[PC-BSD Commits] r17787 - in pcbsd-projects/AD_4_PCBSD: nss rc scripts
svn at pcbsd.org
svn at pcbsd.org
Mon Jul 16 14:47:49 PDT 2012
Author: johnh
Date: 2012-07-16 21:47:49 +0000 (Mon, 16 Jul 2012)
New Revision: 17787
Added:
pcbsd-projects/AD_4_PCBSD/scripts/pc-adctl
Modified:
pcbsd-projects/AD_4_PCBSD/nss/nssconf.c
pcbsd-projects/AD_4_PCBSD/rc/rc.AD
pcbsd-projects/AD_4_PCBSD/scripts/Makefile
pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos
pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch
pcbsd-projects/AD_4_PCBSD/scripts/pc-samba
Log:
Some bugfixes, progress, adctl for starting/stopping all the AD services.
Still a work in progress.
Modified: pcbsd-projects/AD_4_PCBSD/nss/nssconf.c
===================================================================
--- pcbsd-projects/AD_4_PCBSD/nss/nssconf.c 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/nss/nssconf.c 2012-07-16 21:47:49 UTC (rev 17787)
@@ -58,13 +58,14 @@
usage(void)
{
fprintf(stderr,
- "usage: nssconf <(+|^|-|)database> [options]\n"
+ "usage: nssconf [options]\n"
"Where option in:\n\n"
"\t-f <input file>\n"
- "\t-o <output file\n"
- "\t-r\n"
+ "\t-o <output file>\n"
+ "\t-d <(+|^|-)database>\n"
"\t-c <(+|-)(index)?criteria>\n"
- "\t-s <(+|-)(index)?source>\n\n"
+ "\t-s <(+|-)(index)?source>\n"
+ "\t-r\n\n"
);
exit(1);
@@ -465,6 +466,7 @@
if (nim->index < 0) {
TAILQ_INSERT_TAIL(&node->info, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
} else {
struct nss_entry_info *nei, *neitmp;
@@ -474,6 +476,7 @@
if (nim->index == nei->index) {
TAILQ_INSERT_BEFORE(nei, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
inserted = 1;
break;
}
@@ -483,6 +486,7 @@
if (inserted != 1) {
TAILQ_INSERT_TAIL(&node->info, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
}
update_indexes(node);
@@ -504,6 +508,7 @@
TAILQ_REMOVE(&node->info, nei, entries);
xfree(&nei->neis_source);
xfree(&nei);
+ node->ninfo--;
break;
}
}
@@ -522,6 +527,7 @@
if (nim->index < 0) {
TAILQ_INSERT_TAIL(&node->info, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
} else {
struct nss_entry_info *nei, *neitmp;
@@ -531,15 +537,16 @@
if (nim->index == nei->index) {
TAILQ_INSERT_BEFORE(nei, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
inserted = 1;
break;
}
-
}
if (inserted != 1) {
TAILQ_INSERT_TAIL(&node->info, new, entries);
TAILQ_REMOVE(&nm->info, nim, entries);
+ node->ninfo++;
}
update_indexes(node);
@@ -558,6 +565,7 @@
if (nei->type == NSS_ENTRY_INFO_CRITERIA &&
nei->neic_status == nim->nimc_status) {
TAILQ_REMOVE(&node->info, nei, entries);
+ node->ninfo--;
xfree(&nei);
break;
}
Modified: pcbsd-projects/AD_4_PCBSD/rc/rc.AD
===================================================================
--- pcbsd-projects/AD_4_PCBSD/rc/rc.AD 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/rc/rc.AD 2012-07-16 21:47:49 UTC (rev 17787)
@@ -107,6 +107,12 @@
#
+# Active Directory config
+#
+: ${AD_CONF:="/usr/local/etc/AD.conf"}
+
+
+#
# Active Directory Functions
#
__get_SRV_record()
@@ -412,7 +418,7 @@
AD_init()
{
- local adconf="AD.conf"
+ local adconf="${AD_CONF}"
local tmpfile="$(mktemp -q /var/tmp/.adfooXXXXXX)"
egrep -v '^[[:space:]]+$|^$|^#|^[[:space:]]+#' < "${adconf}" > "${tmpfile}"
Modified: pcbsd-projects/AD_4_PCBSD/scripts/Makefile
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/Makefile 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/Makefile 2012-07-16 21:47:49 UTC (rev 17787)
@@ -1,4 +1,5 @@
-FILES=pc-activedirectory pc-kerberos pc-kinit pc-nsswitch pc-pam pc-samba
+FILES=pc-activedirectory pc-kerberos pc-kinit pc-nsswitch pc-pam \
+ pc-samba pc-adctl
FILESMODE=0555
FILESDIR=/usr/local/etc/rc.d
Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-kerberos 2012-07-16 21:47:49 UTC (rev 17787)
@@ -68,6 +68,8 @@
generate_kerberos_files()
{
+ : ${activedirectory_krb5conf_overwrite:="YES"}
+
if checkyesno activedirectory_enable 2>/dev/null
then
AD_init
@@ -78,8 +80,11 @@
adminname=$(AD_get adminname)
adminpw=$(AD_get adminpw)
- generate_krb5_conf "${dcname}" "${domainname}" \
- "${netbiosname}" "${adminname}" "${adminpw}"
+ if checkyesno activedirectory_krb5conf_overwrite 2>/dev/null
+ then
+ generate_krb5_conf "${dcname}" "${domainname}" \
+ "${netbiosname}" "${adminname}" "${adminpw}"
+ fi
fi
}
Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-nsswitch 2012-07-16 21:47:49 UTC (rev 17787)
@@ -10,59 +10,57 @@
. /usr/local/etc/rc.AD
: ${PATH_NS_CONF:="/etc/nsswitch.conf"}
+: ${NSSCONF:="/usr/local/bin/nssconf"}
-generate_nsswitch_conf()
+nsswitch_conf_start()
{
- local ldap=0
- local ad=0
- local conf="${PATH_NS_CONF}"
-
if checkyesno activedirectory_enable 2>/dev/null
then
- ad=1
+ local tmp=$(mktemp /tmp/ns.XXXXXX)
+
+ ${NSSCONF} -f "${PATH_NS_CONF}" \
+ -d group -r -s "+files" -s "+winbind" \
+ -d passwd -r -s "+files" -s "+winbind" \
+ -o "${tmp}"
+
+ if [ "$?" = "0" -a -s "${tmp}" ]
+ then
+ mv "${tmp}" "${PATH_NS_CONF}"
+ return 0
+ fi
+
+ return 1
fi
- if checkyesno ldap_enable 2>/dev/null
- then
- ldap=1
- fi
- local p="compat"
- local g="compat"
+ return 0
+}
- if [ "${ldap}" = "1" -o "${ad}" = "1" ]
+nsswitch_conf_stop()
+{
+ if checkyesno activedirectory_enable 2>/dev/null
then
- p="files"
- g="files"
+ local tmp=$(mktemp /tmp/ns.XXXXXX)
- if [ "${ad}" = "1" ]
- then
- p="${p} winbind"
- g="${g} winbind"
+ ${NSSCONF} -f "${PATH_NS_CONF}" \
+ -d group -s "-winbind" \
+ -d passwd -s "-winbind" \
+ -o "${tmp}"
- elif [ "${ldap}" = "1" ]
+ if [ "$?" = "0" -a -s "${tmp}" ]
then
- p="${p} ldap"
- g="${g} ldap"
+ mv "${tmp}" "${PATH_NS_CONF}"
+ return 0
fi
+
+ return 1
fi
-
- cat<<-__EOF__>"${conf}"
- group: ${g}
- hosts: files dns
- networks: files
- passwd: ${p}
- shells: files
- services: files
- protocols: files
- rpc: files
-__EOF__
-
+
return 0
}
name="pc-nsswitch"
-start_cmd='generate_nsswitch_conf'
-stop_cmd=':'
+start_cmd='nsswitch_conf_start'
+stop_cmd='nsswitch_conf_stop'
load_rc_config $name
run_rc_command "$1"
Modified: pcbsd-projects/AD_4_PCBSD/scripts/pc-samba
===================================================================
--- pcbsd-projects/AD_4_PCBSD/scripts/pc-samba 2012-07-16 20:36:46 UTC (rev 17786)
+++ pcbsd-projects/AD_4_PCBSD/scripts/pc-samba 2012-07-16 21:47:49 UTC (rev 17787)
@@ -11,59 +11,50 @@
. /usr/local/etc/rc.AD
: ${SMB_CONF:="/usr/local/etc/smb.conf"}
-: ${SMB_AD_CONF:="/usr/local/etc/smb.AD.conf"}
+: ${SAMBACONF:="/usr/local/bin/sambaconf"}
-generate_smbadconf()
+generate_smbconf()
{
if checkyesno activedirectory_enable 2>/dev/null
then
AD_init
- cat <<-__EOF__>"${SMB_AD_CONF}"
- security = ADS
- realm = $(AD_get domainname | tr a-z A-Z)
- workgroup = $(AD_get workgroup)
- netbios name = $(AD_get netbiosname)
- client use spnego = yes
-
- wins server = $(AD_get dcname)
- password server = $(AD_get dcname)
-
- local master = no
- domain master = no
- preferred master = no
-
- inherit acls = yes
- acl compatibility = auto
- acl check permissions = true
- acl map full control = true
- dos filemode = yes
-
- idmap uid = 10000-19999
- idmap gid = 10000-19999
- idmap config $(AD_get workgroup): backend = rid
- idmap config $(AD_get workgroup): range = 20000-20000000
-
- winbind cache time = 10
- winbind offline logon = yes
- winbind enum users = yes
- winbind enum groups = yes
- winbind nested groups = yes
- winbind use default domain = yes
- winbind refresh tickets = yes
-
- allow trusted domains = yes
-
- template shell = /bin/sh
- template homedir = /home/%U
-__EOF__
-
+ ${SAMBACONF} -f ${SMB_CONF} \
+ -w -m "+global:security=ADS" \
+ -w -m "+global:realm=$(AD_get domainname | tr a-z A-Z)" \
+ -w -m "+global:workgroup=$(AD_get workgroup)" \
+ -w -m "+global:netbios name=$(AD_get netbiosname)" \
+ -w -m "+global:client use spnego=yes" \
+ -w -m "+global:wins server=$(AD_get dcname)" \
+ -w -m "+global:password server=$(AD_get dcname)" \
+ -w -m "+global:local master=no" \
+ -w -m "+global:domain master=no" \
+ -w -m "+global:preferred master=no" \
+ -w -m "+global:inherit acls=yes" \
+ -w -m "+global:acl compatibility=auto" \
+ -w -m "+global:acl check permissions=true" \
+ -w -m "+global:acl map full control=true" \
+ -w -m "+global:dos filemode=yes" \
+ -w -m "+global:idmap uid=10000-19999" \
+ -w -m "+global:idmap gid=10000-19999" \
+ -w -m "+global:idmap config $(AD_get workgroup): backend=rid" \
+ -w -m "+global:idmap config $(AD_get workgroup): range=20000-20000000" \
+ -w -m "+global:winbind cache time=10" \
+ -w -m "+global:winbind offline logon=yes" \
+ -w -m "+global:winbind enum users=yes" \
+ -w -m "+global:winbind enum groups=yes" \
+ -w -m "+global:winbind nested groups=yes" \
+ -w -m "+global:winbind use default domain=yes" \
+ -w -m "+global:winbind refresh tickets=yes" \
+ -w -m "+global:allow trusted domains=yes" \
+ -w -m "+global:template shell=/bin/sh" \
+ -w -m "+global: template homedir=/home/%U"
fi
}
name="pc-samba"
-start_cmd='generate_smbadconf'
+start_cmd='generate_smbconf'
stop_cmd=':'
load_rc_config $name
More information about the Commits
mailing list