From 92293a803cf17c1aa525b9bde7beb1daf954d202 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 30 May 2024 05:29:53 +0200 Subject: Adding debian version 2:4.20.1+dfsg-2. Signed-off-by: Daniel Baumann --- debian/TODO | 37 +++---- debian/addshare.py | 46 --------- debian/changelog | 33 ++++++ debian/control | 67 ++++++------ debian/not-installed | 3 + debian/patches/make-python-optional.diff | 25 +++++ debian/patches/series | 1 + debian/python3-samba.install | 5 + debian/rules | 4 - debian/samba-ad-dc.init | 63 ++++++++++++ debian/samba-ad-dc.install | 6 ++ debian/samba-ad-dc.service | 19 ++++ debian/samba-common-bin.NEWS | 9 ++ debian/samba-common-bin.install | 8 +- debian/samba-common-bin.lintian-override | 2 + debian/samba.NEWS | 10 ++ debian/samba.install | 11 -- debian/samba.samba-ad-dc.init | 63 ------------ debian/samba.samba-ad-dc.service | 19 ---- debian/setoption.py | 47 --------- debian/source_samba.py | 170 ------------------------------- 21 files changed, 227 insertions(+), 421 deletions(-) delete mode 100755 debian/addshare.py create mode 100644 debian/patches/make-python-optional.diff create mode 100644 debian/samba-ad-dc.init create mode 100644 debian/samba-ad-dc.install create mode 100644 debian/samba-ad-dc.service create mode 100644 debian/samba-common-bin.NEWS delete mode 100644 debian/samba.samba-ad-dc.init delete mode 100644 debian/samba.samba-ad-dc.service delete mode 100755 debian/setoption.py delete mode 100644 debian/source_samba.py (limited to 'debian') diff --git a/debian/TODO b/debian/TODO index 7671a1a..5d424a8 100644 --- a/debian/TODO +++ b/debian/TODO @@ -1,32 +1,25 @@ - This is an incomplete list of a number of issues that need to be fixed. - -TODOs before upload to unstable - - make a list of basic tests that should be done to ensure that the package is acceptable for unstable (and run these tests) - investigate impact of changes to libraries to reverse dependencies and plan - transitions (if there are any) - - sssd - fixed in git (#725992) - - openchange - - evolution-mapi - -Other TODOs - -- handle ad-dc stuff - - have debconf question to configure ad dc - - the packaging from the old samba4/samba-ad-dc packages can help there - - convert the users to the new db, or document that this doesn't happen - automatically - -- what is the status of the docs? - - - documentation2.patch is upstream - - The former documentation.patch needs to be rewritten against the xml input + transitions (if there are any). + - sssd: uses libndr which changes soname without transition (semi-private lib) + Especially painful for backports. + We're now emitting proper soname for libndrN at least (before it was just part + of samba-libs), so breakage will be at least visible before installing new + samba-libs - Add script to verify that headers are usable through current dependencies (to prevent bugs like #525888) +- Investigate which binaries should go to which packages: + + - Some libs and shared objects are specific to samba-ad-dc + (eg usr/lib/x86_64-linux-gnu/samba/service/kdc, ntp_signd) + - dlz_*: should these go to samba-ad-dc too? multiarch dlz? + - samba_kcc: where should it go? + - samba-ad-client files: should samba-dnsupdate and samba-spnupdate + be there? + diff --git a/debian/addshare.py b/debian/addshare.py deleted file mode 100755 index 8b5e3c4..0000000 --- a/debian/addshare.py +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/python3 -# Helper to add a share in the samba configuration file -# Eventually this should be replaced by a call to samba-tool, but -# for the moment that doesn't support setting individual configuration options. - -import optparse -import os -import re -import shutil -import stat -import sys -import tempfile - -parser = optparse.OptionParser() -parser.add_option("--configfile", type=str, metavar="CONFFILE", - help="Configuration file to use", default="/etc/samba/smb.conf") - -(opts, args) = parser.parse_args() -if len(args) != 2: - parser.print_usage() - -(share, path) = args -done = False - -inf = open(opts.configfile, 'r') -(fd, fn) = tempfile.mkstemp() -outf = os.fdopen(fd, 'w') - -for l in inf.readlines(): - m = re.match(r"^\s*\[([^]]+)\]$", l) - if m: - name = m.groups(1)[0] - if name.lower() == share.lower(): - sys.exit(0) - outf.write(l) - -if not os.path.isdir(path): - os.makedirs(path) -outf.write("[%s]\n" % share) -outf.write(" path = %s\n" % path) -outf.write(" read only = no\n") -outf.write("\n") - -os.fchmod(fd, stat.S_IMODE(os.stat(opts.configfile).st_mode)) -outf.close() -shutil.move(fn, opts.configfile) diff --git a/debian/changelog b/debian/changelog index b67850e..57157bb 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,36 @@ +samba (2:4.20.1+dfsg-2) unstable; urgency=medium + + * move many files from samba package to samba-ad-dc package. + From now on, samba-ad-dc isn't just a meta-package, it is actually + needed for AD-DC functionality. If you run AD-DC, please ensure + that samba-ad-dc package is installed (it is not recommended by samba) + Closes: #1051770 + * move samba-tool and samba-gpupdate from samba-common-bin and samba + packages to python3-samba. This is an Active Directory stuff, not + needed for a stand-alone server or a client, but might be useful + for auth-only (neither file-server nor file-client) AD installs + Closes: #1068360 + * remove addshare.py, setoption.py and source_samba.py python scripts + These aren't used by samba packages and are hardly useful generally, esp. + having in mind their unusual locations. The apport hook (source_samba.py) + is mostly obsolete, it hasn't been updated for a very long time. + * add make-python-optional.diff, so python3 can be made optional + for samba-common-bin + * remove python3-samba and python from Depends of samba and samba-common-bin + packages, moving it to Recommends. This lets the user to install a stand- + alone samba file server without any Active Directory bits and even without + python interpreter + * d/samba.install: do not install samba_downgrade_db (to old pre-4.8 version) + * move smbcontrol binary from samba to samba-common-bin, + since it can also be used to control winbindd + * d/control: tdb-tools (tdbbackup) are run from python modules, + move from samba:Depends to python3-samba:Recommends + * d/control: samba: no need to depend on libpam-runtime or libpam-modules + * d/control: samba: no need to recommend samba-ad-provision + * debian/TODO: update a bit, remove many obsolete entries + + -- Michael Tokarev Sun, 26 May 2024 17:48:13 +0300 + samba (2:4.20.1+dfsg-1) unstable; urgency=medium * new upstream major release diff --git a/debian/control b/debian/control index 32249e8..9a13345 100644 --- a/debian/control +++ b/debian/control @@ -85,31 +85,18 @@ Package: samba Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: passwd, - libpam-modules, - libpam-runtime (>= 1.0.1-11), procps, - python3, - python3-dnspython, - python3-samba (= ${binary:Version}), samba-common (= ${source:Version}), samba-common-bin (=${binary:Version}), - tdb-tools, ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} Recommends: attr, - python3-markdown, - samba-dsdb-modules, samba-vfs-modules, - samba-ad-provision, -Suggests: bind9 (>= 1:9.5.1), - bind9utils, - ctdb, - ldb-tools, - ntp | chrony (>= 3.0-1), + python3-samba, +Suggests: ctdb, ufw, winbind -Enhances: bind9, ntp Breaks: samba-ad-provision (<< ${source:Upstream-Version}) Description: SMB/CIFS file, print, and login server for Unix Samba is an implementation of the SMB/CIFS protocol for Unix systems, @@ -172,21 +159,16 @@ Description: common files used by both the Samba server and client Package: samba-common-bin Architecture: any -Depends: python3, - python3-samba, - samba-common (=${source:Version}), - samba-libs (= ${binary:Version}), +Depends: samba-common (= ${source:Version}), ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} -Recommends: samba-dsdb-modules +Recommends: python3-samba, Suggests: heimdal-clients, - python3-markdown, - python3-dnspython -# moved samba-dcerpcd samba=>samba-common-bin in in 4.16.2+dfsg-1 # moved libnet-keytab-samba4.so.0 & libRPC-WORKER-samba4.so.0 samba-libs=>samba-common-bin in 4.19.0~r1 -Replaces: samba (<< 2:4.16.2+dfsg-1~), samba-libs (<< 2:4.19.0~) -Breaks: samba (<< 2:4.16.2+dfsg-1~), samba-libs (<< 2:4.19.0~) +# moved smbcontrol samba=>samba-common-bin in 4.20.0-2 +Replaces: samba (<< 2:4.20.1+dfsg-2~), samba-libs (<< 2:4.19.0~) +Breaks: samba (<< 2:4.20.1+dfsg-2~), samba-libs (<< 2:4.19.0~) Description: Samba common files used by both the server and the client Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file sharing with Microsoft Windows, OS X, @@ -198,17 +180,31 @@ Description: Samba common files used by both the server and the client package). Package: samba-ad-dc -Architecture: all +Architecture: any Multi-Arch: foreign Pre-Depends: ${misc:Pre-Depends} -Depends: samba (>= ${source:Version}~), samba-dsdb-modules, samba-vfs-modules, - winbind, - krb5-kdc (>= 1.21.0~) , - ${misc:Depends} +Depends: samba (= ${binary:Version}), + python3-samba (= ${binary:Version}), + python3-dnspython, + samba-dsdb-modules (= ${binary:Version}), + samba-vfs-modules (= ${binary:Version}), + winbind (= ${binary:Version}), + krb5-kdc (>= 1.21.0~) , + ${python3:Depends}, + ${shlibs:Depends}, + ${misc:Depends} Recommends: libnss-winbind, libpam-winbind, # samba-ad-provision is needed for setup only samba-ad-provision -Breaks: samba-ad-provision (<< ${source:Upstream-Version}) +Suggests: bind9 (>= 1:9.5.1), + bind9utils, + ldb-tools, + ntp | chrony (>= 3.0-1), +Enhances: bind9, ntp +Breaks: samba-ad-provision (<< ${source:Upstream-Version}), +# files moved from samba & samba-common-bin in 4.20.1-2: + samba (<< 2:4.20.1+dfsg-2~), samba-common-bin (<< 2:4.20.1+dfsg-2~), +Replaces: samba (<< 2:4.20.1+dfsg-2~), samba-common-bin (<< 2:4.20.1+dfsg-2~), Description: Samba control files to run AD Domain Controller Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file and printer sharing with @@ -318,10 +314,15 @@ Depends: python3-ldb, ${misc:Depends}, ${python3:Depends}, ${shlibs:Depends} +Breaks: +# samba-tool & samba-gpupdate moved from samba-common-bin & samba in 4.20.1-2: + samba-common-bin (<< 2:4.20.1+dfsg-2~), samba (<< 2:4.20.1+dfsg-2~), Replaces: + samba-common-bin (<< 2:4.20.1+dfsg-2~), samba (<< 2:4.20.1+dfsg-2~), # libsamba-policy & helpers and dckeytab python libs moved to python3-samba - samba-libs (<< 2:4.16.0+dfsg-1~), samba (<< 2:4.16.0+dfsg-1~) -Recommends: python3-gpg + samba-libs (<< 2:4.16.0+dfsg-1~), +Recommends: python3-gpg, + tdb-tools, Description: Python 3 bindings for Samba Samba is an implementation of the SMB/CIFS protocol for Unix systems, providing support for cross-platform file sharing with Microsoft Windows, OS X, diff --git a/debian/not-installed b/debian/not-installed index 4e8df92..98436ec 100644 --- a/debian/not-installed +++ b/debian/not-installed @@ -5,3 +5,6 @@ usr/share/samba/setup # new experimental windows search client usr/bin/wspsearch usr/share/man/man1/wspsearch.1 +# downgrade db to pre-4.8 version, hardly needed anymore: +usr/sbin/samba_downgrade_db +usr/share/man/man8/samba_downgrade_db.8 diff --git a/debian/patches/make-python-optional.diff b/debian/patches/make-python-optional.diff new file mode 100644 index 0000000..4cf50f6 --- /dev/null +++ b/debian/patches/make-python-optional.diff @@ -0,0 +1,25 @@ +From: Michael Tokarev +Subject: samba-log-parser: make python optional +Date: Sun, 26 May 2024 14:40:40 +0300 +Forwarded: not-needed +Debian-Specific: yes + +samba-log-parser is a rarely used utility written in python. +It is the only python program in the samba-common-bin package. +By using this simple trick (wrapping the script into #!/bin/sh) +we can make the python package optional, to be able to install +minimal samba client. + +--- a/source3/script/samba-log-parser ++++ b/source3/script/samba-log-parser +@@ -1,4 +1,9 @@ +-#!/usr/bin/env python3 ++#! /bin/sh ++""":" ++[ -x /usr/bin/python3 ] && exec /usr/bin/python3 "$0" "$@" ++echo "This program requires python3. Please install python3 package to use it." >&2 ++exit 42 ++":""" + # + ####################################################################### + # diff --git a/debian/patches/series b/debian/patches/series index b06c91a..681595b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -25,3 +25,4 @@ silence-can-not-convert-group-sid.diff edns0.patch passchange-error-message.patch lower-dns-lookup-mismatch-messages.patch +make-python-optional.diff diff --git a/debian/python3-samba.install b/debian/python3-samba.install index 2a0e9a6..7eaff83 100644 --- a/debian/python3-samba.install +++ b/debian/python3-samba.install @@ -2,3 +2,8 @@ usr/lib/python3*/*-packages/samba usr/lib/*/libsamba-policy.cpython-*.so.* usr/lib/*/samba/libsamba-net.cpython-*.so.* usr/lib/*/samba/libsamba-python.cpython-*.so.0 + +usr/bin/samba-tool +usr/share/man/man8/samba-tool.8 +usr/sbin/samba-gpupdate +usr/share/man/man8/samba-gpupdate.8 diff --git a/debian/rules b/debian/rules index 5f49e1d..c6e5811 100755 --- a/debian/rules +++ b/debian/rules @@ -249,12 +249,8 @@ override_dh_auto_install-arch: # pam stuff install -Dp -m0644 debian/winbind.pam-config debian/tmp/usr/share/pam-configs/winbind mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libnss_* debian/tmp/lib/$(DEB_HOST_MULTIARCH)/ - # Debian goodies to set global option in smb.conf and add a share - install -p -m0755 debian/setoption.py -t debian/tmp/usr/share/samba/ - install -p -m0755 debian/addshare.py -t debian/tmp/usr/share/samba/ install -p -m755 debian/update-apparmor-samba-profile -t debian/tmp/usr/share/samba/ install -Dp -m0644 debian/samba.ufw.profile debian/tmp/etc/ufw/applications.d/samba - install -Dp -m0644 debian/source_samba.py -t debian/tmp/usr/share/apport/package-hooks/ # install-and-rename docs for ctdb (also arch-specific) mkdir -p debian/tmp/ctdb install -p ctdb/config/events/README debian/tmp/ctdb/README.notification diff --git a/debian/samba-ad-dc.init b/debian/samba-ad-dc.init new file mode 100644 index 0000000..d88ca31 --- /dev/null +++ b/debian/samba-ad-dc.init @@ -0,0 +1,63 @@ +#! /bin/sh + +### BEGIN INIT INFO +# Provides: samba-ad-dc +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Samba daemons for the AD DC +# Description: Meta-service to provide AD and SMB/CIFS services to clients +### END INIT INFO + +NAME=samba +DAEMON=/usr/sbin/$NAME +PIDFILE=/run/samba/$NAME.pid +DESC="Samba AD DC server" +SCRIPT=samba-ad-dc + +# clear conflicting settings from the environment +unset TMPDIR + +test -x $DAEMON || exit 0 +/usr/share/samba/is-configured $NAME || exit 0 + +[ -f /etc/default/samba ] && . /etc/default/samba + +. /lib/lsb/init-functions + +case "$1" in + (start) + # CVE-2013-4475 + KEYFILE=/var/lib/samba/private/tls/key.pem + if [ -e $KEYFILE ] + then + KEYPERMS=`stat -c %a $KEYFILE` + if [ "$KEYPERMS" != "600" ] + then + echo "wrong permission on $KEYFILE, must be 600" + echo "samba will not start (CVE-2013-4475)" + echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." + exit 1 + fi + fi + log_daemon_msg "Starting $DESC" $NAME + start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS + log_end_msg $? + ;; + (stop) + log_daemon_msg "Stopping $DESC" $NAME + start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE + log_end_msg $? + ;; + (restart|force-reload) + $0 stop && sleep 1 && $0 start + ;; + (status) + status_of_proc -p $PIDFILE $DAEMON $NAME + ;; + (*) + echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}" + exit 1 + ;; +esac diff --git a/debian/samba-ad-dc.install b/debian/samba-ad-dc.install new file mode 100644 index 0000000..baa0849 --- /dev/null +++ b/debian/samba-ad-dc.install @@ -0,0 +1,6 @@ +usr/sbin/samba +usr/share/man/man8/samba.8 +usr/sbin/samba_dnsupdate +usr/sbin/samba_spnupdate +usr/sbin/samba_upgradedns +usr/sbin/samba_kcc diff --git a/debian/samba-ad-dc.service b/debian/samba-ad-dc.service new file mode 100644 index 0000000..fdee735 --- /dev/null +++ b/debian/samba-ad-dc.service @@ -0,0 +1,19 @@ +[Unit] +Description=Samba AD Daemon +Documentation=man:samba(8) man:samba(7) man:smb.conf(5) +Wants=network-online.target +After=network.target network-online.target + +[Service] +Type=notify +PIDFile=/run/samba/samba.pid +LimitNOFILE=16384 +EnvironmentFile=-/etc/default/samba +ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS +ExecReload=/bin/kill -HUP $MAINPID +ExecCondition=/usr/share/samba/is-configured samba + +[Install] +WantedBy=multi-user.target +# Upstream name: +Alias=samba.service diff --git a/debian/samba-common-bin.NEWS b/debian/samba-common-bin.NEWS new file mode 100644 index 0000000..de3a2c9 --- /dev/null +++ b/debian/samba-common-bin.NEWS @@ -0,0 +1,9 @@ +samba (2:4.20.1+dfsg-1) unstable; urgency=medium + + The tool samba-tool (python-based) has been moved from samba-common-bin + to python3-samba package. This is to avoid dependency on python modules + for minimal samba client installation. If you rely on samba-tool, please + ensure that the (optional in some configurations) python3-samba package is + also installed. + + -- Michael Tokarev Sun, 26 May 2024 13:59:14 +0300 diff --git a/debian/samba-common-bin.install b/debian/samba-common-bin.install index 696aa04..0a95d76 100644 --- a/debian/samba-common-bin.install +++ b/debian/samba-common-bin.install @@ -3,25 +3,21 @@ usr/bin/net usr/bin/nmblookup usr/bin/samba-log-parser usr/bin/samba-regedit -usr/bin/samba-tool +usr/bin/smbcontrol usr/bin/smbpasswd usr/bin/testparm -usr/sbin/samba_kcc -usr/share/apport/package-hooks/source_samba.py usr/share/man/man1/dbwrap_tool.1 usr/share/man/man1/nmblookup.1 usr/share/man/man1/samba-log-parser.1 usr/share/man/man1/testparm.1 usr/share/man/man5/lmhosts.5 usr/share/man/man5/smb.conf.5 +usr/share/man/man1/smbcontrol.1 usr/share/man/man5/smbpasswd.5 usr/share/man/man7/samba.7 usr/share/man/man8/net.8 usr/share/man/man8/samba-regedit.8 -usr/share/man/man8/samba-tool.8 usr/share/man/man8/smbpasswd.8 -usr/share/samba/addshare.py -usr/share/samba/setoption.py # used by usr/bin/net only: usr/lib/*/samba/libnet-keytab-private-samba.so.0 # used by usr/libexec/samba/rpcd_*: diff --git a/debian/samba-common-bin.lintian-override b/debian/samba-common-bin.lintian-override index b8e510a..79287f6 100644 --- a/debian/samba-common-bin.lintian-override +++ b/debian/samba-common-bin.lintian-override @@ -1,2 +1,4 @@ # deliberate, a synonym for misspelled parameter samba-common-bin: typo-in-manual-page prefered preferred */man/man5/smb.conf.5* +# python script wrapped in #!/bin/sh +samba-common-bin: bash-term-in-posix-shell *usr/bin/samba-log-parser* diff --git a/debian/samba.NEWS b/debian/samba.NEWS index 5f4c14f..52d35c7 100644 --- a/debian/samba.NEWS +++ b/debian/samba.NEWS @@ -1,3 +1,13 @@ +samba (2:4.20.1+dfsg-2) unstable; urgency=medium + + Active Directory Domain Controller (AD-DC) functionality has been + split out of samba-the-file-server package into its own separate + package name samba-ad-dc. This includes the samba binary and a few + support executables. Please install samba-ad-dc package separately + if you need AD-DC functionality on your system. + + -- Michael Tokarev Sun, 26 May 2024 13:44:07 +0300 + samba (2:4.6.5+dfsg-5) unstable; urgency=medium The samba service has been removed. Use the individual services instead: diff --git a/debian/samba.install b/debian/samba.install index 498557c..e58aecf 100755 --- a/debian/samba.install +++ b/debian/samba.install @@ -6,7 +6,6 @@ usr/bin/oLschema2ldif usr/bin/pdbedit usr/bin/profiles usr/bin/sharesec -usr/bin/smbcontrol usr/bin/smbstatus usr/lib/*/samba/libHDB-SAMBA4-private-samba.so.0 usr/lib/*/samba/libgss-preauth-private-samba.so.0 @@ -18,27 +17,17 @@ usr/libexec/samba/samba-bgqd usr/lib/*/samba/service/*.so usr/sbin/eventlogadm usr/sbin/nmbd -usr/sbin/samba -usr/sbin/samba-gpupdate -usr/sbin/samba_dnsupdate -usr/sbin/samba_downgrade_db -usr/sbin/samba_spnupdate -usr/sbin/samba_upgradedns usr/sbin/smbd usr/share/man/man1/log2pcap.1 usr/share/man/man1/mvxattr.1 usr/share/man/man1/oLschema2ldif.1 usr/share/man/man1/profiles.1 usr/share/man/man1/sharesec.1 -usr/share/man/man1/smbcontrol.1 usr/share/man/man1/smbstatus.1 usr/share/man/man8/eventlogadm.8 usr/share/man/man8/nmbd.8 usr/share/man/man8/pdbedit.8 usr/share/man/man8/samba-bgqd.8 -usr/share/man/man8/samba_downgrade_db.8 -usr/share/man/man8/samba-gpupdate.8 -usr/share/man/man8/samba.8 usr/share/man/man8/smbd.8 usr/share/samba/admx/ usr/share/samba/mdssvc/elasticsearch_mappings.json diff --git a/debian/samba.samba-ad-dc.init b/debian/samba.samba-ad-dc.init deleted file mode 100644 index d88ca31..0000000 --- a/debian/samba.samba-ad-dc.init +++ /dev/null @@ -1,63 +0,0 @@ -#! /bin/sh - -### BEGIN INIT INFO -# Provides: samba-ad-dc -# Required-Start: $network $local_fs $remote_fs -# Required-Stop: $network $local_fs $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Samba daemons for the AD DC -# Description: Meta-service to provide AD and SMB/CIFS services to clients -### END INIT INFO - -NAME=samba -DAEMON=/usr/sbin/$NAME -PIDFILE=/run/samba/$NAME.pid -DESC="Samba AD DC server" -SCRIPT=samba-ad-dc - -# clear conflicting settings from the environment -unset TMPDIR - -test -x $DAEMON || exit 0 -/usr/share/samba/is-configured $NAME || exit 0 - -[ -f /etc/default/samba ] && . /etc/default/samba - -. /lib/lsb/init-functions - -case "$1" in - (start) - # CVE-2013-4475 - KEYFILE=/var/lib/samba/private/tls/key.pem - if [ -e $KEYFILE ] - then - KEYPERMS=`stat -c %a $KEYFILE` - if [ "$KEYPERMS" != "600" ] - then - echo "wrong permission on $KEYFILE, must be 600" - echo "samba will not start (CVE-2013-4475)" - echo "Removing all tls .pem files will cause an auto-regeneration with the correct permissions." - exit 1 - fi - fi - log_daemon_msg "Starting $DESC" $NAME - start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS - log_end_msg $? - ;; - (stop) - log_daemon_msg "Stopping $DESC" $NAME - start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE - log_end_msg $? - ;; - (restart|force-reload) - $0 stop && sleep 1 && $0 start - ;; - (status) - status_of_proc -p $PIDFILE $DAEMON $NAME - ;; - (*) - echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}" - exit 1 - ;; -esac diff --git a/debian/samba.samba-ad-dc.service b/debian/samba.samba-ad-dc.service deleted file mode 100644 index fdee735..0000000 --- a/debian/samba.samba-ad-dc.service +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=Samba AD Daemon -Documentation=man:samba(8) man:samba(7) man:smb.conf(5) -Wants=network-online.target -After=network.target network-online.target - -[Service] -Type=notify -PIDFile=/run/samba/samba.pid -LimitNOFILE=16384 -EnvironmentFile=-/etc/default/samba -ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS -ExecReload=/bin/kill -HUP $MAINPID -ExecCondition=/usr/share/samba/is-configured samba - -[Install] -WantedBy=multi-user.target -# Upstream name: -Alias=samba.service diff --git a/debian/setoption.py b/debian/setoption.py deleted file mode 100755 index a3f3695..0000000 --- a/debian/setoption.py +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/python3 -# Helper to set a global option in the samba configuration file -# Eventually this should be replaced by a call to samba-tool, but -# for the moment that doesn't support setting individual configuration options. - -import optparse -import os -import re -import shutil -import stat -import tempfile - -parser = optparse.OptionParser() -parser.add_option("--configfile", type=str, metavar="CONFFILE", - help="Configuration file to use", default="/etc/samba/smb.conf") - -(opts, args) = parser.parse_args() -if len(args) != 2: - parser.print_usage() - -(key, value) = args -inglobal = False -done = False - -inf = open(opts.configfile, 'r') -(fd, fn) = tempfile.mkstemp() -outf = os.fdopen(fd, 'w') - -for l in inf.readlines(): - m = re.match(r"^\s*\[([^]]+)\]$", l) - if m: - if inglobal and not done: - outf.write(" %s = %s\n" % (key, value)) - done = True - inglobal = (m.groups(1)[0] in ("global", "globals")) - elif inglobal and re.match(r"^(\s*)" + key + r"(\s*)=.*$", l): - l = re.sub(r"^(\s*)" + key + r"(\s*)=.*$", - r"\1" + key + r"\2=\2" + value, l) - done = True - outf.write(l) - -if not done: - outf.write("%s = %s\n" % (key, value)) - -os.fchmod(fd, stat.S_IMODE(os.stat(opts.configfile).st_mode)) -outf.close() -shutil.move(fn, opts.configfile) diff --git a/debian/source_samba.py b/debian/source_samba.py deleted file mode 100644 index 1d30625..0000000 --- a/debian/source_samba.py +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/python3 - -'''Samba Apport interface - -Copyright (C) 2010 Canonical Ltd/ -Author: Chuck Short - -This program is free software; you can redistribute it and/or modify it -under the terms of the GNU General Public License as published by the -Free Software Foundation; either version 2 of the License, or (at your -option) any later version. See http://www.gnu.org/copyleft/gpl.html for -the full text of the license. -''' - -import os -from subprocess import PIPE, Popen -from apport.hookutils import * - -def run_testparm(): - ''' - Run the samba testparm(1) utility against /etc/samba/smb.conf. - - We do not use apport's command_output() method here because: - - we need to discard stdout, as that includes smb.conf - - we want to know if its exit status is not zero, but that in itself - is not an error in the test itself. command_output() would say the - command failed and that would be confusing. - - Returns stderr and the exit code (as a string) of testparm as a tuple or - None in the case of an error. - ''' - command = ['testparm', '-s', '/etc/samba/smb.conf'] - try: - testparm = Popen(command, stdout=PIPE, stderr=PIPE) - except OSError: - return None - _, err = testparm.communicate() - exit_code = testparm.wait() - return (err, str(exit_code)) - - -def recent_smblog(pattern): - '''Extract recent messages from log.smbd or messages which match a regex - pattern should be a "re" object. ''' - lines = '' - if os.path.exists('/var/log/samba/log.smbd'): - file = '/var/log/samba/log.smbd' - else: - return lines - - for line in open(file): - if pattern.search(line): - lines += line - return lines - -def recent_nmbdlog(pattern): - ''' Extract recent messages from log.nmbd or messages which match regex - pattern should be a "re" object. ''' - lines = '' - if os.path.exists('/var/log/samba/log.nmbd'): - file = '/var/log/samba/log.nmbd' - else: - return lines - - for line in open(file): - if pattern.search(line): - lines += line - return lines - -def add_info(report, ui): - packages = ['samba', 'samba-common-bin', 'samba-common', 'samba-tools', 'smbclient', 'swat', - 'samba-doc', 'samba-doc-pdf', 'smbfs', 'libpam-smbpass', 'libsmbclient', 'libsmbclient-dev', - 'winbind', 'samba-dbg', 'libwbclient0'] - - versions = '' - for package in packages: - try: - version = packaging.get_version(package) - except ValueError: - version = 'N/A' - if version is None: - version = 'N/A' - versions += '%s %s\n' %(package, version) - report['SambaInstalledVersions'] = versions - - - # Interactive report - # start by checking if /etc/samba/smb.conf exists - if not os.path.exists ('/etc/samba/smb.conf'): - ui.information("The configuration file '/etc/samba/smb.conf' does not exist. This file, and its contents, are critical for the operation of the SAMBA package(s). A common situation for this is:\n * you removed (but did not purge) SAMBA;\n * later on, you (or somebody) manually deleted '/etc/samba/smb.conf;\n * you reinstalled SAMBA.\nAs a result, this file is *not* reinstalled. If this is your case, please purge samba-common (e.g., sudo apt-get purge samba-common) and then reinstall SAMBA.\nYou may want to check other sources, like: https://answers.launchpad.net, https://help.ubuntu.com, and http://ubuntuforums.org. Please press any key to end apport's bug collection.") - raise StopIteration # we are out - - ui.information("As a part of the bug reporting process, you'll be asked as series of questions to help provide a more descriptive bug report. Please answer the following questions to the best of your abilities. Afterwards, a browser will be opened to finish filing this as a bug in the Launchpad bug tracking system.") - - response = ui.choice("How would you best describe your setup?", ["I am running a Windows File Server.", "I am connecting to a Windows File Server."], False) - - if response == None: - raise StopIteration # user has canceled - elif response[0] == 0: #its a server - response = ui.yesno("Did this used to work properly with a previous release?") - if response == None: # user has canceled - raise StopIteration - if response == False: - report['SambaServerRegression'] = "No" - if response == True: - report['SambaServerRegression'] = 'Yes' - - response = ui.choice("Which clients are failing to connect?", ["Windows", "Ubuntu", "Both", "Other"], False) - if response == None: - raise StopIteration # user has canceled - if response[0] == 0: - report['UbuntuFailedConnect'] = 'Yes' - if response[0] == 1: - report['WindowsFailedConnect'] = 'Yes' - if response[0] == 2: - report['BothFailedConnect'] = 'Yes' - if response[0] == 3: - report['OtherFailedConnect'] = 'Yes' - - response = ui.yesno("The contents of your /etc/samba/smb.conf file may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?") - if response == None: - raise StopIteration - if response == False: - report['SmbConfIncluded'] = 'No' - if response == True: - report['SmbConfIncluded'] = 'Yes' - attach_file_if_exists(report, '/etc/samba/smb.conf', key='SMBConf') - if command_available('testparm') and os.path.exists('/etc/samba/smb.conf'): - testparm_result = run_testparm() - testparm_response = ui.yesno("testparm(1) is a samba utility that will check /etc/samba/smb.conf for correctness and report issues it may find. Do you want to include its stderr output in your bug report? If you answer no, then we will only include its numeric exit status.") - if testparm_response == None: - raise StopIteration - if testparm_response == True: - if testparm_result: - report['TestparmStderr'], report['TestparmExitCode'] = testparm_result - else: # only include the exit code - report['TestparmExitCode'] = testparm_result[1] - - response = ui.yesno("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd may help developers diagnose your bug more quickly. However, it may contain sensitive information. Do you want to include it in your bug report?") - if response == None: - raise StopIteration - elif response == False: - ui.information("The contents of your /var/log/samba/log.smbd and /var/log/samba/log.nmbd will NOT be included in the bug report.") - elif response == True: - sec_re = re.compile('failed', re.IGNORECASE) - report['SmbLog'] = recent_smblog(sec_re) - report['NmbdLog'] = recent_nmbdlog(sec_re) - - elif response[0] == 1: #its a client - response = ui.yesno("Did this used to work properly with a previous release?") - if response == None: #user has canceled - raise StopIteration - if response == False: - report['SambaClientRegression'] = "No" - if response == True: - report['SambaClientRegression'] = "Yes" - - response = ui.choice("How is the remote share accessed from the Ubuntu system?", ["Nautilus (or other GUI Client)", "smbclient (from the command line)", "cifs filesystem mount (from /etc/fstab or a mount command)"], False) - if response == None: #user has canceled - raise StopIteration - if response[0] == 0: - attach_related_packages(report, ['nautilus', 'gvfs']) - if response[0] == 1: - ui.information("Please attach the output of 'smbclient -L localhost' to the end of this bug report.") - if response[0] == 2: - report['CIFSMounts'] = command_output(['findmnt', '-n', '-t', 'cifs']) - if os.path.exists('/proc/fs/cifs/DebugData'): - report['CifsVersion'] = command_output(['cat', '/proc/fs/cifs/DebugData']) - - ui.information("After apport finishes collecting information, please document your steps to reproduce the issue when filling out the bug report.") -- cgit v1.2.3