Opened 13 years ago

Closed 7 years ago

#34572 closed defect (duplicate)

samba3 @3.6.5 fails to initialize on startup

Reported by: jim@… Owned by: macports-tickets@…
Priority: Normal Milestone:
Component: ports Version: 2.1.1
Keywords: Cc: ayearout@…, thomas-corte, eduo@…, flexcode@…, cooljeanius (Eric Gallager)
Port: samba3

Description (last modified by ryandesign (Ryan Carsten Schmidt))

The latest SAMBA fails to initialize on startup. This seems to be related to the low value of NAX_NGROUPS in the Darwin Kernel.

Here is the link that I found describing the problem:

http://www.sand4.info/index.php?q=aHR0cHM6Ly9naXN0LmdpdGh1Yi5jb20vMTg4ODc3OA%3D%3D

In it they show the hack:

--- system.c.orig	2012-02-22 22:46:14.000000000 -0200
+++ system.c	2012-02-22 22:47:51.000000000 -0200
@@ -1161,7 +1161,14 @@
 
 int groups_max(void)
 {
-#if defined(SYSCONF_SC_NGROUPS_MAX)
+#if defined(DARWINOS)
+	/* On OS X, sysconf(_SC_NGROUPS_MAX) returns 16
+	 * due to OS X's group nesting and getgrouplist
+	 * will return a flat list; users can exceed the
+	 * maximum of 16 groups. And easily will.
+	 */
+	return 32; // NGROUPS_MAX is defined, hence the define above is void.
+#elif defined(SYSCONF_SC_NGROUPS_MAX)
 	int ret = sysconf(_SC_NGROUPS_MAX);
 	return (ret == -1) ? NGROUPS_MAX : ret;
 #else

I haven't looked into this in any detail. Maybe someone else is more familiar with the code.

Attachments (1)

patch-source_lib_system_smbd_c.diff (351 bytes) - added by ayearout@… 12 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 Changed 13 years ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)
Keywords: SAMBA removed
Owner: changed from macports-tickets@… to mww@…
Port: samba3 added; 3.6.5 removed
Summary: SAMBA 3.6.5 Fails on 10.7samba3 @3.6.5 fails to initialize on startup

Please remember to use WikiFormatting, to fill in the Port field, and to Cc the maintainer of the port.

comment:2 Changed 12 years ago by eduo@…

This patch doesn't fix the problem. Macports has deployed this fix and updated the port only to have it coredump on everyone who has more than 15 groups on a user.

comment:3 Changed 12 years ago by eduo@…

Reviewing my comment: I don't criticize macports adding the patch. But now there's a non-working samba port for a lot of Lion users (most, probably). I think 3.6.5 should be rolled back to the previously-working version (this is a 3.6-specific issue in Lion).

comment:4 Changed 12 years ago by ayearout@…

The problem with the original patch, as far as I can tell, is that the SYS_initgroups() system call in smbd/sec_ctx.c requires that groups_max() return the correct value. If it is greater than the system defined NGROUPS_MAX, SYS_initgroups() throws an "Invalid argument" error and returns -1, causing the smbd process to bail.

The below patch solves the problem by going a different route:

--- lib/system_smbd.c.orig	2012-07-29 19:48:57.000000000 -0700
+++ lib/system_smbd.c	2012-07-29 19:49:09.000000000 -0700
@@ -210,7 +210,11 @@
 	gid_t *groups;
 	int i;
 
+#if defined(DARWINOS)
+	max_grp = 128;
+#else
 	max_grp = MIN(128, groups_max());
+#endif
 	temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
 	if (! temp_groups) {
 		return False;

I modified the getgroups_unix_user() call in lib/system_smbd.c to allow users to be in more than the 16 group maximum if compiled on Darwin platforms. The patch specifies a static value of 128, which should work in most cases. This still functions correctly because Darwin's getgroups() call will happily return more groups than what is defined in NGROUPS_MAX if the correct macros are defined. It's only when using setgroups() or the SYS_initgroups() system call that you run into the limit problems.

I've tested the patch on my system using Samba 3.6.6 with no issues. A user in 20 groups correctly resolves all groups. I also configured a test share with 20 individual folders, each with different group permissions, and Samba correctly resolved the permissions for all folders.

I hope this helps others! I've attached the patch as a file as well.

Changed 12 years ago by ayearout@…

comment:5 Changed 12 years ago by ayearout@…

Cc: ayearout@… added

Cc Me!

comment:6 Changed 12 years ago by thomas-corte

Cc: Thomas.Corte@… added

Cc Me!

comment:7 Changed 12 years ago by eduo@…

Cc: eduo@… added

Cc Me!

comment:8 Changed 12 years ago by flexcode@…

Cc: flexcode@… added

Cc Me!

comment:9 in reply to:  4 Changed 12 years ago by flexcode@…

Replying to ayearout@…:

The problem with the original patch, as far as I can tell, is that the SYS_initgroups() system call in smbd/sec_ctx.c requires that groups_max() return the correct value. If it is greater than the system defined NGROUPS_MAX, SYS_initgroups() throws an "Invalid argument" error and returns -1, causing the smbd process to bail.

The below patch solves the problem by going a different route:

--- lib/system_smbd.c.orig	2012-07-29 19:48:57.000000000 -0700
+++ lib/system_smbd.c	2012-07-29 19:49:09.000000000 -0700
@@ -210,7 +210,11 @@
 	gid_t *groups;
 	int i;
 
+#if defined(DARWINOS)
+	max_grp = 128;
+#else
 	max_grp = MIN(128, groups_max());
+#endif
 	temp_groups = SMB_MALLOC_ARRAY(gid_t, max_grp);
 	if (! temp_groups) {
 		return False;

I modified the getgroups_unix_user() call in lib/system_smbd.c to allow users to be in more than the 16 group maximum if compiled on Darwin platforms. The patch specifies a static value of 128, which should work in most cases. This still functions correctly because Darwin's getgroups() call will happily return more groups than what is defined in NGROUPS_MAX if the correct macros are defined. It's only when using setgroups() or the SYS_initgroups() system call that you run into the limit problems.

I've tested the patch on my system using Samba 3.6.6 with no issues. A user in 20 groups correctly resolves all groups. I also configured a test share with 20 individual folders, each with different group permissions, and Samba correctly resolved the permissions for all folders.

I hope this helps others! I've attached the patch as a file as well.

Is there something else needed to patch with? I've tried following the instructions but obviously I'm missing something here

osx:samba3 rick$ patch -p0 < ~/Downloads/patch-source_lib_system_smbd_c.diff
can't find file to patch at input line 3
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|--- lib/system_smbd.c.orig     2012-07-29 19:48:57.000000000 -0700
|+++ lib/system_smbd.c  2012-07-29 19:49:09.000000000 -0700
--------------------------
File to patch:

It just asks me what to patch and if I enter Portfile it fails

comment:10 Changed 12 years ago by jmroot (Joshua Root)

Owner: changed from mww@… to macports-tickets@…

-> nomaintainer

comment:11 Changed 12 years ago by jmroot (Joshua Root)

Upstream report: https://bugzilla.samba.org/show_bug.cgi?id=8773 (which has the same patch attached as here, and says it is incorrect)

comment:12 Changed 11 years ago by jeremyhu (Jeremy Huddleston Sequoia)

Dupe of #30951

comment:13 Changed 10 years ago by cooljeanius (Eric Gallager)

Cc: egall@… added

Cc Me!

comment:14 Changed 7 years ago by jmroot (Joshua Root)

Resolution: duplicate
Status: newclosed
Note: See TracTickets for help on using tickets.