[Pkg-samba-maint] [Git][samba-team/samba][master] 11 commits: rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Jan 2 19:46:31 GMT 2023
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
6d44dcf0 by Michael Tokarev at 2022-12-23T19:08:20+03:00
rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
fix access-based share enum (broken since 4.16)
https://bugzilla.samba.org/show_bug.cgi?id=15265
- - - - -
5fa5d1d4 by Michael Tokarev at 2022-12-25T18:15:54+03:00
+reload-registry-shares-after-reloading-services.patch
https://bugzilla.samba.org/show_bug.cgi?id=15266
- - - - -
acfc1d7c by Michael Tokarev at 2023-01-02T17:58:01+03:00
d/samba.postinst: move /var/spool/samba => /var/tmp handling to before restart (#DEBHELPER#)
- - - - -
6cb63640 by Michael Tokarev at 2023-01-02T22:28:58+03:00
d/samba.postinst: fix /var/spool/samba => /var/tmp handling
1. Fix the "obvious" smb.conf cases automatically, instead of just warning
(in smb.conf only)
2. Do not restrict just to [printers] section (path= setting could have
been replicated to other sections too).
3. Check for the same path in include files too
(check whole testparam -s output)
4. Allow for subdirs of /var/spool/samba too, just in case
5. Handle upgrades from recent versions as well, to fix removal
of the spool dir while other sections are still referring to it
- - - - -
a04b5a27 by Michael Tokarev at 2023-01-02T22:29:41+03:00
create common script to check if the service is configured in smb.conf
Create /usr/share/samba/is-configured which looks at smb.conf
and decides if a given service should be run or not.
Use this script in ExecCondition= in systemd service units.
- - - - -
49f59ddf by Michael Tokarev at 2023-01-02T22:30:03+03:00
d/samba.postinst: stop masking systemd services
These are now auto-serviced by /usr/share/samba/is-configured.
Unmask everything masked instead.
- - - - -
0de846ea by Michael Tokarev at 2023-01-02T22:30:03+03:00
d/winbind.postinst: stop masking winbind service
These are now auto-serviced by /usr/share/samba/is-configured.
Unmask everything masked instead.
- - - - -
7203462f by Michael Tokarev at 2023-01-02T22:30:03+03:00
d/winbind.postinst: only touch /var/lib/samba/winbindd_privileged at install time
It should be possible to modify the group ownership and permissions
for this directory after install, do not fix it on upgrades.
- - - - -
49840434 by Michael Tokarev at 2023-01-02T22:30:03+03:00
samba init scripts: use check-service-run too to determine if the service should run
and while at it, stop making /run/samba dir (it is created automatically)
- - - - -
d54a0b57 by Michael Tokarev at 2023-01-02T22:30:03+03:00
Big cleanup for the init scripts
rewrite SysV init scripts:
- make them consistent with a common skeleton
- use log_end_msg consistently
- do not exit prematurely, script exit code will be from the last command
- stop the right process based on the executable, not only on the pidfile
- use is-configured script in a consistent way
- implement reload command for winbind
- read SMBDOPTIONS/NMBDOPTIONS/WINBINDOPTIONS/SAMBAOPTIONS from /etc/default/samba
if exists, the same way as is done in systemd service files
(in addition to WINBINDD_OPTS read from /etc/default/winbind)
- - - - -
4805f09f by Michael Tokarev at 2023-01-02T22:30:03+03:00
d/samba.postinst: simplify usershare dir handling a bit
- - - - -
11 changed files:
- + debian/is-configured
- + debian/patches/reload-registry-shares-after-reloading-services.patch
- + debian/patches/rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
- debian/patches/series
- debian/rules
- debian/samba.nmbd.init
- debian/samba.postinst
- debian/samba.samba-ad-dc.init
- debian/samba.smbd.init
- debian/winbind.init
- debian/winbind.postinst
Changes:
=====================================
debian/is-configured
=====================================
@@ -0,0 +1,32 @@
+#! /bin/sh
+# Check if the given service (smb|nmb|winbind|samba)
+# should be run according to the settings in smb.conf
+
+[ -f /etc/samba/smb.conf ] || exit 1
+
+server_role=$(testparm -s --parameter-name="server role" 2>/dev/null)
+[ "active directory domain controller" = "$server_role" ] \
+ && addc=1 || addc=0
+
+case "$1" in
+ ( smb | smbd )
+ exit $addc
+ ;;
+ ( winbind | winbindd )
+ exit $addc
+ ;;
+ ( nmb | nmbd )
+ [ "$addc" = 1 ] && exit 1
+ disable_netbios=$(testparm -s --parameter-name="disable netbios" 2>/dev/null)
+ [ Yes = "$disable_netbios" ] && exit 1 || exit 0
+ ;;
+ ( samba | samba-ad-dc )
+ # source4/samba/server.c checks for other parameters too, even if !AD-DC
+ # Should we support these?
+ exit $((!$addc))
+ ;;
+ ( * )
+ echo "Wrong usage: should be smb|nmb|winbind|samba" >&2
+ exit 255
+ ;;
+esac
=====================================
debian/patches/reload-registry-shares-after-reloading-services.patch
=====================================
@@ -0,0 +1,32 @@
+From 4481454d2cddc30adfdc4d2ba86412aa03817eef Mon Sep 17 00:00:00 2001
+From: Andrew Walker <awalker at ixsystems.com>
+Date: Mon, 19 Dec 2022 13:14:51 -0500
+Subject: Reload registry shares after reloading services
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15266
+
+Reloading the services file will remove all registry shares
+breaking service enumeration.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
+Signed-off-by: Andrew Walker <awalker at ixsystems.com>
+---
+ source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+index 8a0c63fd50e..08d34d51372 100644
+--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+@@ -669,6 +669,11 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
+ */
+ reload_services(NULL, NULL, false);
+
++ /*
++ * After reloading services we need to reload registry shares
++ */
++ load_registry_shares();
++
+ num_services = lp_numservices();
+
+ allowed = talloc_zero_array(ctx, bool, num_services);
+--
=====================================
debian/patches/rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
=====================================
@@ -0,0 +1,60 @@
+From 5c8e34cae96ee65d34da61801a0f04c562006369 Mon Sep 17 00:00:00 2001
+From: Andrew <awalker at ixsystems.com>
+Date: Fri, 16 Dec 2022 08:16:10 -0800
+Subject: rpc_server:srvsvc - retrieve share ACL via root context
+Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
+
+share_info.tdb has permissions of 0o600 and so we need
+to become_root() prior to retrieving the security info.
+
+BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
+
+Signed-off-by: Andrew Walker <awalker at ixsystems.com>
+Reviewed-by: Jeremy Allison <jra at samba.org>
+
+Autobuild-User(master): Jeremy Allison <jra at samba.org>
+Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
+
+(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)
+---
+ source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+index 233718ff310..fbc617c3ac1 100644
+--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+@@ -540,6 +540,7 @@ static bool is_hidden_share(int snum)
+ static bool is_enumeration_allowed(struct pipes_struct *p,
+ int snum)
+ {
++ bool allowed;
+ struct dcesrv_call_state *dce_call = p->dce_call;
+ struct auth_session_info *session_info =
+ dcesrv_call_session_info(dce_call);
+@@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
+ return false;
+ }
+
+- return share_access_check(session_info->security_token,
+- lp_servicename(talloc_tos(), lp_sub, snum),
+- FILE_READ_DATA, NULL);
++
++ /*
++ * share_access_check() must be opened as root
++ * because it ultimately gets a R/W db handle on share_info.tdb
++ * which has 0o600 permissions
++ */
++ become_root();
++ allowed = share_access_check(session_info->security_token,
++ lp_servicename(talloc_tos(), lp_sub, snum),
++ FILE_READ_DATA, NULL);
++ unbecome_root();
++
++ return allowed;
+ }
+
+ /****************************************************************************
+--
+2.34.1
+
=====================================
debian/patches/series
=====================================
@@ -23,3 +23,5 @@ fruit-disable-useless-size_t-overflow-check.patch
meaningful-error-if-no-samba-ad-provision.patch
meaningful-error-if-no-python3-markdown.patch
ctdb-use-run-instead-of-var-run.patch
+rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
+reload-registry-shares-after-reloading-services.patch
=====================================
debian/rules
=====================================
@@ -83,6 +83,10 @@ config-args += \
--with-systemd \
--systemd-install-services \
--with-systemddir=/lib/systemd/system \
+ --systemd-smb-extra='ExecCondition=/usr/share/samba/is-configured smb' \
+ --systemd-nmb-extra='ExecCondition=/usr/share/samba/is-configured nmb' \
+ --systemd-winbind-extra='ExecCondition=/usr/share/samba/is-configured winbind' \
+ --systemd-samba-extra='ExecCondition=/usr/share/samba/is-configured samba' \
endif
@@ -272,7 +276,8 @@ override_dh_auto_install-indep:
ifeq (${DEB_VENDOR}, Ubuntu)
patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff
endif
- install -Dp -m755 debian/panic-action -t debian/samba-common/usr/share/samba/
+ install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/
+ install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/
install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/
install -Dp -m0755 debian/samba-common.dhcp debian/samba-common/etc/dhcp/dhclient-enter-hooks.d/samba
# we wrongly have pam file in samba-common instead of samba
=====================================
debian/samba.nmbd.init
=====================================
@@ -12,73 +12,41 @@
# to clients
### END INIT INFO
-
-PIDDIR=/run/samba
-NMBDPID=$PIDDIR/nmbd.pid
+NAME=nmbd
+DAEMON=/usr/sbin/$NAME
+PIDFILE=/run/samba/$NAME.pid
+DESC="NetBIOS name server"
+SCRIPT=nmbd
# clear conflicting settings from the environment
unset TMPDIR
-# See if the daemons are there
-test -x /usr/sbin/nmbd || exit 0
-
-. /lib/lsb/init-functions
+test -x $DAEMON || exit 0
+/usr/share/samba/is-configured $NAME || exit 0
-case $1 in
- start)
- SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
- if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
- exit 0
- fi
+[ -f /etc/default/samba ] && . /etc/default/samba
- if [ -n `which testparm` ]
- then
- NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
- fi
- if [ "$NMBD_DISABLED" != Yes ]; then
- log_daemon_msg "Starting NetBIOS name server" nmbd
- # Make sure we have our PIDDIR, even if it's on a tmpfs
- install -o root -g root -m 755 -d $PIDDIR
-
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile $NMBDPID -- -D
- then
- log_end_msg 1
- exit 1
- fi
- log_end_msg 0
- fi
+. /lib/lsb/init-functions
+case "$1" in
+ (start)
+ log_daemon_msg "Starting $DESC" $NAME
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $NMBDOPTIONS
+ log_end_msg $?
;;
- stop)
-
- log_daemon_msg "Stopping NetBIOS name server" nmbd
-
- start-stop-daemon --stop --quiet --pidfile $NMBDPID
- # Wait a little and remove stale PID file
- sleep 1
- if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
- then
- # Stale PID file (nmbd was succesfully stopped),
- # remove it (should be removed by nmbd itself IMHO.)
- rm -f $NMBDPID
- fi
-
- log_end_msg 0
-
+ (stop)
+ log_daemon_msg "Stopping $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
+ log_end_msg $?
;;
- restart|force-reload)
- $0 stop
- sleep 1
- $0 start
+ (restart|force-reload)
+ $0 stop && sleep 1 && $0 start
;;
- status)
- status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd
- exit $?
+ (status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME
;;
- *)
- echo "Usage: /etc/init.d/nmbd {start|stop|restart|force-reload|status}"
+ (*)
+ echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
exit 1
;;
esac
-
-exit 0
=====================================
debian/samba.postinst
=====================================
@@ -6,12 +6,12 @@ nmbd_error_handler() {
if [ -d /sys/class/net/lo ] && ls /sys/class/net | grep -qv ^lo$; then
# https://bugs.debian.org/893762
echo 'WARNING: nmbd failed to start as there is no non-loopback interfaces available.'
- echo 'Either add an interface or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
+ echo 'Either add an interface or set "disable netbios = yes" in smb.conf'
return 0
elif command -v ip > /dev/null && ip a show | grep '^[[:space:]]*inet ' | grep -vq ' lo$'; then
# https://bugs.debian.org/859526
echo 'WARNING: nmbd failed to start as there is no local IPv4 non-loopback interfaces available.'
- echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
+ echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf'
return 0
else
echo 'ERROR: nmbd failed to start.'
@@ -19,38 +19,6 @@ nmbd_error_handler() {
fi
}
-mask_services() {
- local reason="$1"
- shift
- local masked_count=0
- mkdir -p /etc/systemd/system
- echo "${reason}: Masking $*"
- echo "Please ignore the following error about deb-systemd-helper not finding those services."
- while true; do
- local service_name="$1"
- if [ -z "$service_name" ]; then
- break
- fi
- shift
- if [ ! -e "/etc/systemd/system/${service_name}" ]; then
- ln -s /dev/null "/etc/systemd/system/${service_name}"
- echo "(${service_name} masked)"
- masked_count=$((masked_count+1))
- elif [ -h "/etc/systemd/system/${service_name}" ] \
- && [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
- ; then
- echo "(${service_name} already masked)"
- else
- echo "WARNING ${service_name} should be masked. The install may fail."
- fi
- done
- # In case this system is running systemd, we make systemd reload the unit files
- # to pick up changes.
- if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
- systemctl --system daemon-reload >/dev/null || true
- fi
-}
-
# We generate several files during the postinst, and we don't want
# them to be readable only by root.
umask 022
@@ -59,35 +27,42 @@ if [ configure = "$1" -a -z "$2" ] # only do this if not upgrading
then
# add the sambashare group; --force: ok if group already exist
groupadd --force --system sambashare
- if [ ! -e /var/lib/samba/usershares ]
- then
- install -d -m 1770 -g sambashare /var/lib/samba/usershares
- fi
+ dir=/var/lib/samba/usershares
+ [ -d $dir ] || install -d -m 1770 -g sambashare $dir
fi
-mkdir -p /run/samba # shut up [samba-tool] testparm warning
-
-# mimic source4/smbd/server.c and mask service before it fails
-# NB: server role = active directory domain controller is what we need to properly support
-# NB: server services = smb is not compiled in
-# NB: dcerpc endpoint servers = remote is for developpement
-# NB: dcerpc endpoint servers = mapiproxy is for OpenChange which is dead
-SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
-SERVER_SERVICES=`samba-tool testparm --parameter-name="server services" 2>/dev/null | tail -1`
-DCERPC_ENDPOINT_SERVERS=`samba-tool testparm --parameter-name="dcerpc endpoint servers" 2>/dev/null | tail -1`
-DISABLE_NETBIOS=`samba-tool testparm --parameter-name="disable netbios" 2>/dev/null | tail -1`
-
-if [ "$SERVER_ROLE" != "active directory domain controller" ] \
- && ( echo "$SERVER_SERVICES" | grep -qv '\(^\|, \)smb\(,\|$\)' ) \
- && ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)remote\(,\|$\)' ) \
- && ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)mapiproxy\(,\|$\)' ) \
-; then
- mask_services "Samba is not being run as an AD Domain Controller" samba-ad-dc.service
+# in 4.17.4+dfsg-3 we stopped masking services, unmask them here
+if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
+then
+ for s in nmbd smbd samba-ad-dc; do
+ if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ]
+ then
+ rm -f /etc/systemd/system/$s.service
+ fi
+ done
fi
-if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
- mask_services "Samba is being run as an AD Domain Controller" smbd.service nmbd.service
-elif [ "$DISABLE_NETBIOS" = Yes ]; then
- mask_services "NetBIOS is disabled" nmbd.service
+
+# remove old spool directory (point it to /var/tmp if in use)
+dir=/var/spool/samba
+if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
+then
+ pat="^(\\s*path\\s*=\\s*)$dir"
+ if grep -q -E "$pat\\s*$" /etc/samba/smb.conf ; then
+ echo "W: fixing smb.conf, replacing $dir with /var/tmp" >&2
+ sed -ri "s|$pat\\s*$|\\1/var/tmp|" /etc/samba/smb.conf
+ fi
+ if [ -d $dir -a ! -L $dir ]; then
+ echo "W: removing old samba print spool $dir" >&2
+ rm -rf $dir
+ fi
+ # we can still have it in an include file (or have a subdir there?)
+ if testparm -s 2>/dev/null | grep -E "$pat\\b" >&2; then
+ echo "W: $dir is still referenced in smb.conf. Please update smb.conf" >&2
+ if [ ! -L $dir ]; then
+ echo "W: redirecting $dir to /var/tmp" >&2
+ ln -s ../tmp $dir
+ fi
+ fi
fi
#DEBHELPER#
@@ -101,21 +76,4 @@ then
rmdir $dir
fi
-# remove old spool directory (point it to /var/tmp if in use)
-dir=/var/spool/samba
-if [ configure = "$1" -a ! -L $dir ] &&
- dpkg --compare-versions "$2" lt-nl 2:4.16.1+dfsg-5~
-then
- if [ -d $dir ]; then
- echo "W: removing old samba print spool $dir" >&2
- rm -rf $dir
- fi
- used=$(testparm -s --section-name=printers --parameter-name=path 2>/dev/null || :)
- if [ $dir = "$used" ]; then
- echo "W: $dir is referenced in smb.conf [printers] section." >&2
- echo "W: redirecting $dir to /var/tmp. Please update your smb.conf" >&2
- ln -s ../tmp $dir
- fi
-fi
-
exit 0
=====================================
debian/samba.samba-ad-dc.init
=====================================
@@ -10,30 +10,24 @@
# Description: Meta-service to provide AD and SMB/CIFS services to clients
### END INIT INFO
-#
-# Start/stops the Samba daemon (samba).
-# Adapted from the Samba 3 packages.
-#
-
-PIDDIR=/run/samba
-SAMBAPID=$PIDDIR/samba.pid
+NAME=samba
+DAEMON=/usr/sbin/$NAME
+PIDFILE=/run/samba/$NAME.pid
+DESC="Samba AD DC server"
+SCRIPT=samba-ad-dc
# clear conflicting settings from the environment
unset TMPDIR
-# See if the daemon and the config file are there
-test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0
+test -x $DAEMON || exit 0
+/usr/share/samba/is-configured $NAME || exit 0
+
+[ -f /etc/default/samba ] && . /etc/default/samba
. /lib/lsb/init-functions
case "$1" in
- start)
- SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
- if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
- exit 0
- fi
-
-
+ (start)
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
@@ -47,47 +41,23 @@ case "$1" in
exit 1
fi
fi
-
- log_daemon_msg "Starting Samba AD DC daemon" "samba"
- # Make sure we have our PIDDIR, even if it's on a tmpfs
- install -o root -g root -m 755 -d $PIDDIR
-
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba --pidfile $SAMBAPID -- -D; then
- log_end_msg 1
- exit 1
- fi
-
- log_end_msg 0
+ log_daemon_msg "Starting $DESC" $NAME
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS
+ log_end_msg $?
;;
- stop)
- log_daemon_msg "Stopping Samba AD DC daemon" "samba"
-
- start-stop-daemon --stop --quiet --pidfile $SAMBAPID
- # Wait a little and remove stale PID file
- sleep 1
- if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
- then
- # Stale PID file (samba was succesfully stopped),
- # remove it (should be removed by samba itself IMHO.)
- rm -f $SAMBAPID
- fi
-
- log_end_msg 0
-
+ (stop)
+ log_daemon_msg "Stopping $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
+ log_end_msg $?
;;
- restart|force-reload)
- $0 stop
- sleep 1
- $0 start
+ (restart|force-reload)
+ $0 stop && sleep 1 && $0 start
;;
- status)
- status_of_proc -p $SAMBAPID /usr/sbin/samba samba
- exit $?
+ (status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME
;;
- *)
- echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
+ (*)
+ echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
exit 1
;;
esac
-
-exit 0
=====================================
debian/samba.smbd.init
=====================================
@@ -12,78 +12,50 @@
# Description: server to provide SMB/CIFS services to clients
### END INIT INFO
-
-PIDDIR=/run/samba
-SMBDPID=$PIDDIR/smbd.pid
+NAME=smbd
+DAEMON=/usr/sbin/$NAME
+PIDFILE=/run/samba/$NAME.pid
+DESC="Samba SMB/CIFS daemon"
+SCRIPT=smbd
# clear conflicting settings from the environment
unset TMPDIR
-# See if the daemons are there
-test -x /usr/sbin/smbd || exit 0
+test -x $DAEMON || exit 0
+/usr/share/samba/is-configured $NAME || exit 0
-. /lib/lsb/init-functions
+[ -f /etc/default/samba ] && . /etc/default/samba
-case $1 in
- start)
- SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
- if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
- exit 0
- fi
+. /lib/lsb/init-functions
- # Update /etc/apparmor.d/local/usr.sbin.smbd-shares
+case "$1" in
+ (start)
+ # Update /etc/apparmor.d/samba/smbd-shares
if [ -x /usr/share/samba/update-apparmor-samba-profile ]; then
/usr/share/samba/update-apparmor-samba-profile || exit $?
fi
-
- log_daemon_msg "Starting SMB/CIFS daemon" smbd
- # Make sure we have our PIDDIR, even if it's on a tmpfs
- install -o root -g root -m 755 -d $PIDDIR
-
- if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile $SMBDPID -- -D; then
- log_end_msg 1
- exit 1
- fi
-
- log_end_msg 0
+ log_daemon_msg "Starting $DESC" $NAME
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SMBDOPTIONS
+ log_end_msg $?
;;
- stop)
-
- log_daemon_msg "Stopping SMB/CIFS daemon" smbd
-
- start-stop-daemon --stop --quiet --pidfile $SMBDPID
- # Wait a little and remove stale PID file
- sleep 1
- if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
- then
- # Stale PID file, remove it (should be removed by
- # smbd itself IMHO).
- rm -f $SMBDPID
- fi
-
- log_end_msg 0
-
+ (stop)
+ log_daemon_msg "Stopping $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
+ log_end_msg $?
;;
- reload)
- log_daemon_msg "Reloading /etc/samba/smb.conf" smbd
-
- start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID
-
- log_end_msg 0
+ (reload)
+ log_daemon_msg "Reloading $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP
+ log_end_msg $?
;;
- restart|force-reload)
- $0 stop
- sleep 1
- $0 start
+ (restart|force-reload)
+ $0 stop && sleep 1 && $0 start
;;
- status)
- status_of_proc -p $SMBDPID /usr/sbin/smbd smbd
- exit $?
+ (status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME
;;
- *)
- echo "Usage: /etc/init.d/smbd {start|stop|reload|restart|force-reload|status}"
+ (*)
+ echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
-
-exit 0
=====================================
debian/winbind.init
=====================================
@@ -11,52 +11,47 @@
# Description: Name Service Switch daemon for resolving names from NT servers
### END INIT INFO
-
-PATH=/sbin:/bin:/usr/sbin:/usr/bin
-
-[ -r /etc/default/winbind ] && . /etc/default/winbind
-
-DAEMON=/usr/sbin/winbindd
-PIDDIR=/run/samba
-WINBINDPID=$PIDDIR/winbindd.pid
+NAME=winbindd
+DAEMON=/usr/sbin/$NAME
+PIDFILE=/run/samba/$NAME.pid
+DESC="Samba Winbind daemon"
+SCRIPT=winbind
# clear conflicting settings from the environment
unset TMPDIR
-# See if the daemon is there
test -x $DAEMON || exit 0
+/usr/share/samba/is-configured $NAME || exit 0
-SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
-if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
- exit 0
-fi
+[ -r /etc/default/samba ] && . /etc/default/samba
+[ -r /etc/default/$SCRIPT ] && . /etc/default/$SCRIPT
. /lib/lsb/init-functions
case "$1" in
- start)
- log_daemon_msg "Starting the Winbind daemon" "winbind"
-
- start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID -- $WINBINDD_OPTS
-
+ (start)
+ log_daemon_msg "Starting $DESC" $NAME
+ start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $WINBINDD_OPTS $WINBINDOPTIONS
log_end_msg $?
;;
-
- stop)
- log_daemon_msg "Stopping the Winbind daemon" "winbind"
- start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID
+ (stop)
+ log_daemon_msg "Stopping $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
log_end_msg $?
;;
-
- restart|force-reload)
- $0 stop && sleep 2 && $0 start
+ (reload)
+ log_daemon_msg "Reloading $DESC" $NAME
+ start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP
+ log_end_msg $?
;;
-
- status)
- status_of_proc -p $WINBINDPID $DAEMON winbind && exit 0 || exit $?
+ (restart|force-reload)
+ $0 stop && sleep 1 && $0 start
+ ;;
+ (status)
+ status_of_proc -p $PIDFILE $DAEMON $NAME
;;
- *)
- echo "Usage: /etc/init.d/winbind {start|stop|restart|force-reload|status}"
+ (*)
+ echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
=====================================
debian/winbind.postinst
=====================================
@@ -2,51 +2,23 @@
set -e
-mask_services() {
- local reason="$1"
- shift
- local masked_count=0
- mkdir -p /etc/systemd/system
- echo "${reason}: Masking $*"
- echo "Please ignore the following error about deb-systemd-helper not finding those services."
- while true; do
- local service_name="$1"
- if [ -z "$service_name" ]; then
- break
- fi
- shift
- if [ ! -e "/etc/systemd/system/${service_name}" ]; then
- ln -s /dev/null "/etc/systemd/system/${service_name}"
- echo "(${service_name} masked)"
- masked_count=$((masked_count+1))
- elif [ -h "/etc/systemd/system/${service_name}" ] \
- && [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
- ; then
- echo "(${service_name} already masked)"
- else
- echo "WARNING ${service_name} should be masked. The install may fail."
+# in 4.17.4+dfsg-3 we stopped masking services, unmask them here
+if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
+then
+ for s in winbind; do
+ if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ]
+ then
+ rm -f /etc/systemd/system/$s.service
fi
done
- # In case this system is running systemd, we make systemd reload the unit files
- # to pick up changes.
- if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
- systemctl --system daemon-reload >/dev/null || true
- fi
-}
-
-# groupadd --force: ok if group already exist
-groupadd --system --force winbindd_priv
-
-winbindd_privileged_socket_directory='/var/lib/samba/winbindd_privileged'
-mkdir -pv "$winbindd_privileged_socket_directory"
-chgrp -c winbindd_priv "$winbindd_privileged_socket_directory"
-chmod -c 0750 "$winbindd_privileged_socket_directory"
-
-mkdir -p /run/samba # shut up [samba-tool] testparm warning
+fi
-SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
-if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
- mask_services "Samba is being run as an AD Domain Controller" winbind.service
+if [ configure = "$1" -a ! "$2" ] # only do this if not upgrading
+then
+ # groupadd --force: ok if group already exist
+ groupadd --system --force winbindd_priv
+ dir=/var/lib/samba/winbindd_privileged
+ [ -d $dir ] || install -d -m 0750 -g winbindd_priv $dir
fi
#DEBHELPER#
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/393ec15bad27d5bfc47db07d122bcafce86d53a5...4805f09fd99b78cced1d3e443c4003352f4c045f
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/393ec15bad27d5bfc47db07d122bcafce86d53a5...4805f09fd99b78cced1d3e443c4003352f4c045f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230102/c88a09f2/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list