1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-11-20 00:21:35 +00:00
freebsd-ports/net/samba410/files
Timur I. Bakeyev 35180fbaff Update Samba ports to close recent CVEs.
PR:		245475
Security:	CVE-2020-10730
		CVE-2020-10745
		CVE-2020-10760
		CVE-2020-14303
2020-07-05 00:27:27 +00:00
..
man
0001-provision-use-ASCII-quotes.patch
0001-Zfs-provision-1.patch
patch-bind
patch-buildtools_scripts_abi__gen.sh
patch-buildtools_wafsamba_samba__autoconf.py
patch-buildtools_wafsamba_samba__install.py
patch-buildtools_wafsamba_wafsamba.py
patch-buildtools_wafsamba_wscript
patch-ctdb_wscript
patch-dwrap
patch-dynconfig_wscript
patch-examples_pdb_wscript__build
patch-lib_crypto_wscript__configure
patch-lib_ldb_ldb__key__value_ldb__kv__cache.c
patch-lib_ldb_ldb__mdb_ldb__mdb.c
patch-lib_ldb_wscript
patch-lib_replace_wscript
patch-lib_talloc_talloc.c
patch-lib_talloc_wscript
patch-lib_tdb_wscript
patch-lib_util_util__paths.c
patch-lib_util_wscript__build
patch-listen-backlog
patch-mdns
patch-nsswitch_wscript__build
patch-source3_include_includes.h
patch-source3_lib_sysquotas__4B.c
patch-source3_lib_util.c
patch-source3_librpc_crypto_gse.c
patch-source3_modules_vfs__fruit.c
patch-source3_modules_vfs__streams__xattr.c
patch-source3_modules_vfs__virusfilter__utils.c
patch-source3_modules_vfs__zfsacl.c
patch-source3_registry_tests_test__regfio.c
patch-source3_smbd_quotas.c
patch-source3_smbd_utmp.c
patch-source3_torture_cmd__vfs.c
patch-source3_utils_net__time.c
patch-source3_utils_net.c
patch-source3_winbindd_wscript__build
patch-source3_wscript
patch-source3_wscript__build
patch-source4_heimdal__build_wscript__configure
patch-source4_heimdal_lib_roken_rand.c
patch-source4_kdc_kdc-service-mit.c
patch-source4_lib_http_http.c
patch-vfs_freebsd
pkg-message.in
README.FreeBSD.in
samba_server.in

              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
              !!! Please read before runing any tools !!!
              !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Documentation
=============

    o https://wiki.samba.org/index.php/Samba4/HOWTO

    o https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO

    o https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO

FreeBSD specific information
============================

* Your configuration is in: %%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%

* All the logs are under: %%SAMBA4_LOGDIR%%

* All the relevant databases are under: %%SAMBA4_LOCKDIR%%

* Provisioning script is: %%PREFIX%%/bin/samba-tool

Samba4 provisioning requires file system(s) with the ACLs support. On
UFS2 you need to enable POSIX ACLs by adding 'acls' option to the mount
flags, on ZFS you need to use NFSv4 ACLs and `zfsacl` VFS module to get
provisioning work.

There is a hack in the code, that makes provisioning work on UFS2 and in
the jails on the price of using USER extattr(2) namespace, which is less
secure than SYSTEM namespace, as can be edited not only by root user, but
also by the owner of the file.

For the provisioning on ZFS you need to use additional parameters to the
samba-tool, that would explicitly add `zfsacl` to the default `vfs objects`:

    # samba-tool domain provision --interactive \
            --option="vfs objects"="dfs_samba4 zfsacl"

To run this port you need to perform the following steps:
---------------------------------------------------------

0. If you had Samba3 port installed before, please, *take backups* of
all the relevant files. That includes 'smb.conf' file and all the
content of the '/var/db/samba/' directory.

1a. Create new '%%SAMBA4_CONFDIR%%/%%SAMBA4_CONFIG%%' file by running:

    # samba-tool domain provision

1b. Or upgrade from the Samba3 'smb.conf' file by running:

    # samba-tool domain classicupgrade

%%NSUPDATE%%1c. You will need to specify location of the 'nsupdate' command in the
%%NSUPDATE%%'%%SAMBA4_CONFIG%%' file:
%%NSUPDATE%%
%%NSUPDATE%%      nsupdate command = %%PREFIX%%/bin/samba-nsupdate -g
%%NSUPDATE%%
2. Put string 'samba_server_enable="YES"' into your /etc/rc.conf.

3. Make sure that your server doesn't run Samba3, OpenLDAP and named.
Stop them, if necessary.

4. Run '%%PREFIX%%/etc/rc.d/samba_server start' or reboot.

Please, check archives of samba@lists.samba.org and ask there for help,
if necessary:

    https://lists.samba.org/archive/samba/

In case you found a bug which is clearly not related to the port build
process itself, plese file a bug report at:

    https://bugzilla.samba.org/

And add me to CC list.

You may find those tools helpful:
---------------------------------

Microsoft Remote Server Administration Tools (RSAT) for:

* Vista: http://www.microsoft.com/en-us/download/details.aspx?id=21090
* Windows 7: http://www.microsoft.com/en-us/download/details.aspx?id=7887


FreeBSD Samba4 port maintainer: Timur I. Bakeyev <timur@FreeBSD.org>