Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 229863 - Segfault using "write list" setting
Summary: Segfault using "write list" setting
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: samba
Version: 5.0
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: Simo Sorce
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2007-02-23 20:53 UTC by Dax Kelson
Modified: 2007-11-30 22:07 UTC (History)
0 users

Fixed In Version: RHEL5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-02-23 21:57:48 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Dax Kelson 2007-02-23 20:53:33 UTC
Description of problem:
On RHEL5b2 and stock FC6 using samba-3.0.23c-2 (I also tried 3.0.24-1.fc6) I can
cause a crash every time when trying to connect to the following share:

workgroup = EXAMPLE
netbios name = station10
map archive = yes
map system = yes
map hidden = yes
follow symlinks = no
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd

comment = Sales department files
path = /srv/samba/sales
guest ok = no
read only = yes
force create mode = 0660
force directory mode = 2770
force group = sales
write list = @sales 

If I comment out the "write list", no crash.

To connect to the share I use:
$ smbclient  //station10/sales -U guru
Password: <thepass>
Domain=[STATION10] OS=[Unix] Server=[Samba 3.0.23c-2]
tree connect failed: Call returned zero bytes (EOF)

Here is the log output from Samba:
[2007/02/23 13:43:11, 1] smbd/service.c:make_connection_snum(941)
  station10 ( connect to service sales initially as user guru
(uid=500, gid=503) (pid 3069)
[2007/02/23 13:43:12, 1] smbd/service.c:close_cnum(1141)
  station10 ( closed connection to service sales
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(41)
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(42)
  INTERNAL ERROR: Signal 11 in pid 3072 (3.0.23c-2)
  Please read the Trouble-Shooting section of the Samba3-HOWTO
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(44)
[2007/02/23 13:43:23, 0] lib/fault.c:fault_report(45)
[2007/02/23 13:43:23, 0] lib/util.c:smb_panic(1614)
  PANIC (pid 3072): internal error
[2007/02/23 13:43:23, 0] lib/util.c:log_stack_trace(1721)
  BACKTRACE: 21 stack frames:
   #0 smbd(log_stack_trace+0x2d) [0xe0125d]
   #1 smbd(smb_panic+0x5d) [0xe0138d]
   #2 smbd [0xdecd7a]
   #3 [0x53e420]
   #4 /lib/ [0x8822e3]
   #5 /lib/ [0x882025]
   #6 /lib/ [0x99ec5f]
   #7 /lib/ [0xa177c4]
   #8 /lib/ [0x9003c6]
   #9 smbd(user_in_netgroup+0x65) [0xc37a65]
   #10 smbd(token_contains_name_in_list+0x23d) [0xc3a46d]
   #11 smbd(is_share_read_only_for_token+0x98) [0xc3a768]
   #12 smbd(change_to_user+0x442) [0xc78eb2]
   #13 smbd [0xc984a8]
   #14 smbd(make_connection+0x194) [0xc99914]
   #15 smbd(reply_tcon_and_X+0x217) [0xc5d1d7]
   #16 smbd [0xc94a70]
   #17 smbd(smbd_process+0x7ab) [0xc95b9b]
   #18 smbd(main+0xbd0) [0xeaf8e0]
   #19 /lib/ [0x82bf2c]
   #20 smbd [0xc1ffb1]
[2007/02/23 13:43:23, 0] lib/fault.c:dump_core(173)
  dumping core in /var/log/samba/cores/smbd

Comment 1 Simo Sorce 2007-02-23 21:16:35 UTC
This seems to be a bug in libnss_nisplus not in samba.

To workaround it you can use + instead of @ in the write list, unless you really
want to check a NIS netgroup there.

Comment 2 Simo Sorce 2007-02-23 21:57:48 UTC
Should be fixed in latest rhel5, this bug seem to be fixed in glibc-2.5-7 and
latest rhel5 have 2.5-12

Note You need to log in before you can comment on or make changes to this bug.