Ubuntu
samba package

Merge ~ahasenack/ubuntu/+source/samba:fix-printing-1951490-jammy into ubuntu/+source/samba:ubuntu/devel

Proposed by Andreas Hasenack on 2022-03-10

Status:

Merged

Merged at revision:

1e9cf65c8c9c9f440f365914a757ad562acbe6fd

Proposed branch:

~ahasenack/ubuntu/+source/samba:fix-printing-1951490-jammy

Merge into:

ubuntu/+source/samba:ubuntu/devel

Diff against target:

260 lines (+238/-0)

3 files modified

debian/changelog (+7/-0)
debian/patches/lp-1951490-fix-printing-KB5006743.patch (+230/-0)
debian/patches/series (+1/-0)

High

Fix Released

Link a bug report

Reviewer	Date Requested	Status
Sergio Durigan Junior (community)	2022-03-10	Approve on 2022-03-10
Canonical Server	2022-03-10	Pending
Review via email: mp+416666@code.launchpad.net

Description of the change

Fix printing after KB5006743 from MS is applied to the clients.

This one is complicated to test because of the environment. I will try to rely on community members for the SRU testing. Some have already tested the patch in PPA builds that others have provided in the bug.

PPA: https://launchpad.net/~ahasenack/+archive/ubuntu/samba-kb5006743-printing/

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2022-03-10:

Thanks for the MP, Andreas.

It LGTM. I'd like to see a multi-arch-enabled PPA just to make sure that all builds are still OK, but that's just a formality in this case since it doesn't involve any arch-related changes.

I ran autopkgtest for all 3 packages you're proposing and they've all passed, so I'm +1 here.

review: Approve

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-03-11:

Yeah, when there is no version bump or other big change, I typically don't enable other arches in the ppa because the builds take so much longer.

Revision history for this message

Andreas Hasenack (ahasenack) wrote on 2022-03-11:

Thanks, uploaded

$ dput ubuntu ../samba_4.15.5~dfsg-0ubuntu2_source.changes
D: Setting host argument.
Checking signature on .changes
gpg: ../samba_4.15.5~dfsg-0ubuntu2_source.changes: Valid signature from AC983EB5BF6BCBA9
Checking signature on .dsc
gpg: ../samba_4.15.5~dfsg-0ubuntu2.dsc: Valid signature from AC983EB5BF6BCBA9
Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading samba_4.15.5~dfsg-0ubuntu2.dsc: done.
  Uploading samba_4.15.5~dfsg-0ubuntu2.debian.tar.xz: done.
  Uploading samba_4.15.5~dfsg-0ubuntu2_source.buildinfo: done.
  Uploading samba_4.15.5~dfsg-0ubuntu2_source.changes: done.
Successfully uploaded packages.

Update scan failed

At least one of the branches involved have failed to scan. You can manually schedule a rescan if required.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Andreas Hasenack

Paul Smedley

git-ubuntu developers

 diff --git a/debian/changelog b/debian/changelog
 index d83aed5..7f8f905 100644
 --- a/debian/changelog
 +++ b/debian/changelog
@@ -1,3 +1,10 @@
++samba (2:4.15.5~dfsg-0ubuntu2) jammy; urgency=medium
++
++  * d/p/lp-1951490-fix-printing-KB5006743.patch: Fix printing after
++    Windows 2021-10 Monthly Rollup patch (LP: #1951490)
++
++ -- Andreas Hasenack <andreas@canonical.com>  Thu, 10 Mar 2022 10:32:59 -0300
++
  samba (2:4.15.5~dfsg-0ubuntu1) jammy; urgency=medium
    * d/{gpb.conf,watch,README.source}: update for 4.15
 diff --git a/debian/patches/lp-1951490-fix-printing-KB5006743.patch b/debian/patches/lp-1951490-fix-printing-KB5006743.patch
 new file mode 100644
 index 0000000..fa2add4
 --- /dev/null
 +++ b/debian/patches/lp-1951490-fix-printing-KB5006743.patch
@@ -0,0 +1,230 @@
++From e26270cbe587ebd297b2b0fbece3e9c0542862d0 Mon Sep 17 00:00:00 2001
++From: Stefan Metzmacher <metze@samba.org>
++Date: Sat, 22 Jan 2022 01:08:26 +0100
++Subject: [PATCH] dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
++
++This is important for the source3/rpc_server code as it might
++be called embedded in smbd and may not run as root with access
++to our private tdb/ldb files.
++
++Note this is only really needed for 4.15 and older, as
++we no longer run the rpc_server embedded in smbd,
++but we better be consistent for now.
++
++This should be able to fix the problem the printing no longer works
++on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
++
++Windows uses NTLMSSP with privacy at the DCERPC layer on top
++of NCACN_NP (smb).
++
++BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
++
++Signed-off-by: Stefan Metzmacher <metze@samba.org>
++Reviewed-by: Andreas Schneider <asn@samba.org>
++(cherry picked from commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9)
++---
++ librpc/rpc/dcesrv_auth.c         |  5 +++++
++ librpc/rpc/dcesrv_core.c         | 18 ++++++++++++++++++
++ librpc/rpc/dcesrv_core.h         |  2 ++
++ source3/rpc_server/rpc_config.c  |  2 ++
++ source4/rpc_server/service_rpc.c | 10 ++++++++++
++ 5 files changed, 37 insertions(+)
++
++Origin: upstream, https://git.samba.org/samba.git/?p=samba.git;a=commit;h=e26270cbe587ebd297b2b0fbece3e9c0542862d0
++Bug: https://bugzilla.samba.org/show_bug.cgi?id=14867
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1951490
++Last-Update: 2022-03-10
++diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
++index fec8df513a8..99d8e016216 100644
++--- a/librpc/rpc/dcesrv_auth.c
+++++ b/librpc/rpc/dcesrv_auth.c
++@@ -130,11 +130,13 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
++ 	auth->auth_level = call->in_auth_info.auth_level;
++ 	auth->auth_context_id = call->in_auth_info.auth_context_id;
++
+++	cb->auth.become_root();
++ 	status = cb->auth.gensec_prepare(
++ 		auth,
++ 		call,
++ 		&auth->gensec_security,
++ 		cb->auth.private_data);
+++	cb->auth.unbecome_root();
++ 	if (!NT_STATUS_IS_OK(status)) {
++ 		DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
++ 			  nt_errstr(status)));
++@@ -329,6 +331,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
++ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
++ {
++ 	struct dcesrv_auth *auth = call->auth_state;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	const char *pdu = "<unknown>";
++
++ 	switch (call->pkt.ptype) {
++@@ -359,9 +362,11 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
++ 		return status;
++ 	}
++
+++	cb->auth.become_root();
++ 	status = gensec_session_info(auth->gensec_security,
++ 				     auth,
++ 				     &auth->session_info);
+++	cb->auth.unbecome_root();
++ 	if (!NT_STATUS_IS_OK(status)) {
++ 		DEBUG(1, ("Failed to establish session_info: %s\n",
++ 			  nt_errstr(status)));
++diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
++index d16159b0b6c..ea91fc689b4 100644
++--- a/librpc/rpc/dcesrv_core.c
+++++ b/librpc/rpc/dcesrv_core.c
++@@ -938,6 +938,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
++ 	struct dcerpc_binding *ep_2nd_description = NULL;
++ 	const char *endpoint = NULL;
++ 	struct dcesrv_auth *auth = call->auth_state;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	struct dcerpc_ack_ctx *ack_ctx_list = NULL;
++ 	struct dcerpc_ack_ctx *ack_features = NULL;
++ 	struct tevent_req *subreq = NULL;
++@@ -1143,9 +1144,11 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
++ 		return dcesrv_auth_reply(call);
++ 	}
++
+++	cb->auth.become_root();
++ 	subreq = gensec_update_send(call, call->event_ctx,
++ 				    auth->gensec_security,
++ 				    call->in_auth_info.credentials);
+++	cb->auth.unbecome_root();
++ 	if (subreq == NULL) {
++ 		return NT_STATUS_NO_MEMORY;
++ 	}
++@@ -1160,10 +1163,13 @@ static void dcesrv_bind_done(struct tevent_req *subreq)
++ 		tevent_req_callback_data(subreq,
++ 		struct dcesrv_call_state);
++ 	struct dcesrv_connection *conn = call->conn;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	NTSTATUS status;
++
+++	cb->auth.become_root();
++ 	status = gensec_update_recv(subreq, call,
++ 				    &call->out_auth_info->credentials);
+++	cb->auth.unbecome_root();
++ 	TALLOC_FREE(subreq);
++
++ 	status = dcesrv_auth_complete(call, status);
++@@ -1221,6 +1227,7 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
++ {
++ 	struct dcesrv_connection *conn = call->conn;
++ 	struct dcesrv_auth *auth = call->auth_state;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	struct tevent_req *subreq = NULL;
++ 	NTSTATUS status;
++
++@@ -1265,9 +1272,11 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
++ 		return NT_STATUS_OK;
++ 	}
++
+++	cb->auth.become_root();
++ 	subreq = gensec_update_send(call, call->event_ctx,
++ 				    auth->gensec_security,
++ 				    call->in_auth_info.credentials);
+++	cb->auth.unbecome_root();
++ 	if (subreq == NULL) {
++ 		return NT_STATUS_NO_MEMORY;
++ 	}
++@@ -1283,10 +1292,13 @@ static void dcesrv_auth3_done(struct tevent_req *subreq)
++ 		struct dcesrv_call_state);
++ 	struct dcesrv_connection *conn = call->conn;
++ 	struct dcesrv_auth *auth = call->auth_state;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	NTSTATUS status;
++
+++	cb->auth.become_root();
++ 	status = gensec_update_recv(subreq, call,
++ 				    &call->out_auth_info->credentials);
+++	cb->auth.unbecome_root();
++ 	TALLOC_FREE(subreq);
++
++ 	status = dcesrv_auth_complete(call, status);
++@@ -1555,6 +1567,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
++ 	struct ncacn_packet *pkt = &call->ack_pkt;
++ 	uint32_t extra_flags = 0;
++ 	struct dcesrv_auth *auth = call->auth_state;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	struct dcerpc_ack_ctx *ack_ctx_list = NULL;
++ 	struct tevent_req *subreq = NULL;
++ 	size_t i;
++@@ -1666,9 +1679,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
++ 		return dcesrv_auth_reply(call);
++ 	}
++
+++	cb->auth.become_root();
++ 	subreq = gensec_update_send(call, call->event_ctx,
++ 				    auth->gensec_security,
++ 				    call->in_auth_info.credentials);
+++	cb->auth.unbecome_root();
++ 	if (subreq == NULL) {
++ 		return NT_STATUS_NO_MEMORY;
++ 	}
++@@ -1683,10 +1698,13 @@ static void dcesrv_alter_done(struct tevent_req *subreq)
++ 		tevent_req_callback_data(subreq,
++ 		struct dcesrv_call_state);
++ 	struct dcesrv_connection *conn = call->conn;
+++	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
++ 	NTSTATUS status;
++
+++	cb->auth.become_root();
++ 	status = gensec_update_recv(subreq, call,
++ 				    &call->out_auth_info->credentials);
+++	cb->auth.unbecome_root();
++ 	TALLOC_FREE(subreq);
++
++ 	status = dcesrv_auth_complete(call, status);
++diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
++index d8d5f903095..0538442e0ce 100644
++--- a/librpc/rpc/dcesrv_core.h
+++++ b/librpc/rpc/dcesrv_core.h
++@@ -392,6 +392,8 @@ struct dcesrv_context_callbacks {
++ 			struct gensec_security **out,
++ 			void *private_data);
++ 		void *private_data;
+++		void (*become_root)(void);
+++		void (*unbecome_root)(void);
++ 	} auth;
++ 	struct {
++ 		NTSTATUS (*find)(
++diff --git a/source3/rpc_server/rpc_config.c b/source3/rpc_server/rpc_config.c
++index 2f1a01da1c0..289c4f39840 100644
++--- a/source3/rpc_server/rpc_config.c
+++++ b/source3/rpc_server/rpc_config.c
++@@ -31,6 +31,8 @@
++ static struct dcesrv_context_callbacks srv_callbacks = {
++ 	.log.successful_authz = dcesrv_log_successful_authz,
++ 	.auth.gensec_prepare = dcesrv_auth_gensec_prepare,
+++	.auth.become_root = become_root,
+++	.auth.unbecome_root = unbecome_root,
++ 	.assoc_group.find = dcesrv_assoc_group_find,
++ };
++
++diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
++index d8c6746d781..ebb50f8a7ef 100644
++--- a/source4/rpc_server/service_rpc.c
+++++ b/source4/rpc_server/service_rpc.c
++@@ -40,9 +40,19 @@
++ #include "../libcli/named_pipe_auth/npa_tstream.h"
++ #include "samba/process_model.h"
++
+++static void skip_become_root(void)
+++{
+++}
+++
+++static void skip_unbecome_root(void)
+++{
+++}
+++
++ static struct dcesrv_context_callbacks srv_callbacks = {
++ 	.log.successful_authz = log_successful_dcesrv_authz_event,
++ 	.auth.gensec_prepare = dcesrv_gensec_prepare,
+++	.auth.become_root = skip_become_root,
+++	.auth.unbecome_root = skip_unbecome_root,
++ 	.assoc_group.find = dcesrv_assoc_group_find,
++ };
++
 diff --git a/debian/patches/series b/debian/patches/series
 index d2d04e9..b2fb6a3 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -9,3 +9,4 @@ heimdal-rfc3454.txt
  smbd.service-Run-update-apparmor-samba-profile-befor.patch
  fix-nfs-service-name-to-nfs-kernel-server.patch
  ctdb-config-enable-syslog-by-default.patch
++lp-1951490-fix-printing-KB5006743.patch

Ubuntusamba package

Merge ~ahasenack/ubuntu/+source/samba:fix-printing-1951490-jammy into ubuntu/+source/samba:ubuntu/devel

Commit message

Description of the change

Update scan failed

Preview Diff

Subscribers

Ubuntu
samba package