[PATCH] Samba4: New package samba-4.4.0

[Alexander Marx <alexander.marx@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 17693 bytes --]

Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
---
 samba4/samba.nm                | 109 ++++++++++++++
 samba4/samba.pamd              |   6 +
 samba4/smb.conf                | 320 +++++++++++++++++++++++++++++++++++++++++
 samba4/systemd/nmb.service     |  10 ++
 samba4/systemd/smb.service     |  11 ++
 samba4/systemd/winbind.service |  10 ++
 6 files changed, 466 insertions(+)
 create mode 100644 samba4/samba.nm
 create mode 100644 samba4/samba.pamd
 create mode 100644 samba4/smb.conf
 create mode 100644 samba4/systemd/nmb.service
 create mode 100644 samba4/systemd/smb.service
 create mode 100644 samba4/systemd/winbind.service

diff --git a/samba4/samba.nm b/samba4/samba.nm
new file mode 100644
index 0000000..9a1ef37
--- /dev/null
+++ b/samba4/samba.nm
@@ -0,0 +1,109 @@
+###############################################################################
+# IPFire.org    - An Open Source Firewall Solution                            #
+# Copyright (C) - IPFire Development Team <info(a)ipfire.org>                   #
+###############################################################################
+
+name       = samba
+version    = 4.4.0
+release    = 1
+
+groups     = Networking/Daemons
+url        = http://www.samba.org/
+license    = GPLv3+ and LGPLv3+
+summary    = Server and Client software to interoperate with Windows machines.
+
+description
+	Samba is the suite of programs by which a lot of PC-related machines
+	share files, printers, and other information (such as lists of
+	available files and printers). The Windows NT, OS/2, and Linux
+	operating systems support this natively, and add-on packages can
+	enable the same thing for DOS, Windows, VMS, UNIX of all kinds, MVS,
+	and more. This package provides an SMB/CIFS server that can be used to
+	provide network services to SMB/CIFS clients.
+	Samba uses NetBIOS over TCP/IP (NetBT) protocols and does NOT
+	need the NetBEUI (Microsoft Raw NetBIOS frame) protocol.
+end
+
+source_dl  = http://www.samba.org/samba/ftp/stable/
+
+CFLAGS    += \
+	-D_FILE_OFFSET_BITS=64 \
+	-D_GNU_SOURCE -DLDAP_DEPRECATED
+
+build
+	requires
+		autoconf
+		automake
+		avahi-devel
+		#cups-devel
+		gettext
+		gnutls-devel
+		ncurses-devel
+		libacl-devel
+		libcap-devel
+		openldap-devel
+		openssl-devel
+		pam-devel
+		popt-devel
+		readline-devel
+		which
+		zlib-devel
+	end
+
+	DIR_APP = %{DIR_SRC}/%{thisapp}/
+
+	configure_options += \
+		--enable-fhs \
+		--prefix=%{prefix} \
+		--localstatedir=/var \
+		--with-lockdir=%{sharedstatedir}/samba \
+		--with-piddir=/var/run/samba \
+		--with-privatedir=%{sharedstatedir}/samba/private \
+		--with-logfilebase=/var/log/samba \
+		--with-modulesdir=%{libdir}/samba \
+		--with-configdir=%{sysconfdir}/samba \
+		--with-pammodulesdir=/%{lib}/security \
+		--with-automount \
+		--with-pam \
+		--with-quotas \
+		--with-sendfile-support \
+		--with-syslog \
+		--with-utmp \
+		--with-winbind \
+		--with-shared-modules=idmap_ad,idmap_rid,idmap_adex,idmap_hash
+
+	install_cmds
+		mkdir -pv %{BUILDROOT}%{sysconfdir}/samba
+		echo "127.0.0.1 localhost" > %{BUILDROOT}%{sysconfdir}/samba/lmhosts
+		cp -vf %{DIR_SOURCE}/smb.conf %{BUILDROOT}/%{sysconfdir}/%{name}
+	end
+end
+
+quality-agent
+	whitelist_rpath
+		%{libdir}/samba
+	end
+end
+
+
+packages
+	package %{name}
+		prerequires = systemd-units
+		configfiles = /etc/smb.conf
+		requires += %{name}-libs = %{thisver}
+	end
+
+	package %{name}-libs
+		template LIBS
+	end
+
+	package %{name}-devel
+		template DEVEL
+
+		requires += %{name}-libs = %{thisver}
+	end
+
+	package %{name}-debuginfo
+		template DEBUGINFO
+	end
+end
diff --git a/samba4/samba.pamd b/samba4/samba.pamd
new file mode 100644
index 0000000..66cd2a9
--- /dev/null
+++ b/samba4/samba.pamd
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth       required	pam_nologin.so
+auth       include	password-auth
+account    include	password-auth
+session    include	password-auth
+password   include	password-auth
diff --git a/samba4/smb.conf b/samba4/smb.conf
new file mode 100644
index 0000000..fe0d921
--- /dev/null
+++ b/samba4/smb.conf
@@ -0,0 +1,320 @@
+# This is the main Samba configuration file. For detailed information about the
+# options listed here, refer to the smb.conf(5) manual page. Samba has a huge
+# number of configurable options, most of which are not shown in this example.
+#
+# The Official Samba 3.2.x HOWTO and Reference Guide contains step-by-step
+# guides for installing, configuring, and using Samba:
+# http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf
+#
+# The Samba-3 by Example guide has working examples for smb.conf. This guide is
+# generated daily: http://www.samba.org/samba/docs/Samba-Guide.pdf
+#
+# In this file, lines starting with a semicolon (;) or a hash (#) are
+# comments and are ignored. This file uses hashes to denote commentary and
+# semicolons for parts of the file you may wish to configure.
+#
+# Note: Run the "testparm" command after modifying this file to check for basic
+# syntax errors.
+#
+#---------------
+# Security-Enhanced Linux (SELinux) Notes:
+#
+# Turn the samba_domain_controller Boolean on to allow Samba to use the useradd
+# and groupadd family of binaries. Run the following command as the root user to
+# turn this Boolean on:
+# setsebool -P samba_domain_controller on
+#
+# Turn the samba_enable_home_dirs Boolean on if you want to share home
+# directories via Samba. Run the following command as the root user to turn this
+# Boolean on:
+# setsebool -P samba_enable_home_dirs on
+#
+# If you create a new directory, such as a new top-level directory, label it
+# with samba_share_t so that SELinux allows Samba to read and write to it. Do
+# not label system directories, such as /etc/ and /home/, with samba_share_t, as
+# such directories should already have an SELinux label.
+#
+# Run the "ls -ldZ /path/to/directory" command to view the current SELinux
+# label for a given directory.
+#
+# Set SELinux labels only on files and directories you have created. Use the
+# chcon command to temporarily change a label:
+# chcon -t samba_share_t /path/to/directory
+#
+# Changes made via chcon are lost when the file system is relabeled or commands
+# such as restorecon are run.
+#
+# Use the samba_export_all_ro or samba_export_all_rw Boolean to share system
+# directories. To share such directories and only allow read-only permissions:
+# setsebool -P samba_export_all_ro on
+# To share such directories and allow read and write permissions:
+# setsebool -P samba_export_all_rw on
+#
+# To run scripts (preexec/root prexec/print command/...), copy them to the
+# /var/lib/samba/scripts/ directory so that SELinux will allow smbd to run them.
+# Note that if you move the scripts to /var/lib/samba/scripts/, they retain
+# their existing SELinux labels, which may be labels that SELinux does not allow
+# smbd to run. Copying the scripts will result in the correct SELinux labels.
+# Run the "restorecon -R -v /var/lib/samba/scripts" command as the root user to
+# apply the correct SELinux labels to these files.
+#
+#--------------
+#
+#======================= Global Settings =====================================
+
+[global]
+
+# ----------------------- Network-Related Options -------------------------
+#
+# workgroup = the Windows NT domain name or workgroup name, for example, MYGROUP.
+#
+# server string = the equivalent of the Windows NT Description field.
+#
+# netbios name = used to specify a server name that is not tied to the hostname.
+#
+# interfaces = used to configure Samba to listen on multiple network interfaces.
+# If you have multiple interfaces, you can use the "interfaces =" option to
+# configure which of those interfaces Samba listens on. Never omit the localhost
+# interface (lo).
+#
+# hosts allow = the hosts allowed to connect. This option can also be used on a
+# per-share basis.
+#
+# hosts deny = the hosts not allowed to connect. This option can also be used on
+# a per-share basis.
+#
+# max protocol = used to define the supported protocol. The default is NT1. You
+# can set it to SMB2 if you want experimental SMB2 support.
+#
+	workgroup = MYGROUP
+	server string = Samba Server Version %v
+
+;	netbios name = MYSERVER
+
+;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
+;	hosts allow = 127. 192.168.12. 192.168.13.
+
+;	max protocol = SMB2
+
+# --------------------------- Logging Options -----------------------------
+#
+# log file = specify where log files are written to and how they are split.
+#
+# max log size = specify the maximum size log files are allowed to reach. Log
+# files are rotated when they reach the size specified with "max log size".
+#
+
+	# log files split per-machine:
+	log file = /var/log/samba/log.%m
+	# maximum size of 50KB per log file, then rotate:
+	max log size = 50
+
+# ----------------------- Standalone Server Options ------------------------
+#
+# security = the mode Samba runs in. This can be set to user, share
+# (deprecated), or server (deprecated).
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+
+	security = user
+	passdb backend = tdbsam
+
+
+# ----------------------- Domain Members Options ------------------------
+#
+# security = must be set to domain or ads.
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# realm = only use the realm option when the "security = ads" option is set.
+# The realm option specifies the Active Directory realm the host is a part of.
+#
+# password server = only use this option when the "security = server"
+# option is set, or if you cannot use DNS to locate a Domain Controller. The
+# argument list can include My_PDC_Name, [My_BDC_Name], and [My_Next_BDC_Name]:
+#
+# password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
+#
+# Use "password server = *" to automatically locate Domain Controllers.
+
+;	security = domain
+;	passdb backend = tdbsam
+;	realm = MY_REALM
+
+;	password server = <NT-Server-Name>
+
+# ----------------------- Domain Controller Options ------------------------
+#
+# security = must be set to user for domain controllers.
+#
+# passdb backend = the backend used to store user information in. New
+# installations should use either tdbsam or ldapsam. No additional configuration
+# is required for tdbsam. The "smbpasswd" utility is available for backwards
+# compatibility.
+#
+# domain master = specifies Samba to be the Domain Master Browser, allowing
+# Samba to collate browse lists between subnets. Do not use the "domain master"
+# option if you already have a Windows NT domain controller performing this task.
+#
+# domain logons = allows Samba to provide a network logon service for Windows
+# workstations.
+#
+# logon script = specifies a script to run at login time on the client. These
+# scripts must be provided in a share named NETLOGON.
+#
+# logon path = specifies (with a UNC path) where user profiles are stored.
+#
+#
+;	security = user
+;	passdb backend = tdbsam
+
+;	domain master = yes
+;	domain logons = yes
+
+	# the following login script name is determined by the machine name
+	# (%m):
+;	logon script = %m.bat
+	# the following login script name is determined by the UNIX user used:
+;	logon script = %u.bat
+;	logon path = \\%L\Profiles\%u
+	# use an empty path to disable profile support:
+;	logon path =
+
+	# various scripts can be used on a domain controller or a stand-alone
+	# machine to add or delete corresponding UNIX accounts:
+
+;	add user script = /usr/sbin/useradd "%u" -n -g users
+;	add group script = /usr/sbin/groupadd "%g"
+;	add machine script = /usr/sbin/useradd -n -c "Workstation (%u)" -M -d /nohome -s /bin/false "%u"
+;	delete user script = /usr/sbin/userdel "%u"
+;	delete user from group script = /usr/sbin/userdel "%u" "%g"
+;	delete group script = /usr/sbin/groupdel "%g"
+
+
+# ----------------------- Browser Control Options ----------------------------
+#
+# local master = when set to no, Samba does not become the master browser on
+# your network. When set to yes, normal election rules apply.
+#
+# os level = determines the precedence the server has in master browser
+# elections. The default value should be reasonable.
+#
+# preferred master = when set to yes, Samba forces a local browser election at
+# start up (and gives itself a slightly higher chance of winning the election).
+#
+;	local master = no
+;	os level = 33
+;	preferred master = yes
+
+#----------------------------- Name Resolution -------------------------------
+#
+# This section details the support for the Windows Internet Name Service (WINS).
+#
+# Note: Samba can be either a WINS server or a WINS client, but not both.
+#
+# wins support = when set to yes, the NMBD component of Samba enables its WINS
+# server.
+#
+# wins server = tells the NMBD component of Samba to be a WINS client.
+#
+# wins proxy = when set to yes, Samba answers name resolution queries on behalf
+# of a non WINS capable client. For this to work, there must be at least one
+# WINS server on the network. The default is no.
+#
+# dns proxy = when set to yes, Samba attempts to resolve NetBIOS names via DNS
+# nslookups.
+
+;	wins support = yes
+;	wins server = w.x.y.z
+;	wins proxy = yes
+
+;	dns proxy = yes
+
+# --------------------------- Printing Options -----------------------------
+#
+# The options in this section allow you to configure a non-default printing
+# system.
+#
+# load printers = when set you yes, the list of printers is automatically
+# loaded, rather than setting them up individually.
+#
+# cups options = allows you to pass options to the CUPS library. Setting this
+# option to raw, for example, allows you to use drivers on your Windows clients.
+#
+# printcap name = used to specify an alternative printcap file.
+#
+
+	load printers = yes
+	cups options = raw
+
+;	printcap name = /etc/printcap
+	# obtain a list of printers automatically on UNIX System V systems:
+;	printcap name = lpstat
+;	printing = cups
+
+# --------------------------- File System Options ---------------------------
+#
+# The options in this section can be un-commented if the file system supports
+# extended attributes, and those attributes are enabled (usually via the
+# "user_xattr" mount option). These options allow the administrator to specify
+# that DOS attributes are stored in extended attributes and also make sure that
+# Samba does not change the permission bits.
+#
+# Note: These options can be used on a per-share basis. Setting them globally
+# (in the [global] section) makes them the default for all shares.
+
+;	map archive = no
+;	map hidden = no
+;	map read only = no
+;	map system = no
+;	store dos attributes = yes
+
+
+#============================ Share Definitions ==============================
+
+[homes]
+	comment = Home Directories
+	browseable = no
+	writable = yes
+;	valid users = %S
+;	valid users = MYDOMAIN\%S
+
+[printers]
+	comment = All Printers
+	path = /var/spool/samba
+	browseable = no
+	guest ok = no
+	writable = no
+	printable = yes
+
+# Un-comment the following and create the netlogon directory for Domain Logons:
+;	[netlogon]
+;	comment = Network Logon Service
+;	path = /var/lib/samba/netlogon
+;	guest ok = yes
+;	writable = no
+;	share modes = no
+
+# Un-comment the following to provide a specific roving profile share.
+# The default is to use the user's home directory:
+;	[Profiles]
+;	path = /var/lib/samba/profiles
+;	browseable = no
+;	guest ok = yes
+
+# A publicly accessible directory that is read only, except for users in the
+# "staff" group (which have write permissions):
+;	[public]
+;	comment = Public Stuff
+;	path = /home/samba
+;	public = yes
+;	writable = yes
+;	printable = no
+;	write list = +staff
diff --git a/samba4/systemd/nmb.service b/samba4/systemd/nmb.service
new file mode 100644
index 0000000..b0b447e
--- /dev/null
+++ b/samba4/systemd/nmb.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Samba NMB Daemon
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/nmbd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/samba4/systemd/smb.service b/samba4/systemd/smb.service
new file mode 100644
index 0000000..b62df5c
--- /dev/null
+++ b/samba4/systemd/smb.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Samba SMB Daemon
+After=syslog.target network.target nmb.service winbind.service
+
+[Service]
+Type=forking
+LimitNOFILE=16384
+ExecStart=/usr/sbin/smbd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/samba4/systemd/winbind.service b/samba4/systemd/winbind.service
new file mode 100644
index 0000000..5ae1c2f
--- /dev/null
+++ b/samba4/systemd/winbind.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Samba Winbind Daemon
+After=syslog.target network.target nmb.service
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/winbindd
+
+[Install]
+WantedBy=multi-user.target
-- 
2.6.3