Solaris Nevada, Xen guest, Sun studio compiler. I understand that 3.0.28a was meant to fix this bug, it didnt for me, 3.0.28 acted the exact same way. $ ./configure --with-pam --with-pam_smbpass --with-ldap --with-ads=no --enable-socket-wrapper uname -m = i86pc uname -r = 5.11 uname -s = SunOS uname -v = snv_81 /usr/bin/uname -p = i386 /bin/uname -X = System = SunOS Node = cavan.cs.dit.ie Release = 5.11 KernelID = snv_81 Machine = i86pc BusType = <unknown> Serial = <unknown> Users = <unknown> OEM# = 0 Origin# = 1 NumCPU = 1 Log: Primary group is 0 and contains 0 supplementary groups [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(431) chat_with_program: Dochild for user david.markey (uid=0,gid=0) (as_root = Yes) [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(160) Error in ioctl call for slave pty [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(201) could not read default terminal attributes on pty [2008/03/31 17:36:24, 3] smbd/sec_ctx.c:(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/03/31 17:36:24, 0] smbd/chgpasswd.c:(441) chat_with_program: Error: dochild() returned 0 [2008/03/31 17:36:24, 5] lib/util_sock.c:(485) read_socket_with_timeout: timeout read. EOF from client. [2008/03/31 17:36:24, 100] smbd/chgpasswd.c:(280) expect: expected [Changing* New password*] received [] match no [2008/03/31 17:36:24, 2] smbd/chgpasswd.c:(286) expect: Error 0 [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(317) Response 1 incorrect [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(373) chat_with_program: Child failed to change password: david.markey smb.conf snippet: passdb backend = ldapsam:ldap://127.0.0.1 username map = /usr/local/samba/lib/smbusers unix password sync = yes passwd program = /usr/local/smbldap-tools/sbin/smbldap-passwd %u passwd chat = "Changing*\nNew password*" %n\n "*Retype new password*" %n\n" passwd chat debug = yes passwd chat timeout = 20
I'm happy to apply any patches and test for anyone that has any ideas.
Sébastien B. discovered why this patch doesn't work on Solaris 10 the following text is copy&paste from Sébastien's comment to Bug ID 5121 https://bugzilla.samba.org/show_bug.cgi?id=5121#c10 : The #elif in the last patch isn't a good idea because TIOCSCTTY is defined on solaris 10: [root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h 460:#define TIOCSCTTY (tIOC|132) /* get a ctty */ With the #elif I_PUSH and I_FIND are never used and changing password doesn't work on solaris 10.
> [root@x4500 samba]# grep -n TIOCSCTTY /usr/include/sys/termios.h > 460:#define TIOCSCTTY (tIOC|132) /* get a ctty */ This line was introduced was introduced with Patch-ID 120011-14 for Solaris 10_sparc (and 120012-14 for Solaris 10_x86). AFAIK is this the standard kernel for Sol 10u4 (aka Solaris 10 8/07). For older versions without this patch, TIOCSCTTY was not defined.
Success, I commented out that particular line and it works. So this is a solaris issue rather than a samba one?
(In reply to comment #4) > Success, I commented out that particular line and it works. So this is a > solaris issue rather than a samba one? > yes and no The patch from Bug-ID 5121 fixed this issue for Solaris 9 and older (=unpatched) versions of Solaris 10. But with the latest kernel patches for Solaris 10, TIOCSCTTY has become definded, and so the preprocessor will behave different at the line "#if defined(TIOCSCTTY)". (from samba-3.0.28a/source/smbd/chgpasswd.c line 157) #if defined(TIOCSCTTY) if (ioctl(slave, TIOCSCTTY, 0) < 0) { DEBUG(3, ("Error in ioctl call for slave pty\n")); /* return(False); */ } #elif defined(I_PUSH) && defined(I_FIND) if (ioctl(slave, I_FIND, "ptem") == 0) { ioctl(slave, I_PUSH, "ptem"); } if (ioctl(slave, I_FIND, "ldterm") == 0) { ioctl(slave, I_PUSH, "ldterm"); } #endif
Ok, so i assume this will be incorporated into the next release?
Created attachment 3255 [details] simple patch for Solaris a simple patch that should work around this problem without affecting other platforms than Solaris
Quick question -- if Solaris does now define TIOCSCTTY, why does the the ioctl fail? The latest patch seems to just work around the deeper problem. I don't have a patched Solaris around so I can not really try it. Volker
Created attachment 3257 [details] simple patch for Solaris basically the same as before, but now patch tool will work (was too yesterday, sorry)
Well, I could have worked around *that* :-) The question remains: What's the problem with the ioctl now that Solaris has it? Volker
Ok, I can test on nevada, but i wont get a chance to test on solaris 10 for a while. Can someone else test solaris 10?
Nevada being what?
Nevada being solaris community edition, which will turn into Solaris 11
(In reply to comment #10) > Well, I could have worked around *that* :-) > > The question remains: What's the problem with the ioctl now that Solaris has > it? > > Volker > David a Problem with that, and he has a test environment. I have submitted the new patch before reading your comment. I can't tell what exactly is going on, but these lines in the log indicate a problem: [2008/03/31 17:36:24, 3] smbd/chgpasswd.c:(160) Error in ioctl call for slave pty The introduction of a defined TIOCSCTTY trough a patch is also something that leaves me with mixed feelings about Sun's termios.h. Unfortunately I can't find any reason for a change in termios.h on Sunsolve. I don't have an environment with a Samba PDC for testing this myself, but I am willing to dig trough logs and truss outputs :)
You don't need a Samba DC. Just a standalone server and smbpasswd -r. Volker
ok, smbpasswd -r localhost works with the new patch. Is there anything else ye would like me to do
So it's a stated fact now that TIOCSCTTY is broken on Solaris, although it is defined? Volker
Well, as nevada is a development version of solaris. it could be that its temporarily broken. But im neither an expert in solaris or samba, but i know my way around them pretty well.
the more interesting stuff fist: line 460 in /usr/include/sys/termios.h (Patch ID 120011-14) "#define TIOCSCTTY (tIOC|132) /* get a ctty */" and lines 157+158 from samba-3.0.28a/source/smbd/chgpasswd.c "#if defined(TIOCSCTTY)" " if (ioctl(slave, TIOCSCTTY, 0) < 0)" results most likely in this truss line 26487/1: ioctl(26, (('t'<<8)|132), 0x00000000) Err#25 ENOTTY here is the relevant snippet of log.smbd (with debug = 10): 2008/04/10 17:12:38, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2008/04/10 17:12:38, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2008/04/10 17:12:38, 3] smbd/chgpasswd.c:chat_with_program(431) chat_with_program: Dochild for user rs (uid=0,gid=0) (as_root = Yes) [2008/04/10 17:12:38, 3] smbd/chgpasswd.c:dochild(160) Error in ioctl call for slave pty [2008/04/10 17:12:38, 3] smbd/chgpasswd.c:dochild(201) could not read default terminal attributes on pty [2008/04/10 17:12:38, 3] smbd/sec_ctx.c:pop_sec_ctx(356) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2008/04/10 17:12:38, 0] smbd/chgpasswd.c:chat_with_program(441) chat_with_program: Error: dochild() returned 0 [2008/04/10 17:12:38, 5] lib/util_sock.c:read_socket_with_timeout(485) read_socket_with_timeout: timeout read. EOF from client. [2008/04/10 17:12:38, 2] smbd/chgpasswd.c:expect(286) expect: Interrupted system call [2008/04/10 17:12:38, 3] smbd/chgpasswd.c:talktochild(317) Response 1 incorrect and here is truss output (with truss -rall -tall -vall -wall -eafl): 26487/1: c h a t _ w i t h _ p r o g r a m : D o c h i l d f o r 26487/1: u s e r r s ( u i d = 0 , g i d = 0 ) ( a s _ r o o t 26487/1: = Y e s )\n 26487/1: setreuid(0, 0) = 0 26487/1: setuid(0) = 0 26487/1: getuid() = 0 [0] 26487/1: getuid() = 0 [0] 26487/1: setsid() = 26487 26487/1: open64("/dev/pts/3", O_RDWR) = 26 26487/1: ioctl(26, (('t'<<8)|132), 0x00000000) Err#25 ENOTTY 26487/1: time() = 1207840358 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059F450, 55) = 55 26487/1: [ 2 0 0 8 / 0 4 / 1 0 1 7 : 1 2 : 3 8 , 3 ] s m b d / c h 26487/1: g p a s s w d . c : d o c h i l d ( 1 6 0 )\n 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059E878, 36) = 36 26487/1: E r r o r i n i o c t l c a l l f o r s l a v e 26487/1: p t y\n 26487/1: close(19) = 0 26487/1: fcntl(26, F_DUP2FD, 0x00000000) = 0 26487/1: fcntl(26, F_DUP2FD, 0x00000001) = 1 26487/1: fcntl(26, F_DUP2FD, 0x00000002) = 2 26487/1: close(26) = 0 26487/1: ioctl(0, TCGETS, 0xFFBFDAE8) Err#22 EINVAL 26487/1: time() = 1207840358 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059F450, 55) = 55 26487/1: [ 2 0 0 8 / 0 4 / 1 0 1 7 : 1 2 : 3 8 , 3 ] s m b d / c h 26487/1: g p a s s w d . c : d o c h i l d ( 2 0 1 )\n 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059F450, 52) = 52 26487/1: c o u l d n o t r e a d d e f a u l t t e r m i n a 26487/1: l a t t r i b u t e s o n p t y\n 26487/1: getuid() = 0 [0] 26487/1: getgid() = 0 [0] 26487/1: setgroups(0, 0x00000000) = 0 26487/1: setregid(-1, 0) = 0 26487/1: getgid() = 0 [0] 26487/1: setreuid(-1, 0) = 0 26487/1: getuid() = 0 [0] 26487/1: time() = 1207840358 26487/1: getuid() = 0 [0] 26487/1: fstat64(25, 0xFFBFD7C0) = 0 26487/1: d=0x0154000A i=2020 m=0100644 l=1 u=0 g=0 sz=154802 26487/1: at = Apr 10 17:12:10 CEST 2008 [ 1207840330 ] 26487/1: mt = Apr 10 17:12:38 CEST 2008 [ 1207840358 ] 26487/1: ct = Apr 10 17:12:38 CEST 2008 [ 1207840358 ] 26487/1: bsz=8192 blks=320 fs=ufs 26487/1: write(25, 0x0059F500, 57) = 57 26487/1: [ 2 0 0 8 / 0 4 / 1 0 1 7 : 1 2 : 3 8 , 3 ] s m b d / s e 26487/1: c _ c t x . c : p o p _ s e c _ c t x ( 3 5 6 )\n 26487/1: getuid() = 0 [0] 26487/1: getgid() = 0 [0] 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x005E8760, 45) = 45 26487/1: p o p _ s e c _ c t x ( 0 , 0 ) - s e c _ c t x _ s 26487/1: t a c k _ n d x = 2\n 26487/1: time() = 1207840358 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059F500, 65) = 65 26487/1: [ 2 0 0 8 / 0 4 / 1 0 1 7 : 1 2 : 3 8 , 0 ] s m b d / c h 26487/1: g p a s s w d . c : c h a t _ w i t h _ p r o g r a m ( 4 4 1 ) 26487/1: \n 26487/1: getuid() = 0 [0] 26487/1: write(25, 0x0059F450, 49) = 49 26487/1: c h a t _ w i t h _ p r o g r a m : E r r o r : d o c h 26487/1: i l d ( ) r e t u r n e d 0\n 26487/1: _exit(1)
Pushed the patch with 448a8fe6c1 Thanks! Volker