Bug 586346 - samba "net groupmap listmem" seg faulting
Summary: samba "net groupmap listmem" seg faulting
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba
Version: 5.4
Hardware: All
OS: Linux
low
high
Target Milestone: rc
: ---
Assignee: Guenther Deschner
QA Contact: qe-baseos-daemons
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-27 11:27 UTC by Matthew Baker
Modified: 2011-01-31 15:39 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-01-31 15:39:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Samba configuration file (980 bytes, application/octet-stream)
2010-04-27 11:27 UTC, Matthew Baker 		no flags Details
gdb stack trace (8.65 KB, text/plain)
2010-09-06 10:14 UTC, Matthew Baker 		no flags Details
View All

Description Matthew Baker 2010-04-27 11:27:47 UTC 
Created attachment 409443 [details]
Samba configuration file

Description of problem:

Seg fault occurs when attempting to list the members of a group map.

Version-Release number of selected component (if applicable):

samba-3.0.33-3.15.el5_4.1

How reproducible:

Configure a samba server as a domain member server running in security=ADS mode. List all group mappings and then members of a group map.

Steps to Reproduce:
1. Configure samba server with attached smb.conf.
2. Configure krb5.conf to use the realm mentioned in smb.conf
3. Join the samba server to the AD domain:

# net ads join ...
# net ads testjoin

Please lookup how to add a host as a domain member in security=ads as it's too complex to fully describe here.

4. List group mappings:

# net ads groupmap list

5. If none add one:

# Group=agroup
# net groupmap add unixgroup=$Group type=local

6. Get the SID of the newly added group

# GroupSID=$(net groupmap list|grep "^$Group "|sed 's/.*(\(.*\)).*/\1/')

7. List members of the group

net groupmap listmem $GroupSID

Actual results:

$ net groupmap listmem S-1-5-21-1324538787-3842764067-3378067341-1008
S-1-22-1-1516
S-1-22-1-59888
S-1-5-21-1324538787-3842764067-3378067341-1008
S-1-22-1-8074
S-1-22-1-8835
S-1-22-1-50216
S-1-22-1-9382
S-1-22-1-34396
S-1-22-1-50251
S-1-22-1-15524
S-1-22-1-46906
S-1-22-1-11923
S-1-22-1-10222
S-1-22-1-57815
S-1-22-1-44093
S-1-22-1-4541
*** glibc detected *** net: free(): invalid pointer: 0x097e8710 ***
======= Backtrace: =========
/lib/libc.so.6[0x1c0595]
/lib/libc.so.6(cfree+0x59)[0x1c09d9]
net[0x8da94d]
net(net_run_function+0x66)[0x8b5e66]
net(net_groupmap+0x67)[0x8da107]
net(net_run_function+0x66)[0x8b5e66]
net(main+0x731)[0x8b65f1]
/lib/libc.so.6(__libc_start_main+0xdc)[0x16ce9c]
net[0x8b4461]
======= Memory map: ========
00110000-00119000 r-xp 00000000 03:01 3014778    /lib/libcrypt-2.5.so
00119000-0011a000 r--p 00008000 03:01 3014778    /lib/libcrypt-2.5.so
0011a000-0011b000 rw-p 00009000 03:01 3014778    /lib/libcrypt-2.5.so
0011b000-00142000 rw-p 0011b000 00:00 0 
00142000-00144000 r-xp 00000000 03:01 3014788    /lib/libcom_err.so.2.1
00144000-00145000 rw-p 00001000 03:01 3014788    /lib/libcom_err.so.2.1
00145000-00148000 r-xp 00000000 03:01 3014798    /lib/libuuid.so.1.2
00148000-00149000 rw-p 00003000 03:01 3014798    /lib/libuuid.so.1.2
00149000-00156000 r-xp 00000000 03:01 7373178    /usr/lib/liblber-2.3.so.0.2.31
00156000-00157000 rw-p 0000c000 03:01 7373178    /usr/lib/liblber-2.3.so.0.2.31
00157000-00296000 r-xp 00000000 03:01 3014772    /lib/libc-2.5.so
00296000-00297000 ---p 0013f000 03:01 3014772    /lib/libc-2.5.so
00297000-00299000 r--p 0013f000 03:01 3014772    /lib/libc-2.5.so
00299000-0029a000 rw-p 00141000 03:01 3014772    /lib/libc-2.5.so
0029a000-0029d000 rw-p 0029a000 00:00 0 
0029d000-0029f000 r-xp 00000000 03:01 3014787    /lib/libkeyutils-1.2.so
0029f000-002a0000 rw-p 00001000 03:01 3014787    /lib/libkeyutils-1.2.so
002a0000-002e4000 r-xp 00000000 03:01 3017974    /lib/libssl.so.0.9.8e
002e4000-002e8000 rw-p 00043000 03:01 3017974    /lib/libssl.so.0.9.8e
002f1000-00304000 r-xp 00000000 03:01 3014777    /lib/libnsl-2.5.so
00304000-00305000 r--p 00012000 03:01 3014777    /lib/libnsl-2.5.so
00305000-00306000 rw-p 00013000 03:01 3014777    /lib/libnsl-2.5.so
00306000-00308000 rw-p 00306000 00:00 0 
00308000-00343000 r-xp 00000000 03:01 3014784    /lib/libsepol.so.1
00343000-00344000 rw-p 0003b000 03:01 3014784    /lib/libsepol.so.1
00344000-0034e000 rw-p 00344000 00:00 0 
0034e000-00359000 r-xp 00000000 03:01 3014775    /lib/libgcc_s-4.1.2-20080825.so.1
00359000-0035a000 rw-p 0000a000 03:01 3014775    /lib/libgcc_s-4.1.2-20080825.so.1
003a3000-003d2000 r-xp 00000000 03:01 7373548    /usr/lib/libreadline.so.5.1
003d2000-003d6000 rw-p 0002f000 03:01 7373548    /usr/lib/libreadline.so.5.1
003d6000-003d7000 rw-p 003d6000 00:00 0 
0043b000-0044d000 r-xp 00000000 03:01 7373535    /usr/lib/libz.so.1.2.3
0044d000-0044e000 rw-p 00011000 03:01 7373535    /usr/lib/libz.so.1.2.3
0049a000-004a1000 r-xp 00000000 03:01 7373462    /usr/lib/libpopt.so.0.0.0
004a1000-004a2000 rw-p 00006000 03:01 7373462    /usr/lib/libpopt.so.0.0.0
004b4000-004bc000 r-xp 00000000 03:01 7372835    /usr/lib/libkrb5support.so.0.1
004bc000-004bd000 rw-p 00007000 03:01 7372835    /usr/lib/libkrb5support.so.0.1
00501000-00517000 r-xp 00000000 03:01 3014785    /lib/libselinux.so.1
00517000-00519000 rw-p 00015000 03:01 3014785    /lib/libselinux.so.1
0055d000-0059d000 r-xp 00000000 03:01 7373461    /usr/lib/libncurses.so.5.5
0059d000-005a5000 rw-p 00040000 03:01 7373461    /usr/lib/libncurses.so.5.5
005a5000-005a6000 rw-p 005a5000 00:00 0 
005ab000-005ad000 r-xp 00000000 03:01 7831681    /usr/lib/gconv/IBM850.so
005ad000-005af000 rw-p 00001000 03:01 7831681    /usr/lib/gconv/IBM850.so
00606000-00699000 r-xp 00000000 03:01 7373545    /usr/lib/libkrb5.so.3.3
00699000-0069c000 rw-p 00092000 03:01 7373545    /usr/lib/libkrb5.so.3.3
0077c000-007b5000 r-xp 00000000 03:01 7373370    /usr/lib/libldap-2.3.so.0.2.31
007b5000-007b6000 rw-p 00039000 03:01 7373370    /usr/lib/libldap-2.3.so.0.2.31
00874000-00b23000 r-xp 00000000 03:01 7408099    /usr/bin/net
00b23000-00b30000 rw-p 002ae000 03:01 7408099    /usr/bin/net
00b30000-00b43000 rw-p 00b30000 00:00 0 
00b9b000-00b9c000 r-xp 00b9b000 00:00 0          [vdso]
00b9c000-00cc6000 r-xp 00000000 03:01 3015788    /lib/libcrypto.so.0.9.8e
00cc6000-00cd9000 rw-p 00129000 03:01 3015788    /lib/libcrypto.so.0.9.8e
00cd9000-00cdd000 rw-p 00cd9000 00:00 0 
00cfa000-00d27000 r-xp 00000000 03:01 7373546    /usr/lib/libgssapi_krb5.so.2.2
00d27000-00d28000 rw-p 0002d000 03:01 7373546    /usr/lib/libgssapi_krb5.so.2.2
00d46000-00d55000 r-xp 00000000 03:01 3014746    /lib/libresolv-2.5.so
00d55000-00d56000 r--p 0000e000 03:01 3014746    /lib/libresolv-2.5.so
00d56000-00d57000 rw-p 0000f000 03:01 3014746    /lib/libresolv-2.5.so
00d57000-00d59000 rw-p 00d57000 00:00 0 
00dd7000-00df1000 r-xp 00000000 03:01 3014771    /lib/ld-2.5.so
00df1000-00df2000 r--p 00019000 03:01 3014771    /lib/ld-2.5.so
00df2000-00df3000 rw-p 0001a000 03:01 3014771    /lib/ld-2.5.so
00e2f000-00e31000 r-xp 00000000 03:01 7831801    /usr/lib/gconv/UTF-16.so
00e31000-00e33000 rw-p 00001000 03:01 7831801    /usr/lib/gconv/UTF-16.so
00e67000-00e7f000 r-xp 00000000 03:01 7373119    /usr/lib/libsasl2.so.2.0.22
00e7f000-00e80000 rw-p 00017000 03:01 7373119    /usr/lib/libsasl2.so.2.0.22
00eaf000-00ed4000 r-xp 00000000 03:01 7373544    /usr/lib/libk5crypto.so.3.1
00ed4000-00ed5000 rw-p 00025000 03:01 7373544    /usr/lib/libk5crypto.so.3.1
00f46000-00f48000 r-xp 00000000 03:01 3014773    /lib/libdl-2.5.so
00f48000-00f49000 r--p 00001000 03:01 3014773    /lib/libdl-2.5.so
00f49000-00f4a000 rw-p 00002000 03:01 3014773    /lib/libdl-2.5.so
09794000-097f8000 rw-p 09794000 00:00 0          [heap]
b7d2a000-b7d2b000 rw-p b7d2a000 00:00 0 
b7d2b000-b7d2f000 rw-s 00000000 03:01 15302718   /var/cache/samba/group_mapping.tdb
b7d2f000-b7d3f000 r--s 00000000 03:01 7504120    /usr/lib/samba/valid.dat
b7d3f000-b7f3f000 r--p 00000000 03:01 7832505    /usr/lib/locale/locale-archive
b7f3f000-b7f5f000 r--s 00000000 03:01 7504116    /usr/lib/samba/lowcase.dat
b7f5f000-b7f7f000 r--s 00000000 03:01 7504115    /usr/lib/samba/upcase.dat
b7f7f000-b7f86000 rw-p b7f7f000 00:00 0 
b7f86000-b7f8d000 r--s 00000000 03:01 7831852    /usr/lib/gconv/gconv-modules.cache
bfa71000-bfa86000 rw-p bffea000 00:00 0          [stack]
Aborted

Expected results:

Command should just list the members if any and return a 0 exit status as normal.

Additional info:

I am choosing to ignore this error at the moment by using the environment variable: MALLOC_CHECK_=0
Comment 1 Simo Sorce 2010-05-26 15:58:58 UTC 
Can you please provide a backtrace with debugging symbols ?
Comment 4 Matthew Baker 2010-09-06 10:14:42 UTC 
Created attachment 443268 [details]
gdb stack trace
Comment 5 Matthew Baker 2010-09-06 10:15:14 UTC 
Attached trace as requested. Apologies for the delay.
Comment 7 Guenther Deschner 2011-01-31 15:39:58 UTC 
The samba3x package has a fixed version of the 'net' binary. Please just use the samba3x-client package. Thanks for the bugreport!
Note You need to log in before you can comment on or make changes to this bug.