[Pkg-samba-maint] Bug#953918: "samba-tool domain backup online" crashes with an error message

bauer.sascha at a1.net bauer.sascha at a1.net
Sat Mar 14 18:27:50 GMT 2020


Package: python-samba
Version: 2:4.9.5+dfsg-5+deb10u1
Severity: important
Tags: patch, buster

When I invoke an online-backup from a samba ad-domain using "samba-tool
domain backup", samba-tool crashes with an error message.

root at dc1:/tmp/bak# samba-tool domain backup online --targetdir=./
--server=dc1.samdom.example.com -UAdministrator
.
.
ERROR(runtime): uncaught exception - (3221225506, '{Access Denied} A process
has requested access to an object but has not been granted those access
rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
177, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain_backup.py",
line 243, in run
    backup_online(smb_conn, sysvol_tar, remote_sam.get_domain_sid())
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 499, in
backup_online
    ntacl_sddl_str = smb_helper.get_acl(r_name, as_sddl=True)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 322, in
get_acl
    smb_path, SECURITY_SECINFO_FLAGS, SECURITY_SEC_FLAGS)


The reason is a bug in "/usr/lib/python2.7/dist-packages/samba/ntacls.py".
The bug is already solved in later version of samba, see this link:
https://bugzilla.samba.org/show_bug.cgi?id=13917
But the bug could also be backported to samba 4.9, which is included in
Debian buster.
All what to do is to replace the line 51 "security.SEC_FLAG_MAXIMUM_ALLOWED"
with "security.SEC_STD_READ_CONTROL" in
"/usr/lib/python2.7/dist-packages/samba/ntacls.py".

I am using Debian GNU/Linux 10 (buster) , kernel 4.19.0-8-amd64 #1 SMP
Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux and libc-2.28-10.



More information about the Pkg-samba-maint mailing list