Bug 10378 - dfs: always call create_conn_struct with root privileges
Summary: dfs: always call create_conn_struct with root privileges
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: File services (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-14 10:04 UTC by Björn Baumbach
Modified: 2020-05-19 14:59 UTC (History)
1 user (show)

See Also:


Attachments
git-am fix for 4.1.next. (2.94 KB, patch)
2014-01-14 18:50 UTC, Jeremy Allison
bbaumbach: review+
obnox: review+
metze: review+
Details
git-am fix for 4.0.next (17.15 KB, patch)
2014-01-14 20:58 UTC, Jeremy Allison
bbaumbach: review+
obnox: review+
metze: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Baumbach 2014-01-14 10:04:06 UTC
create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.

Calls were made to this function without ever becoming root (notably via setup_dfs_referral) which resulted in an error and the VFS connect failing. This happens when you have an active directory domain controller with host msdfs = yes in smb.conf and dfs links in place.

Description copied from original patch description by Garming Sam.
Comment 1 Jeremy Allison 2014-01-14 18:50:22 UTC
Created attachment 9593 [details]
git-am fix for 4.1.next.

Back-port to 4.0.next will follow.
Comment 2 Jeremy Allison 2014-01-14 20:58:23 UTC
Created attachment 9594 [details]
git-am fix for 4.0.next

Contains previous patches to allow the main patch to apply cleanly.

Jeremy.
Comment 3 Stefan Metzmacher 2014-02-18 11:31:21 UTC
Karolin, please pick for the next releases
Comment 4 Karolin Seeger 2014-02-21 10:21:13 UTC
(In reply to comment #3)
> Karolin, please pick for the next releases

Pushed to autobuild-v4-1-test and autobuild-v4-0-test.
Comment 5 Karolin Seeger 2014-03-10 15:07:00 UTC
Pushed to v4-0-test and v4-1-test.
Closing out bug report.

Thanks!