[Samba] samba-tool crashes if include = /patch/to/%U.conf in smb.conf

Quentin Gibeaux qgibeaux at iris-tech.fr
Tue Jul 15 10:17:23 MDT 2014 

On 15/07/2014 11:44, Rowland Penny wrote:
> On 15/07/14 10:36, Quentin Gibeaux wrote:
>> Forgot to reply to list…
>>
>> On 15/07/2014 11:33, Quentin Gibeaux wrote:
>>> On 15/07/2014 11:25, Rowland Penny wrote:
>>>> On 15/07/14 08:35, Quentin Gibeaux wrote:
>>>>> In fact it crashes for any include with any variable substitution 
>>>>> (%U, %g, %a…).
>>>> The problem here is that samba-tool parses smb.conf even if it 
>>>> doesn't really need to and samba4 doesn't understand %U etc.
>>> So why not catching the exception, printing "Warning, smb4 doesn't 
>>> handle variable substitution" and continue ?
>
> I do not know, care to come up with a patch to do this?
>
How about this :

--- samba-4.1.9.orig/lib/param/loadparm.c
+++ samba-4.1.9/lib/param/loadparm.c
@@ -1133,8 +1133,23 @@ static bool handle_include(struct loadpa

         lpcfg_string_set(lp_ctx, ptr, fname);

-       if (file_exist(fname))
+       if (file_exist(fname)) {
                 return pm_process(fname, do_section, do_parameter, lp_ctx);
+       } else {
+         char *varSubStr;
+         varSubStr = strstr(fname, "%");
+         if(varSubStr) {
+             char nextChar = varSubStr[1];
+             if(nextChar && (nextChar>='a'&& nextChar<='z') || 
(nextChar>='A' && nextChar<='Z'))
+             {
+                 DEBUG (3, ("Tried to load %s but variable in filename, 
ignoring file...\n", fname) );
+                 return( true );
+             } else {
+                 return( false );
+             }
+         }
+       }
+

I'm quite large with my test : if there's any %[A-Za-z] in the file that 
it's trying to include, it ignores this include. Maybe it'll better to 
test any substitution variable (and only them, like %U, %G, %h, %m…).

Tried on a vm, samba-tool don't crash anymore, and the include still 
works on the share side (seen with smbclient -U specialuser).
With this patch samba-tool now gives :

(…)
Tried to load /etc/samba/%U.smb.conf but variable in filename, ignoring 
file...
(…)



>>>> If you just want a list of users and have ldb-tools installed, try 
>>>> this:
>>>>
>>>> ldbsearch -H /var/lib/samba/private/sam.ldb 
>>>> "(&(objectClass=user)(!(objectClass=computer)))" samaccountname | 
>>>> grep sAMAccountName | sed "s|sAMAccountName: ||"
>>>>
>>> That's not why i have this include. I've a file in etc/samba : 
>>> thespecialuser.conf, and smbd (i use s3fs and not ntvfs) applies the 
>>> conf when it is this specific user that accesses to the shares.
>>>
>
> Ah, I take it that you have never heard of ACL's and you are trying to 
> limit permissions on the share via your extra conf file.
>
> Rowland
>
>>>> Rowland
>>>
>>
>

More information about the samba mailing list