[Pkg-samba-maint] Bug#454770: Bug#454770: schannel_store.tdb should not be kept in /etc/samba
Steve Langasek
vorlon at debian.org
Sun Apr 14 18:08:47 UTC 2013
On Sun, Apr 14, 2013 at 05:06:49PM +0200, Christian PERRIER wrote:
> tags 454770 patch
> thanks
>
> Quoting Olaf Conradi (olaf at conradi.org):
> > Package: samba
> > Version: 2:3.6.6-5
> > Severity: normal
> >
> > I'm using version 3.6 of Samba and I noticed schannel_store.tdb was in
> > /etc/samba. After moving it to /var/lib/samba it was recreated in
> > /etc/samba.
> >
> > Is this a regression? According to this bug it should have been fixed in
> > samba 3.2
> Indeed.
> The bug probably came back indirectly when upstream changed the
> location of this file's use in their source.
> The attached patch should fix this again.
> Steve, would you mind ACKing it?
Reviewing the diff at the svn revision where this regression was introduced,
there are other parts of the patch that were also dropped: MACHINE.SID and
idmap2.tdb also no longer have their location being patched. Both of these
files still have references in the code, so the patch should be re-fixed to
handle them.
(MACHINE.SID, at least, is a legacy file that's being read but not written
for compatibility only, so we don't need to migrate it in the maintainer
script.)
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
> Index: debian/changelog
> ===================================================================
> --- debian/changelog (révision 4190)
> +++ debian/changelog (copie de travail)
> @@ -1,3 +1,10 @@
> +samba (2:3.6.6-6) UNRELEASED; urgency=low
> +
> + * Move schannel_store.tdb out of /etc/samba to /var/lib/samba,
> + where it belongs according to the FHS. Closes: #454770.
> +
> + -- Christian Perrier <bubulle at debian.org> Sun, 14 Apr 2013 15:30:05 +0200
> +
> samba (2:3.6.6-5) unstable; urgency=high
>
> * Security update
> Index: debian/patches/fhs-filespaths.patch
> ===================================================================
> --- debian/patches/fhs-filespaths.patch (révision 4183)
> +++ debian/patches/fhs-filespaths.patch (copie de travail)
> @@ -63,3 +63,16 @@
> .sp
> Default:
> \fI\fIprivate dir\fR\fR\fI = \fR\fI${prefix}/private\fR\fI \fR
> +Index: samba/libcli/auth/schannel_state_tdb.c
> +===================================================================
> +--- samba.orig/libcli/auth/schannel_state_tdb.c
> ++++ samba/libcli/auth/schannel_state_tdb.c
> +@@ -40,7 +40,7 @@
> + const char *private_dir)
> + {
> + struct tdb_wrap *tdb_sc = NULL;
> +- char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", private_dir);
> ++ char *fname = talloc_asprintf(mem_ctx, "%s/schannel_store.tdb", get_dyn_STATEDIR());
> +
> + if (!fname) {
> + return NULL;
> Index: debian/samba.postinst
> ===================================================================
> --- debian/samba.postinst (révision 4183)
> +++ debian/samba.postinst (copie de travail)
> @@ -53,6 +53,14 @@
>
> # ------------------------- Debconf questions end ---------------------
>
> +if dpkg --compare-versions "$2" lt-nl 2:3.6.6-6 \
> + && dpkg --compare-versions "$2" ge 3.0.24 \
> + && [ -e /etc/samba/schannel_store.tdb ] \
> + && ! [ -e /var/lib/samba/schannel_store.tdb ]
> +then
> + mv /etc/samba/schannel_store.tdb /var/lib/samba/schannel_store.tdb
> +fi
> +
> # We want to add these entries to inetd.conf commented out. Otherwise
> # UDP traffic could make inetd to start nmbd or smbd right during
> # the configuration stage.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20130414/ea2e73d0/attachment-0001.pgp>
More information about the Pkg-samba-maint
mailing list