Ubuntu
samba package

force user no longer works

Bug #1416906 reported by Gerald Villemure
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Fix Released
Medium
Dave Chiluk
Trusty
Fix Released
Medium
Dave Chiluk

Bug Description

[Impact]
* Users are no longer able to use the force user or force group options in the smb.conf. This can prevent users from accessing shares without first having to login with a valid login.

[Test Case]
1. Create a directory /tmp/ubuntu
2. chown ubuntu:ubuntu /tmp/ubuntu
3. Add a section to the smb.conf like so.
[Ubuntutest]
comment = Ubuntutest
path = /tmp/ubuntu
browseable = yes
read only = no
guest ok = yes
force user = ubuntu
4. Make sure the ubuntu user has access to the directory from the server.
5. Attempt to access the share
6. Create a file
7. Verify the file is owned by ubuntu.

*Note: this does not seem to be testable from the samba-client command line tool as it succeeds both before and after the patch.

[Regression Potential]
* Minimal. The fix is to use vuser->session_info instead of conn->session_info, when checking permissions. This seems like it should be fairly isolated to the initial permissions checks.

[Other Info]
* Pretty straightforward cherry-pick of upstream solution.

______________________________________________________
There is nasty regression bug in samba 4.1.6
That prevents the use of the "force user" option.

https://bugzilla.samba.org/show_bug.cgi?id=9878

It has been fixed in 4.1.7.

For now I installed samba from: ppa:linux-schools/backports
In order to get things working again.

Gérald

See original description
Gerald Villemure (gvillemure)
description: updated
Dave Chiluk (chiluk)
Changed in samba (Ubuntu):
assignee: nobody → Dave Chiluk (chiluk)
Revision history for this message
Dave Chiluk (chiluk) wrote :

Here's the commit with magic we are looking for.

Changed in samba (Ubuntu):
status: New → Incomplete
status: Incomplete → In Progress
Revision history for this message
Dave Chiluk (chiluk) wrote :

I have packaged the latest samba plus this debdiff into
https://launchpad.net/~chiluk/+archive/ubuntu/lp1416906

Please wait for the packages to build, and then test thems, \

Once you report back that these fix your issue. I'll get the fix integrated into the archive packages.

Thanks.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "lp1416906.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Dave Chiluk (chiluk)
tags: added: cts
Changed in samba (Ubuntu):
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

Does this only need fixing in Trusty?

Revision history for this message
Dave Chiluk (chiluk) wrote :

As far as I can tell the offending commit was introduced with samba-4.1.0rc1, and the fix is contained in 4.1.7. So Utopic is fine.

I also checked precise, and precise does not contain the commit that caused the regression.

@Brian, I'm waiting for feedback that this resolves the issue before I move forward with an SRU.

Brian Murray (brian-murray)
Changed in samba (Ubuntu Trusty):
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Dave Chiluk (chiluk)
Revision history for this message
Gerald Villemure (gvillemure) wrote :

Tested samba 2:4.1.6+dfsg-1ubuntu2.14.04.5+lp1416906 today.

The "force user" option is working once more.

Thanks for the patch.

Gérald

Dave Chiluk (chiluk)
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote :

I've uploaded this to the Trusty proposed queue for review by the SRU team.

Changed in samba (Ubuntu):
status: In Progress → Fix Released
Dave Chiluk (chiluk)
description: updated
Revision history for this message
Chris J Arges (arges) wrote : Please test proposed package

Hello Gerald, or anyone else affected,

Accepted samba into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/samba/2:4.1.6+dfsg-1ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in samba (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Dave Chiluk (chiluk) wrote :

Got feedback through support channels that the package in proposed has resolved the issue.

verification done.

tags: added: verification-done
removed: verification-needed
Dave Chiluk (chiluk)
Changed in samba (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.