#11 smbd dumps core when client calls pdb_search_users()
With recent windows clients, the samba log has lines like this:
[2011/02/22 13:12:31, 0] lib/fault.c:46()
[2011/02/22 13:12:31, 0] lib/fault.c:47()
INTERNAL ERROR: Signal 11 in pid 26290 (3.4.3)
Please read the Trouble-Shooting section of the Samba3-HOWTO
[2011/02/22 13:12:31, 0] lib/fault.c:49()
From: http://www.samba.org/samba/docs/Samba3-HOWTO.pdf
[2011/02/22 13:12:31, 0] lib/fault.c:50()
===============================================================
[2011/02/22 13:12:31, 0] lib/util.c:1480()
PANIC (pid 26290): internal error
[2011/02/22 13:12:31, 0] lib/util.c:1634()
unable to produce a stack trace on this platform
[2011/02/22 13:12:31, 0] lib/fault.c:326()
dumping core in /usr/local/samba/var/cores/smbd
The traceback shows that it's calling a function at address zero:
libc.so.1`_lwp_kill+8(6, 0, ffbfe580, 7c7098, 852408, 4)
libc.so.1`abort+0x100(8e79c, 851e10, 6b02c8, ffef0764, 1, 7c70b0)
fault_report+0x1c4(1, 1, 0, 7c70b0, 66b2, 1)
libthread.so.1`__sighndlr+0xc(b, 0, ffbfe7d0, 300428, 0, 0)
libthread.so.1`call_user_handler+0x234(b, 0, ffbfe7d0, 0, 0, 0)
libthread.so.1`sigacthandler+0x64(b, 0, ffbfe7d0, ffedf278, 7bfb64, 897798)
0(888110, 180, 0, 0, 878e38, 897798)
_samr_QueryDisplayInfo+0x5c0(897d00, 8d9f98, 0, 0, 68e480, 7bfb64)
api_samr_QueryDisplayInfo+0x1ac(897d00, 1, 8d9f98, 7cd108, 7bfb64, 692c0c)
api_rpcTNP+0x32c(897d00, 852de0, 78, 28, 7bfb64, 7c6dbc)
api_pipe_request+0x1d4(897d00, 87ada8, 7c70b4, 698800, 0, 7c70b0)
process_request_pdu+0x6cc(897d00, 1, 897d94, 7c70b0, 1, 694978)
process_complete_pdu+0x13c(897d00, 198, 2c, ffbfef54, 7bfb64, 7c70b0)
This core dump happens when pdb_search_users() is called because the
underlying function is never filled in, leaving a NULL pointer in the struct.
This function and related ones are present in pdb_multi.c, but they are
excluded from the compilation. My first attempt at fixing this problem was
simply build a new multi.so with those functions included. However, I could
not figure out the syntax required in smb.conf to place multi.so in front of
mysql.so. If somebody knows how to do this, please let me know.
Once I defined the necessary functions in mysql.so, the core dumps disappeared.
Note that these are all dummy functions that return failures, but they do prevent
the core dumps, and do not appear to harm the function of smbd. They also
remove the destructor to prevent another core dump.
I'm attaching patches for pdb_multi.c and pdb_mysql.c that correct this problem.
These are needed in addition to the patches for pdbsql-0.3.1-samba-3.4.3 that
I submitted previously. I didn't include one for pdb_pgsql.c because I don't use
that back end.
Patch for pdb_multi.c
Patch for pdb_mysql.c