[Pkg-samba-maint] [Git][samba-team/samba][master] 7 commits: add-missing-libs-deps.diff (#1010922)
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Thu May 26 11:07:23 BST 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
33a8b5de by Michael Tokarev at 2022-05-19T20:43:13+03:00
add-missing-libs-deps.diff (#1010922)
- - - - -
30f89883 by Michael Tokarev at 2022-05-26T13:06:06+03:00
point [printers] to /var/tmp/, stop shipping /var/spool/samba
In the postinst script, remove /var/spool/samba/, check if it is
still used in smb.conf, and create a compatibility symlink pointing
to tmp/, suggesting changing smb.conf.
This probably can be accomplished by a debconf question, but the
thing is complicated by the fact that smb.conf might be upgrading
too at the same time.
- - - - -
16967b5f by Michael Tokarev at 2022-05-26T13:06:07+03:00
debian/patches/weak-crypto-allowed-clarify.diff: update
- - - - -
8bed1690 by Michael Tokarev at 2022-05-26T13:06:07+03:00
d/rules: enable --with-profilig-data to enable profiling collection if set in smb.conf
- - - - -
436213ad by Michael Tokarev at 2022-05-26T13:06:07+03:00
testparm-do-not-fail-if-pid-dir-does-not-exist.patch: also cover samba-tool testparm
- - - - -
d80ec0f3 by Michael Tokarev at 2022-05-26T13:06:07+03:00
fix-samba-tool-domain-join-segfault.patch
- - - - -
94e8d856 by Michael Tokarev at 2022-05-26T13:06:07+03:00
d/control: build-depend on libunwind-dev to compile in stack backtrace logging on crash
- - - - -
11 changed files:
- debian/control
- + debian/patches/add-missing-libs-deps.diff
- + debian/patches/fix-samba-tool-domain-join-segfault.patch
- debian/patches/series
- debian/patches/testparm-do-not-fail-if-pid-dir-does-not-exist.patch
- debian/patches/weak-crypto-allowed-clarify.diff
- debian/rules
- debian/samba.dirs
- debian/samba.postinst
- debian/samba.postrm
- debian/smb.conf
Changes:
=====================================
debian/control
=====================================
@@ -59,6 +59,7 @@ Build-Depends-Arch:
libsystemd-dev [linux-any],
libtasn1-6-dev (>= 3.8),
libtasn1-bin,
+ libunwind-dev,
liburing-dev [linux-any],
xfslibs-dev [linux-any],
zlib1g-dev (>= 1:1.2.3),
=====================================
debian/patches/add-missing-libs-deps.diff
=====================================
@@ -0,0 +1,49 @@
+From: Michael Tokarev <mjt at tls.msk.ru>
+Date: Thu, 19 May 2022 20:37:21 +0300
+Subject: add missing libs deps
+Bug-Debian: https://bugs.debian.org/1010922
+
+Lots of samba libraries has incomplete dependencies listed
+in wscript files. This usually is not a problem since the
+link line includes dependencies of their dependencies of
+their dependencies, and somewhere down that line all immediate
+dependencies which are missing are actually present. But
+sometimes this becomes a problem when a library does not
+declare direct dependency on at least one private library
+which it actually uses: in case no private library is
+listed as direct dependency, private library directory is
+not put into RUNPATH of the resulting binary, so the binary
+can not find its own dependencies.
+
+Fix a few such places, including one library which is a part
+of public abi (libsmbldap).
+
+diff --git a/lib/util/wscript_build b/lib/util/wscript_build
+index 2f31e8fa5b1..08a77b8940c 100644
+--- a/lib/util/wscript_build
++++ b/lib/util/wscript_build
+@@ -218,5 +218,5 @@ else:
+ bld.SAMBA_LIBRARY('samba-modules',
+ source='modules.c',
+- deps='samba-errors samba-util',
++ deps='samba-errors samba-util samba-debug',
+ local_include=False,
+ private_library=True)
+diff --git a/source3/wscript_build b/source3/wscript_build
+index acfc0c56f03..e919f38d9cb 100644
+--- a/source3/wscript_build
++++ b/source3/wscript_build
+@@ -189,5 +189,5 @@ bld.SAMBA3_LIBRARY('smbldaphelper',
+ passdb/pdb_ldap_util.c
+ ''',
+- deps='smbldap secrets3',
++ deps='smbldap secrets3 replace',
+ allow_undefined_symbols=True,
+ enabled=bld.CONFIG_SET('HAVE_LDAP'),
+@@ -483,5 +483,5 @@ bld.SAMBA3_LIBRARY('secrets3',
+ bld.SAMBA3_LIBRARY('smbldap',
+ source='lib/smbldap.c',
+- deps='ldap lber samba-util smbconf',
++ deps='ldap lber samba-util smbconf replace samba-debug samba-security',
+ enabled=bld.CONFIG_SET("HAVE_LDAP"),
+ private_library=False,
=====================================
debian/patches/fix-samba-tool-domain-join-segfault.patch
=====================================
@@ -0,0 +1,82 @@
+From 73bc58f25ebba8c4ef9004510db2d11936be1363 Mon Sep 17 00:00:00 2001
+From: Michael Tokarev <mjt at tls.msk.ru>
+Date: Tue, 24 May 2022 16:25:41 +0300
+Subject: [PATCH] s3/util/py_net.c: fix samba-tool domain join&leave segfault
+
+We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
+type modifier there. According to documentation, this type modifier,
+while works for a boolean type, expects an argument of type int. But in
+py_net_join_member() and py_net_leave() we use argument of type uint8_t
+(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
+tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
+too, - which ones depends on the stack and structure layout used by the compiler.
+
+Fix this by using int type for all relevant variables, and by introducing proxy
+variable "debug" (of the same type) for r->in.debug.
+
+While at it, also ensure all variables have sensible default values.
+
+Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+---
+ source3/utils/py_net.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/source3/utils/py_net.c b/source3/utils/py_net.c
+index 0d774bcb805..6f20fdb0890 100644
+--- a/source3/utils/py_net.c
++++ b/source3/utils/py_net.c
+@@ -68,7 +68,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec
+ WERROR werr;
+ PyObject *result;
+ TALLOC_CTX *mem_ctx;
+- uint8_t no_dns_updates;
++ int no_dns_updates = false, debug = false;
+ bool modify_config = lp_config_backend_is_registry();
+ const char *kwnames[] = { "dnshostname", "createupn", "createcomputer",
+ "osName", "osVer", "osServicePack",
+@@ -97,7 +97,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec
+ &r->in.os_version,
+ &r->in.os_servicepack,
+ &r->in.machine_password,
+- &r->in.debug,
++ &debug,
+ &no_dns_updates)) {
+ talloc_free(mem_ctx);
+ PyErr_FromString(_("Invalid arguments\n"));
+@@ -126,6 +126,7 @@ static PyObject *py_net_join_member(py_net_Object *self, PyObject *args, PyObjec
+ WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE |
+ WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED;
+ r->in.msg_ctx = cmdline_messaging_context(get_dyn_CONFIGFILE());
++ r->in.debug = debug;
+ c->opt_user_name = r->in.admin_account;
+ c->opt_password = r->in.admin_password;
+ c->opt_kerberos = r->in.use_kerberos;
+@@ -184,7 +185,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa
+ struct libnet_UnjoinCtx *r = NULL;
+ WERROR werr;
+ TALLOC_CTX *mem_ctx;
+- bool keep_account = false;
++ int keep_account = false, debug = false;
+ const char *kwnames[] = { "keepAccount", "debug", NULL };
+
+ mem_ctx = talloc_new(self->mem_ctx);
+@@ -207,7 +208,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "|pp:Leave",
+ discard_const_p(char *, kwnames),
+- &keep_account, &r->in.debug)) {
++ &keep_account, &debug)) {
+ talloc_free(mem_ctx);
+ PyErr_FromString(_("Invalid arguments\n"));
+ return NULL;
+@@ -219,6 +220,7 @@ static PyObject *py_net_leave(py_net_Object *self, PyObject *args, PyObject *kwa
+ r->in.admin_account = cli_credentials_get_username(self->creds);
+ r->in.admin_password = cli_credentials_get_password(self->creds);
+ r->in.modify_config = lp_config_backend_is_registry();
++ r->in.debug = debug;
+
+ /*
+ * Try to delete it, but if that fails, disable it. The
+--
+2.30.2
+
=====================================
debian/patches/series
=====================================
@@ -19,3 +19,5 @@ silence-waf-uselib_local.diff
disable-setuid-confchecks.patch
move-msg.sock-from-var-lib-samba-to-run-samba.patch
testparm-do-not-fail-if-pid-dir-does-not-exist.patch
+add-missing-libs-deps.diff
+fix-samba-tool-domain-join-segfault.patch
=====================================
debian/patches/testparm-do-not-fail-if-pid-dir-does-not-exist.patch
=====================================
@@ -1,11 +1,46 @@
+From 68fe6de9aeca04c252d1d89165802e0fa981d28c Mon Sep 17 00:00:00 2001
From: Michael Tokarev <mjt at tls.msk.ru>
Date: Tue, 26 Apr 2022 16:14:38 +0300
-Subject: testparam: do not fail if /run/samba does not exist
+Subject: testparm: do not fail if /run/samba does not exist
-https://lists.samba.org/archive/samba-technical/2022-April/137320.html
+testparm explicitly fails if $piddir or $lockdir does not exist.
+However, the daemons which actually use these directories, will
+create it on demand, there is no need to fail even simple testparm
+operations if the dirs are not there.
-We now can remove the tempfiles creation of /run/samba
+This change lets to (pre)configure samba without bothering to
+pre-create the directories which are overwise needed only to fullfil
+testparm criteria.
+Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+---
+ python/samba/netcmd/testparm.py | 6 ++----
+ source3/utils/testparm.c | 6 ++----
+ 2 files changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/python/samba/netcmd/testparm.py b/python/samba/netcmd/testparm.py
+index b44dea1f141..6fecbb15303 100644
+--- a/python/samba/netcmd/testparm.py
++++ b/python/samba/netcmd/testparm.py
+@@ -142,14 +142,12 @@ class cmd_testparm(Command):
+ lockdir = lp.get("lockdir")
+
+ if not os.path.isdir(lockdir):
+- logger.error("lock directory %s does not exist", lockdir)
+- valid = False
++ logger.warning("lock directory %s does not exist", lockdir)
+
+ piddir = lp.get("pid directory")
+
+ if not os.path.isdir(piddir):
+- logger.error("pid directory %s does not exist", piddir)
+- valid = False
++ logger.warning("pid directory %s does not exist", piddir)
+
+ winbind_separator = lp.get("winbind separator")
+
+diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
+index 71bc4c2694e..4916a665c02 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
@@ -326,9 +326,8 @@ static int do_global_checks(void)
@@ -30,3 +65,6 @@ We now can remove the tempfiles creation of /run/samba
}
if (lp_passdb_expand_explicit()) {
+--
+2.30.2
+
=====================================
debian/patches/weak-crypto-allowed-clarify.diff
=====================================
@@ -1,28 +1,49 @@
-Subject: testparm: clarify "weak crypto is allowed" message
+From 1c2639a5468e11909c9cebe0f3a3dc7e13ef3811 Mon Sep 17 00:00:00 2001
From: Michael Tokarev <mjt at tls.msk.ru>
-Date: Fri, 01 Apr 2022 09:56:55 +0300
-Bug-Debian: https://bugs.debian.org/975882
-Bug: https://bugzilla.samba.org/show_bug.cgi?id=14583
+Date: Fri, 20 May 2022 09:48:32 +0300
+Subject: [PATCH] testparm: clarify "Weak crypto is allowed" message
-This message makes people think there's some issue with their
-smb.conf settings which allows weak crypto to be used while
-communicating with (windows) clients. This actually is not
-the case, the message says weak algorithms are allowed by the
-gnutls _library_, not by smb.conf. Clarify the message to
-avoid confusion.
+The message testparm prints about weak crypto is really
+misleading: "Weak crypto is allowed" is often interpreted
+in a way that smb.conf settings are bad by allowing weak
+crypto. While the actual meaning is about the ability to
+fall back to weaker crypto for (backwards) compatibility,
+and this has nothing to do with samba settings, it is the
+gnutls settings. Clarify both of these, and eliminate an
+if() and a local variable.
Signed-off-by: Michael Tokarev <mjt at tls.msk.ru>
+---
+ source3/utils/testparm.c | 9 ++-------
+ 1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c
-index 58ba46bc15f..4d419fd4805 100644
+index 71bc4c2694e..b32ba05322c 100644
--- a/source3/utils/testparm.c
+++ b/source3/utils/testparm.c
-@@ -875,7 +875,7 @@ static void do_per_share_checks(int s)
- } else {
- weak_crypo_str = "disallowed";
- }
+@@ -735,7 +735,6 @@ static void do_per_share_checks(int s)
+ const char *caddr;
+ static int show_defaults;
+ static int skip_logic_checks = 0;
+- const char *weak_crypo_str = "";
+ bool ok;
+
+ struct poptOption long_options[] = {
+@@ -870,12 +869,8 @@ static void do_per_share_checks(int s)
+
+ fprintf(stderr,"Loaded services file OK.\n");
+
+- if (samba_gnutls_weak_crypto_allowed()) {
+- weak_crypo_str = "allowed";
+- } else {
+- weak_crypo_str = "disallowed";
+- }
- fprintf(stderr, "Weak crypto is %s\n", weak_crypo_str);
-+ fprintf(stderr, "Weak crypto is %s by gnutls library\n", weak_crypo_str);
++ fprintf(stderr, "Weak crypto is %sallowed (compatibility fallback; gnutls setting)\n",
++ samba_gnutls_weak_crypto_allowed() ? "" : "dis");
if (skip_logic_checks == 0) {
ret = do_global_checks();
+--
+2.30.2
+
=====================================
debian/rules
=====================================
@@ -56,6 +56,7 @@ conf_args = \
--with-gpgme \
--enable-avahi \
--enable-spotlight \
+ --with-profiling-data \
--disable-rpath --disable-rpath-install \
--with-shared-modules=idmap_rid,idmap_ad,idmap_adex,idmap_hash,idmap_ldap,idmap_tdb2,vfs_dfs_samba4,auth_samba4,vfs_nfs4acl_xattr \
--bundled-libraries=NONE,pytevent,ldb \
@@ -269,7 +270,6 @@ override_dh_installsystemd:
# debian/smbclient/usr/bin/findsmb
execute_after_dh_fixperms-arch:
- $(call ifpkg, samba, chmod 1777 debian/samba/var/spool/samba/)
$(call ifpkg, smbclient, chmod 0700 debian/smbclient/usr/libexec/samba/smbspool_krb5_wrapper)
override_dh_makeshlibs:
=====================================
debian/samba.dirs
=====================================
@@ -9,4 +9,3 @@ var/lib/samba/printers/W32PPC
var/lib/samba/printers/W32X86
var/lib/samba/printers/WIN40
var/lib/samba/printers/x64
-var/spool/samba
=====================================
debian/samba.postinst
=====================================
@@ -102,4 +102,21 @@ then
rmdir $dir
fi
+# remove old spool directory (point it to /var/tmp if in use)
+dir=/var/spool/samba
+if [ configure = "$1" -a ! -L $dir ] &&
+ dpkg --compare-versions "$2" lt-nl 2:4.16.1+dfsg-5~
+then
+ if [ -d $dir ]; then
+ echo "W: removing old samba print spool $dir" >&2
+ rm -rf $dir
+ fi
+ used=$(testparm -s --section-name=printers --parameter-name=path 2>/dev/null || :)
+ if [ $dir = "$used" ]; then
+ echo "W: $dir is referenced in smb.conf [printers] section." >&2
+ echo "W: redirecting $dir to /var/tmp. Please update your smb.conf" >&2
+ ln -s ../tmp $dir
+ fi
+fi
+
exit 0
=====================================
debian/samba.postrm
=====================================
@@ -17,6 +17,10 @@ if [ "$1" = purge ]; then
if [ -f /etc/apparmor.d/samba/smbd-shares ]; then
rm /etc/apparmor.d/samba/smbd-shares
fi
+
+ # compat symlink for a dir used for print jobs in the past
+ rm -f /var/spool/samba
+
fi
#DEBHELPER#
=====================================
debian/smb.conf
=====================================
@@ -213,7 +213,7 @@
[printers]
comment = All Printers
browseable = no
- path = /var/spool/samba
+ path = /var/tmp
printable = yes
guest ok = no
read only = yes
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/5bc9aa1da05e1d8509e4d26ac1792409db24c02e...94e8d856e6da244db6f022611fc6aacc9d09c6a3
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/5bc9aa1da05e1d8509e4d26ac1792409db24c02e...94e8d856e6da244db6f022611fc6aacc9d09c6a3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220526/b9cc8beb/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list