aboutsummaryrefslogtreecommitdiffstats
path: root/packages/freenas
diff options
context:
space:
mode:
authorDaniel Stefan Haischt <dsh@pfsense.org>2006-08-21 01:09:53 +0000
committerDaniel Stefan Haischt <dsh@pfsense.org>2006-08-21 01:09:53 +0000
commitd4b90b2e1d58ebdb09235232449e0563ce2f22de (patch)
treee3a51c4a9212341f24a9f4f3ce58dadf6ba1f125 /packages/freenas
parent458b5a213e6673ce16e56b31ca9430a029dfed06 (diff)
downloadpfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.tar.gz
pfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.tar.bz2
pfsense-packages-d4b90b2e1d58ebdb09235232449e0563ce2f22de.zip
samba and unix user/group bug fixing
Diffstat (limited to 'packages/freenas')
-rw-r--r--packages/freenas/pkg/freenas_guiconfig.inc6
-rw-r--r--packages/freenas/pkg/freenas_services.inc22
-rw-r--r--packages/freenas/pkg/freenas_system.inc114
-rw-r--r--packages/freenas/pkg/rc.freenas4
-rw-r--r--packages/freenas/www/services_rsyncd.php10
-rw-r--r--packages/freenas/www/services_rsyncd_client.php6
6 files changed, 107 insertions, 55 deletions
diff --git a/packages/freenas/pkg/freenas_guiconfig.inc b/packages/freenas/pkg/freenas_guiconfig.inc
index f46cf8df..8acd5ff4 100644
--- a/packages/freenas/pkg/freenas_guiconfig.inc
+++ b/packages/freenas/pkg/freenas_guiconfig.inc
@@ -7,7 +7,7 @@
All rights reserved.
Modified for FreeNAS (http://freenas.org) by Olivier Cochard <cochard@gmail.com>
-
+
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
@@ -88,7 +88,7 @@ function users_sort() {
return strcmp($a['login'], $b['login']);
}
- usort($config['access']['user'], "userscmp");
+ usort($config['system']['user'], "userscmp");
}
/* TODO: This needs to be changed */
@@ -99,6 +99,6 @@ function groups_sort() {
return strcmp($a['name'], $b['name']);
}
- usort($config['access']['group'], "groupscmp");
+ usort($config['system']['group'], "groupscmp");
}
?> \ No newline at end of file
diff --git a/packages/freenas/pkg/freenas_services.inc b/packages/freenas/pkg/freenas_services.inc
index add418ed..748a9e65 100644
--- a/packages/freenas/pkg/freenas_services.inc
+++ b/packages/freenas/pkg/freenas_services.inc
@@ -51,6 +51,12 @@ function services_samba_configure() {
if ($g['booting'])
echo "Starting Samba... ";
+ /* make sure any of the required dirs exist */
+ if (! file_exists("{$g['varetc_path']}/private"))
+ mkdir("{$g['varetc_path']}/private");
+ if (! file_exists("{$g['varlog_path']}/samba"))
+ mkdir("{$g['varlog_path']}/samba");
+
/* generate smb.conf */
$fd = fopen("{$g['varetc_path']}/smb.conf", "w");
if (!$fd) {
@@ -499,7 +505,7 @@ dir_message = .message
logfile = /var/log/wzdftpd/wzd.log
xferlog = /var/log/wzdftpd/xferlog
logdir = /var/log/wzdftpd
-max_threads = 32
+max_threads = {$freenas_config['ftp']['numberclients']}
backend = /usr/local/share/wzdftpd/backends/libwzd{$freenas_config['ftp']['authentication_backend']}.so
@@ -649,16 +655,16 @@ site_who = !/usr/local/etc/wzdftpd/file_who.txt
EOD;
- if (isset($freenas_config['ftp']['banner'])) {
+ if (isset($freenas_config['ftp']['banner'])) {
$ftpconf .= "200 = {$freenas_config['ftp']['banner']}";
}
- fwrite($fd, $ftpconf);
- fclose($fd);
- chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400);
+ fwrite($fd, $ftpconf);
+ fclose($fd);
+ chmod("/usr/local/etc/wzdftpd/wzd.cfg", 0400);
- /* now generate the plaintext userfail (if applicable) */
- if ($freenas_config['ftp']['authentication_backend'] == "plaintext") {
+ /* now generate the plaintext users file (if applicable) */
+ if ($freenas_config['ftp']['authentication_backend'] == FTP_BACKEND_PLAINTEXT) {
$ftpusers = "[GROUPS]\n";
$a_group =& $config['system']['group'];
$a_user =& $config['system']['user'];
@@ -1645,7 +1651,7 @@ _ftp._tcp local.
EOD;
}
- if (isset($freenas_config['samba']['enable'])) {
+ if (isset($freenas_config['samba']['enable'])) {
$mDNSResponder .= <<<EOD
"{$config['system']['hostname']} Samba Server"
diff --git a/packages/freenas/pkg/freenas_system.inc b/packages/freenas/pkg/freenas_system.inc
index f3da6aa4..83751d6b 100644
--- a/packages/freenas/pkg/freenas_system.inc
+++ b/packages/freenas/pkg/freenas_system.inc
@@ -10,7 +10,7 @@
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
-
+
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
@@ -148,40 +148,57 @@ function system_users_create()
function system_user_masterpasswd()
{
/* Create the master.passwd file*/
- global $config, $g;
+ global $config, $g, $userindex, $groupindex;
+ $root = getUNIXRoot();
$masterpasswd = <<<EOD
-root:{$config['system']['password']}:0:0::0:0:Charlie &:/root:/bin/sh
+root:{$root['password']}:0:0::0:0:Charlie &:/root:/bin/sh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
+smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
+mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
+proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
+_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
+dhcpd:*:1002:1002::0:0:DHCP Daemon:/nonexistent:/sbin/nologin
+_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
+_isakmpd:*:68:68::0:0:isakmpd privsep:/var/empty:/sbin/nologin
ftp:*:21:50::0:0:FTP user:/mnt:/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
EOD;
- if (is_array($config['access']['user']))
+ if (is_array($config['system']['user']))
{
- foreach ($config['access']['user'] as $user)
+ foreach ($config['system']['user'] as $user)
{
- $password=crypt($user['password']);
+ $password= $user['password'];
+ $groupname = $user['groupname'];
+ $group =& $config['system']['group'][$groupindex[$groupname]];
+
+ if (empty($user['uid'])) {
+ $newuser = assignUID($user['name']);
+ $newgroup = assignGID($groupname);
+ if (! empty($newuser)) { $user = $newuser; }
+ if (! empty($newgroup)) { $group = $newgroup; }
+ }
- if (isset($user['fullshell']))
+ if (hasShellAccess($user['name']))
{
$masterpasswd .= <<<EOD
-{$user['login']}:{$password}:{$user['id']}:{$user['usergroupid']}::0:0:{$user['fullname']}:/mnt:/bin/sh
+{$user['name']}:{$password}:{$user['uid']}:{$group['gid']}::0:0:{$user['fullname']}:/mnt:/etc/rc.initial
EOD;
}
else
{
$masterpasswd .= <<<EOD
-{$user['login']}:{$password}:{$user['id']}:{$user['usergroupid']}::0:0:{$user['fullname']}:/mnt:/usr/local/bin/scponly
+{$user['name']}:{$password}:{$user['uid']}:{$group['gid']}::0:0:{$user['fullname']}:/mnt:/usr/local/bin/scponly
EOD;
}
@@ -189,7 +206,7 @@ EOD;
}
- $fd = fopen("{$g['varetc_path']}/master.passwd", "w");
+ $fd = fopen("/etc/master.passwd", "w");
if (!$fd)
{
printf("Error: cannot open master.passwd in system_user_masterpasswd().\n");
@@ -211,16 +228,16 @@ function system_user_group()
$groupfile = <<<EOD
wheel:*:0:root
EOD;
-
+
/* If user exist with full shell, put them on the wheel group */
- if (is_array($config['access']['user']))
+ if (is_array($config['system']['user']))
{
- foreach ($config['access']['user'] as $user)
+ foreach ($config['system']['user'] as $user)
{
- if (isset($user['fullshell']))
+ if (hasShellAccess($user['name']) && isSystemAdmin($user['name']))
{
$groupfile .= <<<EOD
-,{$user['login']}
+,{$user['name']}
EOD;
}
}
@@ -233,33 +250,61 @@ kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
+mail:*:6:
bin:*:7:
staff:*:20:
+EOD;
+
+ /* If user exist without full shell, put them on the staff group */
+ if (is_array($config['system']['user']))
+ {
+ foreach ($config['system']['user'] as $user)
+ {
+ if (hasShellAccess($user['name']))
+ {
+ $groupfile .= <<<EOD
+{$user['name']},
+EOD;
+ }
+ }
+ }
+
+ $groupfile .= <<<EOD
+
sshd:*:22:
+smmsp:*:25:
+mailnull:*:26:
guest:*:31:
-ftp:*:50:
+proxy:*:62:
_pflogd:*:64:
_dhcp:*:65:
+ftp:*:50:
+authpf:*:63:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
-admin:*:1000:
+admin:*:0:
EOD;
- if (is_array($config['access']['group']))
+ if (is_array($config['system']['group']))
{
- foreach ($config['access']['group'] as $group)
+ foreach ($config['system']['group'] as $group)
{
+ if (empty($group['gid'])) {
+ $newgroup = assignGID($group['name']);
+ if (! empty($newgroup)) { $group = $newgroup; }
+ }
+
$groupfile .= <<<EOD
-{$group['name']}:*:{$group['id']}:
+{$group['name']}:*:{$group['gid']}:
EOD;
}
}
- $fd = fopen("{$g['varetc_path']}/group", "w");
+ $fd = fopen("/etc/group", "w");
if (!$fd)
{
printf("Error: cannot open group in system_user_group().\n");
@@ -269,7 +314,7 @@ EOD;
fwrite($fd, $groupfile);
fclose($fd);
-
+
return 0;
}
@@ -278,9 +323,9 @@ function system_user_pwdmkdb()
{
/* Generate the db of password */
global $config, $g;
-
- mwexec("/usr/sbin/pwd_mkdb -p -d {$g['varetc_path']} {$g['varetc_path']}/master.passwd");
-
+
+ mwexec("/usr/sbin/pwd_mkdb -p -d /etc /etc/master.passwd");
+
return 0;
}
@@ -290,13 +335,14 @@ function system_user_samba()
/* Generate the db of password */
global $config, $g;
- if (is_array($config['access']['user']))
+ if (is_array($config['system']['user']))
{
- foreach ($config['access']['user'] as $user)
- {
+ foreach ($config['system']['user'] as $user)
+ {
+ /* TODO: the password in config.xml is already encrypted */
$password = escapeshellcmd($user['password']);
- $login = escapeshellcmd($user['login']);
+ $login = escapeshellcmd($user['name']);
mwexec("(/bin/echo {$password}; /bin/echo {$password}) | /usr/local/bin/smbpasswd -s -a {$login}");
//mwexec("(/bin/echo {$password}; /bin/echo {$password}) | /usr/local/bin/pdbedit -tau {$login}");
}
@@ -376,10 +422,10 @@ EOD;
printf("Error: cannot open /pam.d/system in system_pam_configure().\n");
return 1;
}
-
+
fwrite($fd, $system);
fclose($fd);
-
+
$sshd .= <<<EOD
# PAM configuration for the "sshd" service
@@ -396,7 +442,7 @@ EOD;
auth sufficient /usr/local/lib/pam_winbind.so debug try_first_pass
EOD;
- }
+ }
$sshd .= <<<EOD
auth required pam_unix.so no_warn try_first_pass
@@ -411,7 +457,7 @@ EOD;
account sufficient /usr/local/lib/pam_winbind.so
EOD;
- }
+ }
$sshd .= <<<EOD
account required pam_unix.so
@@ -429,7 +475,7 @@ if (isset($config['ad']['enable']))
password sufficient /usr/local/lib/pam_winbind.so debug try_first_pass
EOD;
- }
+ }
$sshd .= <<<EOD
diff --git a/packages/freenas/pkg/rc.freenas b/packages/freenas/pkg/rc.freenas
index 57e960b2..404464a4 100644
--- a/packages/freenas/pkg/rc.freenas
+++ b/packages/freenas/pkg/rc.freenas
@@ -40,7 +40,7 @@ require_once("freenas_functions.inc");
system_tuning();
/* Generate local user base */
-/* system_users_create(); */
+system_users_create();
/* start iSCSI service */
services_iscsi_configure();
@@ -88,6 +88,6 @@ services_rsyncclient_configure();
services_cron_configure();
/* Start mdnsresponder (Zeroconf/Bonjour) */
-service_zeroconf_configure();
+services_zeroconf_configure();
?> \ No newline at end of file
diff --git a/packages/freenas/www/services_rsyncd.php b/packages/freenas/www/services_rsyncd.php
index ea85202d..a8b34b4c 100644
--- a/packages/freenas/www/services_rsyncd.php
+++ b/packages/freenas/www/services_rsyncd.php
@@ -42,12 +42,12 @@ require_once("freenas_guiconfig.inc");
require_once("freenas_functions.inc");
/* TODO: use pfSense users/groups. */
-if (!is_array($freenas_config['access']['user']))
- $freenas_config['access']['user'] = array();
+if (!is_array($freenas_config['system']['user']))
+ $freenas_config['system']['user'] = array();
users_sort();
-$a_user = &$freenas_config['access']['user'];
+$a_user = &$freenas_config['system']['user'];
if (!is_array($freenas_config['rsync']))
{
@@ -212,8 +212,8 @@ echo $pfSenseHead->getHTML();
<option value="ftp"<?php if ($pconfig['rsyncd_user'] == "ftp") echo "selected";?>>
<?php echo htmlspecialchars("guest"); ?>
<?php foreach ($a_user as $user): ?>
- <option value="<?=$user['login'];?>"<?php if ($user['login'] == $pconfig['rsyncd_user']) echo "selected";?>>
- <?php echo htmlspecialchars($user['login']); ?>
+ <option value="<?=$user['name'];?>"<?php if ($user['name'] == $pconfig['rsyncd_user']) echo "selected";?>>
+ <?php echo htmlspecialchars($user['name']); ?>
</option>
<?php endforeach; ?>
</select>
diff --git a/packages/freenas/www/services_rsyncd_client.php b/packages/freenas/www/services_rsyncd_client.php
index ab54f562..a1b1a815 100644
--- a/packages/freenas/www/services_rsyncd_client.php
+++ b/packages/freenas/www/services_rsyncd_client.php
@@ -42,12 +42,12 @@ require_once("freenas_guiconfig.inc");
require_once("freenas_functions.inc");
/* TODO: use pfSense users/groups. */
-if (!is_array($freenas_config['access']['user']))
- $freenas_config['access']['user'] = array();
+if (!is_array($freenas_config['system']['user']))
+ $freenas_config['system']['user'] = array();
users_sort();
-$a_user = &$freenas_config['access']['user'];
+$a_user = &$freenas_config['system']['user'];
if (!is_array($freenas_config['rsync']))
{