[Pkg-samba-maint] Bug#671926: Patch to drop smbpasswd generation

Christian PERRIER bubulle at debian.org
Thu May 10 16:55:18 UTC 2012 

tags 671926 patch
thanks

Here is a patch I plan to apply to SVN if you guys think it is
correct.

I left aside the impact on translation files to avoid cluttering up
the patch. So, runnin debconf-updatepo is needed after applying the
patch to make PO files smaller (and bye bye parts of my beloved French
translation!).


-- 


-------------- next part --------------
Index: samba.templates
===================================================================
--- samba.templates	(r?vision 4082)
+++ samba.templates	(copie de travail)
@@ -2,23 +2,6 @@
 Type: title
 _Description: Samba server
 
-Template: samba/generate_smbpasswd
-Type: boolean
-Default: false
-_Description: Create samba password database, /var/lib/samba/passdb.tdb?
- To be compatible with the defaults in most versions of Windows, Samba must
- be configured to use encrypted passwords.  This requires user passwords to
- be stored in a file separate from /etc/passwd.  This file can be created
- automatically, but the passwords must be added manually by running
- smbpasswd and be kept up-to-date in the future.
- .
- If you do not create it, you will have to reconfigure Samba (and probably
- your client machines) to use plaintext passwords.
- .
- See
- /usr/share/doc/samba-doc/htmldocs/Samba3-Developers-Guide/pwencrypt.html
- from the samba-doc package for more details.
-
 Template: samba/run_mode
 Type: select
 __Choices: daemons, inetd
Index: samba.config
===================================================================
--- samba.config	(r?vision 4082)
+++ samba.config	(copie de travail)
@@ -8,28 +8,6 @@
 
 RCFILE=/etc/default/samba
 
-# Function for grabbing a parameter from an smb.conf file
-smbconf_retr() {
-	if [ -z "$1" ]; then
-		return
-	fi
-
-	if [ -n "$2" ]; then
-		local FILE="$2"
-	fi
-
-	if [ -z "$FILE" ]; then
-		return
-	fi
-
-	sed -n -e"
-		s/^[[:space:]]*\[global\]/\[global\]/i
-		/^\[global\]/,/^[[:space:]]*\[/ {
-			s/^[[:space:]]*$1[[:space:]]*=[[:space:]]*//pi
-		}" $FILE \
-	| tail -n 1
-}
-
 read_rcfile() {
     # Default values
     if [ -f $RCFILE ]; then
@@ -43,8 +21,6 @@
     fi
 }
 
-FILE=/etc/samba/smb.conf
-
 db_settitle samba-common/title
 
 # We first read the settings file
@@ -55,30 +31,3 @@
 db_input medium samba/run_mode || true
 db_go
 
-# We vary the priority of the next question depending on whether
-#	the password database already exists...
-if [ -e /etc/samba/smbpasswd -o -e /var/lib/samba/passdb.tdb ]; then
-	PRIORITY="low"
-else
-	# If 'encrypt passwords' is true in smb.conf, and smbpasswd
-	# does not exist, default to yes here.
-	FILE=/etc/samba/smb.conf
-	db_fget samba/generate_smbpasswd seen
-	if [ "$RET" = "false" ] && [ -f "$FILE" ]; then
-		ENCRYPT=`smbconf_retr "encrypt passwords"`
-	        if [ "$ENCRYPT" ]; then
-			ENCRYPT=`echo $ENCRYPT | tr '[A-Z]' '[a-z]'`
-			if [ "$ENCRYPT" = "yes" ]; then
-				ENCRYPT=true
-			fi
-			if [ "$ENCRYPT" = "no" ]; then
-				ENCRYPT=false
-			fi
-		fi
-                db_set samba/generate_smbpasswd "$ENCRYPT"
-        fi
-	PRIORITY="medium"
-fi
-
-db_input $PRIORITY samba/generate_smbpasswd || true
-db_go
Index: changelog
===================================================================
--- changelog	(r?vision 4082)
+++ changelog	(copie de travail)
@@ -38,6 +38,11 @@
   * Add a NEWS.Debian entry about the libnss-winbind split and, while at
     it, add an entry for libpam-winbind too (as it will affect upgrades
     from squeeze).
+  * Drop the code that generates an smbpasswd file from the system's
+    user list. This adds very long delays on systems with many users,
+    including those with external user backends. It also makes much
+    less sense nowadays and the use of libpam-smbpass can easily
+    fill most of the needs. Closes: #671926
 
  -- Christian Perrier <bubulle at debian.org>  Mon, 07 May 2012 22:16:32 +0200
 
Index: samba.postinst
===================================================================
--- samba.postinst	(r?vision 4082)
+++ samba.postinst	(copie de travail)
@@ -46,24 +46,9 @@
 chmod a+r ${TMPFILE}
 mv -f ${TMPFILE} ${INITCONFFILE}
 
-# Generate a smbpasswd file?
-db_get samba/generate_smbpasswd || true
-GENERATE_SMBPASSWD="${RET}"
-
 # Done with debconf now.
 db_stop
 
-umask 066
-
-# FIXME: disable if ldapsam support is enabled?
-# FIXME: we don't want to pass these through the smbpasswd backend,
-# some of the faking can cause us problems!
-if [ "${GENERATE_SMBPASSWD}" = "true" -a ! -e /var/lib/samba/passdb.tdb -a ! -e /etc/samba/smbpasswd ]; then
-	getent passwd | mksmbpasswd > /etc/samba/smbpasswd
-	pdbedit -i smbpasswd -e tdbsam -d 0
-	rm /etc/samba/smbpasswd
-fi
-
 umask 022
 
 # ------------------------- Debconf questions end ---------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20120510/7f6d8a24/attachment-0001.pgp>

More information about the Pkg-samba-maint mailing list