Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (3)
samba (2:4.8.0+dfsg-2) UNRELEASED; urgency=medium
* Remove unused and outdated debian/README.debian (debian/README.Debian is
used instead)
* Mask services as appropriate in samba and winbind postinst (Closes: #863285)
- mask samba-ad-dc unless server role = active directory domain controller
(as before)
- mask smbd and nmbd when server role = active directory domain controller
- mask nmbd when disable netbios = yes (Closes: #866125)
* Set smbspool_krb5_wrapper permissions to 0700 (Closes: #894720, #372270)
-- Mathieu Parent <sathieu@debian.org> Sat, 07 Apr 2018 11:56:32 +0200
samba (2:4.8.0+dfsg-1) experimental; urgency=medium
[ Mathieu Parent ]
......
......@@ -218,6 +218,9 @@ endif
ifneq (,$(filter samba, $(shell dh_listpackages)))
chmod 1777 debian/samba/var/spool/samba/
endif
ifneq (,$(filter smbclient, $(shell dh_listpackages)))
chmod 0700 debian/smbclient/usr/lib/*/samba/smbspool_krb5_wrapper
endif
override_dh_missing:
dh_missing --fail-missing
......
#!/bin/sh
#
# Post-installation script for the Samba package for Debian GNU/Linux
#
#
set -e
mask_services() {
local reason="$1"
shift
local masked_count=0
mkdir -p /etc/systemd/system
echo "${reason}: Masking $*"
echo "Please ignore the following error about deb-systemd-helper not finding those services."
while true; do
local service_name="$1"
if [ -z "$service_name" ]; then
break
fi
shift
if [ ! -e "/etc/systemd/system/${service_name}" ]; then
ln -s /dev/null "/etc/systemd/system/${service_name}"
echo "(${service_name} masked)"
masked_count=$((masked_count+1))
elif [ -h "/etc/systemd/system/${service_name}" ] \
&& [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
; then
echo "(${service_name} already masked)"
else
echo "WARNING ${service_name} should be masked. The install may fail."
fi
done
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
}
# We generate several files during the postinst, and we don't want
# them to be readable only by root.
umask 022
......@@ -36,31 +64,28 @@ then
fi
# mimic source4/smbd/server.c and mask service before it fails
# NB: server role = active directory domain controller is what we need to properly support
# NB: server services = smb is not compiled in
# NB: dcerpc endpoint servers = remote is for developpement
# NB: dcerpc endpoint servers = mapiproxy is for OpenChange which is dead
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
SERVER_SERVICES=`samba-tool testparm --parameter-name="server services" 2>/dev/null | tail -1`
DCERPC_ENDPOINT_SERVERS=`samba-tool testparm --parameter-name="dcerpc endpoint servers" 2>/dev/null | tail -1`
DISABLE_NETBIOS=`samba-tool testparm --parameter-name="disable netbios" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" != "active directory domain controller" ] \
&& ( echo "$SERVER_SERVICES" | grep -qv '\(^\|, \)smb\(,\|$\)' ) \
&& ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)remote\(,\|$\)' ) \
&& ( echo "$DCERPC_ENDPOINT_SERVERS" | grep -qv '\(^\|, \)mapiproxy\(,\|$\)' ) \
; then
if [ ! -e /etc/systemd/system/samba-ad-dc.service ]; then
mkdir -p /etc/systemd/system
echo "Samba is not being run as an AD Domain Controller, masking samba-ad-dc.service."
echo "Please ignore the following error about deb-systemd-helper not finding samba-ad-dc.service."
ln -s /dev/null /etc/systemd/system/samba-ad-dc.service
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
elif [ -h /etc/systemd/system/samba-ad-dc.service ] \
&& [ "`realpath /etc/systemd/system/samba-ad-dc.service`" = /dev/null ] \
; then
echo "Samba is not being run as an AD Domain Controller."
echo "Please ignore the following error about deb-systemd-helper not finding samba-ad-dc.service."
fi
mask_services "Samba is not being run as an AD Domain Controller" samba-ad-dc.service
fi
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
mask_services "Samba is being run as an AD Domain Controller" smbd.service nmbd.service
elif [ "$DISABLE_NETBIOS" = Yes ]; then
mask_services "NetBIOS is disabled" nmbd.service
fi
#DEBHELPER#
exit 0
#! /bin/sh
#!/bin/sh
set -e
mask_services() {
local reason="$1"
shift
local masked_count=0
mkdir -p /etc/systemd/system
echo "${reason}: Masking $*"
echo "Please ignore the following error about deb-systemd-helper not finding those services."
while true; do
local service_name="$1"
if [ -z "$service_name" ]; then
break
fi
shift
if [ ! -e "/etc/systemd/system/${service_name}" ]; then
ln -s /dev/null "/etc/systemd/system/${service_name}"
echo "(${service_name} masked)"
masked_count=$((masked_count+1))
elif [ -h "/etc/systemd/system/${service_name}" ] \
&& [ "$(realpath /etc/systemd/system/${service_name})" = /dev/null ] \
; then
echo "(${service_name} already masked)"
else
echo "WARNING ${service_name} should be masked. The install may fail."
fi
done
# In case this system is running systemd, we make systemd reload the unit files
# to pick up changes.
if [ "${masked_count}" -ge 1 -a -d /run/systemd/system ] ; then
systemctl --system daemon-reload >/dev/null || true
fi
}
getent group winbindd_priv >/dev/null 2>&1 ||
addgroup --system --force-badname --quiet winbindd_priv
......@@ -10,4 +42,9 @@ mkdir -pv "$winbindd_privileged_socket_directory"
chgrp -c winbindd_priv "$winbindd_privileged_socket_directory"
chmod -c 0750 "$winbindd_privileged_socket_directory"
SERVER_ROLE=`samba-tool testparm --parameter-name="server role" 2>/dev/null | tail -1`
if [ "$SERVER_ROLE" = "active directory domain controller" ]; then
mask_services "Samba is being run as an AD Domain Controller" winbind.service
fi
#DEBHELPER#