Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:disco-smbd-startup-with-winbind-1806035 into ubuntu/+source/samba:ubuntu/devel

  1. Git
  2. lp:~ahasenack/ubuntu/+source/samba
  3. disco-smbd-startup-with-winbind-1806035
  4. Merge into ubuntu/devel
Proposed by Andreas Hasenack
Status: Merged
Approved by: Andreas Hasenack
Approved revision: a026f60fa7928c2748ab7841c7baf2209b45fa7f
Merged at revision: a026f60fa7928c2748ab7841c7baf2209b45fa7f
Proposed branch: ~ahasenack/ubuntu/+source/samba:disco-smbd-startup-with-winbind-1806035
Merge into: ubuntu/+source/samba:ubuntu/devel
Diff against target: 87 lines (+65/-0)
3 files modified
debian/changelog (+9/-0)
debian/patches/series (+1/-0)
debian/patches/smbd-startup-with-winbind.patch (+55/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Ubuntu Sponsors Pending
Canonical Server Core Reviewers Pending
Review via email: mp+361241@code.launchpad.net

Description of the change

This is the upstream fix for this issue.

bileto ticket (ongoing as I write this): https://bileto.ubuntu.com/#/ticket/3573

To test:
* confirming the bug first:
lxc launch ubuntu-daily:disco disco-samba-winbind
lxc exec disco-samba-winbind bash
apt update && apt dist-upgrade -y
echo "deb http://archive.ubuntu.com/ubuntu disco-proposed main restricted universe multiverse" | sudo tee -a /etc/apt/sources.list
apt update
apt install samba winbind -y
The above confirms the bug: smbd fails to start

Testing the fix:
add-apt-repository ppa:ci-train-ppa-service/3573 -y -u
apt install samba winbind

This time, smbd should start just fine.

I verified it with a manual build of samba, while bileto is still building things.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I forgot that bileto won't pass because it needs proposed enabled.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

LGTM thanks for the effort

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Thanks, tagged and uploaded

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index 444b0ec..d1cbc37 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+samba (2:4.9.2+dfsg-2ubuntu2) disco; urgency=medium
7+
8+ * d/p/smbd-startup-with-winbind.patch: ignore create_builtin_guests()
9+ failing without a valid idmap configuration. This fixes the smbd startup
10+ on a standalone server where winbind is available and running. Thanks to
11+ Stefan Metzmacher <metze@samba.org>. (LP: #1806035)
12+
13+ -- Andreas Hasenack <andreas@canonical.com> Fri, 21 Dec 2018 10:39:23 -0200
14+
15 samba (2:4.9.2+dfsg-2ubuntu1) disco; urgency=medium
16
17 * Merge with Debian unstable. Remaining changes:
18diff --git a/debian/patches/series b/debian/patches/series
19index 3a53630..87563de 100644
20--- a/debian/patches/series
21+++ b/debian/patches/series
22@@ -13,3 +13,4 @@ CVE-2018-16851-master.patch
23 CVE-2018-16852-v4-9-v2.patch
24 mit-kdc-experimental-v4-7.patch
25 CVE-2018-16857-v4-9.patch
26+smbd-startup-with-winbind.patch
27diff --git a/debian/patches/smbd-startup-with-winbind.patch b/debian/patches/smbd-startup-with-winbind.patch
28new file mode 100644
29index 0000000..dda4258
30--- /dev/null
31+++ b/debian/patches/smbd-startup-with-winbind.patch
32@@ -0,0 +1,55 @@
33+From 1e8931dfc24a2576a3b1fe9115c4ccbfefbbd298 Mon Sep 17 00:00:00 2001
34+From: Stefan Metzmacher <metze@samba.org>
35+Date: Wed, 19 Dec 2018 09:38:33 +0100
36+Subject: [PATCH] s3:auth: ignore create_builtin_guests() failing without a
37+ valid idmap configuration
38+
39+This happens on standalone servers, where winbindd is automatically
40+started by init scripts if it's installed. But it's not really
41+used and may not have a valid idmap configuration (
42+"idmap config * : range" has no default!)
43+
44+BUG: https://bugzilla.samba.org/show_bug.cgi?id=13697
45+
46+Signed-off-by: Stefan Metzmacher <metze@samba.org>
47+Reviewed-by: Alexander Bokovoy <ab@samba.org>
48+(cherry picked from commit 865538fabaea33741f5fa542dbc3f2e08308c2c1)
49+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1806035
50+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909465
51+Origin: https://attachments.samba.org/attachment.cgi?id=14752
52+---
53+ source3/auth/token_util.c | 18 +++++++++++++++++-
54+ 1 file changed, 17 insertions(+), 1 deletion(-)
55+
56+diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
57+index f5b0e6944335..ee38d6c9645b 100644
58+--- a/source3/auth/token_util.c
59++++ b/source3/auth/token_util.c
60+@@ -745,7 +745,23 @@ NTSTATUS finalize_local_nt_token(struct security_token *result,
61+ status = create_builtin_guests(domain_sid);
62+ unbecome_root();
63+
64+- if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) {
65++ /*
66++ * NT_STATUS_PROTOCOL_UNREACHABLE:
67++ * => winbindd is not running.
68++ *
69++ * NT_STATUS_ACCESS_DENIED:
70++ * => no idmap config at all
71++ * and wbint_AllocateGid()/winbind_allocate_gid()
72++ * failed.
73++ *
74++ * NT_STATUS_NO_SUCH_GROUP:
75++ * => no idmap config at all and
76++ * "tdbsam:map builtin = no" means
77++ * wbint_Sids2UnixIDs() fails.
78++ */
79++ if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE) ||
80++ NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
81++ NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_GROUP)) {
82+ /*
83+ * Add BUILTIN\Guests directly to token.
84+ * But only if the token already indicates
85+--
86+2.17.1
87+

Subscribers

People subscribed via source and target branches