** Description changed: [Impact] After installing the 2021-10 Monthly Rollup patch (KB5006743), printing no longer works. - [Test Plan] Bringing up a test environment for this issue is complex, as it involves: - - setting up a samba AD controller + - setting up a samba AD controller (perhaps a plain NT controller is sufficient) - setting up printing on said controller - joining windows 7 to the directory - applying (or not) the KB5006743 update for testing before and after We thus will rely on community members to test this fix. The test is: print from an unprivileged normal user account. [Where problems could occur] + Samba is a complex piece of software, specially when used in the Active Directory Domain Controller role. Printing doesn't make it simpler. - * Think about what the upload changes in the software. Imagine the change is - wrong or breaks something else: how would this show up? + The configuration file smb.conf is reloaded periodically in the + background if there were changes, so I don't think a service restart + would uncover previously undetected invalid configuration. - * It is assumed that any SRU candidate patch is well-tested before - upload and has a low overall risk of regression, but it's important - to make the effort to think about what ''could'' happen in the - event of a regression. + Calls to switch privileges for a specific function must come in pairs, + and that is the case with this fix with regard to become/unbecome_root. + I grepped the code and this pair is used in many places, but always with + a warning that the calls must be paired, and the function must not + return without the unbecome_root call. This means mistakes could be + made, but this patch seems to have paid attention to this important + detail. - * This must '''never''' be "None" or "Low", or entirely an argument as to why - your upload is low risk. + There is no verification whether unbecome_root succeeded in this patch, + but that seems to be the pattern everywhere else. Maybe the function + panics() if it fails, I couldn't verify that. - * This both shows the SRU team that the risks have been considered, - and provides guidance to testers in regression-testing the SRU. [Other Info] - - * Anything else you think is useful to include - * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board - * and address these questions in advance + Not at this time. [Original Description] After updating my AD-DC to samba 4.13 I am unable to print from normal user accounts (Windows is logging "Win32 error code returned by the print processor: 50. The request is not supported."). Also the Log is full with entries like this: [2021/11/19 01:48:37.496949, 0] ../../source3/rpc_server/rpc_server.c:1086(dcesrv_auth_gensec_prepare) dcesrv_auth_gensec_prepare: Failed to prepare gensec: NT_STATUS_INVALID_SERVER_STATE Enabling debug logs show that this is caused by the ownership of a directory which samba complains is not matching: [2021/11/19 01:48:37.482365, 4, effective(30000XX, 100), real(30000XX, 0)] ../../source3/rpc_server/rpc_ncacn_np.c:110(make_internal_rpc_pipe_socketpair) Create of internal pipe \pipe\spoolss requested [2021/11/19 01:48:37.485785, 3, effective(30000XX, 100), real(30000XX, 0)] ../../lib/util/util.c:483(directory_create_or_exist_strict) directory_create_or_exist_strict: invalid ownership on directory /var/lib/samba/private/msg.sock [2021/11/19 01:48:37.485807, 1, effective(30000XX, 100), real(30000XX, 0)] ../../source3/auth/auth_samba4.c:248(prepare_gensec) imessaging_init failed That is, because /var/lib/samba/private/msg.sock is owned by root:root in my case (and it gets created with those permissions aswell if I delete it), but https://github.com/samba- team/samba/blob/db11778b57610e24324aa4342f89918f66157d71/source4/lib/messaging/messaging.c#L507 uses geteuid() which is sometimes the user ID of the connecting user (as can be seen above, XX is the number that represents the uid of the windows user connecting). I am not sure if this is also the cause for the printing issue, but this spam in the log is super annoying aswell and should be fixed. Futher information about the system: Description: Ubuntu 20.04.3 LTS Release: 20.04 Arch: amd64 Samba-Version: 2:4.13.14+dfsg-0ubuntu0.20.04.1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1951490 Title: Can't print after update to 4.13 To manage notifications about this bug go to: https://bugs.launchpad.net/samba/+bug/1951490/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
