Bug 12850 - RPC calls failing due to imessaging_init (likely introduced with auth logging)
Summary: RPC calls failing due to imessaging_init (likely introduced with auth logging)
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: DCE-RPCs and pipes (show other bugs)
Version: 4.5.0
Hardware: All All
: P5 regression (vote)
Target Milestone: 4.7
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-06-19 21:55 UTC by Garming Sam
Modified: 2017-07-04 19:10 UTC (History)
3 users (show)

See Also:

Untested patch for master (1.03 KB, patch)
2017-06-30 17:32 UTC, Stefan Metzmacher
no flags Details
Tested patch using traffic-generator (1.13 KB, text/plain)
2017-07-02 23:04 UTC, Tim Beale
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Garming Sam 2017-06-19 21:55:13 UTC
Observed a svrsvc getshareinfo call failing due to the msg.sock directory requiring ownership under the client's uid. I'm not sure if this is a general issue (because I would've expected the same initialization call in other places in s3) or one simply introduced with auth logging.

/home/ubuntu/samba-locking/bin/smbd: (ipv4: signed connect to service IPC$ initially as user SAMDOM\STGU-0-164 (uid=3000701, gid=100) (pid 11548)
/home/ubuntu/samba-locking/bin/smbd: tconX service=IPC$ 
/home/ubuntu/samba-locking/bin/smbd: Transaction 4 of length 106 (0 toread)
/home/ubuntu/samba-locking/bin/smbd: switch message SMBntcreateX (pid 11548) conn 0x55c267dcdbb0
/home/ubuntu/samba-locking/bin/smbd: Transaction 5 of length 204 (0 toread)
/home/ubuntu/samba-locking/bin/smbd: switch message SMBtrans (pid 11548) conn 0x55c267dcdbb0
/home/ubuntu/samba-locking/bin/smbd: trans <\PIPE\> data=116 params=0 setup=2
/home/ubuntu/samba-locking/bin/smbd: named pipe command on <> name
/home/ubuntu/samba-locking/bin/smbd: Got API command 0x26 on pipe "srvsvc" (pnum 25aa)
/home/ubuntu/samba-locking/bin/smbd: api_pipe_bind_req: srvsvc -> srvsvc rpc service
/home/ubuntu/samba-locking/bin/smbd: check_bind_req for srvsvc context_id=0
/home/ubuntu/samba-locking/bin/smbd: check_bind_req: srvsvc -> srvsvc rpc service
/home/ubuntu/samba-locking/bin/smbd: 0, 3000701
/home/ubuntu/samba-locking/bin/smbd: directory_create_or_exist_strict: invalid ownership on directory /usr/local/samba/private/msg.sock
/home/ubuntu/samba-locking/bin/smbd: imessaging_init failed
/home/ubuntu/samba-locking/bin/smbd: Unable to make auth context for authz log.
/home/ubuntu/samba-locking/bin/smbd: Disconnect after fault
/home/ubuntu/samba-locking/bin/smbd: Fatal error(Invalid argument). Terminating client( connection!
/home/ubuntu/samba-locking/bin/smbd: (ipv4: closed connection to service IPC$
/home/ubuntu/samba-locking/bin/smbd: Server exit (failed to receive smb request)
Comment 1 Stefan Metzmacher 2017-06-20 08:39:46 UTC
I guess we need become_root() in some places...
Comment 2 Stefan Metzmacher 2017-06-30 17:32:25 UTC
Created attachment 13335 [details]
Untested patch for master

I tested a patch that wraps api_pipe_bind_req, api_pipe_alter_context, api_pipe_bind_auth3 in become_root() and unbecome_root()

It would be great if someone can test this.

The reproducer is:
smbclient -L ${ip_of_ad_dc} -Usomenonadministratoruser
Comment 3 Tim Beale 2017-07-02 23:04:02 UTC
Created attachment 13339 [details]
Tested patch using traffic-generator

The patch fixes the problem we were seeing with failed srvsvc operations when running the new performance tool. See attached for more details.
Comment 4 Stefan Metzmacher 2017-07-04 19:10:18 UTC
Fixed with 1f5a297b516b56ab6afbfc4ba1513dc73764dcf7 in 4.7.0rc1 and master