Bug 5306 - Vista backup utility failure with Samba 3.0.25c-3.0.28 (Samba Team private)
Vista backup utility failure with Samba 3.0.25c-3.0.28 (Samba Team private)
Status: NEW
Product: Samba 3.0
Classification: Unclassified
Component: File Services
3.0.28
x64 Other
: P3 normal
: none
Assigned To: Jeremy Allison
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-05 18:38 UTC by Stephen Zarkos
Modified: 2010-06-18 11:09 UTC (History)
2 users (show)

See Also:


Attachments
Temporary patch for 3-2-test branch. (744 bytes, patch)
2008-11-12 21:39 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Zarkos 2008-03-05 18:38:15 UTC
Samba Team private

Client: Windows Vista x64
Server: Samba 3.0.28 (on CentOS5 x64)

The backup utility on Vista (Backup and Restore Center) fails when backing up to Samba network shares.  The utility wants to set some ACLs on the backup files it creates for added security.  Before actually doing the backup, the Vista backup  utility creates a couple temporary files and tests if it has permissions, etc.  It is at this point where the backup fails.  Interestingly, Samba-3.0.25 to Samba-3.0.25b work just fine with the Vista backup tool, but other versions I tested fail.

Samba-3.0.10       FAIL
Samba-3.0.24       FAIL
Samba-3.0.25       PASS
Samba-3.0.25a      PASS
Samba-3.0.25b      PASS
Samba-3.0.25c      FAIL
Samba-3.0.26a      FAIL
Samba-3.0.27a      FAIL
Samba-3.0.28       FAIL

Samba <= 2.0.24 fails with the Vista error: "Cannot create a file when that file already exists. (0x800700B7)".  Samba >= 3.0.25c fails with the Vista error: "You need Full Control permission for the network share.... (0x8100002A)".

I have uploaded some captures of Samba-3.0.25b and Samba-3.0.28 here:
  http://www.sentry.net/~obsid/samba/vistabackup-samba-3.0.25b.pcap
  http://www.sentry.net/~obsid/samba/vistabackup-samba-3.0.28.pcap
Comment 1 Jeremy Allison 2008-03-05 19:32:17 UTC
Hmmm. This looks like it might be a bug we fixed for 3.0.28a. The ACL being set has both SE_DESC_DACL_AUTO_INHERITED and                             SE_DESC_DACL_AUTO_INHERIT_REQ set. I think this is a duplicate of #4308, which is confirmed fixed. If I give you a source code tarball can you build it to confirm, or do you need an rpm or .deb package ?

Alternatively if you give me step by step instructions on how to walk though this with Vista, I'll try and reproduce here and see if it's fixed.

Jeremy.
Comment 2 Stephen Zarkos 2008-03-05 19:52:19 UTC
Sure, I can work with a tarball.  Send it along :)

If you want to reproduce, simply open up the "Backup and Restore Center" in Vista and select "Back up files," or if you've already set this up you may need to click "Change Settings".  In either case you should eventually get to a screen asking you where to place your backup.  You will only have two choices; backup to a hard disk of CD/DVD, or backup to a network share.  Select the "On a network" option and enter the full path of the network share, and then click next.  It will prompt you for a username/password.  If it doesn't error immediately after clicking "OK," then the bug is likely fixed - but you could continue with the backup to be sure.
Comment 3 Jeremy Allison 2008-03-05 20:07:37 UTC
Mailed it (too big for bugzilla attachment). I'll test on Vista tomorrow back @ work (I'm on the shuttle going home now :-).
Jeremy.
Comment 4 Stephen Zarkos 2008-03-05 20:27:07 UTC
Got the attachment.  I can confirm that the bug appears to be fixed in 3.0.28a.  Thanks!

Would you happened to know if there is a smbtorture test to test those ACLs?
Comment 5 Jeremy Allison 2008-03-06 12:51:49 UTC
Actually a duplicate of #4308. This thing shows up in interesting ways :-).
Jeremy.

*** This bug has been marked as a duplicate of 4308 ***
Comment 6 Jeremy Allison 2008-11-12 20:38:27 UTC
Re-opening. The fix committed here breaks inheritance in the Windows ACL editor. Need some other way to fix this.
Jeremy.
Comment 7 Jeremy Allison 2008-11-12 21:39:13 UTC
Created attachment 3731 [details]
Temporary patch for 3-2-test branch.

Ok, here is a (temporary, not final) fix for #5873. It should allow removal of ACE entries again for bug #5873. The strange thing is I've tested this with the Vista backup center and it doesn't break the ACL tests. Can someone confirm this with the Samba 3-2-test git branch with this patch attached (that Vista backup works with it) ?
Jeremy.
Comment 8 Philip Saville 2010-06-18 11:09:09 UTC
I'm running Ubuntu 10.04 with Samba 3.4.7 against my Vista Home Premium machine. The backup app does not run.

"You need Full Control permission for the network share... (0x8100002A)"

SMBD log:
[2010/06/18 08:56:36,  0] smbd/server.c:1069(main)
  smbd version 3.4.7 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2009
[2010/06/18 08:56:36,  0] smbd/server.c:1115(main)
  standard input is not a socket, assuming -D option

SMBD log for my vista host:
[2010/06/18 08:59:03,  1] smbd/service.c:1063(make_connection_snum)
  philip-vista (192.168.0.10) connect to service data-backup initially as user philip (uid=1000, gid=1000) (pid 14227)
[2010/06/18 08:59:13,  1] smbd/service.c:1240(close_cnum)
  philip-vista (192.168.0.10) closed connection to service data-backup