summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Terpstra <jht@samba.org>1998-04-13 12:31:10 +0000
committerJohn Terpstra <jht@samba.org>1998-04-13 12:31:10 +0000
commit47ec2e09b7e1b29e41862916a27f189ba6552582 (patch)
treebf3812844f82a82fb86773c240cb6d2accb985af
parente40b24249bf7aec81737e16081548bf99fa8cc76 (diff)
downloadsamba-47ec2e09b7e1b29e41862916a27f189ba6552582.tar.gz
samba-47ec2e09b7e1b29e41862916a27f189ba6552582.tar.bz2
samba-47ec2e09b7e1b29e41862916a27f189ba6552582.zip
Contributed software for Linux autofs support.
(This used to be commit 883be3907778ee160872b0a0a023fc34e636774f)
-rw-r--r--examples/autofs/auto.a18
-rw-r--r--examples/autofs/mount-smb.doc65
-rw-r--r--examples/autofs/mount.smb441
3 files changed, 524 insertions, 0 deletions
diff --git a/examples/autofs/auto.a b/examples/autofs/auto.a
new file mode 100644
index 0000000000..fc293f5391
--- /dev/null
+++ b/examples/autofs/auto.a
@@ -0,0 +1,18 @@
+# automount points below /a
+
+# This is an automounter map and it has the following format
+# key [ -mount-options-separated-by-comma ] location
+# Details may be found in the autofs(5) manpage
+
+# nfs servers
+valepp -fstype=nfs,rsize=8192,wsize=8192 valepp:/
+galaun -fstype=nfs,rsize=8192,wsize=8192 galaun:/
+
+# smb-servers
+supra_andreas -fstype=smb,uuname=andreas supra:/aheinrich
+supra_cspiel -fstype=smb,uuname=cspiel supra:/cspiel
+phonon_andreas -fstype=smb,uuname=andreas,fmod=3700 phonon:/andreas
+helium_cspiel -fstype=smb,uuname=cspiel,fmod=3700 helium:/cspiel
+
+#supra_jaz -fstype=smb,user,fmod=644,dmod=755 supra:/f
+
diff --git a/examples/autofs/mount-smb.doc b/examples/autofs/mount-smb.doc
new file mode 100644
index 0000000000..7eee74fce0
--- /dev/null
+++ b/examples/autofs/mount-smb.doc
@@ -0,0 +1,65 @@
+Date: Tue, 07 Apr 1998
+Contributor: Christoph L. Spiel <Christoph_Spiel@physik.tu-muenchen.de>
+Organization: Munich Institute of Technology, Institute E10
+Subject: WISHES:LINUX:smbmount
+===============================================================================
+Machine Arch: i386
+Machine OS: linux
+Kernel: 2.1.85
+Samba Version: Version 1.9.18p3
+Mount Version: 2.7i
+Autofs Version: 0.3.14
+
+
+Hi SAMBA developers!
+
+I have written a shell script that marries smbmount and mount
+on a Linux-machine with a 2.1.55+ kernel (i.e., a newer developper
+kernel. Especially it makes smbmount compatible
+with autofs! Now, You (when root :-) can say
+ mount -t smb /win-machine/my-share /mntpt
+Concerning the management of the user/password-pairs I have already
+made a step in the right direction, but there is still a lot of
+brain-work to do :-(
+
+The primary problem with the Win passwords
+is that they are under user-control, and not under admin-control
+as the Linux passwords are. Therfore, I give every SAMBA user
+a
+ ~/smb-pass
+file where she can manage her usernames and passwords herself.
+The fundamental mount-tables /etc/fstab and /etc/auto.* only
+list the mount-point and the respective options. The userīs
+password file is adressed via the uuname=<user_name>-option.
+
+An important "side-effect" is that the password file need not to
+be word-readable. In fact my script tests for user-only rights of
+this file to close this potential security-hole.
+
+The script mount.smb has to be installed in /sbin and given mode 755.
+No suid is necessary! I attached an automount table that is currently
+in use on my machine. A userīs password file looks like this:
+
+$ cat ~/smb-pass
+supra:/cspiel cspiel secret
+helium:/c cspiel sesame
+^ ^ ^
+| | +- password
+| +- username
++- share-name as in fundamental mount-table.
+
+It would be nice, if someone else tests my script. Maybe, You have
+already found a better solution than mine. If You find it useful,
+I would be glad to donate it to the SAMBA-project.
+
+BUGS:
+(1) There is no documentation yet. (Yes, I consider this a bug!)
+(2) When used with autofs the automounter overruns mount.smb.
+ This means when accessing an automounted share for the 1st time
+ You may get an empty directory. Retrying several times will
+ cause the mount to complete successfully.
+
+
+Best,
+ Christoph Spiel
+
diff --git a/examples/autofs/mount.smb b/examples/autofs/mount.smb
new file mode 100644
index 0000000000..76f1a596e3
--- /dev/null
+++ b/examples/autofs/mount.smb
@@ -0,0 +1,441 @@
+#!/bin/sh -x
+
+
+# name: mount.smb -- interface between mount and smbmount
+# author: Ch. L. Spiel (cspiel@physik.tu-muenchen.de)
+# $Id: mount.smb,v 1.1 1998/04/13 12:31:10 jht Exp $
+
+# bash version: 1.14.7(1)
+# mount version: 2.7i
+# smbmount version: 1.9.18p3
+
+
+myname=`basename $0`
+passwd_filename="smb-pass" # name of user smb-password file
+lock_file="/var/lock/$myname"
+log_file="/tmp/mount.smb.log"
+
+PATH=/usr/local/samba/bin:/usr/bin:/bin
+
+# check for an existing lock-file quickly(!)
+if [ -e "$lock_file" ]; then
+ # exit, but donīt touch lock-file
+ exit 0
+fi
+# set up new lock-file
+echo > $lock_file
+
+# initialise log-file
+echo "logging of $myname started at `date`" > $log_file
+chmod --silent 600 $log_file
+echo "called with: $@" >> $log_file
+exec >> $log_file 2>&1
+
+
+
+# set default and initial values
+verbose=false # be silent
+fake=false # really do the mount
+fmode="-f 600" # default file mode
+dmode="-d 700" # default dir mode
+
+#uid="-u `id | sed 's/^uid=\([0-9]*\).*$/\1/'`"
+uid="-u 0"
+#gid="-g `id | sed 's/^.*gid=\([0-9]*\).*$/\1/'`"
+gid="-g 0"
+
+
+#
+# functions
+#
+
+# exitproc(int exit_code)
+function exit_proc
+{
+ if [ -n "$lock_file" ]; then
+ # remove current lock-file
+ rm "$lock_file"
+ fi
+ # update log-file
+ echo "" >> $log_file
+ echo "$mynameīs return value is $1." >> $log_file
+ echo "logging of $myname ended at `date`." >> $log_file
+ # done.
+ exit $1
+}
+
+
+# split_arg(arg)
+# arg ::= id '=' val
+# set id and val on return
+function split_arg
+{
+ id="$1"
+ val="$2"
+ extra="$3"
+} # end of split_arg
+
+
+# split_passwdline(uline)
+function split_passwdline
+{
+ user_name=$1
+ real_password=$2
+ user_id=$3
+ group_id=$4
+ full_name=$5
+ home_dir=$6
+ shell_name=$7
+}
+
+
+# get_homedir(username)
+function get_homedir
+{
+ local temp_ifs
+
+ temp_ifs="$IFS"
+ uline=`grep "^$1" /etc/passwd`
+ if [ -z "$uline" ]; then
+ echo "$myname: unknown user \"$1\""
+ exit_proc 1
+ fi
+ IFS=":"
+ split_passwdline $uline
+ if [ -z "$home_dir" ]; then
+ echo "$myname: user \"$1\" has no home directory"
+ exit_proc 1
+ fi
+ echo "$home_dir"
+ IFS="$temp_ifs"
+}
+
+
+# get_uid(username)
+function get_uid
+{
+ local temp_ifs
+
+ temp_ifs="$IFS"
+ uline=`grep "^$1" /etc/passwd`
+ if [ -z "$uline" ]; then
+ echo "$myname: unknown user \"$1\""
+ exit_proc 1
+ fi
+ IFS=":"
+ split_passwdline $uline
+ echo "$user_id"
+ IFS="$temp_ifs"
+}
+
+
+# get_gid(username)
+function get_gid
+{
+ local temp_ifs
+
+ temp_ifs="$IFS"
+ uline=`grep "^$1" /etc/passwd`
+ if [ -z "$uline" ]; then
+ echo "$myname: unknown user \"$1\""
+ exit_proc 1
+ fi
+ IFS=":"
+ split_passwdline $uline
+ echo "$group_id"
+ IFS="$temp_ifs"
+}
+
+
+# read_passwd_file(sharename)
+function read_passwd_file
+{
+ local pwd_filename pwd_entry temp_ifs share_name fmod
+
+ pwd_filename=`get_homedir $uuname`/$passwd_filename
+ # use uid and gid of userīs /etc/password entry
+ uid="-u `get_uid $uuname`"
+ gid="-g `get_gid $uuname`"
+ # check existence of password file
+ if [ ! -f "$pwd_filename" -o ! -r "$pwd_filename" ]; then
+ echo "$myname: cannot read from user password file \"$pwd_filename\""
+ exit_proc 1
+ fi
+ # check file permissions
+ for f in $pwd_filename{,~,%,.BAK,.bak,.new,.old,.orig,.sav}; do
+ if [ ! -f $f ]; then continue; fi
+ /bin/ls -l $f | grep -q -- "^-r\(w\|-\)------"
+ if [ $? = 1 ]; then
+ echo "$myname: Found security hole: mode of file \"$f\""
+ echo "$myname: Password file must have permission 400 or 600."
+ echo "$myname: Please fix the fileīs mode."
+ exit_proc 1
+ fi
+ done
+
+ share_name="$1" # sharename in smb-format!
+ pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
+ if [ -z "$pwd_entry" ]; then
+ # try uni*-like sharename
+ share_name=`echo $share_name | sed -e 's,^//,,' -e 's,/,:/,'`
+ pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
+ fi
+ if [ -z "$pwd_entry" ]; then
+ # sharename was not found in userīs password file
+ echo "$myname: cannot authentify share named \"$1\" via file \"$pwd_filename\""
+ exit_proc 1
+ fi
+
+ # pwd_entry has the form:
+ # sharename username password
+ temp_ifs="$IFS"
+ IFS=" " # <tab> and <space>
+ split_arg $pwd_entry
+ options="$options -U $val"
+ password="$extra"
+ IFS="$temp_ifs"
+}
+
+
+# process_options(opt1, opt2, ..., optN)
+function process_options
+{
+ local temp_ifs
+
+ for j; do
+ temp_ifs="$IFS" # save current internal-field separator
+ IFS="=" # set new separator
+ split_arg $j # split argument into identifier and value
+ IFS="$temp_ifs" # reset old separator
+ case "$id" in
+ port)
+ options="$options -p $val"
+ ;;
+ debug)
+ options="$options -d $val"
+ ;;
+ log)
+ options="$options -l $val"
+ ;;
+ nbname)
+ options="$options -n $val"
+ ;;
+ nopwd)
+ options="$options -N"
+ ;;
+ maxproto)
+ options="$options -m $val"
+ ;;
+ ip)
+ options="$options -I $val"
+ ;;
+ uname)
+ options="$options -U $val"
+ ;;
+ wrkgrp)
+ options="$options -W $val"
+ ;;
+ term)
+ options="$options -t $val"
+ ;;
+ sdir)
+ options="$options -D $val"
+ ;;
+ pwd)
+ # DO NOT USE THIS OPTION! It is a severe scurity hole.
+ password="$val"
+ ;;
+ uuname)
+ # consult userīs smb-password file
+ uuname="$val" # uni* user name
+ read_passwd_file "$server_service"
+ ;;
+
+ # ignored options
+ async)
+ # do nothing
+ ;;
+ atime)
+ # do nothing
+ ;;
+ auto)
+ # do nothing
+ ;;
+ defaults)
+ # do nothing
+ ;;
+ dev)
+ # do nothing
+ ;;
+ exec)
+ # do nothing
+ ;;
+ noatime)
+ # do nothing
+ ;;
+ noauto)
+ # do nothing
+ ;;
+ nodev)
+ # do nothing
+ ;;
+ noexec)
+ # do nothing
+ ;;
+ nosuid)
+ # do nothing
+ ;;
+ nouser)
+ # do nothing
+ ;;
+ ro)
+ # do nothing
+ ;;
+ rw)
+ # do nothing
+ ;;
+ suid)
+ # do nothing
+ ;;
+ sync)
+ # do nothing
+ ;;
+ user)
+ # do nothing
+ ;;
+
+ # fs options
+ fmod)
+ fmode="-f $val"
+ ;;
+ dmod)
+ dmode="-d $val"
+ ;;
+ uid)
+ uid="-u $val"
+ ;;
+ gid)
+ gid="-g $val"
+ ;;
+
+ # fallthrough
+ *)
+ echo "$myname: unrecognized option $id"
+ exit_proc 1
+ ;;
+ esac
+ done
+} # end of split_options
+
+
+
+#
+# main
+#
+
+
+
+if [ "$verbose" != "false" ]; then
+ # show how we have been called
+ echo "$myname: $*"
+fi
+
+# some checks of the input parameters
+if [ "$#" -lt 2 ]; then
+ echo "$myname: need at least service and mountpoint"
+ exit_proc 1
+fi
+
+if `echo "$2" | grep -vq "^/"`; then
+ echo "$myname: mount point must be an absolut path"
+ exit_proc 1
+fi
+
+
+# copy arguments
+if `echo "$1" | grep -q ":/"`; then
+ # non--standard format, i.e., server:/service
+ server_service=`echo "//$1" | sed -e "sx:/x/x"`
+else
+ # standard format, i.e, //server/service
+ server_service="$1"
+fi
+mntpt="$2"
+
+# copy options
+shift 2 # skip arguments: //server/service and /mnt-point
+for i; do
+ case "$i" in
+ -f | --fake)
+ fake=true
+ ;;
+ -h | --help)
+ echo "usage: mount.smb service [password] mountpoint [options]"
+ exit_proc 0
+ ;;
+ -v | --verbose)
+ verbose=true
+ ;;
+ -V | --version)
+ echo "$myname: mount.smb-0.1.0"
+ exit_proc 0
+ ;;
+ -o)
+ shift # skip leading -o
+ temp_ifs="$IFS" # save current internal-field separator
+ IFS="," # set new separator
+ process_options $*
+ IFS="$temp_ifs" # reset old separator
+ break # mount places options at the end -> we are done
+ ;;
+ *)
+ echo "$myname: unrecognized option $i"
+ exit_proc 1
+ ;;
+ esac
+ shift
+done
+IFS=' '
+
+
+#
+# be careful...
+#
+
+
+# nmblookup server: is node up and running?
+srv=`echo $server_service | sed 's,^//\(.*\)/.*$,\1,'` # serverīs name
+nmblookup "$srv" | grep -q "failed to find name"
+if [ "$?" = 0 ]; then
+ echo "$myname: failed to find server \"$srv\"."
+ exit_proc 1
+fi
+
+
+#
+# perform mount
+#
+
+
+fs_options="$fmode $dmode $uid $gid" # all options concerning the mounted fs
+if [ "$verbose" = "true" ]; then
+ # display what we would do. Do not show the password, only show "xxx".
+ echo -n "smbmount $server_service "
+ if [ -n "$password" ]; then # password is set
+ echo -n "xxx " # ... but we donīt show it ;-)
+ fi
+ echo "-c \"mount $mntpt $fs_options\" $options"
+#else
+ # supress further messages
+# exec > /dev/null 2>&1
+#:
+fi
+
+if [ "$fake" != "true" ]; then
+ smbmount $server_service $password -c "mount $mntpt $fs_options" $options
+ echo "smbmountīs exit code was $?."
+fi
+
+# clean up and exit
+exit_proc 0
+