dear samba-gurus our environment: solaris 9 - samba 3.0.27a after debugging a lot of hours we have to notice, that password change does not work in version 3.0.27a any more on solaris boxes. same smb.config on 3.0.24 and 3.0.27a, but unix password sync ist not working with 27a with 3.0.27 we get an error: You do not have permissions to change your password. removing the relevant lines for unix-sync in smb.conf the windows passwd change is successfully: passwd program = /uni/bin/ldapsync.pl -o %u passwd chat = New %n\n new %n\n *changed* \n passwd chat timeout = 20 passwd chat debug = Yes unix password sync = yes using the lines above, debug show following symptoms: [2007/12/03 15:21:59, 3] smbd/chgpasswd.c:chgpasswd(462) chgpasswd: Password change (as_root=Yes) for user: mtest [2007/12/03 15:21:59, 3] smbd/sec_ctx.c:push_sec_ctx(208) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2007/12/03 15:21:59, 3] smbd/uid.c:push_conn_ctx(358) push_conn_ctx(105) : conn_ctx_stack_ndx = 1 [2007/12/03 15:21:59, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2007/12/03 15:21:59, 3] smbd/chgpasswd.c:chat_with_program(430) chat_with_program: Dochild for user mtest (uid=0,gid=0) (as_root = Yes) [2007/12/03 15:21:59, 3] smbd/chgpasswd.c:dochild(200) could not read default terminal attributes on pty [2007/12/03 15:21:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2007/12/03 15:21:59, 0] smbd/chgpasswd.c:chat_with_program(440) chat_with_program: Error: dochild() returned 0 one of the relevant errors seems to be: could not read default terminal attributes on pty running a truss of the relevant samba-job shows, that ioctl() is failing. this seems to be a pioneer error, which results that the passwd-chat dialog isn't invoked any more. 16854/1: write(27, 0x0040E028, 74) = 74 16854/1: c h a t _ w i t h _ p r o g r a m : D o c h i l d f o r 16854/1: u s e r m t e s t ( u i d = 0 , g i d = 0 ) ( a s _ r o 16854/1: o t = Y e s )\n 16854/1: setreuid(0, 0) = 0 16854/1: setuid(0) = 0 16854/1: getuid() = 0 [0] 16854/1: getuid() = 0 [0] 16854/1: setsid() = 16854 16854/1: open64("/dev/pts/5", O_RDWR) = 28 16854/1: close(9) = 0 16854/1: fcntl(28, F_DUP2FD, 0x00000000) = 0 16854/1: fcntl(28, F_DUP2FD, 0x00000001) = 1 16854/1: fcntl(28, F_DUP2FD, 0x00000002) = 2 16854/1: close(28) = 0 16854/1: ioctl(0, TCGETS, 0xFFBFD970) Err#22 EINVAL 16854/1: time() = 1196676644 16854/1: getuid() = 0 [0] 16854/1: write(27, 0x0040E028, 55) = 55 16854/1: [ 2 0 0 7 / 1 2 / 0 3 1 1 : 1 0 : 4 4 , 3 ] s m b d / c h 16854/1: g p a s s w d . c : d o c h i l d ( 2 0 0 )\n 16854/1: getuid() = 0 [0] 16854/1: write(27, 0x0040E028, 52) = 52 16854/1: c o u l d n o t r e a d d e f a u l t t e r m i n a 16854/1: l a t t r i b u t e s o n p t y\n 16854/1: getuid() = 0 [0] 16854/1: getgid() = 0 [0] as we need unix synchronisation, any help would be helpful. we can provide more details on request. best regards hans --
Created attachment 3022 [details] Fix password chat on Solaris 9 This patch should fix the issue.
Created attachment 3024 [details] define I_PUSH and I_FIND on a secure methode for solaris
I think a look at Bug-ID 4986 and chgpasswd.c suggests that it might have something to do with "stropts.h", where "I_PUSH" is defined. Up to Samba 3.0.24 "#include <stropts.h>" was in samba-3.0.24/source/include/includes.h, but this line was removed with 3.0.25. Adding the line "#include <sys/stropts.h>" to chgpasswd.c would make shure that "I_PUSH" and "I_FIND" are definded an so this piece of code will be compiled and executed: (from samba-3.0.27a/source/smbd/chgpasswd.c - line 156) #if defined(I_PUSH) && defined(I_FIND) if (ioctl(slave, I_FIND, "ptem") == 0) { ioctl(slave, I_PUSH, "ptem"); } if (ioctl(slave, I_FIND, "ldterm") == 0) { ioctl(slave, I_PUSH, "ldterm"); } #elif defined(TIOCSCTTY)
bug still available in 3.0.28
Created attachment 3046 [details] Patch Can you try this patch for 3.0.28 please ? Jeremy.
Created attachment 3047 [details] Better patch. Actually, this is a better patch (fixes a warning message on Linux the previous patch would introduce).
hi, i will try this patch in new year i am currently on holiday, pls let this bug-id open best regards - hans
*** Bug 4986 has been marked as a duplicate of this bug. ***
Tested v3-2-stable on Solaris -- works
The #elif in the last patch isn't a good idea because TIOCSCTTY is defined on solaris 10: [root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h 460:#define TIOCSCTTY (tIOC|132) /* get a ctty */ With the #elif I_PUSH and I_FIND are never used and changing password doesn't work on solaris 10.
> [root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h > 460:#define TIOCSCTTY (tIOC|132) /* get a ctty */ Most likely this new "feature" was introduced with Patch-ID 120011-14 for Solaris 10_sparc (or 120012-14 for Solaris 10_x86). AFAIK is this the standard kernel for Sol 10u4 (aka Solaris 10 8/07). For older versions without this patch, TIOCSCTTY was not defined.