net usershare dies for users with "Failed to init messaging context"
David Mulder
dmulder at suse.com
Tue Jun 6 13:50:43 UTC 2017
Ugh, didn't mean to encrypt that last message (client did it by default).
I pointed out that it looks like we're missing an acceptable NT_STATUS
code here. A strace clearly shows that we're being denied because of
access issues to the lock dir (which should have taken the 'its ok to
fail' case). Instead it's failing because it didn't detect an acceptable
messaging init failure.
I'll figure out what the status code is and submit a patch.
On 06/06/2017 06:15 AM, David Mulder via samba-technical wrote:
>
> On 06/05/2017 05:01 PM, Jeremy Allison wrote:
>> On Mon, Jun 05, 2017 at 04:51:05PM -0600, David Mulder via samba-technical wrote:
>>> That was testing against 4.6.3. This didn't happen in 3.6.3. There's a
>>> nautlius plugin that lets regular users create shares called
>>> nautilus-share. Does this just not work anymore?
>> I think that works. Look at the code referenced below.
>>
>> "Failing to init the msg_ctx isn't a fatal error."
>>
>> so 'net usershare add' creating the usershare files locally should still work
>> fine.
> But it doesn't:
>
> dmulder at linux-ivsy:~> net usershare add test_share /home/dmulder/test_share/
> Failed to init messaging context
> dmulder at linux-ivsy:~> sudo net usershare list
> [sudo] password for root:
> dmulder at linux-ivsy:~>
>
> If that's not a fatal error, then why do we exit(1) right after the
> non-fatal error? It clearly doesn't complete the share creation.
>
>>> On 06/05/2017 11:51 AM, Jeremy Allison wrote:
>>>> On Mon, Jun 05, 2017 at 11:09:12AM -0600, David Mulder via samba-technical wrote:
>>>>>> net usershare add test_share /home/dmulder/test_share/
>>>>> Failed to init messaging context
>>>>>
>>>>>
>>>>> I've been looking at this and thinking this might be due to hardening
>>>>> done after the badlock fixes. Any thoughts? Maybe this is a known issue?
>>>>>
>>>>> It only fails for regular users, not for root.
>>>>>
>>>>> Debug:
>>>>> pm_process() returned Yes
>>>>> lp_servicenumber: couldn't find homes
>>>>> messaging_dgm_lockfile_create: open failed: Permission denied
>>>>> messaging_dgm_init: messaging_dgm_create_lockfile failed: Permission denied
>>>>> messaging_dgm_ref: messaging_dgm_init returned Permission denied
>>>>> messaging_dgm_init failed: Permission denied
>>>>> messaging_dgm_ref failed: Permission denied
>>>>> Failed to init messaging context
>>>> That's normal for a non-root usage of the net client binary.
>>>>
>>>> In 4.5.x we have:
>>>>
>>>> /*
>>>> * Failing to init the msg_ctx isn't a fatal error. Only root-level
>>>> * things (joining/leaving domains etc.) will be denied.
>>>> */
>>>> c->msg_ctx = messaging_init(c, samba_tevent_context_init(c));
>>>>
>>>> in 4.6 and above (master) we have:
>>>>
>>>> status = messaging_init_client(c,
>>>> samba_tevent_context_init(c),
>>>> &c->msg_ctx);
>>>> if (geteuid() != 0 &&
>>>> NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
>>>> /*
>>>> * Normal to fail to initialize messaging context
>>>> * if we're not root as we don't have ability to
>>>> * read lock directory.
>>>> */
>>>> DBG_NOTICE("Unable to initialize messaging context. "
>>>> "Must be root to do that.\n");
>>>> } else if (!NT_STATUS_IS_OK(status)) {
>>>> d_fprintf(stderr, "Failed to init messaging context\n");
>>>> exit(1);
>>>> }
>>>>
>>>> Is you testing in 4.5.x or 4.6.x ?
>>>>
>>> --
>>> David Mulder
>>> SUSE Labs Software Engineer - Samba
>>> dmulder at suse.com
>>> SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
>>>
>>>
--
David Mulder
SUSE Labs Software Engineer - Samba
dmulder at suse.com
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
More information about the samba-technical
mailing list