diff options
| author | Daniel Stefan Haischt <dsh@pfsense.org> | 2006-08-21 01:09:53 +0000 |
|---|---|---|
| committer | Daniel Stefan Haischt <dsh@pfsense.org> | 2006-08-21 01:09:53 +0000 |
| commit | d4b90b2e1d58ebdb09235232449e0563ce2f22de (patch) | |
| tree | e3a51c4a9212341f24a9f4f3ce58dadf6ba1f125 | |
| parent | 458b5a213e6673ce16e56b31ca9430a029dfed06 (diff) | |
| download | pfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.tar.gz pfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.tar.bz2 pfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.zip | |
samba and unix user/group bug fixing
| -rw-r--r-- | packages/freenas/pkg/freenas_guiconfig.inc | 6 | ||||
| -rw-r--r-- | packages/freenas/pkg/freenas_services.inc | 22 | ||||
| -rw-r--r-- | packages/freenas/pkg/freenas_system.inc | 114 | ||||
| -rw-r--r-- | packages/freenas/pkg/rc.freenas | 4 | ||||
| -rw-r--r-- | packages/freenas/www/services_rsyncd.php | 10 | ||||
| -rw-r--r-- | packages/freenas/www/services_rsyncd_client.php | 6 |
6 files changed, 107 insertions, 55 deletions
diff --git a/packages/freenas/pkg/freenas_guiconfig.inc b/packages/freenas/pkg/freenas_guiconfig.inc index f46cf8df..8acd5ff4 100644 --- a/packages/freenas/pkg/freenas_guiconfig.inc +++ b/packages/freenas/pkg/freenas_guiconfig.inc @@ -7,7 +7,7 @@ All rights reserved. Modified for FreeNAS (http://freenas.org) by Olivier Cochard <cochard@gmail.com> - + Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: @@ -88,7 +88,7 @@ function users_sort() { return strcmp($a['login'], $b['login']); } - usort($config['access']['user'], "userscmp"); + usort($config['system']['user'], "userscmp"); } /* TODO: This needs to be changed */ @@ -99,6 +99,6 @@ function groups_sort() { return strcmp($a['name'], $b['name']); } - usort($config['access']['group'], "groupscmp"); + usort($config['system']['group'], "groupscmp"); } ?>
\ No newline at end of file diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc index add418ed..748a9e65 100644 --- a/packages/freenas/pkg/freenas_services.inc +++ b/packages/freenas/pkg/freenas_services.inc @@ -51,6 +51,12 @@ function services_samba_configure() { if ($g['booting']) echo "Starting Samba... "; + /* make sure any of the required dirs exist */ + if (! file_exists("{$g['varetc_path']}/private")) + mkdir("{$g['varetc_path']}/private"); + if (! file_exists("{$g['varlog_path']}/samba")) + mkdir("{$g['varlog_path']}/samba"); + /* generate smb.conf */ $fd = fopen("{$g['varetc_path']}/smb.conf", "w"); if (!$fd) { @@ -499,7 +505,7 @@ dir_message = .message logfile = /var/log/wzdftpd/wzd.log xferlog = /var/log/wzdftpd/xferlog logdir = /var/log/wzdftpd -max_threads = 32 +max_threads = {$freenas_config['ftp']['numberclients']} backend = /usr/local/share/wzdftpd/backends/libwzd{$freenas_config['ftp']['authentication_backend']}.so @@ -649,16 +655,16 @@ site_who = !/usr/local/etc/wzdftpd/file_who.txt EOD; - if (isset($freenas_config['ftp']['banner'])) { + if (isset($freenas_config['ftp']['banner'])) { $ftpconf .= "200 = {$freenas_config['ftp']['banner']}"; } - fwrite($fd, $ftpconf); - fclose($fd); - chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400); + fwrite($fd, $ftpconf); + fclose($fd); + chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400); - /* now generate the plaintext userfail (if applicable) */ - if ($freenas_config['ftp']['authentication_backend'] == "plaintext") { + /* now generate the plaintext users file (if applicable) */ + if ($freenas_config['ftp']['authentication_backend'] == FTP_BACKEND_PLAINTEXT) { $ftpusers = "[GROUPS]\n"; $a_group =& $config['system']['group']; $a_user =& $config['system']['user']; @@ -1645,7 +1651,7 @@ _ftp._tcp local. EOD; } - if (isset($freenas_config['samba']['enable'])) { + if (isset($freenas_config['samba']['enable'])) { $mDNSResponder .= <<<EOD "{$config['system']['hostname']} Samba Server" diff --git a/packages/freenas/pkg/freenas_system.inc b/packages/freenas/pkg/freenas_system.inc index f3da6aa4..83751d6b 100644 --- a/packages/freenas/pkg/freenas_system.inc +++ b/packages/freenas/pkg/freenas_system.inc @@ -10,7 +10,7 @@ Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - + 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. @@ -148,40 +148,57 @@ function system_users_create() function system_user_masterpasswd() { /* Create the master.passwd file*/ - global $config, $g; + global $config, $g, $userindex, $groupindex; + $root = getUNIXRoot(); $masterpasswd = <<<EOD -root:{$config['system']['password']}:0:0::0:0:Charlie &:/root:/bin/sh +root:{$root['password']}:0:0::0:0:Charlie &:/root:/bin/sh toor:*:0:0::0:0:Bourne-again Superuser:/root: daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin operator:*:2:5::0:0:System &:/:/usr/sbin/nologin bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin +smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin +mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin +proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin +_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin +dhcpd:*:1002:1002::0:0:DHCP Daemon:/nonexistent:/sbin/nologin +_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin +_isakmpd:*:68:68::0:0:isakmpd privsep:/var/empty:/sbin/nologin ftp:*:21:50::0:0:FTP user:/mnt:/sbin/nologin sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin EOD; - if (is_array($config['access']['user'])) + if (is_array($config['system']['user'])) { - foreach ($config['access']['user'] as $user) + foreach ($config['system']['user'] as $user) { - $password=crypt($user['password']); + $password= $user['password']; + $groupname = $user['groupname']; + $group =& $config['system']['group'][$groupindex[$groupname]]; + + if (empty($user['uid'])) { + $newuser = assignUID($user['name']); + $newgroup = assignGID($groupname); + if (! empty($newuser)) { $user = $newuser; } + if (! empty($newgroup)) { $group = $newgroup; } + } - if (isset($user['fullshell'])) + if (hasShellAccess($user['name'])) { $masterpasswd .= <<<EOD -{$user['login']}:{$password}:{$user['id']}:{$user['usergroupid']}::0:0:{$user['fullname']}:/mnt:/bin/sh +{$user['name']}:{$password}:{$user['uid']}:{$group['gid']}::0:0:{$user['fullname']}:/mnt:/etc/rc.initial EOD; } else { $masterpasswd .= <<<EOD -{$user['login']}:{$password}:{$user['id']}:{$user['usergroupid']}::0:0:{$user['fullname']}:/mnt:/usr/local/bin/scponly +{$user['name']}:{$password}:{$user['uid']}:{$group['gid']}::0:0:{$user['fullname']}:/mnt:/usr/local/bin/scponly EOD; } @@ -189,7 +206,7 @@ EOD; } - $fd = fopen("{$g['varetc_path']}/master.passwd", "w"); + $fd = fopen("/etc/master.passwd", "w"); if (!$fd) { printf("Error: cannot open master.passwd in system_user_masterpasswd().\n"); @@ -211,16 +228,16 @@ function system_user_group() $groupfile = <<<EOD wheel:*:0:root EOD; - + /* If user exist with full shell, put them on the wheel group */ - if (is_array($config['access']['user'])) + if (is_array($config['system']['user'])) { - foreach ($config['access']['user'] as $user) + foreach ($config['system']['user'] as $user) { - if (isset($user['fullshell'])) + if (hasShellAccess($user['name']) && isSystemAdmin($user['name'])) { $groupfile .= <<<EOD -,{$user['login']} +,{$user['name']} EOD; } } @@ -233,33 +250,61 @@ kmem:*:2: sys:*:3: tty:*:4: operator:*:5:root +mail:*:6: bin:*:7: staff:*:20: +EOD; + + /* If user exist without full shell, put them on the staff group */ + if (is_array($config['system']['user'])) + { + foreach ($config['system']['user'] as $user) + { + if (hasShellAccess($user['name'])) + { + $groupfile .= <<<EOD +{$user['name']}, +EOD; + } + } + } + + $groupfile .= <<<EOD + sshd:*:22: +smmsp:*:25: +mailnull:*:26: guest:*:31: -ftp:*:50: +proxy:*:62: _pflogd:*:64: _dhcp:*:65: +ftp:*:50: +authpf:*:63: network:*:69: www:*:80: nogroup:*:65533: nobody:*:65534: -admin:*:1000: +admin:*:0: EOD; - if (is_array($config['access']['group'])) + if (is_array($config['system']['group'])) { - foreach ($config['access']['group'] as $group) + foreach ($config['system']['group'] as $group) { + if (empty($group['gid'])) { + $newgroup = assignGID($group['name']); + if (! empty($newgroup)) { $group = $newgroup; } + } + $groupfile .= <<<EOD -{$group['name']}:*:{$group['id']}: +{$group['name']}:*:{$group['gid']}: EOD; } } - $fd = fopen("{$g['varetc_path']}/group", "w"); + $fd = fopen("/etc/group", "w"); if (!$fd) { printf("Error: cannot open group in system_user_group().\n"); @@ -269,7 +314,7 @@ EOD; fwrite($fd, $groupfile); fclose($fd); - + return 0; } @@ -278,9 +323,9 @@ function system_user_pwdmkdb() { /* Generate the db of password */ global $config, $g; - - mwexec("/usr/sbin/pwd_mkdb -p -d {$g['varetc_path']} {$g['varetc_path']}/master.passwd"); - + + mwexec("/usr/sbin/pwd_mkdb -p -d /etc /etc/master.passwd"); + return 0; } @@ -290,13 +335,14 @@ function system_user_samba() /* Generate the db of password */ global $config, $g; - if (is_array($config['access']['user'])) + if (is_array($config['system']['user'])) { - foreach ($config['access']['user'] as $user) - { + foreach ($config['system']['user'] as $user) + { + /* TODO: the password in config.xml is already encrypted */ $password = escapeshellcmd($user['password']); - $login = escapeshellcmd($user['login']); + $login = escapeshellcmd($user['name']); mwexec("(/bin/echo {$password}; /bin/echo {$password}) | /usr/local/bin/smbpasswd -s -a {$login}"); //mwexec("(/bin/echo {$password}; /bin/echo {$password}) | /usr/local/bin/pdbedit -tau {$login}"); } @@ -376,10 +422,10 @@ EOD; printf("Error: cannot open /pam.d/system in system_pam_configure().\n"); return 1; } - + fwrite($fd, $system); fclose($fd); - + $sshd .= <<<EOD # PAM configuration for the "sshd" service @@ -396,7 +442,7 @@ EOD; auth sufficient /usr/local/lib/pam_winbind.so debug try_first_pass EOD; - } + } $sshd .= <<<EOD auth required pam_unix.so no_warn try_first_pass @@ -411,7 +457,7 @@ EOD; account sufficient /usr/local/lib/pam_winbind.so EOD; - } + } $sshd .= <<<EOD account required pam_unix.so @@ -429,7 +475,7 @@ if (isset($config['ad']['enable'])) password sufficient /usr/local/lib/pam_winbind.so debug try_first_pass EOD; - } + } $sshd .= <<<EOD diff --git a/packages/freenas/pkg/rc.freenas b/packages/freenas/pkg/rc.freenas index 57e960b2..404464a4 100644 --- a/packages/freenas/pkg/rc.freenas +++ b/packages/freenas/pkg/rc.freenas @@ -40,7 +40,7 @@ require_once("freenas_functions.inc"); system_tuning(); /* Generate local user base */ -/* system_users_create(); */ +system_users_create(); /* start iSCSI service */ services_iscsi_configure(); @@ -88,6 +88,6 @@ services_rsyncclient_configure(); services_cron_configure(); /* Start mdnsresponder (Zeroconf/Bonjour) */ -service_zeroconf_configure(); +services_zeroconf_configure(); ?>
\ No newline at end of file diff --git a/packages/freenas/www/services_rsyncd.php b/packages/freenas/www/services_rsyncd.php index ea85202d..a8b34b4c 100644 --- a/packages/freenas/www/services_rsyncd.php +++ b/packages/freenas/www/services_rsyncd.php @@ -42,12 +42,12 @@ require_once("freenas_guiconfig.inc"); require_once("freenas_functions.inc"); /* TODO: use pfSense users/groups. */ -if (!is_array($freenas_config['access']['user'])) - $freenas_config['access']['user'] = array(); +if (!is_array($freenas_config['system']['user'])) + $freenas_config['system']['user'] = array(); users_sort(); -$a_user = &$freenas_config['access']['user']; +$a_user = &$freenas_config['system']['user']; if (!is_array($freenas_config['rsync'])) { @@ -212,8 +212,8 @@ echo $pfSenseHead->getHTML(); <option value="ftp"<?php if ($pconfig['rsyncd_user'] == "ftp") echo "selected";?>> <?php echo htmlspecialchars("guest"); ?> <?php foreach ($a_user as $user): ?> - <option value="<?=$user['login'];?>"<?php if ($user['login'] == $pconfig['rsyncd_user']) echo "selected";?>> - <?php echo htmlspecialchars($user['login']); ?> + <option value="<?=$user['name'];?>"<?php if ($user['name'] == $pconfig['rsyncd_user']) echo "selected";?>> + <?php echo htmlspecialchars($user['name']); ?> </option> <?php endforeach; ?> </select> diff --git a/packages/freenas/www/services_rsyncd_client.php b/packages/freenas/www/services_rsyncd_client.php index ab54f562..a1b1a815 100644 --- a/packages/freenas/www/services_rsyncd_client.php +++ b/packages/freenas/www/services_rsyncd_client.php @@ -42,12 +42,12 @@ require_once("freenas_guiconfig.inc"); require_once("freenas_functions.inc"); /* TODO: use pfSense users/groups. */ -if (!is_array($freenas_config['access']['user'])) - $freenas_config['access']['user'] = array(); +if (!is_array($freenas_config['system']['user'])) + $freenas_config['system']['user'] = array(); users_sort(); -$a_user = &$freenas_config['access']['user']; +$a_user = &$freenas_config['system']['user']; if (!is_array($freenas_config['rsync'])) { |