diff options
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/autofs/mount-smb.doc | 65 | ||||
| -rw-r--r-- | examples/autofs/mount.smb | 441 | ||||
| -rw-r--r-- | examples/rpcclient/README | 11 | ||||
| -rw-r--r-- | examples/rpcclient/ntsd.c | 259 |
4 files changed, 0 insertions, 776 deletions
diff --git a/examples/autofs/mount-smb.doc b/examples/autofs/mount-smb.doc deleted file mode 100644 index 7eee74fce0..0000000000 --- a/examples/autofs/mount-smb.doc +++ /dev/null @@ -1,65 +0,0 @@ -Date: Tue, 07 Apr 1998 -Contributor: Christoph L. Spiel <Christoph_Spiel@physik.tu-muenchen.de> -Organization: Munich Institute of Technology, Institute E10 -Subject: WISHES:LINUX:smbmount -=============================================================================== -Machine Arch: i386 -Machine OS: linux -Kernel: 2.1.85 -Samba Version: Version 1.9.18p3 -Mount Version: 2.7i -Autofs Version: 0.3.14 - - -Hi SAMBA developers! - -I have written a shell script that marries smbmount and mount -on a Linux-machine with a 2.1.55+ kernel (i.e., a newer developper -kernel. Especially it makes smbmount compatible -with autofs! Now, You (when root :-) can say - mount -t smb /win-machine/my-share /mntpt -Concerning the management of the user/password-pairs I have already -made a step in the right direction, but there is still a lot of -brain-work to do :-( - -The primary problem with the Win passwords -is that they are under user-control, and not under admin-control -as the Linux passwords are. Therfore, I give every SAMBA user -a - ~/smb-pass -file where she can manage her usernames and passwords herself. -The fundamental mount-tables /etc/fstab and /etc/auto.* only -list the mount-point and the respective options. The userīs -password file is adressed via the uuname=<user_name>-option. - -An important "side-effect" is that the password file need not to -be word-readable. In fact my script tests for user-only rights of -this file to close this potential security-hole. - -The script mount.smb has to be installed in /sbin and given mode 755. -No suid is necessary! I attached an automount table that is currently -in use on my machine. A userīs password file looks like this: - -$ cat ~/smb-pass -supra:/cspiel cspiel secret -helium:/c cspiel sesame -^ ^ ^ -| | +- password -| +- username -+- share-name as in fundamental mount-table. - -It would be nice, if someone else tests my script. Maybe, You have -already found a better solution than mine. If You find it useful, -I would be glad to donate it to the SAMBA-project. - -BUGS: -(1) There is no documentation yet. (Yes, I consider this a bug!) -(2) When used with autofs the automounter overruns mount.smb. - This means when accessing an automounted share for the 1st time - You may get an empty directory. Retrying several times will - cause the mount to complete successfully. - - -Best, - Christoph Spiel - diff --git a/examples/autofs/mount.smb b/examples/autofs/mount.smb deleted file mode 100644 index 76f1a596e3..0000000000 --- a/examples/autofs/mount.smb +++ /dev/null @@ -1,441 +0,0 @@ -#!/bin/sh -x - - -# name: mount.smb -- interface between mount and smbmount -# author: Ch. L. Spiel (cspiel@physik.tu-muenchen.de) -# $Id: mount.smb,v 1.1 1998/04/13 12:31:10 jht Exp $ - -# bash version: 1.14.7(1) -# mount version: 2.7i -# smbmount version: 1.9.18p3 - - -myname=`basename $0` -passwd_filename="smb-pass" # name of user smb-password file -lock_file="/var/lock/$myname" -log_file="/tmp/mount.smb.log" - -PATH=/usr/local/samba/bin:/usr/bin:/bin - -# check for an existing lock-file quickly(!) -if [ -e "$lock_file" ]; then - # exit, but donīt touch lock-file - exit 0 -fi -# set up new lock-file -echo > $lock_file - -# initialise log-file -echo "logging of $myname started at `date`" > $log_file -chmod --silent 600 $log_file -echo "called with: $@" >> $log_file -exec >> $log_file 2>&1 - - - -# set default and initial values -verbose=false # be silent -fake=false # really do the mount -fmode="-f 600" # default file mode -dmode="-d 700" # default dir mode - -#uid="-u `id | sed 's/^uid=\([0-9]*\).*$/\1/'`" -uid="-u 0" -#gid="-g `id | sed 's/^.*gid=\([0-9]*\).*$/\1/'`" -gid="-g 0" - - -# -# functions -# - -# exitproc(int exit_code) -function exit_proc -{ - if [ -n "$lock_file" ]; then - # remove current lock-file - rm "$lock_file" - fi - # update log-file - echo "" >> $log_file - echo "$mynameīs return value is $1." >> $log_file - echo "logging of $myname ended at `date`." >> $log_file - # done. - exit $1 -} - - -# split_arg(arg) -# arg ::= id '=' val -# set id and val on return -function split_arg -{ - id="$1" - val="$2" - extra="$3" -} # end of split_arg - - -# split_passwdline(uline) -function split_passwdline -{ - user_name=$1 - real_password=$2 - user_id=$3 - group_id=$4 - full_name=$5 - home_dir=$6 - shell_name=$7 -} - - -# get_homedir(username) -function get_homedir -{ - local temp_ifs - - temp_ifs="$IFS" - uline=`grep "^$1" /etc/passwd` - if [ -z "$uline" ]; then - echo "$myname: unknown user \"$1\"" - exit_proc 1 - fi - IFS=":" - split_passwdline $uline - if [ -z "$home_dir" ]; then - echo "$myname: user \"$1\" has no home directory" - exit_proc 1 - fi - echo "$home_dir" - IFS="$temp_ifs" -} - - -# get_uid(username) -function get_uid -{ - local temp_ifs - - temp_ifs="$IFS" - uline=`grep "^$1" /etc/passwd` - if [ -z "$uline" ]; then - echo "$myname: unknown user \"$1\"" - exit_proc 1 - fi - IFS=":" - split_passwdline $uline - echo "$user_id" - IFS="$temp_ifs" -} - - -# get_gid(username) -function get_gid -{ - local temp_ifs - - temp_ifs="$IFS" - uline=`grep "^$1" /etc/passwd` - if [ -z "$uline" ]; then - echo "$myname: unknown user \"$1\"" - exit_proc 1 - fi - IFS=":" - split_passwdline $uline - echo "$group_id" - IFS="$temp_ifs" -} - - -# read_passwd_file(sharename) -function read_passwd_file -{ - local pwd_filename pwd_entry temp_ifs share_name fmod - - pwd_filename=`get_homedir $uuname`/$passwd_filename - # use uid and gid of userīs /etc/password entry - uid="-u `get_uid $uuname`" - gid="-g `get_gid $uuname`" - # check existence of password file - if [ ! -f "$pwd_filename" -o ! -r "$pwd_filename" ]; then - echo "$myname: cannot read from user password file \"$pwd_filename\"" - exit_proc 1 - fi - # check file permissions - for f in $pwd_filename{,~,%,.BAK,.bak,.new,.old,.orig,.sav}; do - if [ ! -f $f ]; then continue; fi - /bin/ls -l $f | grep -q -- "^-r\(w\|-\)------" - if [ $? = 1 ]; then - echo "$myname: Found security hole: mode of file \"$f\"" - echo "$myname: Password file must have permission 400 or 600." - echo "$myname: Please fix the fileīs mode." - exit_proc 1 - fi - done - - share_name="$1" # sharename in smb-format! - pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"` - if [ -z "$pwd_entry" ]; then - # try uni*-like sharename - share_name=`echo $share_name | sed -e 's,^//,,' -e 's,/,:/,'` - pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"` - fi - if [ -z "$pwd_entry" ]; then - # sharename was not found in userīs password file - echo "$myname: cannot authentify share named \"$1\" via file \"$pwd_filename\"" - exit_proc 1 - fi - - # pwd_entry has the form: - # sharename username password - temp_ifs="$IFS" - IFS=" " # <tab> and <space> - split_arg $pwd_entry - options="$options -U $val" - password="$extra" - IFS="$temp_ifs" -} - - -# process_options(opt1, opt2, ..., optN) -function process_options -{ - local temp_ifs - - for j; do - temp_ifs="$IFS" # save current internal-field separator - IFS="=" # set new separator - split_arg $j # split argument into identifier and value - IFS="$temp_ifs" # reset old separator - case "$id" in - port) - options="$options -p $val" - ;; - debug) - options="$options -d $val" - ;; - log) - options="$options -l $val" - ;; - nbname) - options="$options -n $val" - ;; - nopwd) - options="$options -N" - ;; - maxproto) - options="$options -m $val" - ;; - ip) - options="$options -I $val" - ;; - uname) - options="$options -U $val" - ;; - wrkgrp) - options="$options -W $val" - ;; - term) - options="$options -t $val" - ;; - sdir) - options="$options -D $val" - ;; - pwd) - # DO NOT USE THIS OPTION! It is a severe scurity hole. - password="$val" - ;; - uuname) - # consult userīs smb-password file - uuname="$val" # uni* user name - read_passwd_file "$server_service" - ;; - - # ignored options - async) - # do nothing - ;; - atime) - # do nothing - ;; - auto) - # do nothing - ;; - defaults) - # do nothing - ;; - dev) - # do nothing - ;; - exec) - # do nothing - ;; - noatime) - # do nothing - ;; - noauto) - # do nothing - ;; - nodev) - # do nothing - ;; - noexec) - # do nothing - ;; - nosuid) - # do nothing - ;; - nouser) - # do nothing - ;; - ro) - # do nothing - ;; - rw) - # do nothing - ;; - suid) - # do nothing - ;; - sync) - # do nothing - ;; - user) - # do nothing - ;; - - # fs options - fmod) - fmode="-f $val" - ;; - dmod) - dmode="-d $val" - ;; - uid) - uid="-u $val" - ;; - gid) - gid="-g $val" - ;; - - # fallthrough - *) - echo "$myname: unrecognized option $id" - exit_proc 1 - ;; - esac - done -} # end of split_options - - - -# -# main -# - - - -if [ "$verbose" != "false" ]; then - # show how we have been called - echo "$myname: $*" -fi - -# some checks of the input parameters -if [ "$#" -lt 2 ]; then - echo "$myname: need at least service and mountpoint" - exit_proc 1 -fi - -if `echo "$2" | grep -vq "^/"`; then - echo "$myname: mount point must be an absolut path" - exit_proc 1 -fi - - -# copy arguments -if `echo "$1" | grep -q ":/"`; then - # non--standard format, i.e., server:/service - server_service=`echo "//$1" | sed -e "sx:/x/x"` -else - # standard format, i.e, //server/service - server_service="$1" -fi -mntpt="$2" - -# copy options -shift 2 # skip arguments: //server/service and /mnt-point -for i; do - case "$i" in - -f | --fake) - fake=true - ;; - -h | --help) - echo "usage: mount.smb service [password] mountpoint [options]" - exit_proc 0 - ;; - -v | --verbose) - verbose=true - ;; - -V | --version) - echo "$myname: mount.smb-0.1.0" - exit_proc 0 - ;; - -o) - shift # skip leading -o - temp_ifs="$IFS" # save current internal-field separator - IFS="," # set new separator - process_options $* - IFS="$temp_ifs" # reset old separator - break # mount places options at the end -> we are done - ;; - *) - echo "$myname: unrecognized option $i" - exit_proc 1 - ;; - esac - shift -done -IFS=' ' - - -# -# be careful... -# - - -# nmblookup server: is node up and running? -srv=`echo $server_service | sed 's,^//\(.*\)/.*$,\1,'` # serverīs name -nmblookup "$srv" | grep -q "failed to find name" -if [ "$?" = 0 ]; then - echo "$myname: failed to find server \"$srv\"." - exit_proc 1 -fi - - -# -# perform mount -# - - -fs_options="$fmode $dmode $uid $gid" # all options concerning the mounted fs -if [ "$verbose" = "true" ]; then - # display what we would do. Do not show the password, only show "xxx". - echo -n "smbmount $server_service " - if [ -n "$password" ]; then # password is set - echo -n "xxx " # ... but we donīt show it ;-) - fi - echo "-c \"mount $mntpt $fs_options\" $options" -#else - # supress further messages -# exec > /dev/null 2>&1 -#: -fi - -if [ "$fake" != "true" ]; then - smbmount $server_service $password -c "mount $mntpt $fs_options" $options - echo "smbmountīs exit code was $?." -fi - -# clean up and exit -exit_proc 0 - diff --git a/examples/rpcclient/README b/examples/rpcclient/README deleted file mode 100644 index bdff5821a7..0000000000 --- a/examples/rpcclient/README +++ /dev/null @@ -1,11 +0,0 @@ -This directory contains example programs and scripts that have been written by -Samba rpcclient administrators and users. You may, or may not, find -some of them useful. They have been submitted here for use at your own -risk, and no responsibility is accepted for their use or mis-use. - -Program Author Purpose -------- ------ ------- - -ntsd.c David Bannon. Pings several workstations and shuts them down. - Used by David in a lab environment to kick students - off workstations from a cron job. diff --git a/examples/rpcclient/ntsd.c b/examples/rpcclient/ntsd.c deleted file mode 100644 index 37976edaa5..0000000000 --- a/examples/rpcclient/ntsd.c +++ /dev/null @@ -1,259 +0,0 @@ -/* This is an experiemental programme to shutdown a group of NTws in a - Samba domain via rpcclient. - - Copyright (c) David Bannon 1999 - David Bannon, D.Bannon@latrobe.edu.au, 4th November, 1999 - - Full permission is granted to use this code (for what that is worth) in - any way you wish, strictly at your own risk. - - I use it from a cron a job to close a computer lab down at 5:00 pm. - - It has some serious security implications, make sure you understand - them before using this code ! - - If you find a way to make this 'power down' a machine that is set up to - do power down correctly please let me know !! - - Machines to be shutdown must be members of a samba (or NT) domain. - You are going to have to offer your domain admin user name/password - (see below). - - As you probably don't want your domain admin password appearing in the - crontab file or popping up in a 'ps' list, it can be encrypted and the - programme will tell you what it should look like. i.e : - - [root@bclab shutdown]# ./ntsd -e - Domain Admin User name :dbannon - Domain Admin Password - Use the string between [] after a -p : [1HCeTcXqOfo7R[hg] - [root@bclab shutdown]# - - Now a crontab entry would look like this : - - 00 17 * * 1-5 /usr/local/sbin/ntsd -p'1HCeTcXqOfo7R[hg' -a - - The -p indicates passwd (actually user name and password) and the - -a says shutdown all machines. Note that the password string must - have inverted commas around it so the shell does not try and expand - any special charachers that it is likely to contain. - - Security Alert !! - The encryption is pretty weak and its reversable ! Change the key - strings, compile and change the key strings again ! You don't need - to remember the key but if you leave the unchanged source around - someone may use it to reverse the encryption. The Keys are in lumps - to stop someone doing a 'cat ntsd' and seeing the key string. - (yeah, I know its not very clever, but they should not be able to - read the binary or your crontab anyway) - - Ping - I ping the target machines before trying to shut them down, you - dont't need to, just let rpcclient time out. If you want to ping - first (because its nicer !) you need : - 1. First element of IP name should be the netbios name. (makes sense) - 2. If the server you will run the cron job from does not have the - same default domain name as machines being shutdown then you will - need to define USE_DOMAIN and put in appropriate ip domain info. - This code does ping, get busy with vi if you don't want to. - - Machine Names - For this system to be practical, the machine names must be in some - sort of sequence, ie bclab1, bclab2, bclab3, not more creative like - grumpy, dopey, sneezy. See the code in main() to see how the names - are built. - - Configuration - - Machine Names - If you have used a naming scheme like mine then you may need to - change only LASTMACHINE and PREFIX, otherwise look at main(). - - Binary locations. - We need to find the rpcclient and ping binaries. The values below - are typical. Better check first. - - Compile - Known to compile cleanly on linux (RH5.0 - RH6.1) and DEC 4.0. Does - not do anything fancy so should compile on most systems easily - enough. - - Install - Rename the binary (ie ntsd) and put it somewhere safe. It should - be rwx root only. Comes up with basic help if run without command - line switch, prompts for admin user name and password if used - without the -p switch. - (Typically)Put entry in your crontab (crontab -e) and watch the - fun. Remember, it does not keep them shutdown, try an entry every - 5 minutes for a while (or until door is locked). -*/ - - -#include<stdio.h> -#include<stdlib.h> -#include<unistd.h> -#include<pwd.h> - -#define PING "/bin/ping" -#define RPCCLIENT "/usr/local/samba/bin/rpcclient" - - -#define LASTMACHINE 14 /* ie, scans bclab1 through to bclab14 */ -#define PREFIX "bclab" - -/* #define USE_DOMAIN Only if you need full ip name to ping machines */ - -#ifdef USE_DOMAIN -#define DOMAIN ".biochem.latrobe.edu.au" /* required by ping, possibly. - */ -#endif - -#define KEY1 "Please" -#define KEY2 "don't leave" -#define KEY3 "this" -#define KEY4 "as it is" -#define KEY5 "here" -#define KEY6 "silly." - - -int Shutdown(char *machine, char *PassWord) { - char Buff[128], *Ptr; - int Res; - /* printf("Shutting down %s\n", machine); */ - sprintf(Buff, "/bin/ping -c 1 -q %s > /dev/null", machine); - Res = system(Buff); - if (Res == 0) { /* its turned on */ - Ptr = machine; - /* first 'word' in ip name = netbios name, get rid of rest */ - while (*++Ptr != 0) if (*Ptr == '.') *Ptr = 0; - printf("Shutting down %s\n", machine); - sprintf(Buff, "%s -c shutdown -U%s -S %s", RPCCLIENT, PassWord, -machine); - system(Buff); - } -} - -int Usage(char *prog) { - printf("Programme to shutdown NTs in domain.\n"); - printf("Normally called from cron (using encrypted passwd, see -e and --p).\n"); - printf("Usage \n"); - printf(" -a shutdown all machines %s1 to %s%d. \n", - PREFIX, PREFIX, LASTMACHINE); - printf(" -m machine shutdown [machine] (might need full ip -name).\n"); - printf(" -e tell me my encrypted name and password to -use with -p.\n"); - printf(" -p'pw_string' use encrypted name & password as given by --e.\n"); - printf(" You must have single inverted commas around -the pw string !"); - printf(" -h help, give this message.\n"); - printf("Typical cron line : 00 17 * * 1-5 /usr/local/sbin/ntsd --p1HCeTcXqOfo7R[hg -a\n"); - printf(" David Bannon, -Nov 1999\n"); - exit(0); -} - -int GetPassWord(char *Passwd) { - char *ptr, *p; - char User[128]; - printf("Domain Admin User name :"); - fgets(User, 127, stdin); - if (strlen(User) < 3) { - printf("Short user name, exiting.\n"); - exit(1); - } - p = User; - while (*p != '\n') p++; /* get rid of newline */ - *p = 0; - ptr = getpass("Domain Admin Password "); - if (strlen(ptr) < 3) { - printf("Short password, exiting.\n"); - exit(1); - } - strcpy(Passwd, User); /* do this with sprintf */ - strcat(Passwd, "%"); - strcat(Passwd, ptr); - *ptr = 0; /* clean up system buffer */ - return 0; -} - -int Encrypt(char *InPass) { - char Pass[128], Enc[128]; - int Temp; - char *Hash; - int Offset = 0; - Hash = malloc(256); - /* so it a bit harder than just 'cat ntsd' */ - sprintf(Hash, "%s%s%s%s%s%s", KEY4, KEY3, KEY2, KEY5, KEY1, KEY6); - if (InPass == 0) { - GetPassWord(Pass); /* may not return */ - while (*(Pass + Offset) != 0) { - Temp = *(Pass + Offset) + *(Hash + Offset) - ' '; - if (Temp > '~') Temp = Temp - 95; - *(Pass+Offset++) = Temp; - } - printf("Use the string between [] after a -p : ['%s']\n", Pass); - exit(0); - } else { - while (*(InPass + Offset) != 0) { - Temp = *(InPass + Offset) - *(Hash + Offset) + ' '; - if (Temp < ' ') Temp = Temp + 95; - *(InPass+Offset++) = Temp; - } - } - free(Hash); - return 0; -} - -int main(int argc, char **argv) { - extern char *optarg; - extern int optind; - int Ch; - static char *prog_name; - int MachineNo = 0, AllMachines = 0; - char Machine[128], PassWord[128]; - uid_t UID = getuid(); - prog_name = argv[0]; - if (UID != 0) { - printf("Sorry, this programme can only be run as root.\n"); - exit(1); - } - *Machine = 0; - *PassWord = 0; - if (argc < 2) Usage(prog_name); - while ((Ch = getopt(argc, argv, "haem:p:")) != EOF) { - switch(Ch) { - case 'e': Encrypt(NULL); break; /* Does not return */ - case 'a': AllMachines = 1; break; - case 'm': strcpy(Machine, optarg); break; - case 'p': strcpy(PassWord, optarg); break; - case 'h': Usage(prog_name); - default: Usage(prog_name); - } - } - if (*PassWord == 0) GetPassWord(PassWord); /* may not return */ - else Encrypt(PassWord); - if (*Machine != 0) { - Shutdown(Machine, PassWord); - exit(0); - } - /* printf("exit for safety = %s.\n", PassWord); -exit(0); */ - while (++MachineNo < LASTMACHINE+1) { - pid_t Proc; -#ifdef USE_DOMAIN - sprintf(Machine, "%s%d%s", PREFIX, MachineNo, DOMAIN); -#else - sprintf(Machine, "%s%d", PREFIX, MachineNo); -#endif - Proc = fork(); - if (Proc == 0) { /* in child process */ - Shutdown(Machine, PassWord); - exit(0); - } - } - printf("Shutdowns initiated.\n"); -} |