enable support for user shares by default and add sambashares group as expected by kde plasma

use systemd sysusers file to create groups and users [release 4.19.4-2mamba;Fri Jan 26 2024]
2024-01-27 09:56:59 +01:00 · 2024-01-27 09:56:59 +01:00 · caca509548
commit caca509548
parent 883f43dbba
14 changed files with 41 additions and 629 deletions
--- a/samba-3.0.23-smbldaptools-rootbinddn.patch
+++ b/samba-3.0.23-smbldaptools-rootbinddn.patch
@ -1,57 +0,0 @@
 --- samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm	2006-01-03 11:57:41.000000000 +0100
 +++ samba-3.0.23/examples/LDAP/smbldap-tools-0.9.2/smbldap_tools.pm.fix	2006-10-10 10:12:42.000000000 +0200
@@ -32,15 +32,15 @@
 # ugly funcs using global variables and spawning openldap clients
 my $smbldap_conf;
 -if (-e "/etc/smbldap-tools/smbldap.conf") {
 -	$smbldap_conf="/etc/smbldap-tools/smbldap.conf";
 +if (-e "/etc/samba/smbldap-tools/smbldap.conf") {
 +	$smbldap_conf="/etc/samba/smbldap-tools/smbldap.conf";
 } else {
 	$smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
 }
 my $smbldap_bind_conf;
 -if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
 -	$smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
 +if (-e "/etc/samba/smbldap-tools/smbldap_bind.conf") {
 +	$smbldap_bind_conf="/etc/samba/smbldap-tools/smbldap_bind.conf";
 } else {
 	$smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
 }
@@ -51,6 +51,10 @@
 	$samba_conf="/usr/local/samba/lib/smb.conf";
 }
 +# system-wide LDAP configuration files
 +my $ldap_conf="/etc/ldap.conf";
 +my $ldap_secret="/etc/ldap.secret";
 +
 use vars       qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
 use Exporter;
 $VERSION = 1.00;
@@ -168,7 +172,22 @@
 		$conf{$parameter}=$value;
 	  }
 	  close (CONFIGFILE);
 -	} else {
 +
 +	  if (open (CONFIGFILE, "$ldap_secret")) {
 +		$conf{masterPw} = <CONFIGFILE>;
 +		chomp($conf{masterPw});
 +		close (CONFIGFILE);
 +
 +		open (CONFIGFILE, "$ldap_conf") || die "Unable to open $ldap_conf for reading !\n";
 +		while (<CONFIGFILE>) {
 +		    chomp($_);
 +		    next if ( ! /^\s*rootbinddn\s*.*/ );
 +		    $_ =~ s/^\s*rootbinddn\s*(.*)$/$1/;
 +		    $conf{masterDN}=$_;
 +		}
 +		close (CONFIGFILE);
 +	  }
 +        } else {
 	  $conf{slaveDN}=$conf{slavePw}=$conf{masterDN}=$conf{masterPw}="";
 	}
        # automatically find SID
--- a/samba-3.2.4-remove_strlcpy_strlcat.patch
+++ b/samba-3.2.4-remove_strlcpy_strlcat.patch
@ -1,48 +0,0 @@
 diff -Nru samba-3.2.4.orig/source/client/mount.cifs.c samba-3.2.4/source/client/mount.cifs.c
 --- samba-3.2.4.orig/source/client/mount.cifs.c	2008-09-18 08:49:02.000000000 +0200
 +++ samba-3.2.4/source/client/mount.cifs.c	2008-10-02 12:30:24.000000000 +0200
@@ -89,44 +89,6 @@
 char * domain_name = NULL;
 char * prefixpath = NULL;
 -/* glibc doesn't have strlcpy, strlcat. Ensure we do. JRA. We
 - * don't link to libreplace so need them here. */
 -
 -/* like strncpy but does not 0 fill the buffer and always null
 - *    terminates. bufsize is the size of the destination buffer */
 -static size_t strlcpy(char *d, const char *s, size_t bufsize)
 -{
 -	size_t len = strlen(s);
 -	size_t ret = len;
 -	if (bufsize <= 0) return 0;
 -	if (len >= bufsize) len = bufsize-1;
 -	memcpy(d, s, len);
 -	d[len] = 0;
 -	return ret;
 -}
 -
 -/* like strncat but does not 0 fill the buffer and always null
 - *    terminates. bufsize is the length of the buffer, which should
 - *       be one more than the maximum resulting string length */
 -static size_t strlcat(char *d, const char *s, size_t bufsize)
 -{
 -	size_t len1 = strlen(d);
 -	size_t len2 = strlen(s);
 -	size_t ret = len1 + len2;
 -
 -	if (len1+len2 >= bufsize) {
 -		if (bufsize < (len1+1)) {
 -			return ret;
 -		}
 -		len2 = bufsize - (len1+1);
 -	}
 -	if (len2 > 0) {
 -		memcpy(d+len1, s, len2);
 -		d[len1+len2] = 0;
 -	}
 -	return ret;
 -}
 -
 /* BB finish BB
         cifs_umount
--- a/samba-3.5.8-mount_disable_setuid_check.patch
+++ b/samba-3.5.8-mount_disable_setuid_check.patch
@ -1,22 +0,0 @@
 Files a/client/.mount.cifs.c.swp and b/client/.mount.cifs.c.swp differ
 diff -Nur a/client/mount.cifs.c b/client/mount.cifs.c
 --- a/client/mount.cifs.c	2010-04-01 15:26:22.000000000 +0200
 +++ b/client/mount.cifs.c	2010-04-15 13:20:41.997470980 +0200
@@ -97,7 +97,7 @@
  * error if it is. If you wish to disable this check, then set the following
  * #define to 1, but please realize that you do so at your own peril.
  */
 -#define CIFS_DISABLE_SETUID_CHECK 0
 +#define CIFS_DISABLE_SETUID_CHECK 1
 /*
  * By default, mount.cifs follows the conventions set forth by /bin/mount
@@ -112,7 +112,7 @@
  * The legacy behavior is now disabled by default. To reenable it, set the
  * following #define to true.
  */
 -#define CIFS_LEGACY_SETUID_CHECK 0
 +#define CIFS_LEGACY_SETUID_CHECK 1
 /*
  * When an unprivileged user runs a setuid mount.cifs, we set certain mount
--- a/samba-4.0.6-libtirpc.patch
+++ b/samba-4.0.6-libtirpc.patch
@ -1,10 +0,0 @@
 --- samba-4.0.0/source3/wscript_build.bero	2012-12-14 16:47:47.124053374 +0100
 +++ samba-4.0.0/source3/wscript_build	2012-12-14 16:49:54.517558570 +0100
@@ -977,6 +977,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                     NDR_SMB_ACL
                     netapi
                     ''' + bld.env['dmapi_lib'],
 +		    ldflags='-ltirpc',
                     private_library=True,
                     vars=locals())
--- a/samba-4.1.14-no-as-needed.patch
+++ b/samba-4.1.14-no-as-needed.patch
@ -1,13 +0,0 @@
 diff -Nru samba-4.1.14.orig/wscript samba-4.1.14/wscript
 --- samba-4.1.14.orig/wscript	2014-12-01 13:48:32.000000000 +0100
 +++ samba-4.1.14/wscript	2014-12-19 16:39:08.460000000 +0100
@@ -155,9 +155,6 @@
     # allows us to find problems on our development hosts faster.
     # It also results in faster load time.
 -    if not sys.platform.startswith("openbsd"):
 -        conf.env.asneeded_ldflags = conf.ADD_LDFLAGS('-Wl,--as-needed', testflags=True)
 -
     if not conf.CHECK_NEED_LC("-lc not needed"):
         conf.ADD_LDFLAGS('-lc', testflags=False)
--- a/samba-4.11.4-glibc-2.30.patch
+++ b/samba-4.11.4-glibc-2.30.patch
@ -1,13 +0,0 @@
 --- a/lib/replace/system/network.h	2019-01-15 21:07:00.000000000 +1100
 +++ b/lib/replace/system/network.h.new	2019-08-27 23:28:56.106742843 +1000
@@ -87,10 +87,6 @@
 #include <sys/uio.h>
 #endif
 -#ifdef HAVE_STROPTS_H
 -#include <stropts.h>
 -#endif
 -
 #ifndef HAVE_SOCKLEN_T
 #define HAVE_SOCKLEN_T
 typedef int socklen_t;
--- a/samba-4.19.4-conf-enable-usershares.patch
+++ b/samba-4.19.4-conf-enable-usershares.patch
@ -0,0 +1,15 @@
 --- samba-4.19.4/examples/smb.conf.default.orig	2024-01-26 18:01:53.376647291 +0100
 +++ samba-4.19.4/examples/smb.conf.default	2024-01-26 18:05:15.617045920 +0100
@@ -112,6 +112,12 @@
 idmap config * : backend = tdb
 idmap config * : range = 3000-7999
 +# Enable support for user configurable shares
 +usershare path = /var/lib/samba/usershares
 +usershare max shares = 100
 +usershare allow guests = yes
 +usershare owner only = yes
 +
 #============================ Share Definitions ==============================
 [homes]
    comment = Home Directories
--- a/86
+++ b/86
@ -1,86 +0,0 @@
 [global]
    unix charset = UTF-8
    netbios name = %HOSTNAME
    server string =
    workgroup = %DOMAIN
    os level = 64
    preferred master = no
    domain master = no
    local master = no
    security = user
    guest account = guest
    passdb backend = smbpasswd
    encrypt passwords = yes
    domain logons = no
    log file = /var/log/samba/log.%m
    log level = 1
    logon path = \\%L\profiles\%U
    logon drive = H:
    logon home = \\%N\home\%u
    logon script = logon.cmd
 #    ldap machine suffix = ou=Machines
 #    ldap user suffix = ou=People
 #    ldap group suffix = ou=Groups
 #    ldap idmap suffix = ou=Idmap
    load printers = yes
    printing = cups
    printcap name = cups
 #    add user script= /usr/lib/samba/sbin/smbldap-useradd -a -m '%u'
 #    delete user script = /usr/lib/samba/sbin/smbldap-userdel %u
 #    add group script = /usr/lib/samba/sbin/smbldap-groupadd -p '%g'
 #    delete group script = /usr/lib/samba/sbin/smbldap-groupdel '%g'
 #    add user to group script = /usr/lib/samba/sbin/smbldap-groupmod -m '%u' '%g'
 #    delete user from group script = /usr/lib/samba/sbin/smbldap-groupmod -x '%u' '%g'
 #    set primary group script = /usr/lib/samba/sbin/smbldap-usermod -g '%g' '%u'
 #    add machine script = /usr/lib/samba/sbin/smbldap-useradd -w '%u'
    map acl inherit = Yes
    winbind separator = /
 [netlogon]
    comment = Network Logon Service
    path = /var/lib/samba/netlogon
    guest ok = Yes
    locking = no
 [profiles]
    comment = Profile Share
    path = /var/lib/samba/profiles
    read only = no
    profile acls = Yes
    create mask = 0600
    directory mask = 0700
 [profdata]
    comment = Profile Data Share
    path = /var/lib/samba/profdata
    read only = No
    profile acls = Yes
 [homes]
    comment = Home Directory for : %u
    path = /home/%u
    read only = No
    browseable = No
    root preexec = /usr/lib/samba/sbin/mkhomedir.sh %u
 [shared]
    comment = Shared files for user %u
    path = /home/%u/shared
 [print$]
    comment = Printer Drivers
    path = /var/lib/samba/drivers
    browseable = yes
    guest ok = no
    read only = yes
    write list = Administrator
 [printers]
    comment = SMB Print spool
    path = /var/spool/samba
    browseable = no
    public = yes
    guest ok = yes
    writable = no
    printable = yes
    printer admin = Administrator, @ntadmins
--- a/samba-mkhomedir.sh
+++ b/samba-mkhomedir.sh
@ -1,34 +0,0 @@
 #!/bin/sh
 # mkhomedir.sh -- automatically create user homedirs for Samba DC users
 # Copyright (C) 2005 Silvan Calarco <silvan.calarco@qilinux.it>
 #
 # This program is free software; you can redistribute it and/or modify it under
 # the terms of the GNU General Public License version 2 as published by the
 # Free Software Foundation.  There is NO warranty; not even for MERCHANTABILITY
 # or FITNESS FOR A PARTICULAR PURPOSE.
 #
 # me=${0##*/}
 [ "$1" ] || {
 echo "Usage: $0 <user>"
 exit 1;
 }
 getent passwd $1 >/dev/null || {
 echo "Error: user $1 does not exits. Exiting."
 exit 1;
 }
 [ -e "/home" ] || {
 echo "Error: directory /home does not exits. Exiting."
 exit 1;
 }
 HOMEUSER=$1
 HOMEDIR=/home/$1
 [ -e "$HOMEDIR" ] && exit 0;
 cp -a /etc/skel $HOMEDIR
 chown -R "$HOMEUSER":"Domain Users" $HOMEDIR
--- a/samba-server.sysusers
+++ b/samba-server.sysusers
@ -0,0 +1,2 @@
 g sambashares -
 u guest 65401:65413 "Samba guest user" /dev/null /bin/false
--- a/samba-smbldap_conf.pm
+++ b/samba-smbldap_conf.pm
@ -1,198 +0,0 @@
 # $Source: /opt/cvs/samba/smbldap-tools/smbldap.conf,v $
 # $Id: smbldap.conf,v 1.17 2005/01/29 15:00:54 jtournier Exp $
 #
 # smbldap-tools.conf : Q & D configuration file for smbldap-tools
 #  This code was developped by IDEALX (http://IDEALX.org/) and
 #  contributors (their names can be found in the CONTRIBUTORS file).
 #
 #                 Copyright (C) 2001-2002 IDEALX
 #
 #  This program is free software; you can redistribute it and/or
 #  modify it under the terms of the GNU General Public License
 #  as published by the Free Software Foundation; either version 2
 #  of the License, or (at your option) any later version.
 #
 #  This program is distributed in the hope that it will be useful,
 #  but WITHOUT ANY WARRANTY; without even the implied warranty of
 #  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #  GNU General Public License for more details.
 #
 #  You should have received a copy of the GNU General Public License
 #  along with this program; if not, write to the Free Software
 #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
 #  USA.
 #  Purpose :
 #       . be the configuration file for all smbldap-tools scripts
 ##############################################################################
 #
 # General Configuration
 #
 ##############################################################################
 # Put your own SID
 # to obtain this number do: net getlocalsid
 SID="S-1-5-21-4054337095-2523087664-1495155603"
 ##############################################################################
 #
 # LDAP Configuration
 #
 ##############################################################################
 # Notes: to use to dual ldap servers backend for Samba, you must patch
 # Samba with the dual-head patch from IDEALX. If not using this patch
 # just use the same server for slaveLDAP and masterLDAP.
 # Those two servers declarations can also be used when you have 
 # . one master LDAP server where all writing operations must be done
 # . one slave LDAP server where all reading operations must be done
 #   (typically a replication directory)
 # Ex: slaveLDAP=127.0.0.1
 slaveLDAP="127.0.0.1"
 slavePort="389"
 # Master LDAP : needed for write operations
 # Ex: masterLDAP=127.0.0.1
 masterLDAP="127.0.0.1"
 masterPort="389"
 # Use TLS for LDAP
 # If set to 1, this option will use start_tls for connection
 # (you should also used the port 389)
 ldapTLS="0"
 # How to verify the server's certificate (none, optional or require)
 # see "man Net::LDAP" in start_tls section for more details
 verify="require"
 # CA certificate
 # see "man Net::LDAP" in start_tls section for more details
 cafile="/etc/samba/smbldap-tools/ca.pem"
 # certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
 clientcert="/etc/samba/smbldap-tools/smbldap-tools.pem"
 # key certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
 clientkey="/etc/samba/smbldap-tools/smbldap-tools.key"
 # LDAP Suffix
 # Ex: suffix=dc=IDEALX,dc=ORG
 suffix="dc=idealx,dc=org"
 # Where are stored Users
 # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
 usersdn="ou=People,${suffix}"
 # Where are stored Computers
 # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
 computersdn="ou=Machines,${suffix}"
 # Where are stored Groups
 # Ex groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
 groupsdn="ou=Groups,${suffix}"
 # Where are stored Idmap entries (used if samba is a domain member server)
 # Ex groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
 idmapdn="ou=Idmap,${suffix}"
 # Where to store next uidNumber and gidNumber available
 sambaUnixIdPooldn="ou=Idmap,${suffix}"
 # Default scope Used
 scope="sub"
 # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
 hash_encrypt="SSHA"
 # if hash_encrypt is set to CRYPT, you may set a salt format.
 # default is "%s", but many systems will generate MD5 hashed
 # passwords if you use "$1$%.8s". This parameter is optional!
 crypt_salt_format="%s"
 ##############################################################################
 # 
 # Unix Accounts Configuration
 # 
 ##############################################################################
 # Login defs
 # Default Login Shell
 # Ex: userLoginShell="/bin/bash"
 userLoginShell="/bin/false"
 # Home directory
 # Ex: userHome="/home/%U"
 userHome="/dev/null"
 # Gecos
 userGecos="System User"
 # Default User (POSIX and Samba) GID
 defaultUserGid="65401"
 # Default Computer (Samba) GID
 defaultComputerGid="65412"
 # Skel dir
 skeletonDir="/etc/skel"
 # Default password validation time (time in days) Comment the next line if
 # you don't want password to be enable for defaultMaxPasswordAge days (be
 # careful to the sambaPwdMustChange attribute's value)
 defaultMaxPasswordAge="99"
 ##############################################################################
 #
 # SAMBA Configuration
 #
 ##############################################################################
 # The UNC path to home drives location (%U username substitution)
 # Ex: \\My-PDC-netbios-name\homes\%U
 # Just set it to a null string if you want to use the smb.conf 'logon home'
 # directive and/or disable roaming profiles
 userSmbHome="\\PDC-SMB3\homes\%U"
 # The UNC path to profiles locations (%U username substitution)
 # Ex: \\My-PDC-netbios-name\profiles\%U
 # Just set it to a null string if you want to use the smb.conf 'logon path'
 # directive and/or disable roaming profiles
 userProfile="\\PDC-SMB3\profiles\%U"
 # The default Home Drive Letter mapping
 # (will be automatically mapped at logon time if home directory exist)
 # Ex: H: for H:
 userHomeDrive="H:"
 # The default user netlogon script name (%U username substitution)
 # if not used, will be automatically username.cmd
 # make sure script file is edited under dos
 # Ex: %U.cmd
 # userScript="startup.cmd" # make sure script file is edited under dos
 userScript="%U.cmd"
 # Domain appended to the users "mail"-attribute
 # when smbldap-useradd -M is used
 mailDomain="idealx.com"
 ##############################################################################
 #
 # SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
 #
 ##############################################################################
 # Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
 # prefer Crypt::SmbHash library
 with_smbpasswd="0"
 smbpasswd="/usr/bin/smbpasswd"
 # Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
 # but prefer Crypt:: libraries
 with_slappasswd="0"
 slappasswd="/usr/sbin/slappasswd"
--- a/15
+++ b/15
@ -1,15 +0,0 @@
 [Desktop Entry]
 Version=1.0
 Encoding=UTF-8
 Name=SWAT
 GenericName=Samba Web Administration tool
 GenericName[fr]=Interface de configuration Web de samba
 GenericName[it]=Interfaccia di amministrazione di Samba
 Comment=Configure Samba via Swat Web interface
 Comment[fr]=Configure Samba depuis l'interface Web Swat
 Comment[it]=Configura Samba con l'interfaccia Web Swat
 Exec=konqueror http://localhost:901
 Type=Application
 Icon=samba
 Terminal=false
 Categories=Application;System;
--- a/samba.spec
+++ b/samba.spec
@ -1,13 +1,6 @@
 %define guest_uid 65401
 %define guest_gid 65413
 #%define squid_groupid 65010
 %define filesharing_gid   14
 %define smbldap_tools_ver 0.9.2
 Name:          samba
 Version:       4.19.4
-Release:       1mamba
+Release:       2mamba
 Summary:       Samba provides seamless file and print services to SMB/CIFS clients
 Group:         System/Servers
 Vendor:        openmamba
@ -15,19 +8,11 @@ Distribution:  openmamba
 Packager:      Silvan Calarco <silvan.calarco@mambasoft.it>
 URL:           https://www.samba.org
 Source0:       http://us1.samba.org/samba/ftp/stable/samba-%{version}.tar.gz
-Source1:       samba-conf
+Source1:       samba.sysusers
-Source9:       samba-smbldap_conf.pm
+Source2:       samba-server.sysusers
 Source10:      samba-mkhomedir.sh
 Source11:      samba-swat_desktopfile
 Source13:      winbind-nm-dispatcher
-Patch0:        samba-4.0.6-libtirpc.patch
+Patch0:        samba-4.9.4-conf-idmap.patch
-Patch1:        samba-4.1.14-no-as-needed.patch
+Patch1:        samba-4.19.4-conf-enable-usershares.patch
 # openmamba patches:
 Patch2:        samba-4.9.4-conf-idmap.patch
 Patch10:       %{name}-3.0.23-smbldaptools-rootbinddn.patch
 Patch11:       %{name}-3.2.4-remove_strlcpy_strlcat.patch
 Patch12:       %{name}-3.5.8-mount_disable_setuid_check.patch
 Patch13:       samba-4.11.4-glibc-2.30.patch
 License:       GPL
 ## AUTOBUILDREQ-BEGIN
 BuildRequires: glibc-devel
@ -232,10 +217,8 @@ This package contains the winbind daemon and the wbinfo tool.
 %setup -q
 #-D -T
 #:<< _EOF
-#%patch0 -p1
+%patch 0 -p1
-#%patch1 -p1
+%patch 1 -p1
 %patch 2 -p1
 #%patch13 -p1
 %build
 #:<< _EOF
@ -274,25 +257,6 @@ PATH=/usr/bin:$PATH \
   --python=%{__python3} \
   PYTHON=%{__python3}
 # ARM: building with-systme-mitkrb5 to bypass atomic link problem with embedded build
 #   --bundled-libraries=wind,roken,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,\
 #kdc,ntdb,subunit
 #   --with-pam_smbpass \
 #   --with-rootsbindir=/sbin \
 #   --enable-shared \
 #   --enable-static
 #   --with-libsmbclient \
 #   --with-libsmbsharemodes \
 #   --without-cisupcall \
 #   --with-ldapsam \
 #   --with-swat-dir=%{_datadir}/samba/swat \
 #   --with-python
 #waf %{?_smp_mflags} build
 #export LIBS="-ltirpc -ltermcap"
 %make
 %install
@ -306,22 +270,12 @@ install -d %{buildroot}/var/spool/samba
 install -d %{buildroot}%{_sysconfdir}/samba/private
 ##% makeinstall -C %{_builddir}/%{name}-%{version}/source3
 #waf --destdir=%{buildroot} install
 #
 #rm -rf %{buildroot}/usr/private
 #
 install -D -m 0664 examples/smb.conf.default %{buildroot}%{_sysconfdir}/samba/smb.conf
 sed -i "s|/usr/local/samba/var/log|/var/log/samba/log|;\
        s|/usr/local/samba/lib/|/var/lib/samba/|;\
        s|/usr/spool/samba|/var/spool/samba|;" \
   %{buildroot}%{_sysconfdir}/samba/smb.conf
-#
+
 #systemd
 #for f in samba nmb smb winbind; do
 #   install -D -m0644 packaging/systemd/$f.service %{buildroot}%{_unitdir}/$f.service
 #done
 #sed -i "s|/var/run/|/run/|" packaging/systemd/samba.conf.tmp
 install -D -m0644 packaging/systemd/samba.conf.tmp %{buildroot}%{_tmpfilesdir}/samba.conf
 sed -i "s|/var/run/samba|/run/samba|" %{buildroot}%{_tmpfilesdir}/samba.conf
@ -331,6 +285,9 @@ install -D -m 0644 examples/LDAP/samba.schema \
 install -d %{buildroot}%{_prefix}/lib/cups/backend
 ln -s %{_bindir}/smbspool %{buildroot}%{_prefix}/lib/cups/backend/smb
 install -D -m0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/samba.conf
 install -D -m0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/samba-server.conf
 install -D -m0755 %{S:13} %{buildroot}%{_sysconfdir}/NetworkManager/dispatcher.d/10_winbind
 # cifs.upcall is installed in arm build; --without-cisupcall seems uneffective
@ -345,27 +302,18 @@ enable smb
 disable winbind
 _EOF
 # Usershares folder
 mkdir %{buildroot}%{_localstatedir}/lib/samba/usershares
 %clean
 [ "%{buildroot}" != / ] && rm -rf %{buildroot}
 %pre
-if [ $1 -ge 1 ]; then
+%sysusers_create_package samba %{SOURCE1}
 # new install or update
   getent group filesharing >/dev/null || \
      groupadd filesharing -g %{filesharing_gid}
 fi
 :
 %pre server
-if [ $1 -ge 1 ]; then
+%sysusers_create_package samba-server %{SOURCE2}
 # new install or update
   getent group guest > /dev/null || groupadd guest -g %{guest_gid}
   getent passwd guest >/dev/null || 
      useradd guest -c "Samba guest user" -d /dev/null \
         -s /bin/false -u %{guest_uid} -g %{guest_gid} > /dev/null
 fi
 %systemd_pre nmb
 %systemd_pre smb
 :
 %post server
@ -470,15 +418,9 @@ fi
 %defattr(-,root,root)
 %config %dir %{_sysconfdir}/samba
 %config %dir %{_sysconfdir}/samba/private
 #%config(noreplace) %{_sysconfdir}/samba/lmhosts
 #%config(noreplace) %{_sysconfdir}/samba/smbusers
 %attr(664,root,filesharing) %config(noreplace) %{_sysconfdir}/samba/smb.conf
 %attr(644,root,root) %{_sysconfdir}/openldap/schema/samba.schema
 #%{_bindir}/async_connect_send_test
 #%{_bindir}/smbta-util
 %{_bindir}/dumpmscat
 #%{_bindir}/findsmb
 #%{_bindir}/mdfind
 %{_bindir}/mdsearch
 %{_bindir}/mvxattr
 %{_bindir}/net
@ -496,15 +438,13 @@ fi
 %{_bindir}/smbget
 %{_bindir}/smbpasswd
 %{_bindir}/smbspool
 #%{_bindir}/smbspool_krb5_wrapper
 %{_bindir}/smbstatus
 %{_bindir}/smbtar
 %{_bindir}/smbtree
 %{_bindir}/testparm
 %{_sbindir}/eventlogadm
 %{_sysusersdir}/samba.conf
 %dir %{_libdir}/samba
 #%dir %{_libdir}/samba/auth
 #%{_libdir}/samba/auth/*.so
 %dir %{_libdir}/samba/krb5
 %{_libdir}/samba/krb5/*.so
 %dir %{_libdir}/samba/idmap
@ -532,32 +472,25 @@ fi
 %files -n lib%{name}
 %defattr(-,root,root)
 #%{_libdir}/libdcerpc-atsvc.so.*
 %{_libdir}/libdcerpc-binding.so.*
 %{_libdir}/libdcerpc-server.so.*
 %{_libdir}/libdcerpc-server-core.so.*
 %{_libdir}/libdcerpc.so.*
 %{_libdir}/libdcerpc-samr.so.*
 %{_libdir}/libndr-krb5pac.so.*
 #%{_libdir}/libgensec.so.*
 %{_libdir}/libndr-nbt.so.*
 %{_libdir}/libndr-standard.so.*
 %{_libdir}/libndr.so.*
 %{_libdir}/libsamba-credentials.so.*
 %{_libdir}/libsamba-errors.so.*
 %{_libdir}/libsamba-hostconfig.so.*
 #%{_libdir}/libpdb.so.*
 #%{_libdir}/libregistry.so.*
 %{_libdir}/libsamba-passdb.so.*
 %{_libdir}/libsamba-policy.cpython-*.so.*
 %{_libdir}/libsamba-util.so.*
 %{_libdir}/libsamdb.so.*
 %{_libdir}/libsmbconf.so.*
 %{_libdir}/libsmbldap.so.*
 #%{_libdir}/libtevent-unix-util.so.*
 %{_libdir}/libtevent-util.so.*
 #%{_libdir}/libtorture.so.*
 #%{_libdir}/samba/lib*-samba4.so.*
 %{_libdir}/samba/lib*-samba4.so
 %ifarch arm
 %{_libdir}/krb5/plugins/kdb/samba.so
@ -573,19 +506,15 @@ fi
 %exclude %{_includedir}/samba-4.0/libsmbclient.h
 %exclude %{_includedir}/samba-4.0/netapi.h
 %exclude %{_includedir}/samba-4.0/wbclient.h
 #%{_libdir}/libdcerpc-atsvc.so
 %{_libdir}/libdcerpc-binding.so
 %{_libdir}/libdcerpc-samr.so
 %{_libdir}/libdcerpc-server.so
 %{_libdir}/libdcerpc-server-core.so
 %{_libdir}/libdcerpc.so
 #%{_libdir}/libgensec.so
 %{_libdir}/libndr-krb5pac.so
 %{_libdir}/libndr-nbt.so
 %{_libdir}/libndr-standard.so
 %{_libdir}/libndr.so
 #%{_libdir}/libpdb.so
 #%{_libdir}/libregistry.so
 %{_libdir}/libsamba-credentials.so
 %{_libdir}/libsamba-errors.so
 %{_libdir}/libsamba-hostconfig.so
@ -595,33 +524,24 @@ fi
 %{_libdir}/libsamdb.so
 %{_libdir}/libsmbconf.so
 %{_libdir}/libsmbldap.so
 #%{_libdir}/libtevent-unix-util.so
 %{_libdir}/libtevent-util.so
 #%{_libdir}/libtorture.so
 #%{_libdir}/mit_samba.so
 %{_libdir}/pkgconfig/dcerpc.pc
 #%{_libdir}/pkgconfig/dcerpc_atsvc.pc
 %{_libdir}/pkgconfig/dcerpc_samr.pc
 %{_libdir}/pkgconfig/dcerpc_server.pc
 #%{_libdir}/pkgconfig/gensec.pc
 %{_libdir}/pkgconfig/ndr.pc
 %{_libdir}/pkgconfig/ndr_krb5pac.pc
 %{_libdir}/pkgconfig/ndr_nbt.pc
 %{_libdir}/pkgconfig/ndr_standard.pc
 #%{_libdir}/pkgconfig/registry.pc
 %{_libdir}/pkgconfig/samba-credentials.pc
 %{_libdir}/pkgconfig/samba-hostconfig.pc
 %{_libdir}/pkgconfig/samba-policy.cpython-*.pc
 %{_libdir}/pkgconfig/samba-util.pc
 %{_libdir}/pkgconfig/samdb.pc
 #%{_libdir}/pkgconfig/torture.pc
 #%{_libdir}/winbind_krb5_locator.so
 %{_libexecdir}/samba/smbspool_krb5_wrapper
 %files server
 %defattr(-,root,root)
 %config(noreplace) %{_sysconfdir}/sysconfig/samba
 #/etc/pam.d/samba
 %{_sbindir}/nmbd
 %{_sbindir}/smbd
 %{_prefix}/lib/cups/backend/smb
@ -633,11 +553,11 @@ fi
 %dir %attr(1777,root,root) /var/spool/samba
 %dir %attr(755,root,root) /var/lock/samba
 %dir %attr(755,root,root) /var/lock/samba/msg.lock
-#/%{_lib}/security/pam_smbpass.so
+%dir %attr(1770,root,sambashares) %{_localstatedir}/lib/samba/usershares
 %{_sysusersdir}/samba-server.conf
 %{_tmpfilesdir}/samba.conf
 %{_unitdir}/nmb.service
 %{_unitdir}/smb.service
 #%{_libdir}/libnss_wins.so
 %{_libdir}/libnss_wins.so.2
 %{_mandir}/man5/*
 %{_mandir}/man7/*
@ -652,12 +572,7 @@ fi
 %{_bindir}/locktest
 %{_bindir}/masktest
 %{_bindir}/ndrdump
 #%{_bindir}/ntdbbackup
 #%{_bindir}/ntdbdump
 #%{_bindir}/ntdbrestore
 #%{_bindir}/ntdbtool
 %{_bindir}/oLschema2ldif
 #%{_bindir}/pidl
 %{_bindir}/regdiff
 %{_bindir}/regpatch
 %{_bindir}/regshell
@ -685,36 +600,18 @@ fi
 %dir %{_libdir}/samba/service
 %{_libdir}/samba/service/*.so
 %dir /var/cache/samba
 #%dir %{perl_vendorlib}/Parse
 #%{perl_vendorlib}/Parse/*
 #%{_mandir}/man3/Parse::Pidl::*.3pm*
 #%{_mandir}/man3/ntdb.3*
 %files -n libsmbclient
 %defattr(-,root,root)
 %{_libdir}/libsmbclient.so.*
 #%{_libdir}/libsmbclient-raw.so.*
 %files -n libsmbclient-devel
 %defattr(-,root,root)
 %{_includedir}/samba-*/libsmbclient.h
 %{_libdir}/libsmbclient.so
 #%{_libdir}/libsmbclient-raw.so
 #%{_libdir}/pkgconfig/smbclient-raw.pc
 %{_libdir}/pkgconfig/smbclient.pc
 #%files -n libsmbsharemodes
 #%defattr(-,root,root)
 #%{_libdir}/libsmbsharemodes.so.*
 #%files -n libsmbsharemodes-devel
 #%defattr(-,root,root)
 #%{_includedir}/samba-*/smb_share_modes.h
 #%{_libdir}/libsmbsharemodes.so
 #%{_libdir}/pkgconfig/smbsharemodes.pc
 %files -n libnetapi
 #-f net.lang
 %defattr(-,root,root)
 %{_libdir}/libnetapi.so.*
@ -734,32 +631,25 @@ fi
 %{_libdir}/libwbclient.so
 %{_libdir}/pkgconfig/wbclient.pc
 #%files swat
 #%defattr(-,root,root)
 #%{_sbindir}/swat
 #%config(noreplace) /etc/xinetd.d/swat
 #%dir %{_datadir}/samba/swat
 #%{_datadir}/samba/swat/*
 #%{_datadir}/applications/samba-swat.desktop
 %files winbind
 #-f pam_winbind.lang
 %defattr(-,root,root)
 %{_sysconfdir}/NetworkManager/dispatcher.d/10_winbind
 %config(noreplace) %{_sysconfdir}/security/pam_winbind.conf
 %{_bindir}/ntlm_auth
 %{_bindir}/wbinfo
 %{_sbindir}/winbindd
 #%{_libdir}/libnss_winbind.so
 %{_libdir}/libnss_winbind.so.*
 %{_libdir}/security/pam_winbind.so
 %{_unitdir}/winbind.service
 #%dir %attr(750,root,%{squid_groupid}) /var/lib/samba/winbindd_privileged
 %{_mandir}/man1/ntlm_auth.*
 %{_mandir}/man1/wbinfo.*
 %{_mandir}/man8/winbindd.*
 %changelog
 * Fri Jan 26 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 4.19.4-2mamba
 - enable support for user shares by default and add sambashares group as expected by kde plasma
 - use systemd sysusers file to create groups and users
 * Tue Jan 09 2024 Automatic Build System <autodist@openmamba.org> 4.19.4-1mamba
 - automatic version update by autodist
--- a/samba.sysusers
+++ b/samba.sysusers
@ -0,0 +1 @@
 g filesharing 14
		`@ -0,0 +1,2 @@`
							`g sambashares -`
							`u guest 65401:65413 "Samba guest user" /dev/null /bin/false`