smeserver/smeserver-samba
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-samba on Sat Mar 23 16:28:38 AEDT 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-03-23 16:28:38 +11:00
parent 83e7d8b945
commit d602d07ac3
199 changed files with 3955 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
root/etc/e-smith/db/accounts/defaults/netlogon/Comment Normal file
View File

@@ -0,0 +1 @@
placeholder for netlogon share

1
root/etc/e-smith/db/accounts/defaults/netlogon/type Normal file
View File

@@ -0,0 +1 @@
netlogon

1
root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupKDC Normal file
View File

@@ -0,0 +1 @@
true

1
root/etc/e-smith/db/configuration/defaults/krb5/DNSLookupRealm Normal file
View File

@@ -0,0 +1 @@
false

1
root/etc/e-smith/db/configuration/defaults/krb5/type Normal file
View File

@@ -0,0 +1 @@
configuration

1
root/etc/e-smith/db/configuration/defaults/nmbd/UDPPorts Normal file
View File

@@ -0,0 +1 @@
137,138

1
root/etc/e-smith/db/configuration/defaults/nmbd/access Normal file
View File

@@ -0,0 +1 @@
private

1
root/etc/e-smith/db/configuration/defaults/nmbd/status Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/nmbd/type Normal file
View File

@@ -0,0 +1 @@
service

1
root/etc/e-smith/db/configuration/defaults/smb/DeadTime Normal file
View File

@@ -0,0 +1 @@
10080

1
root/etc/e-smith/db/configuration/defaults/smb/KeepVersions Normal file
View File

@@ -0,0 +1 @@
disabled

1
root/etc/e-smith/db/configuration/defaults/smb/OpLocks Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/smb/OsLevel Normal file
View File

@@ -0,0 +1 @@
35

1
root/etc/e-smith/db/configuration/defaults/smb/RecycleBin Normal file
View File

@@ -0,0 +1 @@
disabled

1
root/etc/e-smith/db/configuration/defaults/smb/RoamingProfiles Normal file
View File

@@ -0,0 +1 @@
no

1
root/etc/e-smith/db/configuration/defaults/smb/ServerRole Normal file
View File

@@ -0,0 +1 @@
WS

1
root/etc/e-smith/db/configuration/defaults/smb/ShadowCount Normal file
View File

@@ -0,0 +1 @@
10

1
root/etc/e-smith/db/configuration/defaults/smb/ShadowDir Normal file
View File

@@ -0,0 +1 @@
/home/e-smith/files/.shadow

1
root/etc/e-smith/db/configuration/defaults/smb/UnixCharSet Normal file
View File

@@ -0,0 +1 @@
UTF8

1
root/etc/e-smith/db/configuration/defaults/smb/UseClientDriver Normal file
View File

@@ -0,0 +1 @@
yes

1
root/etc/e-smith/db/configuration/defaults/smb/Workgroup Normal file
View File

@@ -0,0 +1 @@
sme-server

1
root/etc/e-smith/db/configuration/defaults/smb/status Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/smb/type Normal file
View File

@@ -0,0 +1 @@
service

1
root/etc/e-smith/db/configuration/defaults/smbd/TCPPorts Normal file
View File

@@ -0,0 +1 @@
139,445

1
root/etc/e-smith/db/configuration/defaults/smbd/access Normal file
View File

@@ -0,0 +1 @@
private

1
root/etc/e-smith/db/configuration/defaults/smbd/status Normal file
View File

@@ -0,0 +1 @@
enabled

1
root/etc/e-smith/db/configuration/defaults/smbd/type Normal file
View File

@@ -0,0 +1 @@
service

9
root/etc/e-smith/db/configuration/migrate/30smbServerName Normal file
View File

@@ -0,0 +1,9 @@
{
# Set ServerName to SystemName after inital configuration.
my $smb = $DB->get('smb') || return;
my $srvName = $smb->prop('ServerName') || 'sme-server';
my $sysName = $DB->get('SystemName') || return;
return unless $srvName =~ m#sme-server#;
$smb->set_prop('ServerName', $sysName->value);
}

7
root/etc/e-smith/db/configuration/migrate/31smbDisplayCharset Normal file
View File

@@ -0,0 +1,7 @@
{
# Display Charset has been dropped in Samba 4
my $a = $DB->get("smb") or return;
return unless (exists $smb{'DisplayCharSet'});
$DB->get_prop_and_delete('smb', 'DisplayCharSet');
}

56
root/etc/e-smith/events/actions/cleanup-domains Normal file
View File

@@ -0,0 +1,56 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::util;
use Net::LDAP;
my $c = esmith::ConfigDB->open_ro;
# Don't attempt to update ldap unles master
exit(0) unless ($c->get('ldap')->prop('Authentication') || 'disabled') eq 'enabled';
my $l = $c->get('ldap');
my $status = $l->prop('status') || "disabled";
unless ($status eq "enabled" )
{
warn "Not running action script $0, LDAP service not enabled!\n";
exit(0);
}
my $domain = $c->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $base = esmith::util::ldapBase ($domain);
my $pw = esmith::util::LdapPassword();
my $ldap = Net::LDAP->new('localhost')
or die "$@";
$ldap->bind(
dn => "cn=root,$base",
password => $pw
);
my $smb = $c->get('smb');
my $domName = $smb->prop('Workgroup') || 'sme-server';
if ( ($smb->prop('ServerRole') || 'WS') eq 'WS' )
{
$domName = $smb->prop('ServerName') || 'sme-server';
}
my $result = $ldap->search( base => $base,
filter => "(&(objectClass=sambaDomain)(!(sambaDomainName=$domName)))",
scope => 'one'
);
die "failed looking up sambaDomainName entry: ", $result->error if $result->code;
foreach ($result->entries)
{
$_->delete;
$_->update($ldap);
}

140
root/etc/e-smith/events/actions/create-machine-account Normal file
View File

@@ -0,0 +1,140 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.e-smith.com for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use esmith::util;
my $a = esmith::AccountsDB->open || die "Couldn't open accounts db\n";
my $c = esmith::ConfigDB->open_ro || die "Could not open Config DB";
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $c->get('DomainName')->value();
my $base = esmith::util::ldapBase ($domain);
my $event = $ARGV [0];
my $machineName = $ARGV [1];
die "machine name $machineName is not a valid machine account name"
unless ( $machineName =~ /\$$/ );
my $m = $a->get($machineName);
if ($m)
{
my $type = $m->prop('type');
die "$machineName is not a machine account"
unless ($type eq "machine");
}
else
{
# Auto-create the accounts database entry. This is bad form, but
# the Samba "add user script" is called as the user "admin", who
# does not currently have permissions to write to the config database
$m = $a->new_record($machineName, {type => "machine"});
}
my $lock = undef;
my $uid;
unless ($uid = $m->prop('Uid'))
{
use esmith::lockfile;
$lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts");
$uid = $a->get_next_uid;
$m->set_prop('Uid', $uid);
}
my $gid = $m->prop('Gid') || $uid;
# We really, really need to be root to run "passwd -l"
esmith::util::setRealToEffective();
warn "create-machine-account $machineName: Creating Unix user and group\n";
if ($ldapauth ne 'enabled')
{
# Create the machine's unique group first
system(
"/usr/sbin/groupadd",
"-g",
$gid,
$machineName
) == 0 or ( $x = 255, warn "Failed to create (unix) group $machineName.\n" );
# Now create the machine account
system(
"/usr/sbin/useradd",
"-u", $uid,
"-g", $gid,
"-c", "Hostname account for $machineName",
"-M",
"-d", "/noexistingpath",
"-s", "/bin/false",
"$machineName"
) == 0 or ( $x = 255, warn "Failed to create (unix) account $machineName.\n" );
system("/usr/bin/passwd", "-l", "$machineName") == 0
or ( $x = 255, warn "Failed locking (unix) password for $machineName\n" );
}
# Create the machine's unique group first (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
"-g", $gid,
"-o",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" );
# Now create the machine account (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
"-u", $uid,
"-g", $gid,
"--userbase=ou=Computers,$base",
"-c", "Hostname account for $machineName",
"-o",
"-d", "/noexistingpath",
"-s", "/bin/false",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $machineName.\n" );
warn "create-machine-account $machineName: Locking account\n";
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
"--userbase=ou=Computers,$base",
"-o",
"-L",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed locking (ldap) password for $machineName\n" );
if ($ldapauth ne 'enabled')
{
warn "create-machine-account $machineName: Creating smbpasswd account\n";
system("/usr/bin/smbpasswd", "-a", "-m", "$machineName") == 0
or warn "Could not create smb password entry for $machineName\n";
}
exit ($x);

2
root/etc/e-smith/events/actions/delete-smbpasswd Normal file
View File

@@ -0,0 +1,2 @@
#! /bin/sh
exec rm -f /etc/samba/smbpasswd

6
root/etc/e-smith/events/actions/delete_printer_tdb Normal file
View File

@@ -0,0 +1,6 @@
#! /bin/sh
ACTION=$1
PRINTER=$2
exec rm -f /var/cache/samba/printing/$PRINTER.tdb

130
root/etc/e-smith/events/actions/shadow-copy-rotate Normal file
View File

@@ -0,0 +1,130 @@
#!/usr/bin/perl
use strict;
use warnings;
use POSIX qw(strftime);
use File::Path;
use File::Basename;
use esmith::ConfigDB;
use esmith::AccountsDB;
# Routines taken from powershift of rlbackup
sub stagger;
sub powershift;
sub shadowdir;
sub rmshadow;
my $cdb = esmith::ConfigDB->open_ro;
my $adb = esmith::AccountsDB->open_ro();
my $smb = $cdb->get('smb') or die "No smb db entry found\n";
my $shadowdir = $smb->prop('ShadowDir') || '/home/e-smith/files/.shadow';
my $shadowcopy = $smb->prop('ShadowCopy') || 'disabled';
my $offset = ($smb->prop('ShadowCount') || 2) - 2;
$offset = 0 if $offset < 0;
exit unless -d $shadowdir;
exit if $shadowcopy eq 'disabled';
my $filesdir = '/home/e-smith/files';
my $snapfmt = '@GMT-%Y.%m.%d-%H.%M.%S';
# Switch old shadow directories to new format
opendir(SHADOW, $shadowdir);
foreach my $s ( grep { /^\d/ && ! -l "$shadowdir/$_" && -d "$shadowdir/$_" } readdir SHADOW ) {
my @stat = stat("$shadowdir/$s");
rename "$shadowdir/$s", "$shadowdir/".strftime($snapfmt, gmtime($stat[9]));
symlink strftime($snapfmt, gmtime($stat[9])), "$shadowdir/$s";
}
closedir(SHADOW);
# remove old symlinks in ibays
foreach my $ibay ($adb->ibays()) {
my $ibaydir = 'ibays/' . $ibay->key . ( $ibay->prop('PublicAccess') eq 'none' ? '/files' : '' );
opendir(IBAY, "$filesdir/$ibaydir") || next;
unlink "$filesdir/$ibaydir/$_" foreach (grep /^\@GMT-/, readdir(IBAY));
closedir(IBAY);
}
# remove old symlinks in ibays
foreach my $user ($adb->users()) {
my $userdir = 'users/' . $user->key . '/home';
opendir(USER, "$filesdir/$userdir") || next;
unlink "$filesdir/$userdir/$_" foreach (grep /^\@GMT-/, readdir(USER));
closedir(USER);
}
# Create sync point if it doesn't already exist
my $snapdir = strftime($snapfmt, gmtime(time));
if ( -d "$shadowdir/0" ) {
rename "$shadowdir/".readlink("$shadowdir/0"), "$shadowdir/$snapdir";
unlink "$shadowdir/0";
} else {
mkdir "$shadowdir/$snapdir";
}
symlink "$snapdir", "$shadowdir/0";
# Create list of ibays and users to shadow
my ($ibays, $users, $link) = ('','','');
my @ibays = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->ibays();
$ibays = "$filesdir/./ibays/{" . join(',', map { $_->key } @ibays) . "}/" if scalar @ibays > 1;
$ibays = "$filesdir/./ibays/" . $ibays[0]->key . "/" if scalar @ibays == 1;
my @users = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->users();
$users = "$filesdir/./users/{" . join(',', map { $_->key } @users) . "}/home/" if scalar @users > 1;
$users = "$filesdir/./users/" . $users[0]->key . "/home/" if scalar @users == 1;
$link = "--link-dest ../1" if -d "$shadowdir/1";
# Sync directories to shadow directory
if ( $ibays || $users) {
system("rsync -aHmR --partial --delete --delete-excluded --exclude 'aquota.*' $link $ibays $users $shadowdir/0/") == 0
or die "Couldn't sync directories";
}
# Shift directories using geometric roll-off (only if different)
if ( -d "$shadowdir/1" ) {
if (system("diff -qr $shadowdir/0 $shadowdir/1 &> /dev/null") == 0) {
rmshadow("$shadowdir/0");
} else {
powershift(2) if -d shadowdir(-$offset);
for (my $i=2; $i >= -$offset; $i--) {
rename shadowdir($i), shadowdir($i+1)
}
}
} else {
rename "$shadowdir/0", "$shadowdir/1";
}
sub rmshadow {
my $d = shift;
if ( -l "$d" ) {
rmtree dirname($d)."/".readlink($d);
unlink "$d";
} elsif ( -d "$d" ) {
rmtree "$d"
}
}
sub shadowdir {
my $i = shift;
return "$shadowdir/".($i+$offset);
}
sub stagger {
my $i = shift;
return $i + ($i >> 1);
}
sub powershift {
my $i = shift;
if ( -d shadowdir(stagger($i)) ) {
my $n = powershift($i << 1);
$i = $n >> 1;
rename shadowdir(stagger($i)), shadowdir($n) if -d shadowdir(stagger($i));
rmshadow(shadowdir($i));
} else {
rename shadowdir($i), shadowdir(stagger($i)) if -d shadowdir($i);
}
return $i;
}

40
root/etc/e-smith/events/actions/store-ldap-smbpasswd Normal file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# daniel@firewall-services.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use esmith::ConfigDB;
use esmith::util;
my $c = esmith::ConfigDB->open_ro;
my $l = $c->get('ldap') || die "ldap service not found\n";
my $s = $l->prop('status') || 'disabled';
unless ( $s eq 'enabled' ){
warn "Not running action script $0, LDAP service not enabled!\n";
exit(0);
}
exit(0) unless ($l->prop('Authentication') || 'disabled') eq 'enabled';
my $domain = $c->get("DomainName")
|| die("Could not determine domain name");
my $base = esmith::util::ldapBase ($domain->value);
my $pw = esmith::util::LdapPassword();
die "Error storing LDAP password in secret.tdb\n" unless
system('/usr/bin/smbpasswd', '-w', "$pw") == 0;

106
root/etc/e-smith/events/actions/update-domain-group-maps Normal file
View File

@@ -0,0 +1,106 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use esmith::util;
# events: console-save, bootstrap-console-save, group-modify-samba, group-create
# post-install, post-upgrade, workgroup-update
my $debug = "--debuglevel=1";
my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $pw = esmith::util::LdapPassword();
my $g = `/usr/bin/net getlocalsid`;
unless ($g =~ /SID.*is: (.+)/) {
warn "Unable to determine SID. Clearning cache to see if it helps.";
rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time;
rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time;
rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
$g = `/usr/bin/net getlocalsid`;
$g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
if ($ldapauth eq 'enabled')
{
# Add the LDAP admin password in secret.tdb
warn "Couldn't add LDAP password in secret.tdb\n" unless
system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
}
}
my $local_sid = $1;
my %mappings = (
'Domain Admins' => 'admin',
'Domain Users' => 'shared',
'Domain Guests' => 'nobody',
(map { $_->prop('FirstName')." ".$_->prop('LastName'), $_->key } $a->users()),
(map { $_->prop('Description'), $_->key } $a->groups()));
$mappings{$a->get_prop('admin','FirstName')." ".$a->get_prop('admin','LastName')} = 'admin' unless $mappings{'Domain Admins'} eq 'admin';
my %ridmap = (
'Domain Admins' => '512',
'Domain Users' => '513',
'Domain Guests' => '514');
my %sidmap = ();
foreach (`/usr/bin/net groupmap list`)
{
chomp;
if (/^(.*?) \((S-.*-(\d+))\) -> (.*)$/)
{
my ($nt, $sid, $rid, $group) = ($1, $2, $3, $4);
# Skip local groups
next if ($sid =~ /^S-1-5-32-\d+$/);
if (exists $mappings{$nt})
{
if ($ridmap{$nt} && $ridmap{$nt} ne $rid)
{
# Wrong (old?) sid
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
elsif ($sid =~ /^$local_sid-/)
{
my $ug = $mappings{$nt};
if ($group eq $ug)
{
$sidmap{$nt} = 'done';
}
else
{
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
else
{
# Wrong (old?) sid
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
else
{
# Non existant group
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
}
foreach (keys %mappings)
{
next if $sidmap{$_} && $sidmap{$_} eq 'done';
system('/usr/bin/net',$debug,
'groupmap','add',
"ntgroup=$_",
"unixgroup=" . $mappings{$_},
$ridmap{$_} ? "rid=$ridmap{$_}" : (),
$sidmap{$_} && ! $ridmap{$_} ? "sid=$sidmap{$_}" : (),
'type=d');
}

59
root/etc/e-smith/events/actions/user-create-profiledir Normal file
View File

@@ -0,0 +1,59 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::util;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
my $event = $ARGV [0];
my @users = ('admin', map { $_->key } $adb->users);
my @newusers = ( not defined $ARGV[1] ) ? @users : $ARGV[1] ;
foreach my $user ( @newusers )
{
die "$user is not a user account\n"
unless ( grep /^$user$/, @users );
my @dirs = ("/home/e-smith/files/samba/profiles/$user","/home/e-smith/files/samba/profiles/${user}.V2",
"/home/e-smith/files/samba/profiles/${user}.V3","/home/e-smith/files/samba/profiles/${user}.V4",
"/home/e-smith/files/samba/profiles/${user}.V5","/home/e-smith/files/samba/profiles/${user}.V6");
foreach my $dir (@dirs)
{
my $pre_existing = ( -d $dir );
$pre_existing || mkdir $dir, 700 || die "Couldn't create directory $dir\n";
chmod 0700, $dir; # Remove setgid bit
next if $pre_existing;
esmith::util::chownFile($user, $user, $dir) ||
die "Couldn't change ownership of $dir\n";
}
}
exit (0);

50
root/etc/e-smith/events/actions/user-delete-profiledir Normal file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use File::Path;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
my $event = $ARGV [0];
my $account = $ARGV [1];
$a = $adb->get($account) || undef;
unless ( defined $a && $a->prop('type') eq "user-deleted" )
{
warn "$account is not a user account\n";
exit (0);
}
my @dirs = ("/home/e-smith/files/samba/profiles/$account","/home/e-smith/files/samba/profiles/$account.V2",
"/home/e-smith/files/samba/profiles/$account.V3","/home/e-smith/files/samba/profiles/$account.V4",
"/home/e-smith/files/samba/profiles/$account.V5","/home/e-smith/files/samba/profiles/$account.V6");
foreach (@dirs) {
next unless -d $_;
rmtree( $_ ) || die "Couldn't remove tree $_\n";
}
exit (0);

0
root/etc/e-smith/events/bootstrap-console-save/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/console-save/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/group-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/group-delete/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/group-modify/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/ibay-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/ibay-delete/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/ibay-modify-servers/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/ibay-modify/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/machine-account-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/network-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/network-delete/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/post-install/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/post-upgrade/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/printer-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/printer-delete/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/user-create/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/user-delete/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/user-modify/.gitignore vendored Normal file
View File

0
root/etc/e-smith/events/workgroup-update/.gitignore vendored Normal file
View File

85
root/etc/e-smith/locale/en-us/etc/e-smith/web/functions/workgroup Normal file
View File

@@ -0,0 +1,85 @@
<!-- vim: ft=xml:
-->
<lexicon lang="en-us">
<entry>
<base>FORM_TITLE</base>
<trans>Change workgroup settings</trans>
</entry>
<entry>
<base>DESC_WORKGROUP</base>
<trans>
<![CDATA[
Enter the name of the Windows workgroup that this server should appear in.
]]>
</trans>
</entry>
<entry>
<base>LABEL_WORKGROUP</base>
<trans>Windows workgroup</trans>
</entry>
<entry>
<base>DESC_SERVERNAME</base>
<trans>Enter the name that this server should use for
Windows and Macintosh file sharing.</trans>
</entry>
<entry>
<base>LABEL_SERVERNAME</base>
<trans>Server Name</trans>
</entry>
<entry>
<base>DESC_PDC</base>
<trans><![CDATA[Should this server act as the workgroup
and domain controller on your Windows network? You should leave
this set to <b>No</b> if another server is already performing this
role on your network.]]>
</trans>
</entry>
<entry>
<base>LABEL_PDC</base>
<trans>Workgroup and Domain Controller</trans>
</entry>
<entry>
<base>DESC_ROAM</base>
<trans><![CDATA[
Should this server support roaming profiles?
You should leave this set to the default of <b>No</b> unless you have
experience administering server-based Windows roaming profiles and
know that this feature is required.
]]>
</trans>
</entry>
<entry>
<base>LABEL_ROAM</base>
<trans>Roaming profiles</trans>
</entry>
<entry>
<base>SUCCESS</base>
<trans>
The new workgroup settings have been saved
</trans>
</entry>
<entry>
<base>INVALID_WORKGROUP</base>
<trans>The workgroup name must begin with a letter (upper or lower
case), followed by any combination of letters, numbers,
underscores, periods and hyphens.
</trans>
</entry>
<entry>
<base>INVALID_SERVERNAME</base>
<trans>The server name must begin with a letter (upper or lower case),
followed by any combination of letters, numbers, underscores and
hyphens.
</trans>
</entry>
<entry>
<base>INVALID_WORKGROUP_MATCHES_SERVERNAME</base>
<trans>The server and workgroup names match, when compared in lower case.
These values must be different in order for filesharing to be turned on.
</trans>
</entry>
<entry>
<base>Workgroup</base>
<trans>Workgroup</trans>
</entry>
</lexicon>

2
root/etc/e-smith/templates.metadata/etc/samba/smb.conf Normal file
View File

@@ -0,0 +1,2 @@
TEMPLATE_PATH="/etc/smb.conf"
OUTPUT_FILENAME="/etc/samba/smb.conf"

2
root/etc/e-smith/templates.metadata/etc/smb.conf Normal file
View File

@@ -0,0 +1,2 @@
TEMPLATE_PATH="/etc/smb.conf"
OUTPUT_FILENAME="/etc/samba/smb.conf"

3
root/etc/e-smith/templates/etc/krb5.conf/00usedb Normal file
View File

@@ -0,0 +1,3 @@
{
use esmith::db;
}

3
root/etc/e-smith/templates/etc/krb5.conf/02disableprofiledir Normal file
View File

@@ -0,0 +1,3 @@
# Configuration snippets may be placed in this directory as well
# See https://bugs.contribs.org/show_bug.cgi?id=11093
#includedir /etc/krb5.conf.d/

4
root/etc/e-smith/templates/etc/krb5.conf/05logging Normal file
View File

@@ -0,0 +1,4 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

1
root/etc/e-smith/templates/etc/krb5.conf/10libdefaults Normal file
View File

@@ -0,0 +1 @@
[libdefaults]

6
root/etc/e-smith/templates/etc/krb5.conf/15settings Normal file
View File

@@ -0,0 +1,6 @@
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}

8
root/etc/e-smith/templates/etc/krb5.conf/20default_realm Normal file
View File

@@ -0,0 +1,8 @@
{
my $workgroup = $smb{Workgroup} || 'sme-server';
my $realm = $smb{realm} || $workgroup . "." . $DomainName;
my $default_realm = $smb{realm} || $workgroup . "." .$DomainName;
"default_realm = $default_realm";
}

5
root/etc/e-smith/templates/etc/krb5.conf/25dns_lookup_realm Normal file
View File

@@ -0,0 +1,5 @@
{
my $dns_lookup_realm = $krb5{DNSLookupRealm} || 'false';
"dns_lookup_realm = $dns_lookup_realm";
}

5
root/etc/e-smith/templates/etc/krb5.conf/30dns_lookup_kdc Normal file
View File

@@ -0,0 +1,5 @@
{
my $dns_lookup_kdc = $krb5{DNSLookupKDC} || 'true';
"dns_lookup_kdc = $dns_lookup_kdc";
}

5
root/etc/e-smith/templates/etc/krb5.conf/40realms Normal file
View File

@@ -0,0 +1,5 @@
[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }

3
root/etc/e-smith/templates/etc/krb5.conf/50domain_realm Normal file
View File

@@ -0,0 +1,3 @@
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

1
root/etc/e-smith/templates/etc/openldap/slapd.conf/10schemaSamba Normal file
View File

@@ -0,0 +1 @@
include /etc/openldap/schema/samba.schema

4
root/etc/e-smith/templates/etc/openldap/slapd.conf/90indexesSamba Normal file
View File

@@ -0,0 +1,4 @@
index sambaSID eq,pres
index sambaPrimaryGroupSID eq,pres
index sambaDomainName eq,pres

13
root/etc/e-smith/templates/etc/openldap/slapd.conf/94acls10sambaPasswords Normal file
View File

@@ -0,0 +1,13 @@
access to attrs=sambaNTPassword
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by anonymous peername.ip="127.0.0.1" auth
by anonymous ssf=128 auth
by * none
access to attrs=sambaLMPassword
by self peername.ip="127.0.0.1" read
by self ssf=128 read
by anonymous peername.ip="127.0.0.1" auth
by anonymous ssf=128 auth
by * none

8
root/etc/e-smith/templates/etc/openldap/slapd.conf/95acls76sambaSamAccount Normal file
View File

@@ -0,0 +1,8 @@
{
# Sensible attributes related to sambaSamAccount
push @users, qw/sambaAcctFlags sambaBadPasswordCount sambaBadPasswordTime sambaKickoffTime sambaLogoffTime sambaLogonHours sambaPasswordHistory sambaSID sambaPrimaryGroupSID sambaPwdCanChange sambaPwdLastSet sambaPwdMustChange sambaUserWorkstations sambaSIDList sambaGroupType/;
$OUT .= '';
}

4
root/etc/e-smith/templates/etc/pam.d/samba/20auth Normal file
View File

@@ -0,0 +1,4 @@
auth required pam_nologin.so
auth { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/30account Normal file
View File

@@ -0,0 +1,3 @@
account { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/40password Normal file
View File

@@ -0,0 +1,3 @@
password { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

3
root/etc/e-smith/templates/etc/pam.d/samba/50session Normal file
View File

@@ -0,0 +1,3 @@
session { -f "/lib/security/pam_pwdb.so" ||
-f "/lib64/security/pam_pwdb.so" ? "required pam_stack.so service=system-auth" :
"include system-auth" }

8
root/etc/e-smith/templates/etc/pam.d/samba/template-begin Normal file
View File

@@ -0,0 +1,8 @@
{
$OUT = <<HERE;
#%PAM-1.0
HERE
$OUT .=
Text::Template::_load_text("/etc/e-smith/templates-default/template-begin");
}

9
root/etc/e-smith/templates/etc/rsyslog.conf/32samba Normal file
View File

@@ -0,0 +1,9 @@
#smbd
:programname, isequal, "smbd" /var/log/smbd/smbd.log
& stop
#nmbd
:programname, isequal, "nmbd" /var/log/nmbd/nmbd.log
& stop

2
root/etc/e-smith/templates/etc/rsyslog.conf/46smbAudit Normal file
View File

@@ -0,0 +1,2 @@
local5.notice /var/log/samba/samba_audit
local5.notice stop

1
root/etc/e-smith/templates/etc/samba/smbusers/10unused Normal file
View File

@@ -0,0 +1 @@
# This file is currently unused

5
root/etc/e-smith/templates/etc/smb.conf/00usedb Normal file
View File

@@ -0,0 +1,5 @@
{
use esmith::db;
$vfs = ();
}

8
root/etc/e-smith/templates/etc/smb.conf/00yesno Normal file
View File

@@ -0,0 +1,8 @@
{
sub _yesno
{
my $arg = shift;
return (defined $arg) ? "yes" : "no";
}
}

5
root/etc/e-smith/templates/etc/smb.conf/02setupWinsServer Normal file
View File

@@ -0,0 +1,5 @@
{
$SMB_WINSServer = $DB->wins_server;
"";
}

17
root/etc/e-smith/templates/etc/smb.conf/10globals Normal file
View File

@@ -0,0 +1,17 @@
{
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors.
#
#======================= Global Settings =====================================
}
[global]

11
root/etc/e-smith/templates/etc/smb.conf/10recyclebin Normal file
View File

@@ -0,0 +1,11 @@
{
$OUT = "";
return unless (($smb{'RecycleBin'} || 'disabled') eq 'enabled');
$vfs->{recycle}->{versions} = ($smb{'KeepVersions'} || 'disabled') eq 'enabled' ? "True" : "False";
$vfs->{recycle}->{repository} = "Recycle Bin";
$vfs->{recycle}->{keeptree} = "True";
$vfs->{recycle}->{touch} = "True";
$vfs->{recycle}->{exclude} = "*.tmp,*.temp,*.o,*.obj,~\$*";
$vfs->{recycle}->{exclude_dir} = "tmp,temp,cache";
}

8
root/etc/e-smith/templates/etc/smb.conf/10shadowcopy Normal file
View File

@@ -0,0 +1,8 @@
{
$OUT = "";
return unless (($smb{'ShadowCopy'} || 'disabled') eq 'enabled');
$vfs->{shadow_copy2}->{snapdir} = $smb{ShadowDir} || '/home/e-smith/files/.shadow';
$vfs->{shadow_copy2}->{basedir} = "/home/e-smith/files";
$vfs->{shadow_copy2}->{fixinodes} = 'yes';
}

4
root/etc/e-smith/templates/etc/smb.conf/11addMachineScript Normal file
View File

@@ -0,0 +1,4 @@
{
# Script to setup machine accounts
}
add machine script = /sbin/e-smith/signal-event machine-account-create '%u'

5
root/etc/e-smith/templates/etc/smb.conf/11bindInterfacesOnly Normal file
View File

@@ -0,0 +1,5 @@
{
# This global parameter allows the Samba admin to limit what
# interfaces on a machine will serve smb requests.
}
bind interfaces only = yes

4
root/etc/e-smith/templates/etc/smb.conf/11caseSensitive Normal file
View File

@@ -0,0 +1,4 @@
{
# Be very careful with case sensitivity - it can break things!
}
case sensitive = no

7
root/etc/e-smith/templates/etc/smb.conf/11deadtime Normal file
View File

@@ -0,0 +1,7 @@
{
$OUT = "";
if ($smb{DeadTime})
{
$OUT .= "deadtime = $smb{DeadTime}";
}
}

4
root/etc/e-smith/templates/etc/smb.conf/11defaultCase Normal file
View File

@@ -0,0 +1,4 @@
{
# Default case is normally upper case for all DOS files
# ; default case = lower
}

6
root/etc/e-smith/templates/etc/smb.conf/11dnsProxy Normal file
View File

@@ -0,0 +1,6 @@
{
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
}
dns proxy = no

5
root/etc/e-smith/templates/etc/smb.conf/11domainController Normal file
View File

@@ -0,0 +1,5 @@
{
# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
# ; domain controller = <NT-Domain-Controller-SMBName>
}

3
root/etc/e-smith/templates/etc/smb.conf/11domainLogons Normal file
View File

@@ -0,0 +1,3 @@
{
"domain logons = " . ( $smb{ServerRole} =~ m{^(PDC|BDC|ADS)$} ? "yes" : "no" );
}

3
root/etc/e-smith/templates/etc/smb.conf/11domainMaster Normal file
View File

@@ -0,0 +1,3 @@
{
"domain master = " . ( $smb{ServerRole} =~ m{^(PDC|ADS)$} ? "yes" : "no" );
}

5
root/etc/e-smith/templates/etc/smb.conf/11dosCharSet Normal file
View File

@@ -0,0 +1,5 @@
{
my $DosCharSet = $smb{'DosCharSet'} || "850";
"dos charset = $DosCharSet";
}

6
root/etc/e-smith/templates/etc/smb.conf/11encryptPasswords Normal file
View File

@@ -0,0 +1,6 @@
{
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
}
encrypt passwords = yes

Some files were not shown because too many files have changed in this diff Show More