Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
nss_winbind Segmentation fault - (was: Re: Samba DC provisioning fails with ACL-enabled NetBSD-current)
Hello everybody,
In the meantime I was able to successfully connect a Windows VM to the
Samba domain. The domain login works and also the access to the Sysvol.
Wonderful!
Now I try to make the domain accounts known on the Samba host - the
NetBSD system. I have adjusted the /etc/nsswitch.conf as follows:
#group: compat
group: files winbind
#passwd: compat
passwd: files winbind
and linked the nss library to the expected location:
test10# ln -s /usr/pkg/lib/libnss_winbind.so /usr/lib/nss_winbind.so.0
My expectation was that the following would work:
test10# id Administrator
Memory fault (core dumped)
As you can see, this is not the case. A core dump is written instead.
Fortunately, it contains kind of a hint:
test10# gdb /usr/bin/id id.core
Reading symbols from /usr/bin/id...
(No debugging symbols found in /usr/bin/id)
[New process 1964]
Core was generated by `id'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000070fb1200355c in netbsdwinbind_getgroupmembership () from
/usr/lib/nss_winbind.so.0
(gdb) bt
#0 0x000070fb1200355c in netbsdwinbind_getgroupmembership () from
/usr/lib/nss_winbind.so.0
#1 0x000070fb12b5a375 in nsdispatch () from /usr/lib/libc.so.12
#2 0x000070fb12aa25f9 in getgroupmembership () from /usr/lib
/libc.so.12
#3 0x000070fb12a72d40 in getgrouplist () from /usr/lib/libc.so.12
#4 0x000000013e001792 in main ()
(gdb)
As a test, I have adjusted /etc/nsswitch.conf to not use winbind for group:
#group: compat
group: files #winbind
#passwd: compat
passwd: files winbind
That looks better:
test10# id Administrator
uid=0(MPNET\administrator) gid=100(users) groups=100(users)
Then I reactivated winbind for group in /etc/nsswitch.conf and tried to
look more deeply into the function netbsdwinbind_getgroupmembership with
the debugger:
test10# gdb /usr/bin/id id.core
Reading symbols from /usr/bin/id...
(No debugging symbols found in /usr/bin/id)
[New process 11852]
Core was generated by `id'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000079b06de0355c in netbsdwinbind_getgroupmembership () from
/usr/lib/nss_winbind.so.0
(gdb) br netbsdwinbind_getgroupmembership
Breakpoint 1 at 0x79b06de03451
(gdb) run Administrator
Starting program: /usr/bin/id Administrator
Breakpoint 1, 0x0000795372a03451 in
netbsdwinbind_getgroupmembership () from /usr/lib/nss_winbind.so.0
(gdb) s
Single stepping until exit from function
netbsdwinbind_getgroupmembership,
which has no line number information.
Program received signal SIGSEGV, Segmentation fault.
0x0000795372a0355c in netbsdwinbind_getgroupmembership () from
/usr/lib/nss_winbind.so.0
(gdb)
Result: the debugging symbols are missing. So rebuilt Samba again with
debug symbols:
test10# cd /usr/pkgsrc/net/samba4/
test10# env CFLAGS=-g INSTALL_UNSTRIPPED=yes make replace
The next attempt was more revealing:
test10# id Administrator
Memory fault (core dumped)
test10# gdb /usr/bin/id id.core
Reading symbols from /usr/bin/id...
(No debugging symbols found in /usr/bin/id)
[New process 13454]
Core was generated by `id'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000731c1f203dcf in netbsdwinbind_getgroupmembership
(nsrv=0x0, nscb=0x0, ap=0x7f7fff7b5028) at ../../nsswitch
/winbind_nss_netbsd.c:203
203 for (dupc = 0; dupc < MIN(maxgrp, *groupc);
dupc++) {
(gdb) bt
#0 0x0000731c1f203dcf in netbsdwinbind_getgroupmembership
(nsrv=0x0, nscb=0x0, ap=0x7f7fff7b5028) at ../../nsswitch
/winbind_nss_netbsd.c:203
#1 0x0000731c1fd5a375 in nsdispatch () from /usr/lib/libc.so.12
#2 0x0000731c1fca25f9 in getgroupmembership () from /usr/lib
/libc.so.12
#3 0x0000731c1fc72d40 in getgrouplist () from /usr/lib/libc.so.12
#4 0x0000000058e01792 in main ()
(gdb)
The problem seems to be triggered by the function / macro (?) MIN (...).
Its parameters are fed by the call parameters of
netbsdwinbind_getgroupmembership:
netbsdwinbind_getgroupmembership(void *nsrv, void *nscb, va_list ap)
{
int *result = va_arg(ap, int *);
const char *uname = va_arg(ap, const char *);
gid_t *groups = va_arg(ap, gid_t *);
int maxgrp = va_arg(ap, int);
int *groupc = va_arg(ap, int *);
struct winbindd_request request = {
.wb_flags = WBFLAG_FROM_NSS,
};
struct winbindd_response response = {
.length = 0,
};
gid_t *wblistv;
int wblistc, i, isdup, dupc;
strncpy(request.data.username, uname,
sizeof(request.data.username) - 1);
i = winbindd_request_response(NULL, WINBINDD_GETGROUPS,
&request, &response);
if (i != NSS_STATUS_SUCCESS)
return NS_NOTFOUND;
wblistv = (gid_t *)response.extra_data.data;
wblistc = response.data.num_entries;
for (i = 0; i < wblistc; i++) { /* add
winbind gids */
isdup = 0; /* skip
duplicates */
for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) {
if (groups[dupc] == wblistv[i]) {
isdup = 1;
break;
}
}
if (isdup)
continue;
if (*groupc < maxgrp) /* add this
gid */
groups[*groupc] = wblistv[i];
else
*result = -1;
(*groupc)++;
}
SAFE_FREE(wblistv);
return NS_NOTFOUND;
}
I will look at this further tomorrow and hope to come to a solution
which I will of course write here. In the meantime, if someone has
advice for me or I have a gross mistake in my thinking, I would of
course also be happy to receive an answer.
Best wishes
Matthias
Home |
Main Index |
Thread Index |
Old Index