Merge ~ahasenack/ubuntu/+source/samba:samba-kerberos-method-crash-1761737 into ubuntu/+source/samba:ubuntu/devel
| Status: | Merged | ||||
|---|---|---|---|---|---|
| Merge reported by: | Christian Ehrhardt | ||||
| Merged at revision: | 940122ee6a50d190e6fc3d9f2da90369a10cb26b | ||||
| Proposed branch: | ~ahasenack/ubuntu/+source/samba:samba-kerberos-method-crash-1761737 | ||||
| Merge into: | ubuntu/+source/samba:ubuntu/devel | ||||
| Diff against target: |
67 lines (+45/-0) 3 files modified
debian/changelog (+8/-0) debian/patches/passdb_dont_return_ok_if_pinfo_not_filled.patch (+36/-0) debian/patches/series (+1/-0) |
||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Christian Ehrhardt (community) | Approve | ||
| Canonical Server Core Reviewers | Pending | ||
|
Review via email:
|
|||
Commit message
* debian/
[PATCH] s3:passdb: Do not return OK if we don't have pinfo filled.
Thanks to Andreas Schneider <email address hidden>. (LP: #1761737)
Description of the change
This fixes a crash in samba when "kerberos method" is set to "secrets and keytab" and the machine was not joined to an active directory domain with "net ads join".
To reproduce the crash:
sudo apt install samba smbclient
# create this /etc/samba/
[global]
dns proxy = No
domain master = No
kerberos method = secrets and keytab
local master = No
log file = /var/log/
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/
passwd chat = *Enter\
passwd program = /usr/bin/passwd %u
security = USER
server role = standalone server
server string = %h %a
syslog = 0
unix password sync = Yes
usershare allow guests = Yes
idmap config * : backend = tdb
# restart samba
sudo systemctl restart smbd nmbd
# try to get a share list. It will fail with an error, and a stack trace will be in the samba logs:
$ smbclient -L localhost -N
protocol negotiation failed: NT_STATUS_
/var/log/
PPA with fixed packages:
sudo add-apt-repository -y -u ppa:ahasenack/
I haven't checked yet if artful and older are affected, the reporter says no. I also think only 4.7.x is affected, so that means bionic only.
| Christian Ehrhardt (paelzer) wrote | # |
Patch review - ok
Format/Changelog - ok
Upgrading to new version - ok
Test the fixed issue - ok (verified trigger and fix via ppa)
Versions/Bug tracking - Given the timing you might need to change this to be an early SRU.
I checked with the release Team for another change this morning (but the same is true for all packages for a few days already - a.k.a since the MP is up).
TL;DR:
...
it would need to be a targeted fix in order to be accepted
if it's anything that looks non-trivial upon code inspection by a release team member, it'll likely get kicked back; you can always upload it and try, though
...
So we can go,as is today and rewrite it to be an SRU if rejected by the release Team.
A ping after the upload would be good thou.
Speaking of uploads please ping me if you need help sponsoring or want tags pushed.