smeserver/smeserver-samba
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial commit of file from CVS for e-smith-samba on Sat Mar 23 16:28:38 AEDT 2024

Browse Source
This commit is contained in:
Trevor Batley
2024-03-23 16:28:38 +11:00
parent 83e7d8b945
commit d602d07ac3
199 changed files with 3955 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
root/etc/e-smith/events/actions/cleanup-domains Normal file
View File

@@ -0,0 +1,56 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::util;
use Net::LDAP;
my $c = esmith::ConfigDB->open_ro;
# Don't attempt to update ldap unles master
exit(0) unless ($c->get('ldap')->prop('Authentication') || 'disabled') eq 'enabled';
my $l = $c->get('ldap');
my $status = $l->prop('status') || "disabled";
unless ($status eq "enabled" )
{
warn "Not running action script $0, LDAP service not enabled!\n";
exit(0);
}
my $domain = $c->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $base = esmith::util::ldapBase ($domain);
my $pw = esmith::util::LdapPassword();
my $ldap = Net::LDAP->new('localhost')
or die "$@";
$ldap->bind(
dn => "cn=root,$base",
password => $pw
);
my $smb = $c->get('smb');
my $domName = $smb->prop('Workgroup') || 'sme-server';
if ( ($smb->prop('ServerRole') || 'WS') eq 'WS' )
{
$domName = $smb->prop('ServerName') || 'sme-server';
}
my $result = $ldap->search( base => $base,
filter => "(&(objectClass=sambaDomain)(!(sambaDomainName=$domName)))",
scope => 'one'
);
die "failed looking up sambaDomainName entry: ", $result->error if $result->code;
foreach ($result->entries)
{
$_->delete;
$_->update($ldap);
}

140
root/etc/e-smith/events/actions/create-machine-account Normal file
View File

@@ -0,0 +1,140 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Technical support for this program is available from Mitel Networks
# Please visit our web site www.e-smith.com for details.
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::ConfigDB;
use esmith::AccountsDB;
use esmith::util;
my $a = esmith::AccountsDB->open || die "Couldn't open accounts db\n";
my $c = esmith::ConfigDB->open_ro || die "Could not open Config DB";
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $domain = $c->get('DomainName')->value();
my $base = esmith::util::ldapBase ($domain);
my $event = $ARGV [0];
my $machineName = $ARGV [1];
die "machine name $machineName is not a valid machine account name"
unless ( $machineName =~ /\$$/ );
my $m = $a->get($machineName);
if ($m)
{
my $type = $m->prop('type');
die "$machineName is not a machine account"
unless ($type eq "machine");
}
else
{
# Auto-create the accounts database entry. This is bad form, but
# the Samba "add user script" is called as the user "admin", who
# does not currently have permissions to write to the config database
$m = $a->new_record($machineName, {type => "machine"});
}
my $lock = undef;
my $uid;
unless ($uid = $m->prop('Uid'))
{
use esmith::lockfile;
$lock = esmith::lockfile::LockFileOrWait("/home/e-smith/db/accounts");
$uid = $a->get_next_uid;
$m->set_prop('Uid', $uid);
}
my $gid = $m->prop('Gid') || $uid;
# We really, really need to be root to run "passwd -l"
esmith::util::setRealToEffective();
warn "create-machine-account $machineName: Creating Unix user and group\n";
if ($ldapauth ne 'enabled')
{
# Create the machine's unique group first
system(
"/usr/sbin/groupadd",
"-g",
$gid,
$machineName
) == 0 or ( $x = 255, warn "Failed to create (unix) group $machineName.\n" );
# Now create the machine account
system(
"/usr/sbin/useradd",
"-u", $uid,
"-g", $gid,
"-c", "Hostname account for $machineName",
"-M",
"-d", "/noexistingpath",
"-s", "/bin/false",
"$machineName"
) == 0 or ( $x = 255, warn "Failed to create (unix) account $machineName.\n" );
system("/usr/bin/passwd", "-l", "$machineName") == 0
or ( $x = 255, warn "Failed locking (unix) password for $machineName\n" );
}
# Create the machine's unique group first (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
"-g", $gid,
"-o",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $machineName.\n" );
# Now create the machine account (in ldap)
system(
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
"-u", $uid,
"-g", $gid,
"--userbase=ou=Computers,$base",
"-c", "Hostname account for $machineName",
"-o",
"-d", "/noexistingpath",
"-s", "/bin/false",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $machineName.\n" );
warn "create-machine-account $machineName: Locking account\n";
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
"--userbase=ou=Computers,$base",
"-o",
"-L",
"$machineName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed locking (ldap) password for $machineName\n" );
if ($ldapauth ne 'enabled')
{
warn "create-machine-account $machineName: Creating smbpasswd account\n";
system("/usr/bin/smbpasswd", "-a", "-m", "$machineName") == 0
or warn "Could not create smb password entry for $machineName\n";
}
exit ($x);

2
root/etc/e-smith/events/actions/delete-smbpasswd Normal file
View File

@@ -0,0 +1,2 @@
#! /bin/sh
exec rm -f /etc/samba/smbpasswd

6
root/etc/e-smith/events/actions/delete_printer_tdb Normal file
View File

@@ -0,0 +1,6 @@
#! /bin/sh
ACTION=$1
PRINTER=$2
exec rm -f /var/cache/samba/printing/$PRINTER.tdb

130
root/etc/e-smith/events/actions/shadow-copy-rotate Normal file
View File

@@ -0,0 +1,130 @@
#!/usr/bin/perl
use strict;
use warnings;
use POSIX qw(strftime);
use File::Path;
use File::Basename;
use esmith::ConfigDB;
use esmith::AccountsDB;
# Routines taken from powershift of rlbackup
sub stagger;
sub powershift;
sub shadowdir;
sub rmshadow;
my $cdb = esmith::ConfigDB->open_ro;
my $adb = esmith::AccountsDB->open_ro();
my $smb = $cdb->get('smb') or die "No smb db entry found\n";
my $shadowdir = $smb->prop('ShadowDir') || '/home/e-smith/files/.shadow';
my $shadowcopy = $smb->prop('ShadowCopy') || 'disabled';
my $offset = ($smb->prop('ShadowCount') || 2) - 2;
$offset = 0 if $offset < 0;
exit unless -d $shadowdir;
exit if $shadowcopy eq 'disabled';
my $filesdir = '/home/e-smith/files';
my $snapfmt = '@GMT-%Y.%m.%d-%H.%M.%S';
# Switch old shadow directories to new format
opendir(SHADOW, $shadowdir);
foreach my $s ( grep { /^\d/ && ! -l "$shadowdir/$_" && -d "$shadowdir/$_" } readdir SHADOW ) {
my @stat = stat("$shadowdir/$s");
rename "$shadowdir/$s", "$shadowdir/".strftime($snapfmt, gmtime($stat[9]));
symlink strftime($snapfmt, gmtime($stat[9])), "$shadowdir/$s";
}
closedir(SHADOW);
# remove old symlinks in ibays
foreach my $ibay ($adb->ibays()) {
my $ibaydir = 'ibays/' . $ibay->key . ( $ibay->prop('PublicAccess') eq 'none' ? '/files' : '' );
opendir(IBAY, "$filesdir/$ibaydir") || next;
unlink "$filesdir/$ibaydir/$_" foreach (grep /^\@GMT-/, readdir(IBAY));
closedir(IBAY);
}
# remove old symlinks in ibays
foreach my $user ($adb->users()) {
my $userdir = 'users/' . $user->key . '/home';
opendir(USER, "$filesdir/$userdir") || next;
unlink "$filesdir/$userdir/$_" foreach (grep /^\@GMT-/, readdir(USER));
closedir(USER);
}
# Create sync point if it doesn't already exist
my $snapdir = strftime($snapfmt, gmtime(time));
if ( -d "$shadowdir/0" ) {
rename "$shadowdir/".readlink("$shadowdir/0"), "$shadowdir/$snapdir";
unlink "$shadowdir/0";
} else {
mkdir "$shadowdir/$snapdir";
}
symlink "$snapdir", "$shadowdir/0";
# Create list of ibays and users to shadow
my ($ibays, $users, $link) = ('','','');
my @ibays = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->ibays();
$ibays = "$filesdir/./ibays/{" . join(',', map { $_->key } @ibays) . "}/" if scalar @ibays > 1;
$ibays = "$filesdir/./ibays/" . $ibays[0]->key . "/" if scalar @ibays == 1;
my @users = grep { ($_->prop('ShadowCopy') || 'enabled') ne 'disabled' } $adb->users();
$users = "$filesdir/./users/{" . join(',', map { $_->key } @users) . "}/home/" if scalar @users > 1;
$users = "$filesdir/./users/" . $users[0]->key . "/home/" if scalar @users == 1;
$link = "--link-dest ../1" if -d "$shadowdir/1";
# Sync directories to shadow directory
if ( $ibays || $users) {
system("rsync -aHmR --partial --delete --delete-excluded --exclude 'aquota.*' $link $ibays $users $shadowdir/0/") == 0
or die "Couldn't sync directories";
}
# Shift directories using geometric roll-off (only if different)
if ( -d "$shadowdir/1" ) {
if (system("diff -qr $shadowdir/0 $shadowdir/1 &> /dev/null") == 0) {
rmshadow("$shadowdir/0");
} else {
powershift(2) if -d shadowdir(-$offset);
for (my $i=2; $i >= -$offset; $i--) {
rename shadowdir($i), shadowdir($i+1)
}
}
} else {
rename "$shadowdir/0", "$shadowdir/1";
}
sub rmshadow {
my $d = shift;
if ( -l "$d" ) {
rmtree dirname($d)."/".readlink($d);
unlink "$d";
} elsif ( -d "$d" ) {
rmtree "$d"
}
}
sub shadowdir {
my $i = shift;
return "$shadowdir/".($i+$offset);
}
sub stagger {
my $i = shift;
return $i + ($i >> 1);
}
sub powershift {
my $i = shift;
if ( -d shadowdir(stagger($i)) ) {
my $n = powershift($i << 1);
$i = $n >> 1;
rename shadowdir(stagger($i)), shadowdir($n) if -d shadowdir(stagger($i));
rmshadow(shadowdir($i));
} else {
rename shadowdir($i), shadowdir(stagger($i)) if -d shadowdir($i);
}
return $i;
}

40
root/etc/e-smith/events/actions/store-ldap-smbpasswd Normal file
View File

@@ -0,0 +1,40 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2010 Firewall Services
# daniel@firewall-services.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#----------------------------------------------------------------------
use esmith::ConfigDB;
use esmith::util;
my $c = esmith::ConfigDB->open_ro;
my $l = $c->get('ldap') || die "ldap service not found\n";
my $s = $l->prop('status') || 'disabled';
unless ( $s eq 'enabled' ){
warn "Not running action script $0, LDAP service not enabled!\n";
exit(0);
}
exit(0) unless ($l->prop('Authentication') || 'disabled') eq 'enabled';
my $domain = $c->get("DomainName")
|| die("Could not determine domain name");
my $base = esmith::util::ldapBase ($domain->value);
my $pw = esmith::util::LdapPassword();
die "Error storing LDAP password in secret.tdb\n" unless
system('/usr/bin/smbpasswd', '-w', "$pw") == 0;

106
root/etc/e-smith/events/actions/update-domain-group-maps Normal file
View File

@@ -0,0 +1,106 @@
#!/usr/bin/perl -w
package esmith;
use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use esmith::util;
# events: console-save, bootstrap-console-save, group-modify-samba, group-create
# post-install, post-upgrade, workgroup-update
my $debug = "--debuglevel=1";
my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $pw = esmith::util::LdapPassword();
my $g = `/usr/bin/net getlocalsid`;
unless ($g =~ /SID.*is: (.+)/) {
warn "Unable to determine SID. Clearning cache to see if it helps.";
rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time;
rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time;
rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
$g = `/usr/bin/net getlocalsid`;
$g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
if ($ldapauth eq 'enabled')
{
# Add the LDAP admin password in secret.tdb
warn "Couldn't add LDAP password in secret.tdb\n" unless
system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
}
}
my $local_sid = $1;
my %mappings = (
'Domain Admins' => 'admin',
'Domain Users' => 'shared',
'Domain Guests' => 'nobody',
(map { $_->prop('FirstName')." ".$_->prop('LastName'), $_->key } $a->users()),
(map { $_->prop('Description'), $_->key } $a->groups()));
$mappings{$a->get_prop('admin','FirstName')." ".$a->get_prop('admin','LastName')} = 'admin' unless $mappings{'Domain Admins'} eq 'admin';
my %ridmap = (
'Domain Admins' => '512',
'Domain Users' => '513',
'Domain Guests' => '514');
my %sidmap = ();
foreach (`/usr/bin/net groupmap list`)
{
chomp;
if (/^(.*?) \((S-.*-(\d+))\) -> (.*)$/)
{
my ($nt, $sid, $rid, $group) = ($1, $2, $3, $4);
# Skip local groups
next if ($sid =~ /^S-1-5-32-\d+$/);
if (exists $mappings{$nt})
{
if ($ridmap{$nt} && $ridmap{$nt} ne $rid)
{
# Wrong (old?) sid
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
elsif ($sid =~ /^$local_sid-/)
{
my $ug = $mappings{$nt};
if ($group eq $ug)
{
$sidmap{$nt} = 'done';
}
else
{
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
else
{
# Wrong (old?) sid
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
else
{
# Non existant group
system('/usr/bin/net','groupmap','delete',"sid=$sid");
}
}
}
foreach (keys %mappings)
{
next if $sidmap{$_} && $sidmap{$_} eq 'done';
system('/usr/bin/net',$debug,
'groupmap','add',
"ntgroup=$_",
"unixgroup=" . $mappings{$_},
$ridmap{$_} ? "rid=$ridmap{$_}" : (),
$sidmap{$_} && ! $ridmap{$_} ? "sid=$sidmap{$_}" : (),
'type=d');
}

59
root/etc/e-smith/events/actions/user-create-profiledir Normal file
View File

@@ -0,0 +1,59 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 2001-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use esmith::util;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
my $event = $ARGV [0];
my @users = ('admin', map { $_->key } $adb->users);
my @newusers = ( not defined $ARGV[1] ) ? @users : $ARGV[1] ;
foreach my $user ( @newusers )
{
die "$user is not a user account\n"
unless ( grep /^$user$/, @users );
my @dirs = ("/home/e-smith/files/samba/profiles/$user","/home/e-smith/files/samba/profiles/${user}.V2",
"/home/e-smith/files/samba/profiles/${user}.V3","/home/e-smith/files/samba/profiles/${user}.V4",
"/home/e-smith/files/samba/profiles/${user}.V5","/home/e-smith/files/samba/profiles/${user}.V6");
foreach my $dir (@dirs)
{
my $pre_existing = ( -d $dir );
$pre_existing || mkdir $dir, 700 || die "Couldn't create directory $dir\n";
chmod 0700, $dir; # Remove setgid bit
next if $pre_existing;
esmith::util::chownFile($user, $user, $dir) ||
die "Couldn't change ownership of $dir\n";
}
}
exit (0);

50
root/etc/e-smith/events/actions/user-delete-profiledir Normal file
View File

@@ -0,0 +1,50 @@
#!/usr/bin/perl -w
#----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#----------------------------------------------------------------------
package esmith;
use strict;
use Errno;
use File::Path;
use esmith::AccountsDB;
my $adb = esmith::AccountsDB->open_ro();
my $event = $ARGV [0];
my $account = $ARGV [1];
$a = $adb->get($account) || undef;
unless ( defined $a && $a->prop('type') eq "user-deleted" )
{
warn "$account is not a user account\n";
exit (0);
}
my @dirs = ("/home/e-smith/files/samba/profiles/$account","/home/e-smith/files/samba/profiles/$account.V2",
"/home/e-smith/files/samba/profiles/$account.V3","/home/e-smith/files/samba/profiles/$account.V4",
"/home/e-smith/files/samba/profiles/$account.V5","/home/e-smith/files/samba/profiles/$account.V6");
foreach (@dirs) {
next unless -d $_;
rmtree( $_ ) || die "Couldn't remove tree $_\n";
}
exit (0);