Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (11)
#! /bin/sh
# Check if the given service (smb|nmb|winbind|samba)
# should be run according to the settings in smb.conf
[ -f /etc/samba/smb.conf ] || exit 1
server_role=$(testparm -s --parameter-name="server role" 2>/dev/null)
[ "active directory domain controller" = "$server_role" ] \
&& addc=1 || addc=0
case "$1" in
( smb | smbd )
exit $addc
;;
( winbind | winbindd )
exit $addc
;;
( nmb | nmbd )
[ "$addc" = 1 ] && exit 1
disable_netbios=$(testparm -s --parameter-name="disable netbios" 2>/dev/null)
[ Yes = "$disable_netbios" ] && exit 1 || exit 0
;;
( samba | samba-ad-dc )
# source4/samba/server.c checks for other parameters too, even if !AD-DC
# Should we support these?
exit $((!$addc))
;;
( * )
echo "Wrong usage: should be smb|nmb|winbind|samba" >&2
exit 255
;;
esac
From 4481454d2cddc30adfdc4d2ba86412aa03817eef Mon Sep 17 00:00:00 2001
From: Andrew Walker <awalker@ixsystems.com>
Date: Mon, 19 Dec 2022 13:14:51 -0500
Subject: Reload registry shares after reloading services
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15266
Reloading the services file will remove all registry shares
breaking service enumeration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15266
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
---
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 8a0c63fd50e..08d34d51372 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -669,6 +669,11 @@ static WERROR init_srv_share_info_ctr(struct pipes_struct *p,
*/
reload_services(NULL, NULL, false);
+ /*
+ * After reloading services we need to reload registry shares
+ */
+ load_registry_shares();
+
num_services = lp_numservices();
allowed = talloc_zero_array(ctx, bool, num_services);
--
From 5c8e34cae96ee65d34da61801a0f04c562006369 Mon Sep 17 00:00:00 2001
From: Andrew <awalker@ixsystems.com>
Date: Fri, 16 Dec 2022 08:16:10 -0800
Subject: rpc_server:srvsvc - retrieve share ACL via root context
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15265
share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184
(cherry picked from commit 80c0b416892bfacc0d919fe032461748d7962f05)
---
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 233718ff310..fbc617c3ac1 100644
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -540,6 +540,7 @@ static bool is_hidden_share(int snum)
static bool is_enumeration_allowed(struct pipes_struct *p,
int snum)
{
+ bool allowed;
struct dcesrv_call_state *dce_call = p->dce_call;
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
@@ -556,9 +557,19 @@ static bool is_enumeration_allowed(struct pipes_struct *p,
return false;
}
- return share_access_check(session_info->security_token,
- lp_servicename(talloc_tos(), lp_sub, snum),
- FILE_READ_DATA, NULL);
+
+ /*
+ * share_access_check() must be opened as root
+ * because it ultimately gets a R/W db handle on share_info.tdb
+ * which has 0o600 permissions
+ */
+ become_root();
+ allowed = share_access_check(session_info->security_token,
+ lp_servicename(talloc_tos(), lp_sub, snum),
+ FILE_READ_DATA, NULL);
+ unbecome_root();
+
+ return allowed;
}
/****************************************************************************
--
2.34.1
......@@ -23,3 +23,5 @@ fruit-disable-useless-size_t-overflow-check.patch
meaningful-error-if-no-samba-ad-provision.patch
meaningful-error-if-no-python3-markdown.patch
ctdb-use-run-instead-of-var-run.patch
rpc_server_srvsvc-retrieve_share_ACL_via_root_context.patch
reload-registry-shares-after-reloading-services.patch
......@@ -83,6 +83,10 @@ config-args += \
--with-systemd \
--systemd-install-services \
--with-systemddir=/lib/systemd/system \
--systemd-smb-extra='ExecCondition=/usr/share/samba/is-configured smb' \
--systemd-nmb-extra='ExecCondition=/usr/share/samba/is-configured nmb' \
--systemd-winbind-extra='ExecCondition=/usr/share/samba/is-configured winbind' \
--systemd-samba-extra='ExecCondition=/usr/share/samba/is-configured samba' \
endif
......@@ -272,7 +276,8 @@ override_dh_auto_install-indep:
ifeq (${DEB_VENDOR}, Ubuntu)
patch debian/samba-common/usr/share/samba/smb.conf debian/smb.conf.ubuntu.diff
endif
install -Dp -m755 debian/panic-action -t debian/samba-common/usr/share/samba/
install -Dp -m0755 debian/panic-action -t debian/samba-common/usr/share/samba/
install -Dp -m0755 debian/is-configured -t debian/samba-common/usr/share/samba/
install -Dp -m0644 debian/gdbcommands -t debian/samba-common/etc/samba/
install -Dp -m0755 debian/samba-common.dhcp debian/samba-common/etc/dhcp/dhclient-enter-hooks.d/samba
# we wrongly have pam file in samba-common instead of samba
......
......@@ -12,73 +12,41 @@
# to clients
### END INIT INFO
PIDDIR=/run/samba
NMBDPID=$PIDDIR/nmbd.pid
NAME=nmbd
DAEMON=/usr/sbin/$NAME
PIDFILE=/run/samba/$NAME.pid
DESC="NetBIOS name server"
SCRIPT=nmbd
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/sbin/nmbd || exit 0
. /lib/lsb/init-functions
test -x $DAEMON || exit 0
/usr/share/samba/is-configured $NAME || exit 0
case $1 in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
[ -f /etc/default/samba ] && . /etc/default/samba
if [ -n `which testparm` ]
then
NMBD_DISABLED=`testparm -s --parameter-name='disable netbios' 2>/dev/null`
fi
if [ "$NMBD_DISABLED" != Yes ]; then
log_daemon_msg "Starting NetBIOS name server" nmbd
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/nmbd --pidfile $NMBDPID -- -D
then
log_end_msg 1
exit 1
fi
log_end_msg 0
fi
. /lib/lsb/init-functions
case "$1" in
(start)
log_daemon_msg "Starting $DESC" $NAME
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $NMBDOPTIONS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping NetBIOS name server" nmbd
start-stop-daemon --stop --quiet --pidfile $NMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $NMBDPID ] && ! ps h `cat $NMBDPID` > /dev/null
then
# Stale PID file (nmbd was succesfully stopped),
# remove it (should be removed by nmbd itself IMHO.)
rm -f $NMBDPID
fi
log_end_msg 0
(stop)
log_daemon_msg "Stopping $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
log_end_msg $?
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
(restart|force-reload)
$0 stop && sleep 1 && $0 start
;;
status)
status_of_proc -p $NMBDPID /usr/sbin/nmbd nmbd
exit $?
(status)
status_of_proc -p $PIDFILE $DAEMON $NAME
;;
*)
echo "Usage: /etc/init.d/nmbd {start|stop|restart|force-reload|status}"
(*)
echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
......@@ -6,12 +6,12 @@ nmbd_error_handler() {
if [ -d /sys/class/net/lo ] && ls /sys/class/net | grep -qv ^lo$; then
# https://bugs.debian.org/893762
echo 'WARNING: nmbd failed to start as there is no non-loopback interfaces available.'
echo 'Either add an interface or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
echo 'Either add an interface or set "disable netbios = yes" in smb.conf'
return 0
elif command -v ip > /dev/null && ip a show | grep '^[[:space:]]*inet ' | grep -vq ' lo$'; then
# https://bugs.debian.org/859526
echo 'WARNING: nmbd failed to start as there is no local IPv4 non-loopback interfaces available.'
echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf and run "systemctl mask nmbd"'
echo 'Either add an IPv4 address or set "disable netbios = yes" in smb.conf'
return 0
else
echo 'ERROR: nmbd failed to start.'
......@@ -19,38 +19,6 @@ nmbd_error_handler() {
fi
}
mask_services() {
local reason="$1"
shift
local masked_count=0
mkdir -p /etc/systemd/system
echo "${reason}: Masking $*"
echo "Please ignore the following error about deb-systemd-helper not finding those services."
while true; do
local service_name="$1"
if [ -z "$service_name" ]; then
break
fi
shift
if [ ! -e "/etc/systemd/system/${service_name}" ]; then
ln -s /dev/null "/etc/systemd/system/${service_name}"
echo "(${service_name} masked)"
masked_count=$((masked_count+1))
elif [ -h "/etc/systemd/system/${service_name}" ] \
&& [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
; then
echo "(${service_name} already masked)"
else
echo "WARNING ${service_name} should be masked. The install may fail."
fi
done
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
}
# We generate several files during the postinst, and we don't want
# them to be readable only by root.
umask 022
......@@ -59,35 +27,42 @@ if [ configure = "$1" -a -z "$2" ] # only do this if not upgrading
then
# add the sambashare group; --force: ok if group already exist
groupadd --force --system sambashare
if [ ! -e /var/lib/samba/usershares ]
then
install -d -m 1770 -g sambashare /var/lib/samba/usershares
fi
dir=/var/lib/samba/usershares
[ -d $dir ] || install -d -m 1770 -g sambashare $dir
fi
mkdir -p /run/samba # shut up [samba-tool] testparm warning
# mimic source4/smbd/server.c and mask service before it fails
# NB: server role = active directory domain controller is what we need to properly support
# NB: server services = smb is not compiled in
# NB: dcerpc endpoint servers = remote is for developpement
# NB: dcerpc endpoint servers = mapiproxy is for OpenChange which is dead
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
SERVER_SERVICES=`samba-tool testparm --parameter-name="server services" 2>/dev/null | tail -1`
DCERPC_ENDPOINT_SERVERS=`samba-tool testparm --parameter-name="dcerpc endpoint servers" 2>/dev/null | tail -1`
DISABLE_NETBIOS=`samba-tool testparm --parameter-name="disable netbios" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ] \
&& ( echo "$SERVER_SERVICES" | grep -qv '\(^\|, \)smb\(,\|$\)' ) \
&& ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)remote\(,\|$\)' ) \
&& ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)mapiproxy\(,\|$\)' ) \
; then
mask_services "Samba is not being run as an AD Domain Controller" samba-ad-dc.service
# in 4.17.4+dfsg-3 we stopped masking services, unmask them here
if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
then
for s in nmbd smbd samba-ad-dc; do
if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ]
then
rm -f /etc/systemd/system/$s.service
fi
done
fi
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
mask_services "Samba is being run as an AD Domain Controller" smbd.service nmbd.service
elif [ "$DISABLE_NETBIOS" = Yes ]; then
mask_services "NetBIOS is disabled" nmbd.service
# remove old spool directory (point it to /var/tmp if in use)
dir=/var/spool/samba
if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
then
pat="^(\\s*path\\s*=\\s*)$dir"
if grep -q -E "$pat\\s*$" /etc/samba/smb.conf ; then
echo "W: fixing smb.conf, replacing $dir with /var/tmp" >&2
sed -ri "s|$pat\\s*$|\\1/var/tmp|" /etc/samba/smb.conf
fi
if [ -d $dir -a ! -L $dir ]; then
echo "W: removing old samba print spool $dir" >&2
rm -rf $dir
fi
# we can still have it in an include file (or have a subdir there?)
if testparm -s 2>/dev/null | grep -E "$pat\\b" >&2; then
echo "W: $dir is still referenced in smb.conf. Please update smb.conf" >&2
if [ ! -L $dir ]; then
echo "W: redirecting $dir to /var/tmp" >&2
ln -s ../tmp $dir
fi
fi
fi
#DEBHELPER#
......@@ -101,21 +76,4 @@ then
rmdir $dir
fi
# remove old spool directory (point it to /var/tmp if in use)
dir=/var/spool/samba
if [ configure = "$1" -a ! -L $dir ] &&
dpkg --compare-versions "$2" lt-nl 2:4.16.1+dfsg-5~
then
if [ -d $dir ]; then
echo "W: removing old samba print spool $dir" >&2
rm -rf $dir
fi
used=$(testparm -s --section-name=printers --parameter-name=path 2>/dev/null || :)
if [ $dir = "$used" ]; then
echo "W: $dir is referenced in smb.conf [printers] section." >&2
echo "W: redirecting $dir to /var/tmp. Please update your smb.conf" >&2
ln -s ../tmp $dir
fi
fi
exit 0
......@@ -10,30 +10,24 @@
# Description: Meta-service to provide AD and SMB/CIFS services to clients
### END INIT INFO
#
# Start/stops the Samba daemon (samba).
# Adapted from the Samba 3 packages.
#
PIDDIR=/run/samba
SAMBAPID=$PIDDIR/samba.pid
NAME=samba
DAEMON=/usr/sbin/$NAME
PIDFILE=/run/samba/$NAME.pid
DESC="Samba AD DC server"
SCRIPT=samba-ad-dc
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon and the config file are there
test -x /usr/sbin/samba -a -r /etc/samba/smb.conf || exit 0
test -x $DAEMON || exit 0
/usr/share/samba/is-configured $NAME || exit 0
[ -f /etc/default/samba ] && . /etc/default/samba
. /lib/lsb/init-functions
case "$1" in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ]; then
exit 0
fi
(start)
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
......@@ -47,47 +41,23 @@ case "$1" in
exit 1
fi
fi
log_daemon_msg "Starting Samba AD DC daemon" "samba"
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/samba --pidfile $SAMBAPID -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
log_daemon_msg "Starting $DESC" $NAME
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SAMBAOPTIONS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping Samba AD DC daemon" "samba"
start-stop-daemon --stop --quiet --pidfile $SAMBAPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SAMBAPID ] && ! ps h `cat $SAMBAPID` > /dev/null
then
# Stale PID file (samba was succesfully stopped),
# remove it (should be removed by samba itself IMHO.)
rm -f $SAMBAPID
fi
log_end_msg 0
(stop)
log_daemon_msg "Stopping $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
log_end_msg $?
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
(restart|force-reload)
$0 stop && sleep 1 && $0 start
;;
status)
status_of_proc -p $SAMBAPID /usr/sbin/samba samba
exit $?
(status)
status_of_proc -p $PIDFILE $DAEMON $NAME
;;
*)
echo "Usage: /etc/init.d/samba-ad-dc {start|stop|restart|force-reload|status}"
(*)
echo "Usage: /etc/init.d/$SCRIPT {start|stop|restart|force-reload|status}"
exit 1
;;
esac
exit 0
......@@ -12,78 +12,50 @@
# Description: server to provide SMB/CIFS services to clients
### END INIT INFO
PIDDIR=/run/samba
SMBDPID=$PIDDIR/smbd.pid
NAME=smbd
DAEMON=/usr/sbin/$NAME
PIDFILE=/run/samba/$NAME.pid
DESC="Samba SMB/CIFS daemon"
SCRIPT=smbd
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemons are there
test -x /usr/sbin/smbd || exit 0
test -x $DAEMON || exit 0
/usr/share/samba/is-configured $NAME || exit 0
. /lib/lsb/init-functions
[ -f /etc/default/samba ] && . /etc/default/samba
case $1 in
start)
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
. /lib/lsb/init-functions
# Update /etc/apparmor.d/local/usr.sbin.smbd-shares
case "$1" in
(start)
# Update /etc/apparmor.d/samba/smbd-shares
if [ -x /usr/share/samba/update-apparmor-samba-profile ]; then
/usr/share/samba/update-apparmor-samba-profile || exit $?
fi
log_daemon_msg "Starting SMB/CIFS daemon" smbd
# Make sure we have our PIDDIR, even if it's on a tmpfs
install -o root -g root -m 755 -d $PIDDIR
if ! start-stop-daemon --start --quiet --oknodo --exec /usr/sbin/smbd --pidfile $SMBDPID -- -D; then
log_end_msg 1
exit 1
fi
log_end_msg 0
log_daemon_msg "Starting $DESC" $NAME
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $SMBDOPTIONS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping SMB/CIFS daemon" smbd
start-stop-daemon --stop --quiet --pidfile $SMBDPID
# Wait a little and remove stale PID file
sleep 1
if [ -f $SMBDPID ] && ! ps h `cat $SMBDPID` > /dev/null
then
# Stale PID file, remove it (should be removed by
# smbd itself IMHO).
rm -f $SMBDPID
fi
log_end_msg 0
(stop)
log_daemon_msg "Stopping $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
log_end_msg $?
;;
reload)
log_daemon_msg "Reloading /etc/samba/smb.conf" smbd
start-stop-daemon --stop --quiet --signal HUP --pidfile $SMBDPID
log_end_msg 0
(reload)
log_daemon_msg "Reloading $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP
log_end_msg $?
;;
restart|force-reload)
$0 stop
sleep 1
$0 start
(restart|force-reload)
$0 stop && sleep 1 && $0 start
;;
status)
status_of_proc -p $SMBDPID /usr/sbin/smbd smbd
exit $?
(status)
status_of_proc -p $PIDFILE $DAEMON $NAME
;;
*)
echo "Usage: /etc/init.d/smbd {start|stop|reload|restart|force-reload|status}"
(*)
echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
exit 0
......@@ -11,52 +11,47 @@
# Description: Name Service Switch daemon for resolving names from NT servers
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
[ -r /etc/default/winbind ] && . /etc/default/winbind
DAEMON=/usr/sbin/winbindd
PIDDIR=/run/samba
WINBINDPID=$PIDDIR/winbindd.pid
NAME=winbindd
DAEMON=/usr/sbin/$NAME
PIDFILE=/run/samba/$NAME.pid
DESC="Samba Winbind daemon"
SCRIPT=winbind
# clear conflicting settings from the environment
unset TMPDIR
# See if the daemon is there
test -x $DAEMON || exit 0
/usr/share/samba/is-configured $NAME || exit 0
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
exit 0
fi
[ -r /etc/default/samba ] && . /etc/default/samba
[ -r /etc/default/$SCRIPT ] && . /etc/default/$SCRIPT
. /lib/lsb/init-functions
case "$1" in
start)
log_daemon_msg "Starting the Winbind daemon" "winbind"
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID -- $WINBINDD_OPTS
(start)
log_daemon_msg "Starting $DESC" $NAME
start-stop-daemon --start --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE -- -D $WINBINDD_OPTS $WINBINDOPTIONS
log_end_msg $?
;;
stop)
log_daemon_msg "Stopping the Winbind daemon" "winbind"
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $WINBINDPID
(stop)
log_daemon_msg "Stopping $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE
log_end_msg $?
;;
restart|force-reload)
$0 stop && sleep 2 && $0 start
(reload)
log_daemon_msg "Reloading $DESC" $NAME
start-stop-daemon --stop --quiet --oknodo --exec $DAEMON --pidfile $PIDFILE --signal HUP
log_end_msg $?
;;
status)
status_of_proc -p $WINBINDPID $DAEMON winbind && exit 0 || exit $?
(restart|force-reload)
$0 stop && sleep 1 && $0 start
;;
(status)
status_of_proc -p $PIDFILE $DAEMON $NAME
;;
*)
echo "Usage: /etc/init.d/winbind {start|stop|restart|force-reload|status}"
(*)
echo "Usage: /etc/init.d/$SCRIPT {start|stop|reload|restart|force-reload|status}"
exit 1
;;
esac
......@@ -2,51 +2,23 @@
set -e
mask_services() {
local reason="$1"
shift
local masked_count=0
mkdir -p /etc/systemd/system
echo "${reason}: Masking $*"
echo "Please ignore the following error about deb-systemd-helper not finding those services."
while true; do
local service_name="$1"
if [ -z "$service_name" ]; then
break
fi
shift
if [ ! -e "/etc/systemd/system/${service_name}" ]; then
ln -s /dev/null "/etc/systemd/system/${service_name}"
echo "(${service_name} masked)"
masked_count=$((masked_count+1))
elif [ -h "/etc/systemd/system/${service_name}" ] \
&& [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
; then
echo "(${service_name} already masked)"
else
echo "WARNING ${service_name} should be masked. The install may fail."
# in 4.17.4+dfsg-3 we stopped masking services, unmask them here
if [ configure = "$1" ] && dpkg --compare-versions "$2" lt-nl 2:4.17.4+dfsg-3~
then
for s in winbind; do
if [ /dev/null = $(realpath /etc/systemd/system/$s.service) ]
then
rm -f /etc/systemd/system/$s.service
fi
done
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
}
# groupadd --force: ok if group already exist
groupadd --system --force winbindd_priv
winbindd_privileged_socket_directory='/var/lib/samba/winbindd_privileged'
mkdir -pv "$winbindd_privileged_socket_directory"
chgrp -c winbindd_priv "$winbindd_privileged_socket_directory"
chmod -c 0750 "$winbindd_privileged_socket_directory"
mkdir -p /run/samba # shut up [samba-tool] testparm warning
fi
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
mask_services "Samba is being run as an AD Domain Controller" winbind.service
if [ configure = "$1" -a ! "$2" ] # only do this if not upgrading
then
# groupadd --force: ok if group already exist
groupadd --system --force winbindd_priv
dir=/var/lib/samba/winbindd_privileged
[ -d $dir ] || install -d -m 0750 -g winbindd_priv $dir
fi
#DEBHELPER#