[Samba] Run smbd in AD user context

Davor Vusir davortvusir at gmail.com
Fri Mar 9 11:07:54 UTC 2018


Hi all!

Is it possible to run smbd in an AD user's context?
If not, is it possible to have smbd to tell a third-party function to not
stray outside from logged on user's (AD user) context (home directory)?

I'm programming a VFS module[1] which will be the bridge between Windows
and iRODS[2]. iRODS depends on a configuration file,
.irods/irods_environment.json, which resides in the user's home directory.
The file is read and evaluated and the result is fed to a function that
does the connection to yhe iRODS servers.
Once I have succeded to read my environment file but not managed to get
pass the connection phase.

If I run gdb in the context of a local user (the same that is created
during installation of Ubuntu) the VFS module stops and complains at
permission error (see below).
If I run gdb in root context the VFS module stops and complains at
permission error (exchange below error with '/root/.irods').
If I start smbd from /etc/init.d/smbd it stops because there is no
environment file in '/var/lib/irods/.irods'.

Regards
Davor Vusir

[1] https://github.com/davorvusir/vfs_stor
[2] https://irods.org/

---
Reading symbols from /usr/local/samba/sbin/smbd...done.
(gdb) set args -i
(gdb) r
Starting program: /usr/local/samba/sbin/smbd -i
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
smbd version 4.7.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2017
debug_lookup_classname(smbd): Unknown class
INFO: Profiling support unavailable in this build.
[VFS_STOR] - uid, gid, vuid: 11104, 10513, 0
[VFS_STOR] - auth_pipe_user_ok = 1
[VFS_STOR] - home_dir: (null)
[VFS_STOR] - home_directory: /data/home/davor
[VFS_STOR] - HOME env var: /home/localadmin
remote addresses: 192.168.1.8 ERROR: iRODS Exception:
    file: /tmp/tmpJzsKTL/lib/core/src/irods_environment_properties.cpp
    function: void irods::environment_properties::capture_json(const
std::string &)
    line: 113
    code: -1
    message:
        [-]
/tmp/tmpJzsKTL/lib/core/src/irods_configuration_parser.cpp:92:irods::error
irods::configuration_parser::load_json_object(const std::string &) :
 status [Unknown iRODS error]  errno [Operation not permitted] -- message
[failed to load file [/home/localadmin/.irods/irods_environment.json] json
error [unable to open /home/localadmin/.irods/irods_environment.json:
Permission denied]]


stack trace:
--------------

Dumping stack trace
<0>     Offset: 0x65    Address: 0x7fffe751be15
irods::exception::exception(long, std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> > const&,
std::__1::basic_string<char, std::__1::char_traits<char>,
std::__1::allocator<char> > const&, unsigned int,
std::__1::basic_string<char, std::__1::char_traits<char>,
std::__1::allocator<char> > const&)
<1>     Offset: 0xf2    Address: 0x7fffe7518ea2
irods::environment_properties::capture_json(std::__1::basic_string<char,
std::__1::char_traits<char>, std::__1::allocator<char> > const&)
<2>     Offset: 0xbb    Address: 0x7fffe7518b4b
irods::environment_properties::capture()
<3>     Offset: 0x33    Address: 0x7fffe7518a03
irods::environment_properties::instance()
<4>     Offset:         Address: 0x7fffe7504e40
/usr/lib/libirods_common.so.4.2.2(+0x66e40) [0x7fffe7504e40]
<5>     Offset:         Address: 0x7fffe7503fe5
/usr/lib/libirods_common.so.4.2.2(getRodsEnvFromFile+0x65) [0x7fffe7503fe5]
<6>     Offset:         Address: 0x7fffe7503ecb
/usr/lib/libirods_common.so.4.2.2(_getRodsEnv+0x1b) [0x7fffe7503ecb]
<7>     Offset:         Address: 0x7fffe7503ea0
/usr/lib/libirods_common.so.4.2.2(getRodsEnv+0x10) [0x7fffe7503ea0]
<8>     Offset:         Address: 0x7fffe01a7bec
/usr/local/samba/lib/vfs/stor.so(+0x1bec) [0x7fffe01a7bec]
<9>     Offset:         Address: 0x7fffe01a7f32
/usr/local/samba/lib/vfs/stor.so(+0x1f32) [0x7fffe01a7f32]
<10>    Offset:         Address: 0x7ffff7327ab5
/usr/local/samba/lib/private/libsmbd-base-samba4.so(smb_vfs_call_connect+0x4d)
[0x7ffff7327ab5]
<11>    Offset:         Address: 0x7ffff734775c
/usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x1ff75c)
[0x7ffff734775c]
<12>    Offset:         Address: 0x7ffff7348811
/usr/local/samba/lib/private/libsmbd-base-samba4.so(make_connection_smb2+0xe1)
[0x7ffff7348811]
<13>    Offset:         Address: 0x7ffff73683d0
/usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x2203d0)
[0x7ffff73683d0]
<14>    Offset:         Address: 0x7ffff73687f2
/usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x2207f2)
[0x7ffff73687f2]
<15>    Offset:         Address: 0x7ffff7367951
/usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_process_tcon+0x2b1)
[0x7ffff7367951]
<16>    Offset:         Address: 0x7ffff735d3e3
/usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_smb2_request_dispatch+0x1150)
[0x7ffff735d3e3]
<17>    Offset:         Address: 0x7ffff7361447
/usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x219447)
[0x7ffff7361447]
<18>    Offset:         Address: 0x7ffff736154d
/usr/local/samba/lib/private/libsmbd-base-samba4.so(+0x21954d)
[0x7ffff736154d]
<19>    Offset:         Address: 0x7ffff672d4ac
/usr/local/samba/lib/private/libtevent.so.0(+0xe4ac) [0x7ffff672d4ac]
<20>    Offset:         Address: 0x7ffff672dae4
/usr/local/samba/lib/private/libtevent.so.0(+0xeae4) [0x7ffff672dae4]
<21>    Offset:         Address: 0x7ffff672a7e0
/usr/local/samba/lib/private/libtevent.so.0(+0xb7e0) [0x7ffff672a7e0]
<22>    Offset:         Address: 0x7ffff67240f1
/usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0x10f)
[0x7ffff67240f1]
<23>    Offset:         Address: 0x7ffff6724408
/usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x25)
[0x7ffff6724408]
<24>    Offset:         Address: 0x7ffff672a882
/usr/local/samba/lib/private/libtevent.so.0(+0xb882) [0x7ffff672a882]
<25>    Offset:         Address: 0x7ffff67244ab
/usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x2b)
[0x7ffff67244ab]
<26>    Offset:         Address: 0x7ffff73458ee
/usr/local/samba/lib/private/libsmbd-base-samba4.so(smbd_process+0xbed)
[0x7ffff73458ee]
<27>    Offset:         Address: 0x5555555600c7
/usr/local/samba/sbin/smbd(+0xc0c7) [0x5555555600c7]
<28>    Offset:         Address: 0x7ffff672d4ac
/usr/local/samba/lib/private/libtevent.so.0(+0xe4ac) [0x7ffff672d4ac]
<29>    Offset:         Address: 0x7ffff672dae4
/usr/local/samba/lib/private/libtevent.so.0(+0xeae4) [0x7ffff672dae4]
<30>    Offset:         Address: 0x7ffff672a7e0
/usr/local/samba/lib/private/libtevent.so.0(+0xb7e0) [0x7ffff672a7e0]
<31>    Offset:         Address: 0x7ffff67240f1
/usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_once+0x10f)
[0x7ffff67240f1]
<32>    Offset:         Address: 0x7ffff6724408
/usr/local/samba/lib/private/libtevent.so.0(tevent_common_loop_wait+0x25)
[0x7ffff6724408]
<33>    Offset:         Address: 0x7ffff672a882
/usr/local/samba/lib/private/libtevent.so.0(+0xb882) [0x7ffff672a882]
<34>    Offset:         Address: 0x7ffff67244ab
/usr/local/samba/lib/private/libtevent.so.0(_tevent_loop_wait+0x2b)
[0x7ffff67244ab]
<35>    Offset:         Address: 0x5555555610bc
/usr/local/samba/sbin/smbd(+0xd0bc) [0x5555555610bc]
<36>    Offset:         Address: 0x555555563262
/usr/local/samba/sbin/smbd(main+0x18b7) [0x555555563262]
<37>    Offset:         Address: 0x7ffff3969830
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0) [0x7ffff3969830]
<38>    Offset:         Address: 0x555555559f89
/usr/local/samba/sbin/smbd(_start+0x29) [0x555555559f89]


[VFS_STOR] - getRodsEnv stor_env.rodsHost:
[VFS_STOR] - getRodsEnv, status: 0
remote addresses: 192.168.1.8 ERROR: _rcConnect: setRhostInfo error,
IRODS_HOST is probably not set correctly status = -302000
USER_RODS_HOST_EMPTY
[VFS_STOR] - getRodsEnv stor_env.rodsHost:
[VFS_STOR] - error iRODS connection: data->conn == NULL

[VFS_STOR] - Connected to iRODS = 1
canonicalize_connect_path failed for service test, path /data/test
stor_disconnect() failed to get vfs_handle->data!

Program received signal SIGTERM, Terminated.
0x00007ffff397e767 in kill () at ../sysdeps/unix/syscall-template.S:84
84      ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb)


More information about the samba mailing list