[Bug 1583324] Please test proposed package

Robie Basak 1583324 at bugs.launchpad.net
Fri Aug 17 14:52:40 UTC 2018 

Hello Mike, or anyone else affected,

Accepted samba into trusty-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-
0ubuntu0.14.04.17 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested and change the tag from
verification-needed-trusty to verification-done-trusty. If it does not
fix the bug for you, please add a comment stating that, and change the
tag to verification-failed-trusty. In either case, details of your
testing will help us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1583324

Title:
  Samba won't start when an include statement in smb.conf has a variable
  substitution

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Committed
Status in samba source package in Xenial:
  Fix Committed

Bug description:
  [Impact]

  Samba in AD mode refuses to start when the smb.conf file contains an
  include line with a variable substitution like "include =
  /etc/samba/smb.conf.%U"

  This happens because the initscript calls "samba-tool testparm" to
  obtain a configuration parameter from smb.conf, and this testparm tool
  fails because it doesn't expand the %U macro and fails to read the
  literal filename.

  Note that "samba-tool testparm" is different from just "testparm". The
  latter doesn't fail. We could just replace one with the other in the
  initscript, but later on in the process of provisioning an AD
  controller this error is encountered again, so it's best to fix it
  properly.

  The patch is straight from an upstream commit, and that code is in
  place in the samba packages from bionic and cosmic already.

  [Test Case]

  * install samba:
  sudo apt install samba

  * create /etc/samba/smb.conf with this content:
  [global]
          netbios name = samba
   log file = /var/log/samba/log.%m
   map to guest = Bad User
   max log size = 1000
   obey pam restrictions = Yes
   pam password change = Yes
   panic action = /usr/share/samba/panic-action %d
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   passwd program = /usr/bin/passwd %u
   server string = %h server (Samba, Ubuntu)
   unix password sync = Yes
   usershare allow guests = Yes
   idmap config * : backend = tdb
   include = /etc/samba/smb.conf.%U

  * run the command that fails:
  ubuntu at trusty-samba-include:~$ sudo samba-tool testparm -d 2
  lpcfg_load: refreshing parameters from /etc/samba/smb.conf
  Can't find include file /etc/samba/smb.conf.%U
  ERROR: Unable to load default file
  ubuntu at trusty-samba-include:~$ echo $?
  255

  Note the debug level 2 message saying the include file couldn't be
  found.

  * install the updated packages and run the same command again. This time it will work, exit with status 0, and show the main config file.
  ubuntu at trusty-samba-include:~$ sudo samba-tool testparm -d 2 --suppress-prompt
  lpcfg_load: refreshing parameters from /etc/samba/smb.conf
  Tried to load /etc/samba/smb.conf.%U but variable substitution in filename, ignoring file.
  # Global parameters
  [global]
   netbios name = SAMBA
   server string = %h server (Samba, Ubuntu)
   map to guest = Bad User
   obey pam restrictions = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   unix password sync = Yes
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 1000
   usershare allow guests = Yes
   panic action = /usr/share/samba/panic-action %d
   idmap config * : backend = tdb
   include = /etc/samba/smb.conf.%U
  ubuntu at trusty-samba-include:~$ echo $?
  0

  We can also see the new debugging message saying that the include file
  was ignored because of the variable substitution.

  [Regression Potential]
  If you happen to include a filename that has an actual "%" in its name, followed by a letter, and it doesn't exist, this patch will not flag that as an error and just ignore it, whereas before it would be flagged. Having such a filename is asking for trouble, though, because %<letter> is a variable and samba would try to expand it.

  [Other Info]
  The fix and test procedure is identical for trusty and xenial. It's the same samba version in both releases of ubuntu.

  There is still a difference in behaviour between "testparm(1)" and "samba-tool testparm". This fix only affects "samba-tool testparm":
  ubuntu at trusty-samba-include:~$ testparm 
  Load smb config files from /etc/samba/smb.conf
  Can't find include file /etc/samba/smb.conf.
  (...)
  Note the ending dot in the error above, that's where %U would come. testparm doesn't exit non-zero because of that, though.

  
  [Original Description]

  Samba refuses to start when the smb.conf file contains an include line
  with a variable substitution like "include = /etc/samba/smb.conf.%U"

  According to the man page for smb.conf, all but a few specific
  variable substitutions should work.

  include (G)

             This allows you to include one config file inside another.
  The file is included literally, as though typed in place.

             It takes the standard substitutions, except %u, %P and %S.

             The parameter include = registry has a special meaning: It does not include a file named registry from the current working directory, but
             instead reads the global configuration options from the registry. See the section on registry-based configuration for details. Note that
             this option automatically activates registry shares.

             Default: include =

             Example: include = /usr/local/samba/lib/admin_smb.conf

  It is probably related to this bug in samba:
  https://bugzilla.samba.org/show_bug.cgi?id=10722

  Description:    Ubuntu 16.04 LTS
  Release:        16.04

  samba:
    Installed: 2:4.3.9+dfsg-0ubuntu0.16.04.1
    Candidate: 2:4.3.9+dfsg-0ubuntu0.16.04.1
    Version table:
   *** 2:4.3.9+dfsg-0ubuntu0.16.04.1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2:4.3.8+dfsg-0ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1583324/+subscriptions

More information about the foundations-bugs mailing list