Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:disco-smbd-startup-with-winbind-1806035 into ubuntu/+source/samba:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. disco-smbd-startup-with-winbind-1806035
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: a026f60fa7928c2748ab7841c7baf2209b45fa7f
Merged at revision: a026f60fa7928c2748ab7841c7baf2209b45fa7f
Proposed branch: ~ahasenack/ubuntu/+source/samba:disco-smbd-startup-with-winbind-1806035
Merge into: ubuntu/+source/samba:ubuntu/devel
Diff against target: 87 lines (+65/-0)
3 files modified
debian/changelog (+9/-0)
debian/patches/series (+1/-0)
debian/patches/smbd-startup-with-winbind.patch (+55/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Ubuntu Sponsors Pending
Canonical Server Core Reviewers Pending
Review via email: mp+361241@code.launchpad.net

Description of the change

This is the upstream fix for this issue.

bileto ticket (ongoing as I write this): https://bileto.ubuntu.com/#/ticket/3573

To test:
* confirming the bug first:
lxc launch ubuntu-daily:disco disco-samba-winbind
lxc exec disco-samba-winbind bash
apt update && apt dist-upgrade -y
echo "deb http://archive.ubuntu.com/ubuntu disco-proposed main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
apt update
apt install samba winbind -y
The above confirms the bug: smbd fails to start

Testing the fix:
add-apt-repository ppa:ci-train-ppa-service/3573 -y -u
apt install samba winbind

This time, smbd should start just fine.

I verified it with a manual build of samba, while bileto is still building things.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I forgot that bileto won't pass because it needs proposed enabled.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

LGTM thanks for the effort

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 444b0ec..d1cbc37 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
1samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
2
3 * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
4 failing without a valid idmap configuration. This fixes the smbd startup
5 on a standalone server where winbind is available and running. Thanks to
6 Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
7
8 -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
9
1samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium10samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
211
3 * Merge with Debian unstable. Remaining changes:12 * Merge with Debian unstable. Remaining changes:
diff --git a/debian/patches/series b/debian/patches/series
index 3a53630..87563de 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,4 @@ CVE-2018-16851-master.patch
13CVE-2018-16852-v4-9-v2.patch13CVE-2018-16852-v4-9-v2.patch
14mit-kdc-experimental-v4-7.patch14mit-kdc-experimental-v4-7.patch
15CVE-2018-16857-v4-9.patch15CVE-2018-16857-v4-9.patch
16smbd-startup-with-winbind.patch
diff --git a/debian/patches/smbd-startup-with-winbind.patch b/debian/patches/smbd-startup-with-winbind.patch
16new file mode 10064417new file mode 100644
index 0000000..dda4258
--- /dev/null
+++ b/debian/patches/smbd-startup-with-winbind.patch
@@ -0,0 +1,55 @@
1From 1e8931dfc24a2576a3b1fe9115c4ccbfefbbd298 Mon Sep 17 00:00:00 2001
2From: Stefan Metzmacher <metze@samba.org>
3Date: Wed, 19 Dec 2018 09:38:33 +0100
4Subject: [PATCH] s3:auth: ignore create_builtin_guests() failing without a
5 valid idmap configuration
6
7This happens on standalone servers, where winbindd is automatically
8started by init scripts if it's installed. But it's not really
9used and may not have a valid idmap configuration (
10"idmap config * : range" has no default!)
11
12BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697
13
14Signed-off-by: Stefan Metzmacher <metze@samba.org>
15Reviewed-by: Alexander Bokovoy <ab@samba.org>
16(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1)
17Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1806035
18Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909465
19Origin: https://attachments.samba.org/attachment.cgi?id=14752
20---
21 source3/auth/token_util.c | 18 +++++++++++++++++-
22 1 file changed, 17 insertions(+), 1 deletion(-)
23
24diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
25index f5b0e6944335..ee38d6c9645b 100644
26--- a/source3/auth/token_util.c
27+++ b/source3/auth/token_util.c
28@@ -745,7 +745,23 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
29 status = create_builtin_guests(domain_sid);
30 unbecome_root();
31
32- if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
33+ /*
34+ * NT_STATUS_PROTOCOL_UNREACHABLE:
35+ * => winbindd is not running.
36+ *
37+ * NT_STATUS_ACCESS_DENIED:
38+ * => no idmap config at all
39+ * and wbint_AllocateGid()/winbind_allocate_gid()
40+ * failed.
41+ *
42+ * NT_STATUS_NO_SUCH_GROUP:
43+ * => no idmap config at all and
44+ * "tdbsam:map builtin = no" means
45+ * wbint_Sids2UnixIDs() fails.
46+ */
47+ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) ||
48+ NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
49+ NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) {
50 /*
51 * Add BUILTIN\Guests directly to token.
52 * But only if the token already indicates
53--
542.17.1
55

Subscribers

People subscribed via source and target branches