Ubuntu
samba package

force user no longer works

Bug #1416906 reported by Gerald Villemure on 2015-02-01
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba (Ubuntu)
Fix Released
Medium
Dave Chiluk
Trusty
Fix Released
Medium
Dave Chiluk
Also affects project (?) Also affects distribution/package Nominate for series

Bug Description

[Impact]
* Users are no longer able to use the force user or force group options in the smb.conf. This can prevent users from accessing shares without first having to login with a valid login.

[Test Case]
1. Create a directory /tmp/ubuntu
2. chown ubuntu:ubuntu /tmp/ubuntu
3. Add a section to the smb.conf like so.
[Ubuntutest]
comment = Ubuntutest
path = /tmp/ubuntu
browseable = yes
read only = no
guest ok = yes
force user = ubuntu
4. Make sure the ubuntu user has access to the directory from the server.
5. Attempt to access the share
6. Create a file
7. Verify the file is owned by ubuntu.

*Note: this does not seem to be testable from the samba-client command line tool as it succeeds both before and after the patch.

[Regression Potential]
* Minimal. The fix is to use vuser->session_info instead of conn->session_info, when checking permissions. This seems like it should be fairly isolated to the initial permissions checks.

[Other Info]
* Pretty straightforward cherry-pick of upstream solution.

______________________________________________________
There is nasty regression bug in samba 4.1.6
That prevents the use of the "force user" option.

https://bugzilla.samba.org/show_bug.cgi?id=9878

It has been fixed in 4.1.7.

For now I installed samba from: ppa:linux-schools/backports
In order to get things working again.

Gérald

See original description
Gerald Villemure (gvillemure) on 2015-02-01
description: updated
Dave Chiluk (chiluk) on 2015-02-05
Changed in samba (Ubuntu):
assignee: nobody → Dave Chiluk (chiluk)
Dave Chiluk (chiluk) wrote :

Here's the commit with magic we are looking for.

Changed in samba (Ubuntu):
status: New → Incomplete
status: Incomplete → In Progress
Dave Chiluk (chiluk) wrote :

I have packaged the latest samba plus this debdiff into
https://launchpad.net/~chiluk/+archive/ubuntu/lp1416906

Please wait for the packages to build, and then test thems, \

Once you report back that these fix your issue. I'll get the fix integrated into the archive packages.

Thanks.

Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "lp1416906.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Dave Chiluk (chiluk) on 2015-02-06
tags: added: cts
Changed in samba (Ubuntu):
importance: Undecided → Medium
Brian Murray (brian-murray) wrote :

Does this only need fixing in Trusty?

Dave Chiluk (chiluk) wrote :

As far as I can tell the offending commit was introduced with samba-4.1.0rc1, and the fix is contained in 4.1.7. So Utopic is fine.

I also checked precise, and precise does not contain the commit that caused the regression.

@Brian, I'm waiting for feedback that this resolves the issue before I move forward with an SRU.

Brian Murray (brian-murray) on 2015-02-06
Changed in samba (Ubuntu Trusty):
importance: Undecided → Medium
status: New → In Progress
assignee: nobody → Dave Chiluk (chiluk)
Gerald Villemure (gvillemure) wrote :

Tested samba 2:4.1.6+dfsg-1ubuntu2.14.04.5+lp1416906 today.

The "force user" option is working once more.

Thanks for the patch.

Gérald

Dave Chiluk (chiluk) on 2015-02-11
description: updated
Brian Murray (brian-murray) wrote :

I've uploaded this to the Trusty proposed queue for review by the SRU team.

Changed in samba (Ubuntu):
status: In Progress → Fix Released
Dave Chiluk (chiluk) on 2015-02-11
description: updated
Chris J Arges (arges) wrote : Please test proposed package

Hello Gerald, or anyone else affected,

Accepted samba into trusty-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/samba/2:4.1.6+dfsg-1ubuntu2.14.04.6 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in samba (Ubuntu Trusty):
status: In Progress → Fix Committed
tags: added: verification-needed
Dave Chiluk (chiluk) wrote :

Got feedback through support channels that the package in proposed has resolved the issue.

verification done.

tags: added: verification-done
removed: verification-needed
Dave Chiluk (chiluk) on 2015-02-20
Changed in samba (Ubuntu Trusty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.
Subscribing...

Other bug subscribers