[Pkg-samba-maint] Bug#700729: swat: Password management has stopped working

Roger Lynn Roger at rilynn.me.uk
Mon Feb 18 11:48:29 UTC 2013


On 18/02/2013 00:00, Andrew Bartlett wrote:
> On Sat, 2013-02-16 at 18:24 +0000, Roger Lynn wrote:
>> At some point in the last month server password management using Swat has
>> stopped working. Swat can be logged into and the old and new server passwords
>> entered, but choosing "Change Password" appears to just reload the page
>> without changing anything. Entering the wrong old password or mismatching
>> new passwords does the same thing.
>> 
>> The only relevant logging I can find is in /var/log/samba/log. which has
>> recently started getting lots of lines like this when Swat is used:
>> 
>> [2013/02/16 15:02:30.297508,  0] passdb/secrets.c:76(secrets_init)
>>   Failed to open /var/lib/samba/secrets.tdb
> 
>> As my only use of Swat is to allow users to change their passwords, this has
>> had a major affect on the usability of the package.
> 
> Please report upstream.  We may somehow be able to obtain the CSRF token
> and store it in memory before we become the non-privileged user. 
> 
> Just to be sure, are you running SWAT as root, from xinetd?

SWAT is being run by stunnel, which is running in daemon mode. I couldn't
get it to work from inetd. The relevant part of my stunnel configuration
looks like this:

[swat]
accept  = 192.168.10.1:901
exec    = /usr/sbin/swat
execargs = swat -P

According to ps SWAT is running as user root. It used to work and I don't
think anything has changed here so I presume SWAT has the necessary privileges.

I will attempt to report this upstream. I'd be grateful if any fixes could
be backported to Debian Wheezy, release policy permitting, as this appears
to be a regression caused by a security update.

Thanks,

Roger



More information about the Pkg-samba-maint mailing list