Bug 3727 - smbpasswd fails with assertion failure when -L is used by a non root user
smbpasswd fails with assertion failure when -L is used by a non root user
Status: RESOLVED FIXED
Product: Samba 3.0
Classification: Unclassified
Component: Client Tools
3.0.22
Other Linux
: P3 minor
: none
Assigned To: Samba Bugzilla Account
Samba QA Contact
http://bugs.debian.org/346547
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-04-26 03:16 UTC by Christian Perrier
Modified: 2007-12-12 19:26 UTC (History)
1 user (show)

See Also:


Attachments
avoid get_global_sam_sid panic in client tools (2.74 KB, patch)
2007-11-13 18:40 UTC, Steve Langasek
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Perrier 2006-04-26 03:16:25 UTC
This is Debian bug #346547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346547

The user is here reporting that the samba panic script had been triggered by running "smbpasswd -L" as a non root user (or, more precisely, when secrets.tdb can't be read)

In the bug log, Andrew explained that this option is mostly meant for internal testing purposes when samba is installed as non root...which seems fairly OK.

This bug report is mostly meant to suggest a nicer failure such as smbpasswd
checking the readability of secrets.tdb at the argument-parsing stage.

The output of "smbpasswd -L" in such case is:

cperrier@bastet:~> smbpasswd -L
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
pdb_generate_sam_sid: Failed to store generated machine SID.
smb_panic(): calling panic action [/usr/share/samba/panic-action 4176]
smb_panic(): action returned status 0
PANIC: Could not generate a machine SID

BACKTRACE: 6 stack frames:
 #0 smbpasswd(smb_panic2+0x7c) [0x80fa05c]
 #1 smbpasswd(smb_panic+0x1a) [0x80fa27a]
 #2 smbpasswd(get_global_sam_sid+0x2bc) [0x807d99c]
 #3 smbpasswd(main+0x52f) [0x807076f]
 #4 /lib/libc.so.6(__libc_start_main+0x9e) [0x401973be]
 #5 smbpasswd [0x806fdc1]
Aborted
Comment 1 Steve Langasek 2007-11-13 18:40:12 UTC
Created attachment 2967 [details]
avoid get_global_sam_sid panic in client tools

Here is a patch which updates the client software (pam_smbpass and smbclient) to detect non-root invocations that require get_global_sam_sid() and bypass them with an error message as appropriate, to avoid triggering an smb_panic where this is foreseeable and avoidable.  This is particularly important in the case of pam_smbpass, where a smb_panic() will terminate the calling application (e.g., a screensaver).

A client-specific check is preferable over changing the error handling in get_global_sam_sid() because the server can always rely on this operation being run as root and there is a lack of error handling in various callers of the function, so smb_panic() is still appropriate for the general case.
Comment 2 Jeremy Allison 2007-12-12 19:26:02 UTC
Applied for 3.0.28a and above.
Jeremy