3727 – smbpasswd fails with assertion failure when -L is used by a non root user

Bug 3727 - smbpasswd fails with assertion failure when -L is used by a non root user

Summary: smbpasswd fails with assertion failure when -L is used by a non root user

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Client Tools (show other bugs)
Version:	3.0.22
Hardware:	Other Linux

Importance:	P3 minor
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:	http://bugs.debian.org/346547
Keywords:

Depends on:
Blocks:

Reported:	2006-04-26 03:16 UTC by Christian Perrier (dead mail address)
Modified:	2007-12-12 19:26 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
avoid get_global_sam_sid panic in client tools (2.74 KB, patch) 2007-11-13 18:40 UTC, Steve Langasek	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Perrier (dead mail address) 2006-04-26 03:16:25 UTC

This is Debian bug #346547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346547

The user is here reporting that the samba panic script had been triggered by running "smbpasswd -L" as a non root user (or, more precisely, when secrets.tdb can't be read)

In the bug log, Andrew explained that this option is mostly meant for internal testing purposes when samba is installed as non root...which seems fairly OK.

This bug report is mostly meant to suggest a nicer failure such as smbpasswd
checking the readability of secrets.tdb at the argument-parsing stage.

The output of "smbpasswd -L" in such case is:

cperrier@bastet:~> smbpasswd -L
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
pdb_generate_sam_sid: Failed to store generated machine SID.
smb_panic(): calling panic action [/usr/share/samba/panic-action 4176]
smb_panic(): action returned status 0
PANIC: Could not generate a machine SID

BACKTRACE: 6 stack frames:
 #0 smbpasswd(smb_panic2+0x7c) [0x80fa05c]
 #1 smbpasswd(smb_panic+0x1a) [0x80fa27a]
 #2 smbpasswd(get_global_sam_sid+0x2bc) [0x807d99c]
 #3 smbpasswd(main+0x52f) [0x807076f]
 #4 /lib/libc.so.6(__libc_start_main+0x9e) [0x401973be]
 #5 smbpasswd [0x806fdc1]
Aborted

Comment 1 Steve Langasek 2007-11-13 18:40:12 UTC

Created attachment 2967 [details]
avoid get_global_sam_sid panic in client tools

Here is a patch which updates the client software (pam_smbpass and smbclient) to detect non-root invocations that require get_global_sam_sid() and bypass them with an error message as appropriate, to avoid triggering an smb_panic where this is foreseeable and avoidable.  This is particularly important in the case of pam_smbpass, where a smb_panic() will terminate the calling application (e.g., a screensaver).

A client-specific check is preferable over changing the error handling in get_global_sam_sid() because the server can always rely on this operation being run as root and there is a lack of error handling in various callers of the function, so smb_panic() is still appropriate for the general case.

Comment 2 Jeremy Allison 2007-12-12 19:26:02 UTC

Applied for 3.0.28a and above.
Jeremy