group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1583324] Re: Samba won't start when an include statement in smb.conf has a variable substitution

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1583324@xxxxxxxxxxxxxxxxxx>
Date: Mon, 03 Sep 2018 08:12:12 -0000
Reply-to: Bug 1583324 <1583324@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package samba - 2:4.3.11+dfsg-
0ubuntu0.16.04.16

---------------
samba (2:4.3.11+dfsg-0ubuntu0.16.04.16) xenial; urgency=medium

  * d/p/bug_1583324_include_with_macro.patch: don't fail parsing the
    config file if it has macros in include directives (LP: #1583324)

 -- Andreas Hasenack <andreas@xxxxxxxxxxxxx>  Thu, 02 Aug 2018 18:30:26
-0300

** Changed in: samba (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

** Changed in: samba (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1583324

Title:
  Samba won't start when an include statement in smb.conf has a variable
  substitution

Status in samba package in Ubuntu:
  Fix Released
Status in samba source package in Trusty:
  Fix Released
Status in samba source package in Xenial:
  Fix Released

Bug description:
  [Impact]

  Samba in AD mode refuses to start when the smb.conf file contains an
  include line with a variable substitution like "include =
  /etc/samba/smb.conf.%U"

  This happens because the initscript calls "samba-tool testparm" to
  obtain a configuration parameter from smb.conf, and this testparm tool
  fails because it doesn't expand the %U macro and fails to read the
  literal filename.

  Note that "samba-tool testparm" is different from just "testparm". The
  latter doesn't fail. We could just replace one with the other in the
  initscript, but later on in the process of provisioning an AD
  controller this error is encountered again, so it's best to fix it
  properly.

  The patch is straight from an upstream commit, and that code is in
  place in the samba packages from bionic and cosmic already.

  [Test Case]

  * install samba:
  sudo apt install samba

  * create /etc/samba/smb.conf with this content:
  [global]
          netbios name = samba
   log file = /var/log/samba/log.%m
   map to guest = Bad User
   max log size = 1000
   obey pam restrictions = Yes
   pam password change = Yes
   panic action = /usr/share/samba/panic-action %d
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   passwd program = /usr/bin/passwd %u
   server string = %h server (Samba, Ubuntu)
   unix password sync = Yes
   usershare allow guests = Yes
   idmap config * : backend = tdb
   include = /etc/samba/smb.conf.%U

  * run the command that fails:
  ubuntu@trusty-samba-include:~$ sudo samba-tool testparm -d 2
  lpcfg_load: refreshing parameters from /etc/samba/smb.conf
  Can't find include file /etc/samba/smb.conf.%U
  ERROR: Unable to load default file
  ubuntu@trusty-samba-include:~$ echo $?
  255

  Note the debug level 2 message saying the include file couldn't be
  found.

  * install the updated packages and run the same command again. This time it will work, exit with status 0, and show the main config file.
  ubuntu@trusty-samba-include:~$ sudo samba-tool testparm -d 2 --suppress-prompt
  lpcfg_load: refreshing parameters from /etc/samba/smb.conf
  Tried to load /etc/samba/smb.conf.%U but variable substitution in filename, ignoring file.
  # Global parameters
  [global]
   netbios name = SAMBA
   server string = %h server (Samba, Ubuntu)
   map to guest = Bad User
   obey pam restrictions = Yes
   pam password change = Yes
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
   unix password sync = Yes
   log level = 2
   log file = /var/log/samba/log.%m
   max log size = 1000
   usershare allow guests = Yes
   panic action = /usr/share/samba/panic-action %d
   idmap config * : backend = tdb
   include = /etc/samba/smb.conf.%U
  ubuntu@trusty-samba-include:~$ echo $?
  0

  We can also see the new debugging message saying that the include file
  was ignored because of the variable substitution.

  [Regression Potential]
  If you happen to include a filename that has an actual "%" in its name, followed by a letter, and it doesn't exist, this patch will not flag that as an error and just ignore it, whereas before it would be flagged. Having such a filename is asking for trouble, though, because %<letter> is a variable and samba would try to expand it.

  [Other Info]
  The fix and test procedure is identical for trusty and xenial. It's the same samba version in both releases of ubuntu.

  There is still a difference in behaviour between "testparm(1)" and "samba-tool testparm". This fix only affects "samba-tool testparm":
  ubuntu@trusty-samba-include:~$ testparm 
  Load smb config files from /etc/samba/smb.conf
  Can't find include file /etc/samba/smb.conf.
  (...)
  Note the ending dot in the error above, that's where %U would come. testparm doesn't exit non-zero because of that, though.

  
  [Original Description]

  Samba refuses to start when the smb.conf file contains an include line
  with a variable substitution like "include = /etc/samba/smb.conf.%U"

  According to the man page for smb.conf, all but a few specific
  variable substitutions should work.

  include (G)

             This allows you to include one config file inside another.
  The file is included literally, as though typed in place.

             It takes the standard substitutions, except %u, %P and %S.

             The parameter include = registry has a special meaning: It does not include a file named registry from the current working directory, but
             instead reads the global configuration options from the registry. See the section on registry-based configuration for details. Note that
             this option automatically activates registry shares.

             Default: include =

             Example: include = /usr/local/samba/lib/admin_smb.conf

  It is probably related to this bug in samba:
  https://bugzilla.samba.org/show_bug.cgi?id=10722

  Description:    Ubuntu 16.04 LTS
  Release:        16.04

  samba:
    Installed: 2:4.3.9+dfsg-0ubuntu0.16.04.1
    Candidate: 2:4.3.9+dfsg-0ubuntu0.16.04.1
    Version table:
   *** 2:4.3.9+dfsg-0ubuntu0.16.04.1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
          500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
          100 /var/lib/dpkg/status
       2:4.3.8+dfsg-0ubuntu1 500
          500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1583324/+subscriptions