[PC-BSD Commits] r17787 - in pcbsd-projects/AD_4_PCBSD: nss rc scripts

svn at pcbsd.org svn at pcbsd.org
Mon Jul 16 14:47:49 PDT 2012


Author: johnh
Date: 2012-07-16 21:47:49 +0000 (Mon, 16 Jul 2012)
New Revision: 17787

Added:
   pcbsd-projects/AD_4_PCBSD/scripts/pc-adctl
Modified:
   pcbsd-projects/AD_4_PCBSD/nss/nssconf.c
   pcbsd-projects/AD_4_PCBSD/rc/rc.AD
   pcbsd-projects/AD_4_PCBSD/scripts/Makefile
   pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos
   pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch
   pcbsd-projects/AD_4_PCBSD/scripts/pc-samba
Log:
Some bugfixes, progress, adctl for starting/stopping all the AD services.
Still a work in progress.



Modified: pcbsd-projects/AD_4_PCBSD/nss/nssconf.c
===================================================================
--- pcbsd-projects/AD_4_PCBSD/nss/nssconf.c	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/nss/nssconf.c	2012-07-16 21:47:49 UTC (rev 17787)
@@ -58,13 +58,14 @@
 usage(void)
 {
 	fprintf(stderr,
-		"usage: nssconf <(+|^|-|)database> [options]\n"
+		"usage: nssconf [options]\n"
 		"Where option in:\n\n"
 		"\t-f <input file>\n"
-		"\t-o <output file\n"
-		"\t-r\n"
+		"\t-o <output file>\n"
+		"\t-d <(+|^|-)database>\n"
 		"\t-c <(+|-)(index)?criteria>\n"
-		"\t-s <(+|-)(index)?source>\n\n"
+		"\t-s <(+|-)(index)?source>\n"
+		"\t-r\n\n"
 	);
 
 	exit(1);
@@ -465,6 +466,7 @@
 	if (nim->index < 0) {
 		TAILQ_INSERT_TAIL(&node->info, new, entries);
 		TAILQ_REMOVE(&nm->info, nim, entries);
+		node->ninfo++;
 
 	} else {
 		struct nss_entry_info *nei, *neitmp;
@@ -474,6 +476,7 @@
 			if (nim->index == nei->index) {
 				TAILQ_INSERT_BEFORE(nei, new, entries);
 				TAILQ_REMOVE(&nm->info, nim, entries);
+				node->ninfo++;
 				inserted = 1;
 				break;
 			}
@@ -483,6 +486,7 @@
 		if (inserted != 1) {
 			TAILQ_INSERT_TAIL(&node->info, new, entries);
 			TAILQ_REMOVE(&nm->info, nim, entries);
+			node->ninfo++;
 		}
 
 		update_indexes(node);
@@ -504,6 +508,7 @@
 			TAILQ_REMOVE(&node->info, nei, entries);
 			xfree(&nei->neis_source);
 			xfree(&nei);
+			node->ninfo--;
 			break;
 		}
 	}
@@ -522,6 +527,7 @@
 	if (nim->index < 0) {
 		TAILQ_INSERT_TAIL(&node->info, new, entries);
 		TAILQ_REMOVE(&nm->info, nim, entries);
+		node->ninfo++;
 
 	} else {
 		struct nss_entry_info *nei, *neitmp;
@@ -531,15 +537,16 @@
 			if (nim->index == nei->index) {
 				TAILQ_INSERT_BEFORE(nei, new, entries);
 				TAILQ_REMOVE(&nm->info, nim, entries);
+				node->ninfo++;
 				inserted = 1;
 				break;
 			}
-
 		}
 
 		if (inserted != 1) {
 			TAILQ_INSERT_TAIL(&node->info, new, entries);
 			TAILQ_REMOVE(&nm->info, nim, entries);
+			node->ninfo++;
 		}
 
 		update_indexes(node);
@@ -558,6 +565,7 @@
 		if (nei->type == NSS_ENTRY_INFO_CRITERIA &&
 			nei->neic_status == nim->nimc_status) {
 			TAILQ_REMOVE(&node->info, nei, entries);
+			node->ninfo--;
 			xfree(&nei);
 			break;
 		}

Modified: pcbsd-projects/AD_4_PCBSD/rc/rc.AD
===================================================================
--- pcbsd-projects/AD_4_PCBSD/rc/rc.AD	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/rc/rc.AD	2012-07-16 21:47:49 UTC (rev 17787)
@@ -107,6 +107,12 @@
 
 
 #
+#	Active Directory config
+#
+: ${AD_CONF:="/usr/local/etc/AD.conf"}
+
+
+#
 #	Active Directory Functions
 #
 __get_SRV_record()
@@ -412,7 +418,7 @@
 
 AD_init()
 {
-	local adconf="AD.conf"
+	local adconf="${AD_CONF}"
  	local tmpfile="$(mktemp -q /var/tmp/.adfooXXXXXX)"
 
 	egrep -v '^[[:space:]]+$|^$|^#|^[[:space:]]+#' < "${adconf}" > "${tmpfile}"

Modified: pcbsd-projects/AD_4_PCBSD/scripts/Makefile
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/Makefile	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/Makefile	2012-07-16 21:47:49 UTC (rev 17787)
@@ -1,4 +1,5 @@
-FILES=pc-activedirectory pc-kerberos pc-kinit pc-nsswitch pc-pam pc-samba
+FILES=pc-activedirectory pc-kerberos pc-kinit pc-nsswitch pc-pam \
+	pc-samba pc-adctl
 
 FILESMODE=0555
 FILESDIR=/usr/local/etc/rc.d

Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos	2012-07-16 21:47:49 UTC (rev 17787)
@@ -68,6 +68,8 @@
 
 generate_kerberos_files()
 {
+	: ${activedirectory_krb5conf_overwrite:="YES"}
+
 	if checkyesno activedirectory_enable 2>/dev/null
 	then
 		AD_init
@@ -78,8 +80,11 @@
 		adminname=$(AD_get adminname)
 		adminpw=$(AD_get adminpw)
 
-		generate_krb5_conf "${dcname}" "${domainname}" \
-			"${netbiosname}" "${adminname}" "${adminpw}"
+		if checkyesno activedirectory_krb5conf_overwrite 2>/dev/null
+		then
+			generate_krb5_conf "${dcname}" "${domainname}" \
+				"${netbiosname}" "${adminname}" "${adminpw}"
+		fi
 		
 	fi
 }

Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch	2012-07-16 21:47:49 UTC (rev 17787)
@@ -10,59 +10,57 @@
 . /usr/local/etc/rc.AD
 
 : ${PATH_NS_CONF:="/etc/nsswitch.conf"}
+: ${NSSCONF:="/usr/local/bin/nssconf"}
 
-generate_nsswitch_conf()
+nsswitch_conf_start()
 {
-	local ldap=0
-	local ad=0
-	local conf="${PATH_NS_CONF}"
-
 	if checkyesno activedirectory_enable 2>/dev/null
 	then
-		ad=1
+		local tmp=$(mktemp /tmp/ns.XXXXXX)
+
+		${NSSCONF} -f "${PATH_NS_CONF}" \
+			-d group -r -s "+files" -s "+winbind" \
+			-d passwd -r -s "+files" -s "+winbind" \
+			-o "${tmp}"
+
+		if [ "$?" = "0" -a -s "${tmp}" ]
+		then
+			mv "${tmp}" "${PATH_NS_CONF}"
+			return 0
+		fi
+
+		return 1
 	fi
-	if checkyesno ldap_enable 2>/dev/null
-	then
-		ldap=1
-	fi
 
-	local p="compat"
-	local g="compat"
+	return 0
+}
 
-	if [ "${ldap}" = "1" -o "${ad}" = "1" ]
+nsswitch_conf_stop()
+{
+	if checkyesno activedirectory_enable 2>/dev/null
 	then
-		p="files"
-		g="files"
+		local tmp=$(mktemp /tmp/ns.XXXXXX)
 
-		if [ "${ad}" = "1" ]
-		then
-			p="${p} winbind"
-			g="${g} winbind"
+		${NSSCONF} -f "${PATH_NS_CONF}" \
+			-d group -s "-winbind" \
+			-d passwd -s "-winbind" \
+			-o "${tmp}"
 
-		elif [ "${ldap}" = "1" ]
+		if [ "$?" = "0" -a -s "${tmp}" ]
 		then
-			p="${p} ldap"
-			g="${g} ldap"
+			mv "${tmp}" "${PATH_NS_CONF}"
+			return 0
 		fi
+
+		return 1
 	fi
-	
-	cat<<-__EOF__>"${conf}"
-	group: ${g}
-	hosts: files dns
-	networks: files
-	passwd: ${p}
-	shells: files
-	services: files
-	protocols: files
-	rpc: files
-__EOF__
-	
+
 	return 0
 }
 
 name="pc-nsswitch"
-start_cmd='generate_nsswitch_conf'
-stop_cmd=':'
+start_cmd='nsswitch_conf_start'
+stop_cmd='nsswitch_conf_stop'
         
 load_rc_config $name
 run_rc_command "$1"

Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-samba
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-samba	2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-samba	2012-07-16 21:47:49 UTC (rev 17787)
@@ -11,59 +11,50 @@
 . /usr/local/etc/rc.AD
 
 : ${SMB_CONF:="/usr/local/etc/smb.conf"}
-: ${SMB_AD_CONF:="/usr/local/etc/smb.AD.conf"}
+: ${SAMBACONF:="/usr/local/bin/sambaconf"}
 
 
-generate_smbadconf()
+generate_smbconf()
 {
 	if checkyesno activedirectory_enable 2>/dev/null
 	then
 		AD_init
 
-		cat <<-__EOF__>"${SMB_AD_CONF}"
-			security = ADS
-			realm = $(AD_get domainname | tr a-z A-Z)
-			workgroup = $(AD_get workgroup)
-			netbios name = $(AD_get netbiosname)
-			client use spnego = yes
-
-			wins server = $(AD_get dcname)
-			password server = $(AD_get dcname)
-
-			local master = no
-			domain master = no
-			preferred master = no
-
-			inherit acls = yes
-			acl compatibility = auto
-			acl check permissions = true
-			acl map full control = true
-			dos filemode = yes
-
-			idmap uid = 10000-19999
-			idmap gid = 10000-19999
-			idmap config $(AD_get workgroup): backend = rid
-			idmap config $(AD_get workgroup): range = 20000-20000000
-
-			winbind cache time = 10
-			winbind offline logon = yes
-			winbind enum users = yes
-			winbind enum groups = yes
-			winbind nested groups = yes
-			winbind use default domain = yes
-			winbind refresh tickets = yes
-
-			allow trusted domains = yes
-
-			template shell = /bin/sh
-			template homedir = /home/%U
-__EOF__
-
+		${SAMBACONF} -f ${SMB_CONF} \
+			-w -m "+global:security=ADS" \
+			-w -m "+global:realm=$(AD_get domainname | tr a-z A-Z)" \
+			-w -m "+global:workgroup=$(AD_get workgroup)" \
+			-w -m "+global:netbios name=$(AD_get netbiosname)" \
+			-w -m "+global:client use spnego=yes" \
+			-w -m "+global:wins server=$(AD_get dcname)" \
+			-w -m "+global:password server=$(AD_get dcname)" \
+			-w -m "+global:local master=no" \
+			-w -m "+global:domain master=no" \
+			-w -m "+global:preferred master=no" \
+			-w -m "+global:inherit acls=yes" \
+			-w -m "+global:acl compatibility=auto" \
+			-w -m "+global:acl check permissions=true" \
+			-w -m "+global:acl map full control=true" \
+			-w -m "+global:dos filemode=yes" \
+			-w -m "+global:idmap uid=10000-19999" \
+			-w -m "+global:idmap gid=10000-19999" \
+			-w -m "+global:idmap config $(AD_get workgroup): backend=rid" \
+			-w -m "+global:idmap config $(AD_get workgroup): range=20000-20000000" \
+			-w -m "+global:winbind cache time=10" \
+			-w -m "+global:winbind offline logon=yes" \
+			-w -m "+global:winbind enum users=yes" \
+			-w -m "+global:winbind enum groups=yes" \
+			-w -m "+global:winbind nested groups=yes" \
+			-w -m "+global:winbind use default domain=yes" \
+			-w -m "+global:winbind refresh tickets=yes" \
+			-w -m "+global:allow trusted domains=yes" \
+			-w -m "+global:template shell=/bin/sh" \
+			-w -m "+global: template homedir=/home/%U"
 	fi
 }
 
 name="pc-samba"
-start_cmd='generate_smbadconf'
+start_cmd='generate_smbconf'
 stop_cmd=':'
 
 load_rc_config $name



More information about the Commits mailing list