Bug 14937 - samba-tool ntacl sysvolcheck and sysvolreset crash when Policies directory is missing
Summary: samba-tool ntacl sysvolcheck and sysvolreset crash when Policies directory is...
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Python (show other bugs)
Version: 4.15.3
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Douglas Bagnall
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-12-23 15:49 UTC by keesvanvloten
Modified: 2022-08-11 21:38 UTC (History)
1 user (show)

See Also:

Attachments
patch for better exceptions/messages (4.01 KB, patch)
2022-08-10 23:35 UTC, Douglas Bagnall 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description keesvanvloten 2021-12-23 15:49:01 UTC 
Due to an error elsewhere (one of my scripts) the directory /var/lib/samba/sysvol/samdom.com/Policies was removed. Then (without being aware of that issue) I ran samba-tool ntacl sysvolcheck (and also tried sysvolreset). Both crash hard:


root@server:/var/lib/samba/sysvol# samba-tool ntacl sysvolreset
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
Could not find opname rename, logging all
set_nt_acl_conn: init_files_struct failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
ERROR(runtime): uncaught exception - (3221225524, 'The object name is not found.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 412, in run
    provision.setsysvolacl(samdb, netlogon, sysvol,
  File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1754, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1630, in set_gpos_acl
    setntacl(lp, root_policy_path, POLICIES_ACL, str(domainsid), session_info,
  File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 228, in setntacl
    smbd.set_nt_acl(

root@sserver:/var/lib/samba/sysvol# samba-tool ntacl sysvolcheck
ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file or directory')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/ntacl.py", line 443, in run
    provision.checksysvolacl(samdb, netlogon, sysvol,
  File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1876, in checksysvolacl
    check_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp,
  File "/usr/lib/python3/dist-packages/samba/provision/__init__.py", line 1811, in check_gpos_acl
    fsacl = getntacl(lp, root_policy_path, session_info,
  File "/usr/lib/python3/dist-packages/samba/ntacls.py", line 112, in getntacl
    attribute = samba.xattr_native.wrap_getxattr(file,


Since the errors are not very clear on what it is missing, I used strace to find the culprit, an except of the output:


getxattr("/var/lib/samba/sysvol/samdom.com", "security.NTACL", NULL, 0) = 320
getxattr("/var/lib/samba/sysvol/samdom.com", "security.NTACL", "\4\0\4\0\0\0\2\0\4\0\2\0\1\0002\301T\16\323Xi\312\203H\326\227\201\300n\0310\237"..., 320) = 320
getxattr("/var/lib/samba/sysvol/samdom.com/scripts", "security.NTACL", NULL, 0) = 320
getxattr("/var/lib/samba/sysvol/samdom.com/scripts", "security.NTACL", "\4\0\4\0\0\0\2\0\4\0\2\0\1\0002\301T\16\323Xi\312\203H\326\227\201\300n\0310\237"..., 320) = 320
getxattr("/var/lib/samba/sysvol/samdom.com/Policies", "security.NTACL", NULL, 0) = -1 ENOENT (No such file or directory)
write(2, "ERROR(<class 'TypeError'>): unca"..., 82ERROR(<class 'TypeError'>): uncaught exception - (2, 'No such file or directory')
) = 82
stat("/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", {st_mode=S_IFREG|0644, st_size=9885, ...}) = 0
openat(AT_FDCWD, "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", O_RDONLY|O_CLOEXEC) = 14
fstat(14, {st_mode=S_IFREG|0644, st_size=9885, ...}) = 0
ioctl(14, TCGETS, 0x7fff9ce59290)       = -1 ENOTTY (Inappropriate ioctl for device)
lseek(14, 0, SEEK_CUR)                  = 0
read(14, "# Unix SMB/CIFS implementation.\n"..., 4096) = 4096
read(14, "ROR: %s\\n\" % (message))\n        "..., 8192) = 5789
read(14, "", 8192)                      = 0
close(14)                               = 0

Would it be feasible to catch the error and produce an error message in situation?

- Kees
Comment 1 Douglas Bagnall 2022-08-10 23:35:13 UTC 
Created attachment 17467 [details]
patch for better exceptions/messages

Kees,
are you able to test this patch?
Comment 2 keesvanvloten 2022-08-11 11:17:28 UTC 
I will give it a try, just give me a few days :-)
Will the patch apply to 4.16.2 installed from Louis' repo?
Comment 3 Douglas Bagnall 2022-08-11 21:38:50 UTC 
(In reply to keesvanvloten from comment #2)
> Will the patch apply to 4.16.2 installed from Louis' repo?

Yes, or at least it applies to the 4.16 upstream branch.