[Pkg-samba-maint] talloc null pointer memory leak / local user in domain error

Tue Jun 25 16:45:31 UTC 2013

It appears to be winbind that is causing the issue. When a local user logs
in, they are added to the AD instance and then as stated previously, it
then makes a null call to talloc causing the error message.

I'm fairly certain it is winbind, as the installation process started a
separated dedicated winbind daemon (as well as smbd, nmbd) that once
killed, stopped the erroneous messages (when samba was not running).
However, since winbind also runs internally in from samba, these messages
continue to appear.

This again is changed behavior from even the source tarball on samba.org,
so it may be as simple as reverting some changes to winbind in the
subsequent commits; though no messages in the handful commit logs I glanced
at jumped out at me as the source of the problem.

Mike Ray

On Mon, Jun 24, 2013 at 6:27 PM, Mike Ray <mike.joseph.ray at gmail.com> wrote:

> If this would be better served in just [Samba] or perhaps
> [Samba-Technical] as opposed to the maintainers list, my apologies and I'll
> route all similar things there in the future.
>
> Using the latest debian, I've noticed odd behavior after provisioning:
>
> The local user is seemingly added to the AD instance; even after reverting
> changes to PAM, logging in as the user who was active during provisioning
> gives this:
> "Failed to modify entry for user <localuser>"
>
> Invoking sudo gives the following:
> "no talloc stackframe at ../source3/lib/util.c:1493, leaking memory
> Failed to modify account record CN=<localuser>,CN=Users,DC=fake,DC=test to
> set user attributes: 0000052D: Constraint violation -
> check_password_restrictions: the password is too short. It should be equal
> or longer than 7 characters!"
>
> Using ldbdel to remove the user returns a success, but subsequent logins
> seem to re-add the user (no replication -- only 1 DC in these test cases)
> to the AD instance, and the errors crop up again.
>
> The leaked memory code ultimately leads here (I believe):
>
> TALLOC_CTX *_talloc_tos(const char *location)
> {
>         struct talloc_stackframe *ts =
>                 (struct talloc_stackframe *)SMB_THREAD_GET_TLS(global_ts);
>
>         if (ts == NULL || ts->talloc_stacksize == 0) {
>                 _talloc_stackframe(location);
>                 ts = (struct talloc_stackframe
> *)SMB_THREAD_GET_TLS(global_ts);
>                 DEBUG(0, ("no talloc stackframe at %s, leaking memory\n",
>                           location));
> #ifdef DEVELOPER
>                 smb_panic("No talloc stackframe");
> #endif
>         }
>
>         return ts->talloc_stack[ts->talloc_stacksize-1];
> }
>
> Interestingly %s is null at this point because of a bad call to it?
> "name = get_myname(talloc_tos())" (the call at util.c:1493).
>
> In the 4.0.6 source tarball, the local user provisioning the domain is not
> added to the domain. And I imagine that to be the source of the issue.
>
> Mike Ray
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130625/8b80b46a/attachment.html>