Looks like we do not have self-tests for smbcacls

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Looks like we do not have self-tests for smbcacls

Samba - samba-technical mailing list
Hi folks,

I was trying to set an ACL via smbcacls with the following command:

smbcacls //localhost/someshare some-dir --sddl -Uetc -S
'some-long-sddl-dumped-from-windows-with-smbcacls'

and I got this error:

../source3/rpc_client/cli_pipe.c:568: RPC fault code
DCERPC_NCA_S_OP_RNG_ERROR received from host localhost!

And when I look in the logfile I see:

              level                    : LSA_POLICY_INFO_DOMAIN (3)
[2017/07/12 00:27:29.877240,  4, pid=24646, effective(361800500,
361800513), real(361800500, 0), class=rpc_srv]
../source3/rpc_server/srv_pipe.c:1485(api_rpcTNP)
  api_rpcTNP: fault(469827586) return.
[2017/07/12 00:27:29.877257,  1, pid=24646, effective(361800500,
361800513), real(361800500, 0)]
../librpc/ndr/ndr.c:413(ndr_print_debug)
       &r: struct ncacn_packet
          rpc_vers                 : 0x05 (5)
          rpc_vers_minor           : 0x00 (0)
          ptype                    : DCERPC_PKT_FAULT (3)
          pfc_flags                : 0x23 (35)
                 1: DCERPC_PFC_FLAG_FIRST
                 1: DCERPC_PFC_FLAG_LAST
                 0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
                 0: DCERPC_PFC_FLAG_CONC_MPX
                 1: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
                 0: DCERPC_PFC_FLAG_MAYBE
                 0: DCERPC_PFC_FLAG_OBJECT_UUID
          drep: ARRAY(4)
              [0]                      : 0x10 (16)
              [1]                      : 0x00 (0)
              [2]                      : 0x00 (0)
              [3]                      : 0x00 (0)
          frag_length              : 0x0020 (32)
          auth_length              : 0x0000 (0)
          call_id                  : 0x00000003 (3)
          u                        : union dcerpc_payload(case 3)
          fault: struct dcerpc_fault
              alloc_hint               : 0x00000000 (0)
              context_id               : 0x0000 (0)
              cancel_count             : 0x00 (0)
              status                   : DCERPC_NCA_S_OP_RNG_ERROR (469827586)
              _pad                     : DATA_BLOB length=4


--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Looks like we do not have self-tests for smbcacls

Samba - samba-technical mailing list
On Tue, Jul 11, 2017 at 05:34:56PM -0700, Richard Sharpe via samba-technical wrote:

> Hi folks,
>
> I was trying to set an ACL via smbcacls with the following command:
>
> smbcacls //localhost/someshare some-dir --sddl -Uetc -S
> 'some-long-sddl-dumped-from-windows-with-smbcacls'
>
> and I got this error:
>
> ../source3/rpc_client/cli_pipe.c:568: RPC fault code
> DCERPC_NCA_S_OP_RNG_ERROR received from host localhost!
>
> And when I look in the logfile I see:
>
>               level                    : LSA_POLICY_INFO_DOMAIN (3)
> [2017/07/12 00:27:29.877240,  4, pid=24646, effective(361800500,
> 361800513), real(361800500, 0), class=rpc_srv]
> ../source3/rpc_server/srv_pipe.c:1485(api_rpcTNP)
>   api_rpcTNP: fault(469827586) return.
> [2017/07/12 00:27:29.877257,  1, pid=24646, effective(361800500,
> 361800513), real(361800500, 0)]
> ../librpc/ndr/ndr.c:413(ndr_print_debug)
>        &r: struct ncacn_packet
>           rpc_vers                 : 0x05 (5)
>           rpc_vers_minor           : 0x00 (0)
>           ptype                    : DCERPC_PKT_FAULT (3)
>           pfc_flags                : 0x23 (35)
>                  1: DCERPC_PFC_FLAG_FIRST
>                  1: DCERPC_PFC_FLAG_LAST
>                  0: DCERPC_PFC_FLAG_PENDING_CANCEL_OR_HDR_SIGNING
>                  0: DCERPC_PFC_FLAG_CONC_MPX
>                  1: DCERPC_PFC_FLAG_DID_NOT_EXECUTE
>                  0: DCERPC_PFC_FLAG_MAYBE
>                  0: DCERPC_PFC_FLAG_OBJECT_UUID
>           drep: ARRAY(4)
>               [0]                      : 0x10 (16)
>               [1]                      : 0x00 (0)
>               [2]                      : 0x00 (0)
>               [3]                      : 0x00 (0)
>           frag_length              : 0x0020 (32)
>           auth_length              : 0x0000 (0)
>           call_id                  : 0x00000003 (3)
>           u                        : union dcerpc_payload(case 3)
>           fault: struct dcerpc_fault
>               alloc_hint               : 0x00000000 (0)
>               context_id               : 0x0000 (0)
>               cancel_count             : 0x00 (0)
>               status                   : DCERPC_NCA_S_OP_RNG_ERROR (469827586)
>               _pad                     : DATA_BLOB length=4

Can you get more info on the failure - a capture trace maybe ?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Looks like we do not have self-tests for smbcacls

Samba - samba-technical mailing list
Hi
On 12/07/17 22:25, Jeremy Allison via samba-technical wrote:

> On Tue, Jul 11, 2017 at 05:34:56PM -0700, Richard Sharpe via samba-technical wrote:
>> Hi folks,
>>
>> I was trying to set an ACL via smbcacls with the following command:
>>
>> smbcacls //localhost/someshare some-dir --sddl -Uetc -S
>> 'some-long-sddl-dumped-from-windows-with-smbcacls'
>>
>> and I got this error:
>>
>> ../source3/rpc_client/cli_pipe.c:568: RPC fault code
>> DCERPC_NCA_S_OP_RNG_ERROR received from host localhost!
>>
>> And when I look in the logfile I see:
>>
[...]

Let me shamelessly hijack this thread (sortof), with the attached
patchset (rebased for current master) for my propagate inheritance
related smbcacls changes includes selftests for smbcacls (that can be
fleshed out more). Note: The tests (& my patch) currently fail since
commit 1199907cbe2 "param: change the effective default for "client max
protocol" to the latest supported protocol" Please see the separate
message to the list with title "RFC: smbcacls fails with windows with
SMB2 (succeeds with SMB1 only)" for more details and a 'maybe' fix for
that. Dave, if you have a chance can you have a look at these patches
again :-))

Noel



smbcacls_review#6.patch (121K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Looks like we do not have self-tests for smbcacls

Samba - samba-technical mailing list
On Thu, 20 Jul 2017 14:32:18 +0100, Noel Power wrote:

> Let me shamelessly hijack this thread (sortof), with the attached
> patchset (rebased for current master) for my propagate inheritance
> related smbcacls changes includes selftests for smbcacls (that can be
> fleshed out more). Note: The tests (& my patch) currently fail since
> commit 1199907cbe2 "param: change the effective default for "client max
> protocol" to the latest supported protocol" Please see the separate
> message to the list with title "RFC: smbcacls fails with windows with
> SMB2 (succeeds with SMB1 only)" for more details and a 'maybe' fix for
> that. Dave, if you have a chance can you have a look at these patches
> again :-))

Thanks for bringing this back up, Noel. I'll take a look through the
comments I had last time around and see what's been fixed / needs to be
addressed.

Cheers, David

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Looks like we do not have self-tests for smbcacls

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Hi Noel,

>>> I was trying to set an ACL via smbcacls with the following command:
>>>
>>> smbcacls //localhost/someshare some-dir --sddl -Uetc -S
>>> 'some-long-sddl-dumped-from-windows-with-smbcacls'
>>>
>>> and I got this error:
>>>
>>> ../source3/rpc_client/cli_pipe.c:568: RPC fault code
>>> DCERPC_NCA_S_OP_RNG_ERROR received from host localhost!
>>>
>>> And when I look in the logfile I see:
>>>
> [...]
>
> Let me shamelessly hijack this thread (sortof), with the attached
> patchset (rebased for current master) for my propagate inheritance
> related smbcacls changes includes selftests for smbcacls (that can be
> fleshed out more). Note: The tests (& my patch) currently fail since
> commit 1199907cbe2 "param: change the effective default for "client max
> protocol" to the latest supported protocol" Please see the separate
> message to the list with title "RFC: smbcacls fails with windows with
> SMB2 (succeeds with SMB1 only)" for more details and a 'maybe' fix for
> that. Dave, if you have a chance can you have a look at these patches
> again :-))
I'm sorry, but I'd really like to avoid start using perl scripts for
new tests, would it be possible to do it in python or shell?

metze



signature.asc (853 bytes) Download Attachment
Loading...