blob: a7dc5747d73ad342cd10472c69774bd099ef1f3b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
#!/bin/sh
#
# Post-installation script for the Samba package for Debian GNU/Linux
#
#
set -e
# We generate several files during the postinst, and we don't want
# them to be readable only by root.
umask 022
if dpkg --compare-versions "$2" gt 2:4.0 &&
dpkg --compare-versions "$2" lt-nl 2:4.0.11+dfsg ; then
# CVE-2013-4475
KEYFILE=/var/lib/samba/private/tls/key.pem
if [ -e $KEYFILE ]
then
KEYPERMS=`stat -c %a $KEYFILE`
if [ "$KEYPERMS" != "600" ]
then
echo "moving world readable public key to /var/lib/samba/private/tls/CVE-2013-4475"
mkdir -m 700 /var/lib/samba/private/tls/CVE-2013-4475
mv -n /var/lib/samba/private/tls/*pem /var/lib/samba/private/tls/CVE-2013-4475
fi
fi
fi
if dpkg --compare-versions "$2" lt-nl 2:3.6.15-2; then
if [ -e /etc/default/samba ]; then
# this config file's one setting is now obsolete; remove it
# unconditionally
rm -f /etc/default/samba
fi
# Remove NetBIOS entries from /etc/inetd.conf
if [ -x /usr/sbin/update-inetd ]; then
update-inetd --remove netbios-ssn
fi
fi
if dpkg --compare-versions "$2" lt-nl 2:4.0.12+dfsg-2~; then
if update-alternatives --list smbstatus >/dev/null 2>&1; then
update-alternatives --remove-all smbstatus
fi
fi
if dpkg --compare-versions "$2" lt-nl 2:4.1.13+dfsg-2~; then
# on upgrades from wheezy to jessie, the samba init script should not stay
# active, see #766690
update-rc.d samba remove
fi
# add the sambashare group
if ! getent group sambashare > /dev/null 2>&1
then
addgroup --system sambashare
# Only on Ubuntu, use the "admin" group as a template for the
# initial users for this group; Debian has no equivalent group,
# so leaving the sambashare group empty is the more secure default
if [ -x "`which lsb_release 2>/dev/null`" ] \
&& [ "`lsb_release -s -i`" = "Ubuntu" ]
then
OLDIFS="$IFS"
IFS=","
for USER in `getent group admin | cut -f4 -d:`; do
adduser "$USER" sambashare \
|| ! getent passwd "$USER" >/dev/null
done
IFS="$OLDIFS"
fi
fi
if [ ! -e /var/lib/samba/usershares ]
then
install -d -m 1770 -g sambashare /var/lib/samba/usershares
fi
#DEBHELPER#
exit 0
|
