10-14 07:51:49 UTC 
Interesting - principally because although Volker told you it has "nothing to do
with your problem", my segfaults matched those of the OP in the Samba ML thread
and the patch makes them go away.

Coincidence? Maybe. But it definitely WORKSFORME.
Comment 12 Luis Felipe Marzagao 2006-10-14 16:54:18 UTC 
Great, Graeme. Thanks once more for your great help!!!

Cheers,
Comment 13 Catalin Patulea 2006-10-23 05:40:16 UTC 
Created attachment 139099 [details]
Proof of concept for innetgr() crash
Comment 14 Catalin Patulea 2006-10-23 05:41:24 UTC 
Created attachment 139100 [details]
System info and gdb output for innetgr() PoC crash
Comment 15 Catalin Patulea 2006-10-23 05:43:34 UTC 
[First off, Graeme, I don't believe that mailing list thread/patch has anything
to with this bug.]

Since my machine doesn't need NIS, one workaround is to edit /etc/nsswitch.conf
and change the "netgroup" line from "nisplus" to "files". After that, smbd works
fine with "valid users = @group".

The crash is due to glibc's innetgr() eventually calling strdup(NULL). It looks
like it tries to find group information using NIS-related functions, but one of
the sub-lookups fails in a way the caller doesn't expect (an array element is
NULL instead of the array pointer being NULL).

The bug is reproducible independently of Samba using the attached PoC (see also
gdb info), under Fedora Core 5 with glibc-2.4-11 and "netgroup: nisplus" in
/etc/nsswitch.conf. The user and group can be anything, including nonexistent ones.

Changing the netgroup entry to "files" simply hides the bug and allows smbd to
work on machines that use local files for group information.
Comment 16 Catalin Patulea 2006-10-23 06:06:50 UTC 
Bug filed with glibc bugzilla (http://sourceware.org/bugzilla/show_bug.cgi?id=3411).
Comment 17 Jakub Jelinek 2006-10-23 07:08:26 UTC 

*** This bug has been marked as a duplicate of 206483 ***