Bug 459618 - smbd crash on ads_verify_ticket
Summary: smbd crash on ads_verify_ticket
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba3x
Version: 5.2
Hardware: x86_64
OS: Linux
medium
urgent
Target Milestone: rc
: ---
Assignee: Guenther Deschner
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-08-20 16:27 UTC by Paolo Penzo
Modified: 2010-06-30 14:12 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-06-29 19:00:58 UTC
Target Upstream Version:

Attachments (Terms of Use)
smb.conf (1019 bytes, application/octet-stream)
2008-08-20 16:27 UTC, Paolo Penzo 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description Paolo Penzo 2008-08-20 16:27:40 UTC 
Created attachment 314637 [details]
smb.conf

When security=ADS smbd often crashes on function ads_verify_ticket with this log message:
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(41)
 smbd[7357]:   ===============================================================
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(42)
 smbd[7357]:   INTERNAL ERROR: Signal 11 in pid 7357 (3.0.28-1.el5_2.1)
 smbd[7357]:   Please read the Trouble-Shooting section of the Samba3-HOWTO
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(44)
 smbd[7357]:
 smbd[7357]:   From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/fault.c:fault_report(45)
 smbd[7357]:   ===============================================================
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/util.c:smb_panic(1655)
 smbd[7357]:   PANIC (pid 7357): internal error
 smbd[7357]: [2008/08/20 18:02:38, 0] lib/util.c:log_stack_trace(1759)
 smbd[7357]:   BACKTRACE: 16 stack frames:
 smbd[7357]:    #0 smbd(log_stack_trace+0x1c) [0x2b84626f2fcc]
 smbd[7357]:    #1 smbd(smb_panic+0x43) [0x2b84626f30b3]
 smbd[7357]:    #2 smbd [0x2b84626e0bb2]
 smbd[7357]:    #3 /lib64/libpthread.so.0 [0x2b8463e51e70]
 smbd[7357]:    #4 /lib64/libc.so.6(fseek+0x1) [0x2b84653d37e1]
 smbd[7357]:    #5 /usr/lib64/libkrb5.so.3(krb5_ktfile_get_next+0x91) [0x2b846338a511]
 smbd[7357]:    #6 smbd(ads_verify_ticket+0xe70) [0x2b8462794550]
 smbd[7357]:    #7 smbd [0x2b8462577353]
 smbd[7357]:    #8 smbd [0x2b8462578175]
 smbd[7357]:    #9 smbd [0x2b8462578e33]
 smbd[7357]:    #10 smbd(reply_sesssetup_and_X+0x995) [0x2b8462579c15]
 smbd[7357]:    #11 smbd [0x2b84625a4a14]
 smbd[7357]:    #12 smbd(smbd_process+0x7b1) [0x2b84625a59c1]
 smbd[7357]:    #13 smbd(main+0xa20) [0x2b84627a7d00]
 smbd[7357]:    #14 /lib64/libc.so.6(__libc_start_main+0xf4) [0x2b84653888b4]
 smbd[7357]:    #15 smbd [0x2b8462537239]
 smbd[7357]: [2008/08/20 18:02:39, 0] lib/fault.c:dump_core(159)
 smbd[7357]:   Exiting on internal error (core file administratively disabled) 



This issue arises in versions 3.0.25b-0.el5.4, 3.0.28-0.el5.8 and 3.0.28-1.el5_2
Comment 1 Guenther Deschner 2008-08-21 14:40:14 UTC 
This is related to an odd behaviour of MIT kerberos, can you set "use kerberos keytab" to "no" and see if the issue is resolved ? 

If it fixes the segfault, do you really require this option in your environment ?
Comment 2 Paolo Penzo 2008-08-21 17:35:56 UTC 
On this machine I've another smb service running a similar configuration which does not suffer from this issue...
Comment 8 Dmitri Pal 2010-06-29 19:00:58 UTC 
Can you please retest with 5.3 and later? We believe that this issue is already addressed in the latest kerberos libraries since 5.3.

Closing the bug as addressed in current release.
Comment 9 Guenther Deschner 2010-06-30 09:44:45 UTC 
I can confirm current RHEL5 contains the appropriate fix (just tested).
Comment 11 Paolo Penzo 2010-06-30 14:12:09 UTC 
As far as I can see, this issue does not arise on newer versions of RHEL5.
Note You need to log in before you can comment on or make changes to this bug.