Observed a svrsvc getshareinfo call failing due to the msg.sock directory requiring ownership under the client's uid. I'm not sure if this is a general issue (because I would've expected the same initialization call in other places in s3) or one simply introduced with auth logging. /home/ubuntu/samba-locking/bin/smbd: 10.9.0.202 (ipv4:10.9.0.202:57204) signed connect to service IPC$ initially as user SAMDOM\STGU-0-164 (uid=3000701, gid=100) (pid 11548) /home/ubuntu/samba-locking/bin/smbd: tconX service=IPC$ /home/ubuntu/samba-locking/bin/smbd: Transaction 4 of length 106 (0 toread) /home/ubuntu/samba-locking/bin/smbd: switch message SMBntcreateX (pid 11548) conn 0x55c267dcdbb0 /home/ubuntu/samba-locking/bin/smbd: Transaction 5 of length 204 (0 toread) /home/ubuntu/samba-locking/bin/smbd: switch message SMBtrans (pid 11548) conn 0x55c267dcdbb0 /home/ubuntu/samba-locking/bin/smbd: trans <\PIPE\> data=116 params=0 setup=2 /home/ubuntu/samba-locking/bin/smbd: named pipe command on <> name /home/ubuntu/samba-locking/bin/smbd: Got API command 0x26 on pipe "srvsvc" (pnum 25aa) /home/ubuntu/samba-locking/bin/smbd: api_pipe_bind_req: srvsvc -> srvsvc rpc service /home/ubuntu/samba-locking/bin/smbd: check_bind_req for srvsvc context_id=0 /home/ubuntu/samba-locking/bin/smbd: check_bind_req: srvsvc -> srvsvc rpc service /home/ubuntu/samba-locking/bin/smbd: 0, 3000701 /home/ubuntu/samba-locking/bin/smbd: directory_create_or_exist_strict: invalid ownership on directory /usr/local/samba/private/msg.sock /home/ubuntu/samba-locking/bin/smbd: imessaging_init failed /home/ubuntu/samba-locking/bin/smbd: Unable to make auth context for authz log. /home/ubuntu/samba-locking/bin/smbd: Disconnect after fault /home/ubuntu/samba-locking/bin/smbd: Fatal error(Invalid argument). Terminating client(10.9.0.202) connection! /home/ubuntu/samba-locking/bin/smbd: 10.9.0.202 (ipv4:10.9.0.202:57204) closed connection to service IPC$ /home/ubuntu/samba-locking/bin/smbd: Server exit (failed to receive smb request)
I guess we need become_root() in some places...
Created attachment 13335 [details] Untested patch for master I tested a patch that wraps api_pipe_bind_req, api_pipe_alter_context, api_pipe_bind_auth3 in become_root() and unbecome_root() It would be great if someone can test this. The reproducer is: smbclient -L ${ip_of_ad_dc} -Usomenonadministratoruser
Created attachment 13339 [details] Tested patch using traffic-generator The patch fixes the problem we were seeing with failed srvsvc operations when running the new performance tool. See attached for more details.
Fixed with 1f5a297b516b56ab6afbfc4ba1513dc73764dcf7 in 4.7.0rc1 and master