Bug 3727 - smbpasswd fails with assertion failure when -L is used by a non root user
Summary: smbpasswd fails with assertion failure when -L is used by a non root user
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: Client Tools (show other bugs)
Version: 3.0.22
Hardware: Other Linux
: P3 minor
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL: http://bugs.debian.org/346547
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-26 03:16 UTC by Christian Perrier (dead mail address)
Modified: 2007-12-12 19:26 UTC (History)
1 user (show)

See Also:


Attachments
avoid get_global_sam_sid panic in client tools (2.74 KB, patch)
2007-11-13 18:40 UTC, Steve Langasek
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Perrier (dead mail address) 2006-04-26 03:16:25 UTC
This is Debian bug #346547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=346547

The user is here reporting that the samba panic script had been triggered by running "smbpasswd -L" as a non root user (or, more precisely, when secrets.tdb can't be read)

In the bug log, Andrew explained that this option is mostly meant for internal testing purposes when samba is installed as non root...which seems fairly OK.

This bug report is mostly meant to suggest a nicer failure such as smbpasswd
checking the readability of secrets.tdb at the argument-parsing stage.

The output of "smbpasswd -L" in such case is:

cperrier@bastet:~> smbpasswd -L
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
Failed to open /var/lib/samba/secrets.tdb
pdb_generate_sam_sid: Failed to store generated machine SID.
smb_panic(): calling panic action [/usr/share/samba/panic-action 4176]
smb_panic(): action returned status 0
PANIC: Could not generate a machine SID

BACKTRACE: 6 stack frames:
 #0 smbpasswd(smb_panic2+0x7c) [0x80fa05c]
 #1 smbpasswd(smb_panic+0x1a) [0x80fa27a]
 #2 smbpasswd(get_global_sam_sid+0x2bc) [0x807d99c]
 #3 smbpasswd(main+0x52f) [0x807076f]
 #4 /lib/libc.so.6(__libc_start_main+0x9e) [0x401973be]
 #5 smbpasswd [0x806fdc1]
Aborted
Comment 1 Steve Langasek 2007-11-13 18:40:12 UTC
Created attachment 2967 [details]
avoid get_global_sam_sid panic in client tools

Here is a patch which updates the client software (pam_smbpass and smbclient) to detect non-root invocations that require get_global_sam_sid() and bypass them with an error message as appropriate, to avoid triggering an smb_panic where this is foreseeable and avoidable.  This is particularly important in the case of pam_smbpass, where a smb_panic() will terminate the calling application (e.g., a screensaver).

A client-specific check is preferable over changing the error handling in get_global_sam_sid() because the server can always rely on this operation being run as root and there is a lack of error handling in various callers of the function, so smb_panic() is still appropriate for the general case.
Comment 2 Jeremy Allison 2007-12-12 19:26:02 UTC
Applied for 3.0.28a and above.
Jeremy