Bug 5121 - version 3.0.27a unix passwd sync nor working any more
Summary: version 3.0.27a unix passwd sync nor working any more
Status: RESOLVED FIXED
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.27
Hardware: Sparc Solaris
: P3 normal
Target Milestone: none
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
: 4986 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-12-05 07:57 UTC by Hans Mayer
Modified: 2008-03-28 08:17 UTC (History)
6 users (show)

See Also:

Attachments
Fix password chat on Solaris 9 (487 bytes, patch)
2007-12-06 05:25 UTC, Karolin Seeger 		no flags Details
define I_PUSH and I_FIND on a secure methode for solaris (370 bytes, patch)
2007-12-06 07:31 UTC, Hans Mayer 		no flags Details
Patch (1007 bytes, patch)
2007-12-14 20:08 UTC, Jeremy Allison 		no flags Details
Better patch. (1.88 KB, patch)
2007-12-14 20:13 UTC, Jeremy Allison 		no flags Details
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hans Mayer 2007-12-05 07:57:56 UTC 
dear samba-gurus 

our environment:  solaris 9 - samba 3.0.27a 

after debugging a lot of hours we have to notice, that 
password change does not work in version 3.0.27a 
any more on solaris boxes. 

same smb.config on 3.0.24 and 3.0.27a,  but
unix password sync ist not working with 27a

with 3.0.27 we get an error: 
You do not have permissions to change your password. 

removing the relevant lines for unix-sync in smb.conf 
the windows passwd change is successfully:
 
        passwd program = /uni/bin/ldapsync.pl -o %u
        passwd chat = New %n\n new %n\n *changed* \n
        passwd chat timeout = 20
        passwd chat debug = Yes
        unix password sync = yes


using the lines above, debug show following symptoms:

[2007/12/03 15:21:59, 3] smbd/chgpasswd.c:chgpasswd(462)
  chgpasswd: Password change (as_root=Yes) for user: mtest
[2007/12/03 15:21:59, 3] smbd/sec_ctx.c:push_sec_ctx(208)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2
[2007/12/03 15:21:59, 3] smbd/uid.c:push_conn_ctx(358)
  push_conn_ctx(105) : conn_ctx_stack_ndx = 1
[2007/12/03 15:21:59, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2
[2007/12/03 15:21:59, 3] smbd/chgpasswd.c:chat_with_program(430)
  chat_with_program: Dochild for user mtest (uid=0,gid=0) (as_root = Yes)
[2007/12/03 15:21:59, 3] smbd/chgpasswd.c:dochild(200)
  could not read default terminal attributes on pty
[2007/12/03 15:21:59, 3] smbd/sec_ctx.c:pop_sec_ctx(356)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1
[2007/12/03 15:21:59, 0] smbd/chgpasswd.c:chat_with_program(440)
  chat_with_program: Error: dochild() returned 0


one of the relevant errors seems to be: 
could not read default terminal attributes on pty

running a truss of the relevant samba-job shows, that 
ioctl() is failing. this seems to be a pioneer error, which results
that the passwd-chat dialog isn't invoked any more.


16854/1:        write(27, 0x0040E028, 74)                       = 74
16854/1:               c h a t _ w i t h _ p r o g r a m :   D o c h i l
d   f o r
16854/1:             u s e r   m t e s t   ( u i d = 0 , g i d = 0 )
( a s _ r o
16854/1:           o t   =   Y e s )\n
16854/1:        setreuid(0, 0)                                  = 0
16854/1:        setuid(0)                                       = 0
16854/1:        getuid()                                        = 0 [0]
16854/1:        getuid()                                        = 0 [0]
16854/1:        setsid()                                        = 16854
16854/1:        open64("/dev/pts/5", O_RDWR)                    = 28
16854/1:        close(9)                                        = 0
16854/1:        fcntl(28, F_DUP2FD, 0x00000000)                 = 0
16854/1:        fcntl(28, F_DUP2FD, 0x00000001)                 = 1
16854/1:        fcntl(28, F_DUP2FD, 0x00000002)                 = 2
16854/1:        close(28)                                       = 0
16854/1:        ioctl(0, TCGETS, 0xFFBFD970)                    Err#22
EINVAL
16854/1:        time()                                          =
1196676644
16854/1:        getuid()                                        = 0 [0]
16854/1:        write(27, 0x0040E028, 55)                       = 55
16854/1:           [ 2 0 0 7 / 1 2 / 0 3   1 1 : 1 0 : 4 4 ,   3 ]   s m
b d / c h
16854/1:           g p a s s w d . c : d o c h i l d ( 2 0 0 )\n
16854/1:        getuid()                                        = 0 [0]
16854/1:        write(27, 0x0040E028, 52)                       = 52
16854/1:               c o u l d   n o t   r e a d   d e f a u l t   t e
r m i n a
16854/1:           l   a t t r i b u t e s   o n   p t y\n
16854/1:        getuid()                                        = 0 [0]
16854/1:        getgid()                                        = 0 [0]


as we need unix synchronisation, any help would be helpful. 

we can provide more details on request. 


best regards 
hans 

--
Comment 1 Karolin Seeger 2007-12-06 05:25:47 UTC 
Created attachment 3022 [details]
Fix password chat on Solaris 9

This patch should fix the issue.
Comment 2 Hans Mayer 2007-12-06 07:31:17 UTC 
Created attachment 3024 [details]
define I_PUSH and I_FIND on a secure methode for solaris
Comment 3 Reinhard Sojka 2007-12-06 08:35:37 UTC 
I think a look at Bug-ID 4986 and chgpasswd.c suggests that it might have something to do with "stropts.h", where "I_PUSH" is defined.

Up to Samba 3.0.24 "#include <stropts.h>" was in samba-3.0.24/source/include/includes.h, but this line was removed with 3.0.25. Adding the line 
"#include <sys/stropts.h>" to chgpasswd.c would make shure that "I_PUSH" and "I_FIND" are definded an so this piece of code will be compiled and executed:

(from samba-3.0.27a/source/smbd/chgpasswd.c - line 156)
#if defined(I_PUSH) && defined(I_FIND)
        if (ioctl(slave, I_FIND, "ptem") == 0) {
                ioctl(slave, I_PUSH, "ptem");
        }
        if (ioctl(slave, I_FIND, "ldterm") == 0) {
                ioctl(slave, I_PUSH, "ldterm");
        }
#elif defined(TIOCSCTTY)
Comment 4 Hans Mayer 2007-12-14 07:56:18 UTC 
bug still available in 3.0.28
Comment 5 Jeremy Allison 2007-12-14 20:08:44 UTC 
Created attachment 3046 [details]
Patch

Can you try this patch for 3.0.28 please ?
Jeremy.
Comment 6 Jeremy Allison 2007-12-14 20:13:32 UTC 
Created attachment 3047 [details]
Better patch.

Actually, this is a better patch (fixes a warning message on Linux the previous patch would introduce).
Comment 7 Hans Mayer 2007-12-15 07:12:02 UTC 
hi, i will try this patch in new year
i am currently on holiday, pls let this bug-id open
best regards - hans
Comment 8 Volker Lendecke 2008-03-18 09:57:09 UTC 
*** Bug 4986 has been marked as a duplicate of this bug. ***
Comment 9 Volker Lendecke 2008-03-18 09:58:21 UTC 
Tested v3-2-stable on Solaris -- works
Comment 10 Sébastien B. 2008-03-26 19:35:26 UTC 
The #elif in the last patch isn't a good idea because TIOCSCTTY is defined on solaris 10:

[root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h
460:#define     TIOCSCTTY       (tIOC|132)      /* get a ctty */

With the #elif I_PUSH and I_FIND are never used and changing password doesn't work on solaris 10.
Comment 11 Reinhard Sojka 2008-03-28 08:17:00 UTC 
> [root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h
> 460:#define     TIOCSCTTY       (tIOC|132)      /* get a ctty */

Most likely this new "feature" was introduced with Patch-ID 120011-14 for Solaris 10_sparc (or 120012-14 for Solaris 10_x86). AFAIK is this the standard kernel for Sol 10u4 (aka Solaris 10 8/07).
For older versions without this patch, TIOCSCTTY was not defined.