with most recent git master smbd fails to start in AD DC mode

Jeremy Allison jra at samba.org
Sat Mar 22 11:10:34 MDT 2014


On Sat, Mar 22, 2014 at 04:31:32AM +0100, Günter Kukkukk wrote:
> http://git.samba.org/?p=samba.git;a=commit;h=6034ab521c47fc5f4732398652c9c6847ff92035
> 
> introduced the following failure (in AD DC mode):
> 
> ....
> /usr/local/samba/sbin/smbd: smbd version 4.2.0pre1-GIT-7fdb21c started.
> /usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2014
> /usr/local/samba/sbin/smbd: Registered MSG_REQ_POOL_USAGE
> /usr/local/samba/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> /usr/local/samba/sbin/smbd: lp_load_ex: refreshing parameters
> /usr/local/samba/sbin/smbd: Initialising global parameters
> /usr/local/samba/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> /usr/local/samba/sbin/smbd: params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> /usr/local/samba/sbin/smbd: Processing section "[global]"
> /usr/local/samba/sbin/smbd: Processing section "[netlogon]"
> /usr/local/samba/sbin/smbd: Processing section "[sysvol]"
> /usr/local/samba/sbin/smbd: Processing section "[test]"
> /usr/local/samba/sbin/smbd: adding IPC service
> /usr/local/samba/sbin/smbd: added interface eno16777736 ip=2a02:8109:8f40:107c:20c:29ff:fe3b:8649 bcast= netmask=ffff:ffff:ffff:ffff::
> /usr/local/samba/sbin/smbd: added interface eno16777736 ip=192.168.200.70 bcast=192.168.200.255 netmask=255.255.255.0
> /usr/local/samba/sbin/smbd: added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
> /usr/local/samba/sbin/smbd: added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> /usr/local/samba/sbin/smbd: loaded services
> /usr/local/samba/sbin/smbd: Becoming a daemon.
> /usr/local/samba/sbin/smbd: ldb_wrap open of idmap.ldb
> /usr/local/samba/sbin/smbd: getpwuid(3000011) failed                     <<<<<===== !!!!!?
> /usr/local/samba/sbin/smbd: Failed to finalize nt token
> /usr/local/samba/sbin/smbd: create_local_token failed: NT_STATUS_UNSUCCESSFUL
> /usr/local/samba/sbin/smbd: ERROR: failed to setup guest info.
> Child /usr/local/samba/sbin/smbd exited with status 255 - Unknown error 255
> file_server smbd daemon died with exit status 255
> task_server_terminate: [smbd child process exited]
> samba_terminate: smbd child process exited
> ------------
> 
> When i revert this patch at least all former stuff is working again.

So here is a patch that will allow the getpwuid to
fail on guest tokens. Try this on top of current
master to see if it fixes your issue.

I don't like it though :-).

As far as I'm concerned, if :

username --> getpwnam() returns struct pwd

succeeds, then the following should
*always* succeed.

pwd->uid --> uid_to_sid() returns SID.
SID --> sid_to_uid() returns uid (must be identical to pwd->uid).
uid --> getpwuid() should return *idential* struct pwd.

If any of these fail, then I think something
is setup incorrectly on the system.

As I said, need more info to understand your
specific failure case.

Jeremy.
-------------- next part --------------
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index bccf1db..8d408fc 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -425,33 +425,39 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result,
 		TALLOC_CTX *tmp_ctx = talloc_stackframe();
 
 		pass = getpwuid_alloc(tmp_ctx, uid);
-		if (pass == NULL) {
-			DEBUG(1, ("getpwuid(%u) failed\n",
-				(unsigned int)uid));
-			TALLOC_FREE(tmp_ctx);
-			return NT_STATUS_UNSUCCESSFUL;
-		}
-
-		if (!getgroups_unix_user(tmp_ctx, pass->pw_name, pass->pw_gid,
-				&gids, &getgroups_num_group_sids)) {
-			DEBUG(1, ("getgroups_unix_user for user %s failed\n",
-				pass->pw_name));
-			TALLOC_FREE(tmp_ctx);
-			return NT_STATUS_UNSUCCESSFUL;
-		}
+		if (pass != NULL) {
+			if (!getgroups_unix_user(tmp_ctx, pass->pw_name, pass->pw_gid,
+					&gids, &getgroups_num_group_sids)) {
+				DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+					pass->pw_name));
+				TALLOC_FREE(tmp_ctx);
+				return NT_STATUS_UNSUCCESSFUL;
+			}
 
-		for (i=0; i<getgroups_num_group_sids; i++) {
-			struct dom_sid grp_sid;
-			gid_to_sid(&grp_sid, gids[i]);
+			for (i=0; i<getgroups_num_group_sids; i++) {
+				struct dom_sid grp_sid;
+				gid_to_sid(&grp_sid, gids[i]);
 
-			status = add_sid_to_array_unique(result,
+				status = add_sid_to_array_unique(result,
 						 &grp_sid,
 						 &result->sids,
 						 &result->num_sids);
-			if (!NT_STATUS_IS_OK(status)) {
-				DEBUG(3, ("Failed to add UNIX SID to nt token\n"));
+				if (!NT_STATUS_IS_OK(status)) {
+					DEBUG(3, ("Failed to add UNIX SID to nt token\n"));
+					TALLOC_FREE(tmp_ctx);
+					return status;
+				}
+			}
+		} else {
+			DEBUG(1, ("getpwuid(%u) failed\n",
+				(unsigned int)uid));
+			/*
+			 * getpwuid_alloc == NULL is not a fatal
+			 * error for guest (WHY?).
+			 */
+			if (!is_guest) {
 				TALLOC_FREE(tmp_ctx);
-				return status;
+				return NT_STATUS_UNSUCCESSFUL;
 			}
 		}
 		TALLOC_FREE(tmp_ctx);


More information about the samba-technical mailing list