[Pkg-samba-maint] talloc null pointer memory leak / local user in domain error

Mike Ray mike.joseph.ray at gmail.com
Mon Jun 24 23:27:13 UTC 2013 

If this would be better served in just [Samba] or perhaps [Samba-Technical]
as opposed to the maintainers list, my apologies and I'll route all similar
things there in the future.

Using the latest debian, I've noticed odd behavior after provisioning:

The local user is seemingly added to the AD instance; even after reverting
changes to PAM, logging in as the user who was active during provisioning
gives this:
"Failed to modify entry for user <localuser>"

Invoking sudo gives the following:
"no talloc stackframe at ../source3/lib/util.c:1493, leaking memory
Failed to modify account record CN=<localuser>,CN=Users,DC=fake,DC=test to
set user attributes: 0000052D: Constraint violation -
check_password_restrictions: the password is too short. It should be equal
or longer than 7 characters!"

Using ldbdel to remove the user returns a success, but subsequent logins
seem to re-add the user (no replication -- only 1 DC in these test cases)
to the AD instance, and the errors crop up again.

The leaked memory code ultimately leads here (I believe):

TALLOC_CTX *_talloc_tos(const char *location)
{
        struct talloc_stackframe *ts =
                (struct talloc_stackframe *)SMB_THREAD_GET_TLS(global_ts);

        if (ts == NULL || ts->talloc_stacksize == 0) {
                _talloc_stackframe(location);
                ts = (struct talloc_stackframe
*)SMB_THREAD_GET_TLS(global_ts);
                DEBUG(0, ("no talloc stackframe at %s, leaking memory\n",
                          location));
#ifdef DEVELOPER
                smb_panic("No talloc stackframe");
#endif
        }

        return ts->talloc_stack[ts->talloc_stacksize-1];
}

Interestingly %s is null at this point because of a bad call to it?
"name = get_myname(talloc_tos())" (the call at util.c:1493).

In the 4.0.6 source tarball, the local user provisioning the domain is not
added to the domain. And I imagine that to be the source of the issue.

Mike Ray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130624/0635f0bb/attachment.html>

More information about the Pkg-samba-maint mailing list