[Bug 1792400] Re: smbd failed in host when both lxd container and host have smbd

Tue Nov 27 12:25:44 UTC 2018

This bug was fixed in the package samba - 2:4.3.11+dfsg-
0ubuntu0.14.04.19

---------------
samba (2:4.3.11+dfsg-0ubuntu0.14.04.19) trusty-security; urgency=medium

  * SECURITY UPDATE: Unprivileged adding of CNAME record causing loop in AD
    Internal DNS server
    - debian/patches/CVE-2018-14629.patch: add CNAME loop prevention using
      counter in  source4/dns_server/dns_query.c.
    - CVE-2018-14629
  * SECURITY UPDATE: Double-free in Samba AD DC KDC with PKINIT
    - debian/patches/CVE-2018-16841.patch: fix segfault on PKINIT with
      mis-matching principal in source4/kdc/db-glue.c.
    - CVE-2018-16841
  * SECURITY UPDATE: NULL pointer de-reference in Samba AD DC LDAP server
    - debian/patches/CVE-2018-16851.patch: check ret before manipulating
      blob in source4/ldap_server/ldap_server.c.
    - CVE-2018-16851

 -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Fri, 16 Nov 2018
09:50:56 -0500

** Changed in: samba (Ubuntu Trusty)
       Status: Won't Fix => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14629

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16841

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16851

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/1792400

Title:
  smbd failed in host when both lxd container and host have smbd

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Released

Bug description:
  [Impact]

   * Issue: the current init script
     * won't start samba related services on the host if there is a process 
       of the same binary in a container
     * might on stop affect a process that it was not intended to stop

   * Solution: Fix init scripts to
     * start action to have a safer process detection with containers around
     * stop action to not affect unintended processes due to stale pidfiles

  [Test Case]

   * 1. Start a container
   * 2. Start samba in the Container (or winbind or nmbd)
   * 3. Start samba in the host (or winbind or nmbd)
    => it will not start as such a binary is already running
   * #2 and #3 can be switched, and then as 4. restart smbd in the host
    => it will shut down but not re-start

  Fixed: The container process should have no influence

   This also fixes issues where the pidfile would not be updated
   * install and start smbd
   * "Simulate" a corrupted pidfile by putting the PID of a different
     process in it
   * stop the sambd service
    => without the fixes this will drag down the other process you put in
       the pidfile

  Fixed: a stale pidfile entry should not let non-smbd (or winbind,
  nmbd) processes be affected

  [Regression Potential]

   * We tried to think of all edge cases of these start/stop actions but
     didn't come up with one that is broken. Aside from missing one of those
     cases there might be non-archive scripts that expect the old behavior.
     But even for thse no critical ones came to my mind so far.
     Worst case there'd be a combination that leads to the service
     no(re-)starting after the SRU - so thinking about potential cases is
     important.

  [Other Info]

   * n/a

  ---

  Setup: install smbd in host and lxd-container.

  Now restart smbd in host:

  service smbd restart
  All is OK.
  Problem: nmap shows "closed" on ports 139 and 445. And users cannot use smbd server in host.

    ● smbd.service - LSB: start Samba SMB/CIFS daemon (smbd)
     Loaded: loaded (/etc/init.d/smbd; bad; vendor preset: enabled)
     Active: active (exited) since Die 2016-10-18 17:35:23 CEST; 2s ago
       Docs: man:systemd-sysv-generator(8)
    Process: 24218 ExecStop=/etc/init.d/smbd stop (code=exited, status=0/SUCCESS)
    Process: 21980 ExecReload=/etc/init.d/smbd reload (code=exited, status=0/SUCCESS)
    Process: 25190 ExecStart=/etc/init.d/smbd start (code=exited, status=0/SUCCESS)

  Okt 18 17:35:22 speedy systemd[1]: Starting LSB: start Samba SMB/CIFS daemon (smbd)...
  Okt 18 17:35:23 speedy smbd[25190]:  * Starting SMB/CIFS daemon smbd
  Okt 18 17:35:23 speedy smbd[25190]:    ...done.
  Okt 18 17:35:23 speedy systemd[1]: Started LSB: start Samba SMB/CIFS daemon (smbd).

  ps axf | grep smbd:

  25356 pts/2    S+     0:00  |   \_ grep --color=auto smbd
  19915 ?        Ss     0:08      \_ /usr/sbin/smbd -D
  19919 ?        S      0:00          \_ /usr/sbin/smbd -D

  However, netstat -tpln | grep "smbd" returns nothing and also nmap
  shows "closed" on ports 139 and 445.

  Workaround [1]:
  change /etc/init.d/smbd:
   if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd -- -D ; then

  to

   if ! start-stop-daemon --start --quiet --oknodo --pidfile
  /var/run/samba/smbd.pid --exec /usr/sbin/smbd -- -D ; then

  I reported this to:
  https://discuss.linuxcontainers.org/t/samba-in-host-and-container/2523

  apt-cache policy samba
  samba:
    Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.15
    Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.16
    Version table:
       2:4.3.11+dfsg-0ubuntu0.16.04.16 500
          500 http://de.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
   *** 2:4.3.11+dfsg-0ubuntu0.16.04.15 500
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2:4.3.8+dfsg-0ubuntu1 500
          500 http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

  1. https://serverfault.com/questions/810544/samba-daemon-does-not-
  work-as-systemd-service-but-works-in-foreground

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1792400/+subscriptions