[Pkg-samba-maint] Bug#454770: Bug#454770: schannel_store.tdb should not be kept in /etc/samba

Steve Langasek vorlon at debian.org
Sun Apr 14 18:08:47 UTC 2013


On Sun, Apr 14, 2013 at 05:06:49PM +0200, Christian PERRIER wrote:
> tags 454770 patch
> thanks
> 
> Quoting Olaf Conradi (olaf at conradi.org):
> > Package: samba
> > Version: 2:3.6.6-5
> > Severity: normal
> > 
> > I'm using version 3.6 of Samba and I noticed schannel_store.tdb was in
> > /etc/samba. After moving it to /var/lib/samba it was recreated in
> > /etc/samba.
> > 
> > Is this a regression? According to this bug it should have been fixed in
> > samba 3.2

> Indeed.

> The bug probably came back indirectly when upstream changed the
> location of this file's use in their source.

> The attached patch should fix this again.

> Steve, would you mind ACKing it?

Reviewing the diff at the svn revision where this regression was introduced,
there are other parts of the patch that were also dropped: MACHINE.SID and
idmap2.tdb also no longer have their location being patched.  Both of these
files still have references in the code, so the patch should be re-fixed to
handle them.

(MACHINE.SID, at least, is a legacy file that's being read but not written
for compatibility only, so we don't need to migrate it in the maintainer
script.)

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek at ubuntu.com                                     vorlon at debian.org

> Index: debian/changelog
> ===================================================================
> --- debian/changelog	(révision 4190)
> +++ debian/changelog	(copie de travail)
> @@ -1,3 +1,10 @@
> +samba (2:3.6.6-6) UNRELEASED; urgency=low
> +
> +   * Move schannel_store.tdb out of /etc/samba to /var/lib/samba,
> +     where it belongs according to the FHS.  Closes: #454770.
> +
> + -- Christian Perrier <bubulle at debian.org>  Sun, 14 Apr 2013 15:30:05 +0200
> +
>  samba (2:3.6.6-5) unstable; urgency=high
>  
>    * Security update
> Index: debian/patches/fhs-filespaths.patch
> ===================================================================
> --- debian/patches/fhs-filespaths.patch	(révision 4183)
> +++ debian/patches/fhs-filespaths.patch	(copie de travail)
> @@ -63,3 +63,16 @@
>   .sp
>   Default:
>   \fI\fIprivate dir\fR\fR\fI = \fR\fI${prefix}/private\fR\fI \fR
> +Index: samba/libcli/auth/schannel_state_tdb.c
> +===================================================================
> +--- samba.orig/libcli/auth/schannel_state_tdb.c
> ++++ samba/libcli/auth/schannel_state_tdb.c
> +@@ -40,7 +40,7 @@
> + 					     const char *private_dir)
> + {
> + 	struct tdb_wrap *tdb_sc = NULL;
> +-	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", private_dir);
> ++	char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", get_dyn_STATEDIR());
> + 
> + 	if (!fname) {
> + 		return NULL;
> Index: debian/samba.postinst
> ===================================================================
> --- debian/samba.postinst	(révision 4183)
> +++ debian/samba.postinst	(copie de travail)
> @@ -53,6 +53,14 @@
>  
>  # ------------------------- Debconf questions end ---------------------
>  
> +if dpkg --compare-versions "$2" lt-nl 2:3.6.6-6 \
> +	&& dpkg --compare-versions "$2" ge 3.0.24 \
> +	&& [ -e /etc/samba/schannel_store.tdb ] \
> +	&& ! [ -e /var/lib/samba/schannel_store.tdb ]
> +then
> +	mv /etc/samba/schannel_store.tdb /var/lib/samba/schannel_store.tdb
> +fi                                                                                                                                                                                 
> +                                                                                                                                                                                    
>  # We want to add these entries to inetd.conf commented out. Otherwise
>  #	UDP traffic could make inetd to start nmbd or smbd right during
>  #	the configuration stage.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130414/ea2e73d0/attachment-0001.pgp>


More information about the Pkg-samba-maint mailing list