with most recent git master smbd fails to start in AD DC mode
Jeremy Allison
jra at samba.org
Sat Mar 22 11:10:34 MDT 2014
On Sat, Mar 22, 2014 at 04:31:32AM +0100, Günter Kukkukk wrote:
> http://git.samba.org/?p=samba.git;a=commit;h=6034ab521c47fc5f4732398652c9c6847ff92035
>
> introduced the following failure (in AD DC mode):
>
> ....
> /usr/local/samba/sbin/smbd: smbd version 4.2.0pre1-GIT-7fdb21c started.
> /usr/local/samba/sbin/smbd: Copyright Andrew Tridgell and the Samba Team 1992-2014
> /usr/local/samba/sbin/smbd: Registered MSG_REQ_POOL_USAGE
> /usr/local/samba/sbin/smbd: Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> /usr/local/samba/sbin/smbd: lp_load_ex: refreshing parameters
> /usr/local/samba/sbin/smbd: Initialising global parameters
> /usr/local/samba/sbin/smbd: rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> /usr/local/samba/sbin/smbd: params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> /usr/local/samba/sbin/smbd: Processing section "[global]"
> /usr/local/samba/sbin/smbd: Processing section "[netlogon]"
> /usr/local/samba/sbin/smbd: Processing section "[sysvol]"
> /usr/local/samba/sbin/smbd: Processing section "[test]"
> /usr/local/samba/sbin/smbd: adding IPC service
> /usr/local/samba/sbin/smbd: added interface eno16777736 ip=2a02:8109:8f40:107c:20c:29ff:fe3b:8649 bcast= netmask=ffff:ffff:ffff:ffff::
> /usr/local/samba/sbin/smbd: added interface eno16777736 ip=192.168.200.70 bcast=192.168.200.255 netmask=255.255.255.0
> /usr/local/samba/sbin/smbd: added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
> /usr/local/samba/sbin/smbd: added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> /usr/local/samba/sbin/smbd: loaded services
> /usr/local/samba/sbin/smbd: Becoming a daemon.
> /usr/local/samba/sbin/smbd: ldb_wrap open of idmap.ldb
> /usr/local/samba/sbin/smbd: getpwuid(3000011) failed <<<<<===== !!!!!?
> /usr/local/samba/sbin/smbd: Failed to finalize nt token
> /usr/local/samba/sbin/smbd: create_local_token failed: NT_STATUS_UNSUCCESSFUL
> /usr/local/samba/sbin/smbd: ERROR: failed to setup guest info.
> Child /usr/local/samba/sbin/smbd exited with status 255 - Unknown error 255
> file_server smbd daemon died with exit status 255
> task_server_terminate: [smbd child process exited]
> samba_terminate: smbd child process exited
> ------------
>
> When i revert this patch at least all former stuff is working again.
So here is a patch that will allow the getpwuid to
fail on guest tokens. Try this on top of current
master to see if it fixes your issue.
I don't like it though :-).
As far as I'm concerned, if :
username --> getpwnam() returns struct pwd
succeeds, then the following should
*always* succeed.
pwd->uid --> uid_to_sid() returns SID.
SID --> sid_to_uid() returns uid (must be identical to pwd->uid).
uid --> getpwuid() should return *idential* struct pwd.
If any of these fail, then I think something
is setup incorrectly on the system.
As I said, need more info to understand your
specific failure case.
Jeremy.
-------------- next part --------------
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index bccf1db..8d408fc 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -425,33 +425,39 @@ static NTSTATUS finalize_local_nt_token(struct security_token *result,
TALLOC_CTX *tmp_ctx = talloc_stackframe();
pass = getpwuid_alloc(tmp_ctx, uid);
- if (pass == NULL) {
- DEBUG(1, ("getpwuid(%u) failed\n",
- (unsigned int)uid));
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!getgroups_unix_user(tmp_ctx, pass->pw_name, pass->pw_gid,
- &gids, &getgroups_num_group_sids)) {
- DEBUG(1, ("getgroups_unix_user for user %s failed\n",
- pass->pw_name));
- TALLOC_FREE(tmp_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
+ if (pass != NULL) {
+ if (!getgroups_unix_user(tmp_ctx, pass->pw_name, pass->pw_gid,
+ &gids, &getgroups_num_group_sids)) {
+ DEBUG(1, ("getgroups_unix_user for user %s failed\n",
+ pass->pw_name));
+ TALLOC_FREE(tmp_ctx);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
- for (i=0; i<getgroups_num_group_sids; i++) {
- struct dom_sid grp_sid;
- gid_to_sid(&grp_sid, gids[i]);
+ for (i=0; i<getgroups_num_group_sids; i++) {
+ struct dom_sid grp_sid;
+ gid_to_sid(&grp_sid, gids[i]);
- status = add_sid_to_array_unique(result,
+ status = add_sid_to_array_unique(result,
&grp_sid,
&result->sids,
&result->num_sids);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(3, ("Failed to add UNIX SID to nt token\n"));
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(3, ("Failed to add UNIX SID to nt token\n"));
+ TALLOC_FREE(tmp_ctx);
+ return status;
+ }
+ }
+ } else {
+ DEBUG(1, ("getpwuid(%u) failed\n",
+ (unsigned int)uid));
+ /*
+ * getpwuid_alloc == NULL is not a fatal
+ * error for guest (WHY?).
+ */
+ if (!is_guest) {
TALLOC_FREE(tmp_ctx);
- return status;
+ return NT_STATUS_UNSUCCESSFUL;
}
}
TALLOC_FREE(tmp_ctx);
More information about the samba-technical
mailing list