commit 977baf71008fd9c3dc6d87e030bb85091c6224af Author: Alan Mizrahi <alan+crux@mizrahi.com.ve> Date: Thu Sep 1 12:17:24 2016 +0900 [notify] samba: 4.2.1 -> 4.2.14, changed init scripts to ssd, updated, man path Fixes CVE-2016-2119 Client side SMB2/3 required signing can be downgraded Summary: A man in the middle attack can disable client signing over SMB2/3, even if enforced by configuration parameters. Details: https://www.samba.org/samba/security/CVE-2016-2119.html diff --git a/samba/.footprint b/samba/.footprint index 5762b68..32a1e7d 100644 --- a/samba/.footprint +++ b/samba/.footprint @@ -595,6 +595,7 @@ drwxr-xr-x root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/ -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/bare.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/dnsserver.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/misc.py +-rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/raw_protocol.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/registry.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/rpc_talloc.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/rpcecho.py @@ -606,7 +607,7 @@ drwxr-xr-x root/root usr/lib/python2.7/site-packages/samba/tests/dcerpc/ -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/docs.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/dsdb.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/gensec.py --rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/getopt.py +-rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/get_opt.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/hostconfig.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/libsmb_samba_internal.py -rw-r--r-- root/root usr/lib/python2.7/site-packages/samba/tests/messaging.py @@ -774,6 +775,7 @@ drwxr-xr-x root/root usr/lib/samba/vfs/ -rwxr-xr-x root/root usr/lib/samba/vfs/shadow_copy.so -rwxr-xr-x root/root usr/lib/samba/vfs/shadow_copy2.so -rwxr-xr-x root/root usr/lib/samba/vfs/smb_traffic_analyzer.so +-rwxr-xr-x root/root usr/lib/samba/vfs/snapper.so -rwxr-xr-x root/root usr/lib/samba/vfs/streams_depot.so -rwxr-xr-x root/root usr/lib/samba/vfs/streams_xattr.so -rwxr-xr-x root/root usr/lib/samba/vfs/syncops.so @@ -781,116 +783,117 @@ drwxr-xr-x root/root usr/lib/samba/vfs/ -rwxr-xr-x root/root usr/lib/samba/vfs/worm.so -rwxr-xr-x root/root usr/lib/samba/vfs/xattr_tdb.so -rwxr-xr-x root/root usr/lib/winbind_krb5_locator.so -drwxr-xr-x root/root usr/man/ -drwxr-xr-x root/root usr/man/man1/ --rw-r--r-- root/root usr/man/man1/dbwrap_tool.1.gz --rw-r--r-- root/root usr/man/man1/findsmb.1.gz --rw-r--r-- root/root usr/man/man1/log2pcap.1.gz --rw-r--r-- root/root usr/man/man1/nmblookup.1.gz --rw-r--r-- root/root usr/man/man1/ntlm_auth.1.gz --rw-r--r-- root/root usr/man/man1/pidl.1pm.gz --rw-r--r-- root/root usr/man/man1/profiles.1.gz --rw-r--r-- root/root usr/man/man1/rpcclient.1.gz --rw-r--r-- root/root usr/man/man1/sharesec.1.gz --rw-r--r-- root/root usr/man/man1/smbcacls.1.gz --rw-r--r-- root/root usr/man/man1/smbclient.1.gz --rw-r--r-- root/root usr/man/man1/smbcontrol.1.gz --rw-r--r-- root/root usr/man/man1/smbcquotas.1.gz --rw-r--r-- root/root usr/man/man1/smbget.1.gz --rw-r--r-- root/root usr/man/man1/smbstatus.1.gz --rw-r--r-- root/root usr/man/man1/smbtar.1.gz --rw-r--r-- root/root usr/man/man1/smbtree.1.gz --rw-r--r-- root/root usr/man/man1/testparm.1.gz --rw-r--r-- root/root usr/man/man1/vfstest.1.gz --rw-r--r-- root/root usr/man/man1/wbinfo.1.gz -drwxr-xr-x root/root usr/man/man3/ --rw-r--r-- root/root usr/man/man3/Parse::Pidl::Dump.3pm.gz --rw-r--r-- root/root usr/man/man3/Parse::Pidl::NDR.3pm.gz --rw-r--r-- root/root usr/man/man3/Parse::Pidl::Util.3pm.gz --rw-r--r-- root/root usr/man/man3/Parse::Pidl::Wireshark::Conformance.3pm.gz --rw-r--r-- root/root usr/man/man3/Parse::Pidl::Wireshark::NDR.3pm.gz -drwxr-xr-x root/root usr/man/man5/ --rw-r--r-- root/root usr/man/man5/lmhosts.5.gz --rw-r--r-- root/root usr/man/man5/pam_winbind.conf.5.gz --rw-r--r-- root/root usr/man/man5/smb.conf.5.gz --rw-r--r-- root/root usr/man/man5/smbgetrc.5.gz --rw-r--r-- root/root usr/man/man5/smbpasswd.5.gz -drwxr-xr-x root/root usr/man/man7/ --rw-r--r-- root/root usr/man/man7/libsmbclient.7.gz --rw-r--r-- root/root usr/man/man7/samba.7.gz --rw-r--r-- root/root usr/man/man7/winbind_krb5_locator.7.gz -drwxr-xr-x root/root usr/man/man8/ --rw-r--r-- root/root usr/man/man8/eventlogadm.8.gz --rw-r--r-- root/root usr/man/man8/idmap_ad.8.gz --rw-r--r-- root/root usr/man/man8/idmap_autorid.8.gz --rw-r--r-- root/root usr/man/man8/idmap_hash.8.gz --rw-r--r-- root/root usr/man/man8/idmap_ldap.8.gz --rw-r--r-- root/root usr/man/man8/idmap_nss.8.gz --rw-r--r-- root/root usr/man/man8/idmap_rfc2307.8.gz --rw-r--r-- root/root usr/man/man8/idmap_rid.8.gz --rw-r--r-- root/root usr/man/man8/idmap_tdb.8.gz --rw-r--r-- root/root usr/man/man8/idmap_tdb2.8.gz --rw-r--r-- root/root usr/man/man8/net.8.gz --rw-r--r-- root/root usr/man/man8/nmbd.8.gz --rw-r--r-- root/root usr/man/man8/pam_winbind.8.gz --rw-r--r-- root/root usr/man/man8/pdbedit.8.gz --rw-r--r-- root/root usr/man/man8/samba-regedit.8.gz --rw-r--r-- root/root usr/man/man8/samba-tool.8.gz --rw-r--r-- root/root usr/man/man8/samba.8.gz --rw-r--r-- root/root usr/man/man8/smbd.8.gz --rw-r--r-- root/root usr/man/man8/smbpasswd.8.gz --rw-r--r-- root/root usr/man/man8/smbspool.8.gz --rw-r--r-- root/root usr/man/man8/smbta-util.8.gz --rw-r--r-- root/root usr/man/man8/vfs_acl_tdb.8.gz --rw-r--r-- root/root usr/man/man8/vfs_acl_xattr.8.gz --rw-r--r-- root/root usr/man/man8/vfs_aio_fork.8.gz --rw-r--r-- root/root usr/man/man8/vfs_aio_linux.8.gz --rw-r--r-- root/root usr/man/man8/vfs_aio_pthread.8.gz --rw-r--r-- root/root usr/man/man8/vfs_audit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_btrfs.8.gz --rw-r--r-- root/root usr/man/man8/vfs_cacheprime.8.gz --rw-r--r-- root/root usr/man/man8/vfs_cap.8.gz --rw-r--r-- root/root usr/man/man8/vfs_catia.8.gz --rw-r--r-- root/root usr/man/man8/vfs_ceph.8.gz --rw-r--r-- root/root usr/man/man8/vfs_commit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_crossrename.8.gz --rw-r--r-- root/root usr/man/man8/vfs_default_quota.8.gz --rw-r--r-- root/root usr/man/man8/vfs_dirsort.8.gz --rw-r--r-- root/root usr/man/man8/vfs_extd_audit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_fake_perms.8.gz --rw-r--r-- root/root usr/man/man8/vfs_fileid.8.gz --rw-r--r-- root/root usr/man/man8/vfs_fruit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_full_audit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_glusterfs.8.gz --rw-r--r-- root/root usr/man/man8/vfs_gpfs.8.gz --rw-r--r-- root/root usr/man/man8/vfs_linux_xfs_sgid.8.gz --rw-r--r-- root/root usr/man/man8/vfs_media_harmony.8.gz --rw-r--r-- root/root usr/man/man8/vfs_netatalk.8.gz --rw-r--r-- root/root usr/man/man8/vfs_notify_fam.8.gz --rw-r--r-- root/root usr/man/man8/vfs_prealloc.8.gz --rw-r--r-- root/root usr/man/man8/vfs_preopen.8.gz --rw-r--r-- root/root usr/man/man8/vfs_readahead.8.gz --rw-r--r-- root/root usr/man/man8/vfs_readonly.8.gz --rw-r--r-- root/root usr/man/man8/vfs_recycle.8.gz --rw-r--r-- root/root usr/man/man8/vfs_scannedonly.8.gz --rw-r--r-- root/root usr/man/man8/vfs_shadow_copy.8.gz --rw-r--r-- root/root usr/man/man8/vfs_shadow_copy2.8.gz --rw-r--r-- root/root usr/man/man8/vfs_smb_traffic_analyzer.8.gz --rw-r--r-- root/root usr/man/man8/vfs_snapper.8.gz --rw-r--r-- root/root usr/man/man8/vfs_streams_depot.8.gz --rw-r--r-- root/root usr/man/man8/vfs_streams_xattr.8.gz --rw-r--r-- root/root usr/man/man8/vfs_syncops.8.gz --rw-r--r-- root/root usr/man/man8/vfs_time_audit.8.gz --rw-r--r-- root/root usr/man/man8/vfs_tsmsm.8.gz --rw-r--r-- root/root usr/man/man8/vfs_worm.8.gz --rw-r--r-- root/root usr/man/man8/vfs_xattr_tdb.8.gz --rw-r--r-- root/root usr/man/man8/vfs_zfsacl.8.gz --rw-r--r-- root/root usr/man/man8/winbindd.8.gz drwxr-xr-x root/root usr/sbin/ -rwxr-xr-x root/root usr/sbin/nmbd -rwxr-xr-x root/root usr/sbin/smbd -rwxr-xr-x root/root usr/sbin/winbindd drwxr-xr-x root/root usr/share/ +drwxr-xr-x root/root usr/share/man/ +drwxr-xr-x root/root usr/share/man/man1/ +-rw-r--r-- root/root usr/share/man/man1/dbwrap_tool.1.gz +-rw-r--r-- root/root usr/share/man/man1/findsmb.1.gz +-rw-r--r-- root/root usr/share/man/man1/log2pcap.1.gz +-rw-r--r-- root/root usr/share/man/man1/nmblookup.1.gz +-rw-r--r-- root/root usr/share/man/man1/ntlm_auth.1.gz +-rw-r--r-- root/root usr/share/man/man1/pidl.1pm.gz +-rw-r--r-- root/root usr/share/man/man1/profiles.1.gz +-rw-r--r-- root/root usr/share/man/man1/rpcclient.1.gz +-rw-r--r-- root/root usr/share/man/man1/sharesec.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbcacls.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbclient.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbcontrol.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbcquotas.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbget.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbstatus.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbtar.1.gz +-rw-r--r-- root/root usr/share/man/man1/smbtree.1.gz +-rw-r--r-- root/root usr/share/man/man1/testparm.1.gz +-rw-r--r-- root/root usr/share/man/man1/vfstest.1.gz +-rw-r--r-- root/root usr/share/man/man1/wbinfo.1.gz +drwxr-xr-x root/root usr/share/man/man3/ +-rw-r--r-- root/root usr/share/man/man3/Parse::Pidl::Dump.3pm.gz +-rw-r--r-- root/root usr/share/man/man3/Parse::Pidl::NDR.3pm.gz +-rw-r--r-- root/root usr/share/man/man3/Parse::Pidl::Util.3pm.gz +-rw-r--r-- root/root usr/share/man/man3/Parse::Pidl::Wireshark::Conformance.3pm.gz +-rw-r--r-- root/root usr/share/man/man3/Parse::Pidl::Wireshark::NDR.3pm.gz +drwxr-xr-x root/root usr/share/man/man5/ +-rw-r--r-- root/root usr/share/man/man5/lmhosts.5.gz +-rw-r--r-- root/root usr/share/man/man5/pam_winbind.conf.5.gz +-rw-r--r-- root/root usr/share/man/man5/smb.conf.5.gz +-rw-r--r-- root/root usr/share/man/man5/smbgetrc.5.gz +-rw-r--r-- root/root usr/share/man/man5/smbpasswd.5.gz +drwxr-xr-x root/root usr/share/man/man7/ +-rw-r--r-- root/root usr/share/man/man7/libsmbclient.7.gz +-rw-r--r-- root/root usr/share/man/man7/samba.7.gz +-rw-r--r-- root/root usr/share/man/man7/winbind_krb5_locator.7.gz +drwxr-xr-x root/root usr/share/man/man8/ +-rw-r--r-- root/root usr/share/man/man8/eventlogadm.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_ad.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_autorid.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_hash.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_ldap.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_nss.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_rfc2307.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_rid.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_tdb.8.gz +-rw-r--r-- root/root usr/share/man/man8/idmap_tdb2.8.gz +-rw-r--r-- root/root usr/share/man/man8/net.8.gz +-rw-r--r-- root/root usr/share/man/man8/nmbd.8.gz +-rw-r--r-- root/root usr/share/man/man8/pam_winbind.8.gz +-rw-r--r-- root/root usr/share/man/man8/pdbedit.8.gz +-rw-r--r-- root/root usr/share/man/man8/samba-regedit.8.gz +-rw-r--r-- root/root usr/share/man/man8/samba-tool.8.gz +-rw-r--r-- root/root usr/share/man/man8/samba.8.gz +-rw-r--r-- root/root usr/share/man/man8/smbd.8.gz +-rw-r--r-- root/root usr/share/man/man8/smbpasswd.8.gz +-rw-r--r-- root/root usr/share/man/man8/smbspool.8.gz +-rw-r--r-- root/root usr/share/man/man8/smbspool_krb5_wrapper.8.gz +-rw-r--r-- root/root usr/share/man/man8/smbta-util.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_acl_tdb.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_acl_xattr.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_aio_fork.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_aio_linux.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_aio_pthread.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_audit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_btrfs.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_cacheprime.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_cap.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_catia.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_ceph.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_commit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_crossrename.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_default_quota.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_dirsort.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_extd_audit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_fake_perms.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_fileid.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_fruit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_full_audit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_glusterfs.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_gpfs.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_linux_xfs_sgid.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_media_harmony.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_netatalk.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_notify_fam.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_prealloc.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_preopen.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_readahead.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_readonly.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_recycle.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_scannedonly.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_shadow_copy.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_shadow_copy2.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_smb_traffic_analyzer.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_snapper.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_streams_depot.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_streams_xattr.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_syncops.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_time_audit.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_tsmsm.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_worm.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_xattr_tdb.8.gz +-rw-r--r-- root/root usr/share/man/man8/vfs_zfsacl.8.gz +-rw-r--r-- root/root usr/share/man/man8/winbindd.8.gz drwxr-xr-x root/root usr/share/samba/ drwxr-xr-x root/root usr/share/samba/codepages/ -rw-r--r-- root/root usr/share/samba/codepages/lowcase.dat diff --git a/samba/.md5sum b/samba/.md5sum index b0ddc31..306bb3b 100644 --- a/samba/.md5sum +++ b/samba/.md5sum @@ -1,7 +1,6 @@ -e19e48b72077085b3e91b40382ccf4fa nmbd.rc +f3c85f6f57f662f2373001506cd50a8a nmbd.rc 1a33242498a7494e2b8128b27eece764 samba-4.2.1-krb5.patch -614b4c7b9bbc70cff4cb56956f565741 samba-4.2.1.tar.gz +bea34f5dcd055a73cee3e69218fb545c samba-4.2.14.tar.gz 84266d28273c12045e18ea34c504c296 samba.rc -14f80643ec7508794f5dfc5598daa667 smbd.rc -c3ee08e140a10ba919833cb120fa8c5f v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch -3449060f819db4be400399ca5d0708f5 winbindd.rc +41ae232d0511d3246d4a362296c8115a smbd.rc +c6eabe25403afa2500ec47f71eb1bba6 winbindd.rc diff --git a/samba/Pkgfile b/samba/Pkgfile index c0e4885..e2f22a7 100644 --- a/samba/Pkgfile +++ b/samba/Pkgfile @@ -6,11 +6,10 @@ # Optional: cups name=samba -version=4.2.1 +version=4.2.14 release=4 source=( http://www.samba.org/samba/ftp/stable/$name-$version.tar.gz -v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch samba-4.2.1-krb5.patch samba.rc nmbd.rc @@ -25,18 +24,13 @@ build () { # https://bugzilla.samba.org/show_bug.cgi?id=11165 patch -p1 -i $SRC/samba-4.2.1-krb5.patch - # fix for gnutls-3.4.0 removal of gnutls_certificate_type_set_priority() - # https://bugzilla.samba.org/show_bug.cgi?id=8780 - patch -p1 -i $SRC/v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch - # we should define vendorlib in our perl port - sed -ri 's/(vendor)(arch|lib|prefix)/site\2/' buildtools/wafsamba/samba_perl.py + sed -ri 's:(vendor)(arch|lib|prefix):site\2:' buildtools/wafsamba/samba_perl.py ./configure \ --enable-fhs \ --prefix=/usr \ --localstatedir=/var \ - --mandir=/usr/man \ --sysconfdir=/etc \ --with-privatedir=/etc/samba/private \ --bundled-libraries=NONE \ @@ -47,7 +41,7 @@ build () { # man pages for i in docs/manpages/*; do - install -D -m 644 $i $PKG/usr/man/man${i##*.}/${i##*/} + install -D -m 644 $i $PKG/usr/share/man/man${i##*.}/${i##*/} done # cleanup diff --git a/samba/nmbd.rc b/samba/nmbd.rc index dd63a07..85a43e9 100755 --- a/samba/nmbd.rc +++ b/samba/nmbd.rc @@ -1,76 +1,36 @@ -#!/bin/bash +#!/bin/sh + +PATH="/sbin:/usr/sbin:/bin:/usr/bin" NAME="nmbd" USER="root" RUNDIR="/var/run/samba" -PIDFILE="" -STARTCMD="/usr/sbin/nmbd" -STOPCMD="/usr/bin/smbcontrol $NAME shutdown" -STOPTIMEOUT="300" - -function getpid() { - if [ -z "$PIDFILE" ]; then - pid="$(pgrep -xfn "$STARTCMD")" - else - if [ -f "$PIDFILE" ]; then - pid=$(< $PIDFILE) - if [ ! -d /proc/"$pid" ]; then - echo "$NAME: removing stale pidfile $PIDFILE" >&2 - rm -f "$PIDFILE" - unset pid - fi - fi - fi - echo "$pid" -} +PIDFILE="$RUNDIR/$NAME.pid" +PROG="/usr/sbin/$NAME" case $1 in start) - pid=$(getpid) install -d -m 755 -o $USER $RUNDIR || exit 1 - if [ -n "$pid" ]; then - echo "$NAME already running with pid $pid" >&2 - exit 1 - fi - eval "$STARTCMD" + start-stop-daemon --start --pidfile $PIDFILE --exec $PROG -- $ARGS ;; stop) - pid=$(getpid) - if [ -n "$pid" ]; then - if [ -n "$STOPCMD" ]; then - eval "$STOPCMD" - else - kill "$pid" - fi - t=$(printf '%(%s)T' -1) - tend=$((t+STOPTIMEOUT)) - while [ -d /proc/$pid -a $t -lt $tend ]; do - sleep 0.5 - t=$(printf '%(%s)T' -1) - done - if [ -d /proc/"$pid" ]; then - echo "$NAME still running with pid $pid" >&2 - else - [ -n "$PIDFILE" ] && rm -f "$PIDFILE" - fi - else - echo "$NAME is not running" >&2 - fi - ;; -reload) - /usr/bin/smbcontrol $NAME reload-config + start-stop-daemon --stop --retry 30 --pidfile $PIDFILE ;; restart) $0 stop $0 start ;; status) - pid=$(getpid) - if [ -n "$pid" ]; then - echo "$NAME is running with pid $pid" - else - echo "$NAME is not running" - fi + start-stop-daemon --status --pidfile $PIDFILE + case $? in + 0) echo "$PROG running with pid: $(cat $PIDFILE)" ;; + 1) echo "$PROG not running, stale pidfile: $PIDFILE" ;; + 3) echo "$PROG not running" ;; + 4) echo "Unable to determine program status" ;; + esac + ;; +reload) + smbcontrol $NAME reload-config ;; *) echo "usage: $0 [start|stop|restart|reload|status]" diff --git a/samba/smbd.rc b/samba/smbd.rc index 0c22f3c..f93c6cc 100755 --- a/samba/smbd.rc +++ b/samba/smbd.rc @@ -1,76 +1,36 @@ -#!/bin/bash +#!/bin/sh + +PATH="/sbin:/usr/sbin:/bin:/usr/bin" NAME="smbd" USER="root" RUNDIR="/var/run/samba" -PIDFILE="" -STARTCMD="/usr/sbin/smbd" -STOPCMD="/usr/bin/smbcontrol $NAME shutdown" -STOPTIMEOUT="300" - -function getpid() { - if [ -z "$PIDFILE" ]; then - pid="$(pgrep -xfn "$STARTCMD")" - else - if [ -f "$PIDFILE" ]; then - pid=$(< $PIDFILE) - if [ ! -d /proc/"$pid" ]; then - echo "$NAME: removing stale pidfile $PIDFILE" >&2 - rm -f "$PIDFILE" - unset pid - fi - fi - fi - echo "$pid" -} +PIDFILE="$RUNDIR/$NAME.pid" +PROG="/usr/sbin/$NAME" case $1 in start) - pid=$(getpid) install -d -m 755 -o $USER $RUNDIR || exit 1 - if [ -n "$pid" ]; then - echo "$NAME already running with pid $pid" >&2 - exit 1 - fi - eval "$STARTCMD" + start-stop-daemon --start --pidfile $PIDFILE --exec $PROG -- $ARGS ;; stop) - pid=$(getpid) - if [ -n "$pid" ]; then - if [ -n "$STOPCMD" ]; then - eval "$STOPCMD" - else - kill "$pid" - fi - t=$(printf '%(%s)T' -1) - tend=$((t+STOPTIMEOUT)) - while [ -d /proc/$pid -a $t -lt $tend ]; do - sleep 0.5 - t=$(printf '%(%s)T' -1) - done - if [ -d /proc/"$pid" ]; then - echo "$NAME still running with pid $pid" >&2 - else - [ -n "$PIDFILE" ] && rm -f "$PIDFILE" - fi - else - echo "$NAME is not running" >&2 - fi - ;; -reload) - /usr/bin/smbcontrol $NAME reload-config + start-stop-daemon --stop --retry 30 --pidfile $PIDFILE ;; restart) $0 stop $0 start ;; status) - pid=$(getpid) - if [ -n "$pid" ]; then - echo "$NAME is running with pid $pid" - else - echo "$NAME is not running" - fi + start-stop-daemon --status --pidfile $PIDFILE + case $? in + 0) echo "$PROG running with pid: $(cat $PIDFILE)" ;; + 1) echo "$PROG not running, stale pidfile: $PIDFILE" ;; + 3) echo "$PROG not running" ;; + 4) echo "Unable to determine program status" ;; + esac + ;; +reload) + smbcontrol $NAME reload-config ;; *) echo "usage: $0 [start|stop|restart|reload|status]" diff --git a/samba/v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch b/samba/v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch deleted file mode 100644 index f61e0a9..0000000 --- a/samba/v2-0001-s4-lib-tls-use-gnutls_priority_set_direct.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 17f386f2a9462efe4d4cbf58e55d164923e11af5 Mon Sep 17 00:00:00 2001 -From: Evangelos Foutras <evangelos@foutrelis.com> -Date: Mon, 13 Apr 2015 23:11:14 +0300 -Subject: [PATCH v2] s4:lib/tls: use gnutls_priority_set_direct() - -gnutls_certificate_type_set_priority() was removed in GnuTLS 3.4.0. ---- - source4/lib/tls/tls.c | 3 +-- - source4/lib/tls/tls_tstream.c | 7 +------ - 2 files changed, 2 insertions(+), 8 deletions(-) - -diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c -index b9182ad..2fe4ff7 100644 ---- a/source4/lib/tls/tls.c -+++ b/source4/lib/tls/tls.c -@@ -572,7 +572,6 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx, - { - struct tls_context *tls; - int ret = 0; -- const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; - struct socket_context *new_sock; - NTSTATUS nt_status; - -@@ -598,7 +597,7 @@ struct socket_context *tls_init_client(struct socket_context *socket_ctx, - gnutls_certificate_set_x509_trust_file(tls->xcred, ca_path, GNUTLS_X509_FMT_PEM); - TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT)); - TLSCHECK(gnutls_set_default_priority(tls->session)); -- gnutls_certificate_type_set_priority(tls->session, cert_type_priority); -+ gnutls_priority_set_direct(tls->session, "NORMAL:+CTYPE-OPENPGP", NULL); - TLSCHECK(gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE, tls->xcred)); - - talloc_set_destructor(tls, tls_destructor); -diff --git a/source4/lib/tls/tls_tstream.c b/source4/lib/tls/tls_tstream.c -index f19f5c5..5b2329b 100644 ---- a/source4/lib/tls/tls_tstream.c -+++ b/source4/lib/tls/tls_tstream.c -@@ -967,11 +967,6 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx, - #if ENABLE_GNUTLS - struct tstream_tls *tlss; - int ret; -- static const int cert_type_priority[] = { -- GNUTLS_CRT_X509, -- GNUTLS_CRT_OPENPGP, -- 0 -- }; - #endif /* ENABLE_GNUTLS */ - - req = tevent_req_create(mem_ctx, &state, -@@ -1014,7 +1009,7 @@ struct tevent_req *_tstream_tls_connect_send(TALLOC_CTX *mem_ctx, - return tevent_req_post(req, ev); - } - -- gnutls_certificate_type_set_priority(tlss->tls_session, cert_type_priority); -+ gnutls_priority_set_direct(tlss->tls_session, "NORMAL:+CTYPE-OPENPGP", NULL); - - ret = gnutls_credentials_set(tlss->tls_session, - GNUTLS_CRD_CERTIFICATE, --- -2.3.5 - diff --git a/samba/winbindd.rc b/samba/winbindd.rc index 4bcfa49..1861d67 100755 --- a/samba/winbindd.rc +++ b/samba/winbindd.rc @@ -1,76 +1,36 @@ -#!/bin/bash +#!/bin/sh + +PATH="/sbin:/usr/sbin:/bin:/usr/bin" NAME="winbindd" USER="root" RUNDIR="/var/run/samba" -PIDFILE="" -STARTCMD="/usr/sbin/winbindd" -STOPCMD="/usr/bin/smbcontrol $NAME shutdown" -STOPTIMEOUT="300" - -function getpid() { - if [ -z "$PIDFILE" ]; then - pid="$(pgrep -xfn "$STARTCMD")" - else - if [ -f "$PIDFILE" ]; then - pid=$(< $PIDFILE) - if [ ! -d /proc/"$pid" ]; then - echo "$NAME: removing stale pidfile $PIDFILE" >&2 - rm -f "$PIDFILE" - unset pid - fi - fi - fi - echo "$pid" -} +PIDFILE="$RUNDIR/$NAME.pid" +PROG="/usr/sbin/$NAME" case $1 in start) - pid=$(getpid) install -d -m 755 -o $USER $RUNDIR || exit 1 - if [ -n "$pid" ]; then - echo "$NAME already running with pid $pid" >&2 - exit 1 - fi - eval "$STARTCMD" + start-stop-daemon --start --pidfile $PIDFILE --exec $PROG -- $ARGS ;; stop) - pid=$(getpid) - if [ -n "$pid" ]; then - if [ -n "$STOPCMD" ]; then - eval "$STOPCMD" - else - kill "$pid" - fi - t=$(printf '%(%s)T' -1) - tend=$((t+STOPTIMEOUT)) - while [ -d /proc/$pid -a $t -lt $tend ]; do - sleep 0.5 - t=$(printf '%(%s)T' -1) - done - if [ -d /proc/"$pid" ]; then - echo "$NAME still running with pid $pid" >&2 - else - [ -n "$PIDFILE" ] && rm -f "$PIDFILE" - fi - else - echo "$NAME is not running" >&2 - fi - ;; -reload) - /usr/bin/smbcontrol $NAME reload-config + start-stop-daemon --stop --retry 30 --pidfile $PIDFILE ;; restart) $0 stop $0 start ;; status) - pid=$(getpid) - if [ -n "$pid" ]; then - echo "$NAME is running with pid $pid" - else - echo "$NAME is not running" - fi + start-stop-daemon --status --pidfile $PIDFILE + case $? in + 0) echo "$PROG running with pid: $(cat $PIDFILE)" ;; + 1) echo "$PROG not running, stale pidfile: $PIDFILE" ;; + 3) echo "$PROG not running" ;; + 4) echo "Unable to determine program status" ;; + esac + ;; +reload) + smbcontrol $NAME reload-config ;; *) echo "usage: $0 [start|stop|restart|reload|status]"