Bug 229863 - Segfault using "write list" setting
Segfault using "write list" setting
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-02-23 15:53 EST by Dax Kelson
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version: RHEL5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-23 16:57:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dax Kelson 2007-02-23 15:53:33 EST
Description of problem:
On RHEL5b2 and stock FC6 using samba-3.0.23c-2 (I also tried 3.0.24-1.fc6) I can
cause a crash every time when trying to connect to the following share:

[global]
workgroup = EXAMPLE
netbios name = station10
map archive = yes
map system = yes
map hidden = yes
follow symlinks = no
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

[sales]
comment = Sales department files
path = /srv/samba/sales
guest ok = no
read only = yes
force create mode = 0660
force directory mode = 2770
force group = sales
write list = @sales 

If I comment out the "write list", no crash.

To connect to the share I use:
$ smbclient  //station10/sales -U guru
Password: <thepass>
Domain=[STATION10] OS=[Unix] Server=[Samba 3.0.23c-2]
tree connect failed: Call returned zero bytes (EOF)
$


Here is the log output from Samba:
[2007/02/23 13:43:11, 1] smbd/service.c:make_connection_snum(941)
  station10 (10.100.0.10) connect to service sales initially as user guru
(uid=500, gid=503) (pid 3069)
[2007/02/23 13:43:12, 1] smbd/service.c:close_cnum(1141)
  station10 (10.100.0.10) closed connection to service sales
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(41)
  ===============================================================
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 3072 (3.0.23c-2)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(44)
  
  From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(45)
  ===============================================================
[2007/02/23 13:43:23, 0] lib/util.c:smb_panic(1614)
  PANIC (pid 3072): internal error
[2007/02/23 13:43:23, 0] lib/util.c:log_stack_trace(1721)
  BACKTRACE: 21 stack frames:
   #0 smbd(log_stack_trace+0x2d) [0xe0125d]
   #1 smbd(smb_panic+0x5d) [0xe0138d]
   #2 smbd [0xdecd7a]
   #3 [0x53e420]
   #4 /lib/libc.so.6(strlen+0x33) [0x8822e3]
   #5 /lib/libc.so.6(__strdup+0x25) [0x882025]
   #6 /lib/libnsl.so.1(nis_list+0x62f) [0x99ec5f]
   #7 /lib/libnss_nisplus.so.2(_nss_nisplus_setnetgrent+0x94) [0xa177c4]
   #8 /lib/libc.so.6(innetgr+0xb6) [0x9003c6]
   #9 smbd(user_in_netgroup+0x65) [0xc37a65]
   #10 smbd(token_contains_name_in_list+0x23d) [0xc3a46d]
   #11 smbd(is_share_read_only_for_token+0x98) [0xc3a768]
   #12 smbd(change_to_user+0x442) [0xc78eb2]
   #13 smbd [0xc984a8]
   #14 smbd(make_connection+0x194) [0xc99914]
   #15 smbd(reply_tcon_and_X+0x217) [0xc5d1d7]
   #16 smbd [0xc94a70]
   #17 smbd(smbd_process+0x7ab) [0xc95b9b]
   #18 smbd(main+0xbd0) [0xeaf8e0]
   #19 /lib/libc.so.6(__libc_start_main+0xdc) [0x82bf2c]
   #20 smbd [0xc1ffb1]
[2007/02/23 13:43:23, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/smbd
Comment 1 Simo Sorce 2007-02-23 16:16:35 EST
This seems to be a bug in libnss_nisplus not in samba.

To workaround it you can use + instead of @ in the write list, unless you really
want to check a NIS netgroup there.
Comment 2 Simo Sorce 2007-02-23 16:57:48 EST
Should be fixed in latest rhel5, this bug seem to be fixed in glibc-2.5-7 and
latest rhel5 have 2.5-12

Note You need to log in before you can comment on or make changes to this bug.