hpux:samba 4.5.11 single_terminate: reason[socket_get_remote_addr() failed]

Tue Sep 12 11:03:56 UTC 2017

On Tue, 2017-09-12 at 16:10 +0530, Silambarasan Madhappan via samba-
technical wrote:
> Hi Team,
> 
> 
> 
> I have setup samba 4.5.11 as Active Directory Domain Controller on hp-ux
> box.

Please, please don't do that.

> On running samba binary I’m getting below error in logs.
> 
> 
> 
> *[2017/08/28 16:18:56.431097,  3, pid=3730, effective(0, 3), real(0, 3)]
> ../source4/smbd/service_stream.c:66(stream_terminate_connection)*
> 
> *  Terminating connection - 'socket_get_remote_addr() failed'*
> 
> *[2017/08/28 16:18:56.431173,  3, pid=3730, effective(0, 3), real(0, 3)]
> ../source4/smbd/process_single.c:114(single_terminate)*
> 
> *  single_terminate: reason[socket_get_remote_addr() failed]*
> 
> 
> 
> On *triaging* this further I found that *below if condition* of *file *
> * lib/tsocket/tsocket_bsd.c*
> 
> *Function *
> 
> *int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,*
> 
> *       const struct sockaddr *sa,*
> 
> *       size_t sa_socklen,*
> 
> *       struct tsocket_address **_addr,*
> 
> *       const char *location)*
> 
> 
> 
> returns error
> 
> *if (sa_socklen < sizeof(sa->sa_family)) { *
> 
> *                                errno = EINVAL;*
> 
> *                                return -1;*
> 
> *}*
> 
> 
> 
> The reason of above failure is how getpeername(2) is implemented on hp-ux .
> 
> Which doesn’t update sockaddr structure and len variable for AF_UNIX.  For
> hp-ux getpeername(2) to update above values we have to explicitly provide
> client path and bind it to client socket.

That is consistent with other unix systems in spirit, perhaps the
implementation is slightly different.  You can't get the name of a
client of a unix domain socket. 

However, we overload this missing name when we detect via SO_PEERCREDS
that the user on the other side is privileged, and set a magic value. 

> 
> 
> Please suggested where to apply required changes in samba code.
> 
> Also let me know if any further information is required at my end.

Can you explain why you have to deploy on HP-UX?  This is just going to
be a support nightmare I fear, as while Samba has lofty ideals of
portability, you would be a one-of-a-kind deployment of the AD DC.

BTW, does HP-UX have the extended attribute support we need?

I fully expect there are numerous other assumptions about Linux/BSD
only behaviour in the AD DC, because that is the only places it has
been ever used or tested.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba