Bug 565915 – winbindd dumps core after authentication when normalize names is enabled.

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 565915 - winbindd dumps core after authentication when normalize names is enabled.

Summary:	winbindd dumps core after authentication when normalize names is enabled.

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	samba3x (Show other bugs)
Sub Component:
Version:	5.4
Hardware:	All Linux

Priority	high Severity high
Target Milestone:	rc
Target Release:	---
Assigned To:	Guenther Deschner
QA Contact:	qe-baseos-daemons
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2010-02-16 12:29 EST by Ray Van Dolson
Modified:	2018-10-27 10:20 EDT (History)
CC List:	6 users (show)

See Also:
Fixed In Version:	samba3x-3.3.12-0.52.el5
Doc Type:	Bug Fix
Doc Text:	When the 'normalize names' setting was enabled, the winbindd service could have failed after user authentication. With this update, authentication is successful.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2011-01-13 17:47:23 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
winbindd crash logs from /var/log/messages (2.89 KB, text/plain) 2010-02-16 12:36 EST, Ray Van Dolson	no flags	Details
/etc/pam.d/system-auth (1.00 KB, text/plain) 2010-02-16 12:37 EST, Ray Van Dolson	no flags	Details
Backtrace (4.53 KB, text/plain) 2010-02-23 17:38 EST, Ray Van Dolson	no flags	Details
Patch based on commit 62a1d9101cf0c2d45f81ba703cfdef5f42006b3f (1.36 KB, patch) 2010-05-18 13:53 EDT, Justin Payne	no flags	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Samba Project	6793	None	None	None	Never
Red Hat Product Errata	RHBA-2011:0054	normal	SHIPPED_LIVE	samba3x bug fix and enhancement update	2011-01-12 12:15:21 EST

Groups: None (edit)

Description Ray Van Dolson 2010-02-16 12:29:32 EST

Description of problem:
RHEL 5.4 machine joined to a Windows 2003 AD environment.  Using pam_winbind
with default settings.  When a user connects and authenticates (correctly),
winbind dumps core and dies and the authentication fails.

The only way I can get winbindd to consistently stay running is to disable
the winbind normalize names option.

Version-Release number of selected component (if applicable):
 samba3x-common-3.3.8-0.46.el5
 samba3x-winbind-3.3.8-0.46.el5

How reproducible:
Almost always?

Steps to Reproduce:
1. Join RHEL 5.4 machine to AD
2. Configure authentication with pam_winbind
3. Enable winbind normalize names = yes
4. Attempt to log in using an AD user account.
  
Actual results:
winbindd crashes.

Expected results:
winbindd doesn't crash.

Additional info:

Comment 1 Ray Van Dolson 2010-02-16 12:34:40 EST

Here is my smb.conf file:

[global]
   workgroup = WORKGROUP
   password server = passwordserver, *
   realm = REALM.ESRI.COM
   security = ads
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = true
   winbind offline logon = false
   winbind enum users = yes
   winbind enum groups = yes
   # Uncommenting below seems to crash winbindd on login.
   winbind normalize names = yes

Comment 2 Ray Van Dolson 2010-02-16 12:36:04 EST

Created attachment 394592 [details]
winbindd crash logs from /var/log/messages

Comment 3 Ray Van Dolson 2010-02-16 12:37:17 EST

Created attachment 394593 [details]
/etc/pam.d/system-auth

Comment 4 Ray Van Dolson 2010-02-16 12:41:31 EST

I can run winbindd in the foreground, generate some more verbose debug logs,
provide core files and install debuginfo RPM's if needed.

The user account I am testing _is_ a member of a group with a space in it.
As long as no authentication is attempted, I appear to be able to enumerate
the group membership for this user just fine -- it shows up with an
underscore instead of the space as expected.

Comment 5 Ray Van Dolson 2010-02-23 16:27:53 EST

I should also note that SELinux is in Enforcing mode on this system using the targeted policy.  I was seeing the following in audit.log:

avc:  denied  { name_connect } for  pid=25602 comm="winbindd" dest=135 scontext=root:system_r:winbind_t:s0 tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket

Which I resolved by creating the following policy:

module local 1.0;

require {
	type winbind_t;
	type reserved_port_t;
	class tcp_socket name_connect;
}

winbindd still segfaults however.  I am going to test with SELinux completely disabled just to be sure it isn't contributing somehow and will also install debuginfo's and get a better traceback.

Comment 6 Ray Van Dolson 2010-02-23 16:45:28 EST

Updated to using this SELinux policy:

module local 1.1;

require {
	type winbind_t;
	type reserved_port_t;
    type port_t;
	class tcp_socket name_connect;
}

#============= winbind_t ==============
allow winbind_t reserved_port_t:tcp_socket name_connect;
allow winbind_t port_t:tcp_socket name_connect;

Also, have tested with SELinux completely disabled and the crash still occurs.

Comment 7 Ray Van Dolson 2010-02-23 17:38:30 EST

Created attachment 395848 [details]
Backtrace

I couldn't find -debuginfo's for the samba3x packages, so built my own samba3x packages from SRPM's and installed the resultant -debuginfo packages.

Attached is the backtrace I get.

Comment 8 Ray Van Dolson 2010-03-01 17:53:35 EST

I built RPM's against Samba 3.3.11[1] and can no longer reproduce the issue above.

Now to identify which changesets actually are responsible. :)

[1] http://rayvd.fedorapeople.org/samba3x/

Comment 9 Ray Van Dolson 2010-03-01 18:26:48 EST

This[1] changeset appears to fix the problem.  When I rebuild 3.3.8 with the changeset included, I can no longer reproduce the problem.

[1] http://gitweb.samba.org/?p=samba.git;a=commit;h=62a1d9101cf0c2d45f81ba703cfdef5f42006b3f

Comment 10 Ray Van Dolson 2010-03-01 18:35:12 EST

SRPM with patch included is here:

  http://rayvd.fedorapeople.org/samba3x/samba3x-3.3.8-0.51.esri1.el5.src.rpm

Comment 12 Justin Payne 2010-05-18 13:53:57 EDT

Created attachment 414916 [details]
Patch based on commit 62a1d9101cf0c2d45f81ba703cfdef5f42006b3f

The diff from commit 62a1d9101cf0c2d45f81ba703cfdef5f42006b3f would not apply cleanly, so I created a gendiff patch based on the diff.

Comment 15 Ray Van Dolson 2010-06-11 14:26:24 EDT

Tested packages provided to me by support (jptest) and they appear to resolve the issue.

Comment 20 Ray Van Dolson 2010-08-13 12:19:19 EDT

Any chance of this making it into RHEL 5.5 errata or RHEL 5.6?

Comment 21 Dmitri Pal 2010-08-26 11:57:34 EDT

(In reply to comment #20)
> Any chance of this making it into RHEL 5.5 errata or RHEL 5.6?

Yes 5.6.

Comment 24 Eva Kopalova 2010-12-15 03:09:17 EST

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
When the 'normalize names' setting was enabled, the winbindd service could have failed after user authentication. With this update, authentication is successful.

Comment 26 errata-xmlrpc 2011-01-13 17:47:23 EST

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0054.html

Note You need to log in before you can comment on or make changes to this bug.