#449 Netatalk 3.0 "valid users" does not work on Homes

open
nobody
None
5
2014-01-22
2012-08-05
Anonymous
No

If you have a [Homes] section and use "valid users" on it and groups inside it, the CNID database cannot load and you get a temporary one.

Log shows this:
Aug 5 18:48:20 Server afpd[6695]: transmit: connecting to cnid_dbd ...
Aug 5 18:48:20 Server afpd[6695]: init_tsock: BEGIN. Opening volume '/home/jason', CNID Server: localhost/4700
Aug 5 18:48:20 Server cnid_metad[6687]: main: no volume for path "/home/jason"
Aug 5 18:48:20 Server afpd[6695]: write_vec: wrote 15 bytes
Aug 5 18:48:20 Server cnid_metad[6687]: main: request for volume: /home/jason
Aug 5 18:48:20 Server cnid_metad[6687]: load_volumes: BEGIN
Aug 5 18:48:20 Server cnid_metad[6687]: load_volumes: END
Aug 5 18:48:20 Server cnid_metad[6687]: getvolbypath("/home/jason")
Aug 5 18:48:20 Server cnid_metad[6687]: getvolbypath: user home section: 'Homes', basedir: '/home'
Aug 5 18:48:20 Server cnid_metad[6687]: getvolbypath: basedir regex: '/home', basedir match: "/home"
Aug 5 18:48:20 Server afpd[6695]: init_tsock: ok
Aug 5 18:48:20 Server cnid_metad[6687]: getvolbypath("/home/jason"): user: jason, homedir: /home/jason => volpath: "/home/jason/"
Aug 5 18:48:20 Server cnid_metad[6687]: createvol(volume: 'jason's home', path: "/home/jason/", preset: '-'): BEGIN
Aug 5 18:48:20 Server afpd[6695]: write_vec: wrote 48 bytes
Aug 5 18:48:20 Server afpd[6695]: send_packet: {done}
Aug 5 18:48:20 Server cnid_metad[6687]: createvol: END: 0
Aug 5 18:48:20 Server cnid_metad[6687]: main: no volume for path "/home/jason"
Aug 5 18:48:20 Server afpd[6695]: read: Connection reset by peer
Aug 5 18:48:20 Server afpd[6695]: read: Connection reset by peer
Aug 5 18:48:20 Server afpd[6695]: dbd_rpc: Error reading header from fd (db_dir /home/jason): Connection reset by peer

Eventually get a popup saying something wrong with the CDB using temporary.

Seems to be the cnid_metad is running as root.
cnid_metad during startup seems to load all volumes, and because obj->uid is 0 (root) in load_volumes() it means when createvol() is ultimately called it doesn't validate "valid users" etc because pwd is NULL.
However, when a request comes in for a Home directory, inside getvolbypath() it calls getpwnam(user), and then starts passing this through, so when it comes to validate "valid users" it actually does so. Problem is that in accessvol() it seems to check if the user has access based on the group the cnid_metad is running as, and not based on the passed in pw's groups.

So problem may be in accessvol()... but I'm not really clued up on all the other bits so can't say for sure if changed this will work correctly.

Discussion

  • Tino Hendricks
    Tino Hendricks
    2012-10-03

    I can reproduce and second this with 3.0