[Pkg-samba-maint] Bug#454770: Bug#454770: Bug#454770: schannel_store.tdb should not be kept in /etc/samba

[Ivo De Decker]

Control: tags -1 - patch

Hi Steve,

On Sun, Apr 14, 2013 at 11:08:47AM -0700, Steve Langasek wrote:
> Reviewing the diff at the svn revision where this regression was introduced,
> there are other parts of the patch that were also dropped: MACHINE.SID and
> idmap2.tdb also no longer have their location being patched.  Both of these
> files still have references in the code, so the patch should be re-fixed to
> handle them.

Thanks for checking this.

I'm somewhat concerned about idmap2.tdb. If we get this one wrong, users can
get the wrong unix uid's, which could be very bad on a fileserver. If only
one version exists (in either /etc or /var/...)  there should be no problem,
but if both exist, it might be better to error out instead of picking one of
them. That would need a debconf notification explaining the situation, which
ideally would be translated as well.

This problem could happen if someone installed samba from squeeze, upgraded to
wheezy or backports, and then upgraded to the (future) final wheezy version.
Also note that a real world setup will go silently wrong on this first upgrade.

What do you think?

For schannel_store.tdb, I don't know the impact of suddenly moving back to an
old version (which would happen if there still was one left in /var/...). Can
someone shed some light on this? Is it better to remove it in this case?

> (MACHINE.SID, at least, is a legacy file that's being read but not written
> for compatibility only, so we don't need to migrate it in the maintainer
> script.)

It seems MACHINE.SID is deleted on startup by samba since before wheezy, so
this one should not cause any problems (if I read the code correctly).

I will try to do some tests with an idmap setup tonight.

Cheers,

Ivo