Bug 12970 - sec_initial_uid() called before sec_init() in net command
Summary: sec_initial_uid() called before sec_init() in net command
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Tools (show other bugs)
Version: 4.6.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
Depends on:
Reported: 2017-08-16 06:07 UTC by Stefan Walter
Modified: 2019-04-10 07:12 UTC (History)
2 users (show)

See Also:

Patch (740 bytes, patch)
2017-10-31 07:33 UTC, Stefan Walter
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Walter 2017-08-16 06:07:09 UTC
I have noticed that with the net command it is not possible anymore to run 'net ads join' as non-root. With 4.4.x this still worked. What we do is to run it like this as user apache on a webserver (/tmp/samba contains a copy of /var/lib/samba, ownership changed to apache:apache):

KRB5_KTNAME=FILE:/tmp/samba/keytab net '--option=cache directory=/tmp/samba' '--option=lock directory=/tmp/samba/lock' '--option=state directory=/tmp/samba' '--option=private dir=/tmp/samba/private' '--option=smb passwd file=/tmp/samba/private/smbpasswd' '--option=debug level=99' ads join

It fails with this error message:

directory_create_or_exist_strict: invalid ownership on directory /tmp/samba/lock/msg.lock
messaging_init_internal: Could not create lock directory: No such file or directory
main: Unable to initialize messaging context. Must be root to do that.

Again, /tmp/samba/lock/msg.lock is owned by apache and has mode 0755.

The root cause seems to be that in source3/utils/net.c the call to sec_init() comes after the call to messaging_init_client(). The later calls sec_initial_uid() which at that time returns a non-initialized
initial_uid that just happens to be 0. 

This means that directory_create_or_exist_strict() wrongfully checks if /tmp/samba/lock/msg.lock belongs to 0 (root) instead of the user running the net command.
Comment 1 Stefan Walter 2017-10-24 12:04:38 UTC
This bug has been open/new for a while now. Any chance that someone will have a look at this?
Comment 2 Andrew Bartlett 2017-10-24 18:10:15 UTC
The biggest issue will be ensuring that the reverse still works, that tools that normally run as non-root in a normal install don't start failing. 

The other way to address it might be to work out why we require messaging in this join codepath.
Comment 3 Stefan Walter 2017-10-31 07:32:25 UTC
Currently you rely on an uninitialized variable to be 0. I am no expert but logically this section in source3/utils/net.c 

         /* this makes sure that when we do things like call scripts,
           that it won't assert because we are not root */

should be moved right before this one:

        status = messaging_init_client(c,

I will add a patch against the git master of net.c.
Comment 4 Stefan Walter 2017-10-31 07:33:49 UTC
Created attachment 13746 [details]
Comment 5 Mathieu Parent 2019-04-10 05:42:11 UTC
Any news on this?

I have a similar report for smbtree in Debian (https://bugs.debian.org/926474)
Comment 6 Louis 2019-04-10 07:12:58 UTC
(In reply to Mathieu Parent from comment #5)
This report and the Debian report, look same but the Debian bugreport shows a Dolphin (KDE) smblcient protocol mismatch. 

Dolphin still uses client max protocol = NT1
see:  https://phabricator.kde.org/D18878