Ubuntu
samba package

backup command raises FileNotFoundError

  1. Jammy (22.04)
  2. Bug #1952187
Bug #1952187 reported by James Dingwall
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
samba
Unknown
Unknown
samba (Ubuntu)
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Triaged
Undecided
Unassigned

Bug Description

upstream report with proposed fix: https://bugzilla.samba.org/show_bug.cgi?id=14918

Since the upgrade in 'focal' to 4.13 the samba domain backup script fails if there is a dangling symbolic link in any of the directories included in the backup.

running backup on dirs: /var/lib/samba/private /var/lib/samba /etc/samba
ERROR(<class 'FileNotFoundError'>): uncaught exception - [Errno 2] No such file or directory: '/var/lib/samba/dfs/netlogon'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py", line 1105, in run
    if any(os.path.samefile(full_path, file) for file in all_files):
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py", line 1105, in <genexpr>
    if any(os.path.samefile(full_path, file) for file in all_files):
  File "/usr/lib/python3.8/genericpath.py", line 100, in samefile
    s1 = os.stat(f1)

$ apt-cache policy samba
samba:
  Installed: 2:4.13.14+dfsg-0ubuntu0.20.04.1
  Candidate: 2:4.13.14+dfsg-0ubuntu0.20.04.1
  Version table:
 *** 2:4.13.14+dfsg-0ubuntu0.20.04.1 500
        500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.11.6+dfsg-0ubuntu1 500
        500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages

The backup is executed as:

/usr/bin/samba-tool domain backup offline --targetdir="${BACKDIR}"

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I've uploaded updated packages that include the upstream fix in the security team's PPA here for testing:

https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages

If you do try them out, please let us know in this bug if that helped in your environment. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.13.14+dfsg-0ubuntu0.21.10.3

---------------
samba (2:4.13.14+dfsg-0ubuntu0.21.10.3) impish-security; urgency=medium

  * SECURITY REGRESSION: undesired side effects for the local nt token
    - debian/patches/bug14901-*.patch: upstream patches to fix some
      mapping issues.
  * SECURITY REGRESSION: backup command raises FileNotFoundError
    (LP: #1952187)
    - debian/patches/bug14918-*.patch: upstream patches to properly handle
      dangling symlinks.

 -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 07:56:37 -0500

Changed in samba (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package samba - 2:4.13.14+dfsg-0ubuntu0.21.04.3

---------------
samba (2:4.13.14+dfsg-0ubuntu0.21.04.3) hirsute-security; urgency=medium

  * SECURITY REGRESSION: undesired side effects for the local nt token
    - debian/patches/bug14901-*.patch: upstream patches to fix some
      mapping issues.
  * SECURITY REGRESSION: backup command raises FileNotFoundError
    (LP: #1952187)
    - debian/patches/bug14918-*.patch: upstream patches to properly handle
      dangling symlinks.

 -- Marc Deslauriers <email address hidden> Thu, 02 Dec 2021 08:02:59 -0500

Changed in samba (Ubuntu):
status: New → Fix Released
Revision history for this message
James Dingwall (a-james-launchpad) wrote :

I have installed the updated package and my issue with the backup command has been resolved. Thank you:)

Revision history for this message
James Dingwall (a-james-launchpad) wrote :

I recently upgraded my domain controllers to 'jammy' and this bug has rematerialised:( I think the upstream commit to master must have been after the 4.15 release branch was forked. I checked the domain_backup.py script and the patch applied for 'focal' is absent.

Error message from the backup script:

running backup on dirs: /var/lib/samba/private /var/lib/samba /etc/samba
ERROR(<class 'FileNotFoundError'>): uncaught exception - [Errno 2] No such file or directory: '/var/lib/samba/dfs/netlogon'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py", line 1129, in run
    if any(os.path.samefile(full_path, file) for file in all_files):
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py", line 1129, in <genexpr>
    if any(os.path.samefile(full_path, file) for file in all_files):
  File "/usr/lib/python3.10/genericpath.py", line 100, in samefile
    s1 = os.stat(f1)

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy

$ apt-cache policy samba
samba:
  Installed: 2:4.15.9+dfsg-0ubuntu0.2
  Candidate: 2:4.15.9+dfsg-0ubuntu0.2
  Version table:
 *** 2:4.15.9+dfsg-0ubuntu0.2 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.15.5~dfsg-0ubuntu5 500
        500 http://gb.archive.ubuntu.com/ubuntu jammy/main amd64 Packages

James Dingwall (a-james-launchpad)
tags: added: jammy
Revision history for this message
Paride Legovini (paride) wrote :

Hi again James and thanks for this bug report. I think you are right: this bug isn't fixed upstream in the samba version shipped in Jammy, and the Ubuntu patches are not applied in the Jammy package.

More specifically the patches are still present in the Ubuntu source package:

 debian/patches/bug14918-1.patch
 debian/patches/bug14918-2.patch

but they are not listed in the debian/patches/series file, and thus not applied.

I think this was done by mistake in the 2:4.13.17~dfsg-0ubuntu1 security upload, which in the changelog mentions:

  * Removed patches included in new version:
    - debian/patches/trusted_domain_regression_fix.patch
    - debian/patches/bug14901-*.patch
    - debian/patches/bug14922.patch

but then also removed bug14918-*.patch from the d/p/series.

Changed in samba (Ubuntu Jammy):
status: New → Triaged
Changed in samba (Ubuntu Focal):
status: New → Fix Released
tags: added: server-todo
Paride Legovini (paride)
tags: added: regression-release
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Agreed, looks like I removed them from the series file by mistake in 2:4.13.17~dfsg-0ubuntu1.

Christian Ehrhardt  (paelzer)
tags: removed: server-todo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.