[Pkg-samba-maint] Bug#454770: Bug#454770: Bug#454770: Bug#454770: schannel_store.tdb should not be kept in /etc/samba

Ivo De Decker ivo.dedecker at ugent.be
Mon Apr 15 21:39:13 UTC 2013


Hi,

On Mon, Apr 15, 2013 at 09:52:01AM +0200, Ivo De Decker wrote:
> I'm somewhat concerned about idmap2.tdb. If we get this one wrong, users can
> get the wrong unix uid's, which could be very bad on a fileserver. If only
> one version exists (in either /etc or /var/...)  there should be no problem,
> but if both exist, it might be better to error out instead of picking one of
> them. That would need a debconf notification explaining the situation, which
> ideally would be translated as well.
> 
> This problem could happen if someone installed samba from squeeze, upgraded to
> wheezy or backports, and then upgraded to the (future) final wheezy version.
> Also note that a real world setup will go silently wrong on this first upgrade.
> 
> What do you think?
> 
> For schannel_store.tdb, I don't know the impact of suddenly moving back to an
> old version (which would happen if there still was one left in /var/...). Can
> someone shed some light on this? Is it better to remove it in this case?
> 
> > (MACHINE.SID, at least, is a legacy file that's being read but not written
> > for compatibility only, so we don't need to migrate it in the maintainer
> > script.)
> 
> It seems MACHINE.SID is deleted on startup by samba since before wheezy, so
> this one should not cause any problems (if I read the code correctly).
> 
> I will try to do some tests with an idmap setup tonight.

I committed a new version of the path, which also fixes the other files, and
moves idmap2.tdb. I did a number of test with an idmap setup, and the upgrade
seems to work fine.

A situation with duplicate files for idmap2.tdb is easy to reproduce (install
squeeze, upgrade to wheezy). In that case, the result from the new version
might not be the right one (the postinst script will not overwrite an existing
old version of idmap2.tdb). I'm still not sure what to do about this. I don't
think this should stop the fix from getting into wheezy, so maybe the current
version should just be uploaded.

Cheers,

Ivo



More information about the Pkg-samba-maint mailing list