RE: Annoying Minor Bug In Winbind 2.2.x
On 19 Feb 2003, Andrew Esh wrote: It's probably a line count thing. The head of the patch contains a certain range of lines that the patch should apply to. If you truncated the patch at the bottom, the header could be telling patch it needs to add, for example, 30 lines, while the patch text only contains 28 ... That line of stars is part of the patch, and maybe a few blank lines below it. Thanks - that was it - the two blank lines below the line of stars were part of the patch (a fact I was able to confirm by comparing with the CVS web ref Martin posted) but I'd missed them out. Patch applied - now recompiling Samba ... done. And now it works fine - I can restart winbindd to my heart's content and /tmp/.winbindd gets created with the right permissions and everybody's happy :) Thanks for bearing with me. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
RE: Annoying Minor Bug In Winbind 2.2.x
It's probably a line count thing. The head of the patch contains a certain range of lines that the patch should apply to. If you truncated the patch at the bottom, the header could be telling patch it needs to add, for example, 30 lines, while the patch text only contains 28. Go back to the email and copy/paste lines from the email into your patch file at the bottom, down to but not including the two dashes above Martin's signature, and see if that helps. That line of stars is part of the patch, and maybe a few blank lines below it. Make the part of the patch at the bottom, below the lines with the plus signs, match what is already in the target file. -Original Message- From: Boyce, Nick [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 18, 2003 2:58 PM To: [EMAIL PROTECTED] Cc: 'Martin Pool' Subject: RE: Annoying Minor Bug In Winbind 2.2.x On 18 Feb 2003, Martin Pool wrote : Jeremy already committed my patch to SAMBA_2_2 CVS. Here's the patch. Index: util_sock.c === RCS file: /data/cvs/samba/source/lib/util_sock.c,v retrieving revision 1.16.4.36 retrieving revision 1.16.4.37 diff -u -u -p -r1.16.4.36 -r1.16.4.37 [snip] I'm sorry - I'm probably doing something dumb, but I still get failures even with this patch - first, if I save the patch as it appeared in my Outlook window, then line 25 consists of a single left brace char, which results in : MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock-20030218 patching file util_sock.c patch: malformed patch at line 25: { So assuming line-wrap did something Bad to that line, I edited the patch file to stick that line onto the end of line 24, resulting in : MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock-20030218 patching file util_sock.c Hunk #1 FAILED at 1021. 1 out of 1 hunk FAILED -- saving rejects to file util_sock.c.rej and I don't know enough about what I'm looking at to figure it out. In general the best thing to do now is leave the main diff alone, and only work on the rejected parts in the .rej file. Basically you need to work out why patch thinks the 2.2 source file doesn't look like the before version of the rejected patch. OK - hang on ... right, it seems the real original 2.2.7a util_sock.c really *does* have the { on line 25 all by itself - but since that gave me malformed patch, I assume the patch needs a rediff ??? Here goes : MYBOX:/usr/local/src/samba-2.2.7a/source/lib# rediff patch-util_sock-20030218.orig patch-util_sock-20030218 Index: util_sock.c === RCS file: /data/cvs/samba/source/lib/util_sock.c,v retrieving revision 1.16.4.36 retrieving revision 1.16.4.37 diff -u -u -p -r1.16.4.36 -r1.16.4.37 rediff: Not supported: -{ OK - I give up for now ... hlp :( [sorry .. for all this trouble over such a minor thing] Nick Boyce EDS Southwest Solution Centre, Bristol, UK -Original Message- From: 'Martin Pool' [mailto:[EMAIL PROTECTED]] Sent: 17 February 2003 23:08 To: Boyce, Nick Cc: [EMAIL PROTECTED] Subject: Re: Annoying Minor Bug In Winbind 2.2.x Oh, Jeremy already committed my patch to SAMBA_2_2 CVS. Here's the patch. Index: util_sock.c === RCS file: /data/cvs/samba/source/lib/util_sock.c,v retrieving revision 1.16.4.36 retrieving revision 1.16.4.37 diff -u -u -p -r1.16.4.36 -r1.16.4.37 --- util_sock.c 26 Aug 2002 20:07:13 - 1.16.4.36 +++ util_sock.c 7 Feb 2003 22:04:37 - 1.16.4.37 @@ -1021,102 +1021,97 @@ char *get_socket_addr(int fd) /*** Create protected unix domain socket. - some unixen cannot set permissions on a ux-dom-sock, so we + Some unixes cannot set permissions on a ux-dom-sock, so we have to make sure that the directory contains the protection - permissions, instead. + permissions instead. **/ + int create_pipe_sock(const char *socket_dir, - const char *socket_name, - mode_t dir_perms) + const char *socket_name, + mode_t dir_perms) { -struct sockaddr_un sunaddr; -struct stat st; -int sock; -mode_t old_umask; -pstring path; - -/* Create the socket directory or reuse the existing one */ - -if (lstat(socket_dir, st) == -1) { - -if (errno == ENOENT) { - -/* Create directory
Re: Annoying Minor Bug In Winbind 2.2.x
On 18 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: I'm sorry - I'm probably doing something dumb, but I still get failures even with this patch - first, if I save the patch as it appeared in my Outlook window, then line 25 consists of a single left brace char, which results in : You can also download the patch from here http://pserver.samba.org/cgi-bin/cvsweb/samba/source/lib/util_sock.c.diff?r1=1.16.4.36r2=1.16.4.37 In general you can try using view source to get a version that's not folded/spindled/mutilated by Outlook, or the very cool unwrapdiff to try to fix the line wrapping. Thanks for persisting. -- Martin
Re: Annoying Minor Bug In Winbind 2.2.x
On 17 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: OK - I've been trying to apply the patch that Tim posted (to supersede Martin's first cut) to the Samba 2.2.7a source file for util_sock.c, but get errors applying the patch no matter what I do. Thanks for trying that. I guess the posted patch was against CVS, so could someone please repost the patch for the 2.2.7a-rel version of the file ? I'll do that. -- Martin If it's worth doing, it's worth doing for money.
Re: Annoying Minor Bug In Winbind 2.2.x
On 17 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: Here's what I get if I apply the posted patch : As I said I'll send you an update just for 2.2. But in general, in case you're interested, here are some tips on applying mismatched patches: MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock.txt.orig patching file util_sock.c Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines). Hunk #2 FAILED at 1037. Hunk #3 FAILED at 1094. 2 out of 3 hunks FAILED -- saving rejects to file util_sock.c.rej In general the best thing to do now is leave the main diff alone, and only work on the rejected parts in the .rej file. Basically you need to work out why patch thinks the 2.2 source file doesn't look like the before version of the rejected patch. After deleting the line containing #ifdef HAVE_UNIXSOCKET (because I noticed it doesn't appear in my 2.2.7a version of util_sock.c), I get a little further : MYBOX:/usr/local/src/samba-2.2.7a/source/lib# patch util_sock.c patch-util_sock.txt patching file util_sock.c Hunk #1 succeeded at 1018 with fuzz 2 (offset 133 lines). patch: malformed patch at line 102: @@ -966,25 +961,26 @@ Do you mean you deleted that line from the patch? That's probably what is causing the malformed patch error: the line numbers in the patch no longer add up. However, if you install the patchutils package, then you can run recountdiff to fix the lines up after you edit a diff, and it should then apply. patchutils is very very cool. -- Martin
RE: Annoying Minor Bug In Winbind 2.2.x
On 7 Feb 2003, Martin Pool wrote: On 6 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: I find what seems to be an obvious, simple and annoying buggette - if I stop and restart winbind (the sort of thing you do a lot at this stage) then it fails to restart, with this message in /var/log/samba/log.winbindd : invalid permissions on socket directory /tmp/.winbindd Here's the permissions : /etc# ls -ld /tmp/.w* drwxr-x---2 root root 4096 Feb 6 21:33 /tmp/.winbindd The error is emitted from create_pipe_sock, which checks that the permissions on the directory are exactly what winbind expects them to be (0755). Obviously those permissions are not correct, which would seem to be a problem because it might prevent non-root processes from accessing winbindd. This looks very much like a umask problem. Thanks - that was it. I now have a script /usr/local/bin/winbind, which does umask 000 /etc/init.d/winbind $1 umask 027 and everything is working ok now - I can stop restart winbind to my heart's content without any problem (well no socket directory permissions problems anyway ;-) [ I'm afraid I always run with umask=027 ... it's a hangover from my mainframe days ... I can't get away from the idea that you should grant only the access that is needed ... all files world-readable by default ? ... Just Say No ] Thanks a lot. Nick Boyce EDS Southwest Solution Centre, Bristol, UK
Re: Annoying Minor Bug In Winbind 2.2.x
On 7 Feb 2003, Boyce, Nick [EMAIL PROTECTED] wrote: Thanks - that was it. I now have a script /usr/local/bin/winbind, which does umask 000 /etc/init.d/winbind $1 umask 027 and everything is working ok now - I can stop restart winbind to my heart's content without any problem (well no socket directory permissions problems anyway ;-) You would be better off -- and you would be helping us too -- if you would apply the patch and let us know if it works. (I'm pretty sure it will, but it's always worth testing.) That way, rather than a temporary workaround, there will be a proper fix for future releases. Thanks, [ I'm afraid I always run with umask=027 ... it's a hangover from my mainframe days ... I can't get away from the idea that you should grant only the access that is needed ... all files world-readable by default ? ... Just Say No ] That's fine, winbindd ought to work with that. -- Martin
Annoying Minor Bug In Winbind 2.2.x
As per my message an hour or so ago, I'm trying to get the winbind that comes with Debian 3.0 Samba 2.2.3a-12 configured to allow me to telnet into the box with authentication handed off to a real NT domain. Anyway, even before I really get started, I find what seems to be an obvious, simple and annoying buggette - if I stop and restart winbind (the sort of thing you do a lot at this stage) then it fails to restart, with this message in /var/log/samba/log.winbindd : invalid permissions on socket directory /tmp/.winbindd Here's the permissions : /etc# ls -ld /tmp/.w* drwxr-x---2 root root 4096 Feb 6 21:33 /tmp/.winbindd A quick Google Groups search (Samba.org's own archives being unsearchable) comes up with just one hit : http://groups.google.com/groups?q=%22invalid+permissions+on+socket+directory +/tmp/.winbindd%22hl=enlr=ie=UTF-8oe=UTF-8selm=b29cf7d1.0301240738.6e61 2f4a%40posting.google.comrnum=1 This guy's solution certainly works for me (simply rename the faulty socket directory out of harm's way), but ... surely you folks saw this buggette a few lightyears ago down the way. Is it a known bug ? Does a later Samba 2.2.x version fix it ? Cheers, Nick Boyce EDS Southwest Solution Centre, Bristol, UK
Re: Annoying Minor Bug In Winbind 2.2.x
On Fri, Feb 07, 2003 at 12:23:30PM +1100, Martin Pool wrote: The bug apparently came in Andrew Bartlett's merge in 1.45; the provenance of it I don't know. (TNG?) This patch ought to be applied to 2.2, HEAD, 3.0, and APPL_HEAD. Tim, how's this patch? How about this - I've collapsed the two error exits into one. Tim. Index: lib/util_sock.c === RCS file: /data/cvs/samba/source/lib/util_sock.c,v retrieving revision 1.75 diff -u -r1.75 util_sock.c --- lib/util_sock.c 9 Jan 2003 06:58:07 - 1.75 +++ lib/util_sock.c 7 Feb 2003 04:51:10 - @@ -885,13 +885,18 @@ } -/*** - Create protected unix domain socket. - - some unixen cannot set permissions on a ux-dom-sock, so we - have to make sure that the directory contains the protection - permissions, instead. - **/ +/** + * Create protected unix domain socket. + * + * Some unixen cannot set permissions on a ux-dom-sock, so we have to + * make sure that the directory contains the protection permissions, + * instead. + * + * It must be possible to access the socket from unprivileged + * programs, even if the daemon is started with a restrictive umask. + * Therefore is is temporarily removed while creating the directory + * and socket. + **/ int create_pipe_sock(const char *socket_dir, const char *socket_name, mode_t dir_perms) @@ -899,60 +904,50 @@ #ifdef HAVE_UNIXSOCKET struct sockaddr_un sunaddr; struct stat st; -int sock; +int sock = -1; mode_t old_umask; pstring path; +old_umask = umask(0); + /* Create the socket directory or reuse the existing one */ if (lstat(socket_dir, st) == -1) { - if (errno == ENOENT) { - -/* Create directory */ - if (mkdir(socket_dir, dir_perms) == -1) { DEBUG(0, (error creating socket directory %s: %s\n, socket_dir, strerror(errno))); -return -1; + goto error; } - } else { - DEBUG(0, (lstat failed on socket directory %s: %s\n, socket_dir, strerror(errno))); -return -1; + goto error; } - } else { - /* Check ownership and permission on existing directory */ - if (!S_ISDIR(st.st_mode)) { DEBUG(0, (socket directory %s isn't a directory\n, socket_dir)); -return -1; + goto error; } if ((st.st_uid != sec_initial_uid()) || ((st.st_mode 0777) != dir_perms)) { DEBUG(0, (invalid permissions on socket directory %s\n, socket_dir)); -return -1; + goto error; } } /* Create the socket file */ -old_umask = umask(0); - sock = socket(AF_UNIX, SOCK_STREAM, 0); if (sock == -1) { perror(socket); - umask(old_umask); -return -1; + goto error; } snprintf(path, sizeof(path), %s/%s, socket_dir, socket_name); @@ -966,25 +961,26 @@ DEBUG(0, (bind failed on pipe socket %s: %s\n, path, strerror(errno))); -close(sock); - umask(old_umask); -return -1; + goto error; } if (listen(sock, 5) == -1) { DEBUG(0, (listen failed on pipe socket %s: %s\n, path, strerror(errno))); -close(sock); - umask(old_umask); -return -1; + goto error; } umask(old_umask); - -/* Success! */ - -return sock; +return sock; /* success */ + +error: + if (sock != -1) + close(sock); + + umask(old_umask); + return -1; + #else DEBUG(0, (create_pipe_sock: No Unix sockets on this system\n)); return -1;