diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts --- e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 2008-04-02 10:42:45.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/events/actions/ldap-init-accounts 1969-12-31 17:00:00.000000000 -0700 @@ -1,300 +0,0 @@ -#!/usr/bin/perl -w - -#---------------------------------------------------------------------- -# copyright (C) 1999, 2000 e-smith, inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -#---------------------------------------------------------------------- - -package esmith; - -use strict; -use Errno; -use esmith::ConfigDB; -use esmith::AccountsDB; -use esmith::util; -use Net::LDAP::LDIF; - -# Events: post-install, post-upgrade. -# We assume we cannot access to ldap during this action. - -my $c = esmith::ConfigDB->open_ro or die "Couldn't open config db\n"; - -my $domain = $c->get('DomainName') - || die("Couldn't determine domain name"); -$domain = $domain->value; -my $smb_server = $c->get('smb') - || die("Couldn't determine samba server name"); -$smb_server = $smb_server->prop("ServerName"); -$smb_server =~ tr/[a-z]/[A-Z]/; -my $base = esmith::util::ldapBase ($domain); - -# We specify an empty configuration file to assure no ldap connection. -my $g = `/usr/bin/net getlocalsid -s /dev/null`; -unless ($g =~ /SID.*is: (.+)/) { - warn "Unable to determine SID. Clearning cache to see if it helps."; - rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time; - rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time; - rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time; - $g = `/usr/bin/net getlocalsid -s /dev/null`; - $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n"; -} -my $local_sid = $1; - -# Since we are adding entries directly to the database, to ensure consistency, -# slapd should not be running. -if (`ps -A|grep slapd`) -{ - unless (system("/usr/local/bin/svc -d /service/ldap") == 0) - { - die "Failed to init ldap base because slapd is running.\n"; - } -} - -# Be sure that relevant schemas are enabled. -unless (system("/sbin/e-smith/expand-template /etc/openldap/slapd.conf") == 0) -{ - die "Failed to expand /etc/openldap/slapd.conf.\n"; -} - -# See perldoc perlipc (search for 'Safe Pipe Opens'). -my $pid = open(DISCARD, "|-"); - -# Write to DISCARD ldif code corresponding to accounts to init. -if ($pid) # parent -{ - my $ldif = Net::LDAP::LDIF->new("/home/e-smith/db/ldap/$domain.ldif", - "r", onerror => 'undef'); - my $writer = Net::LDAP::LDIF->new(\*DISCARD, "w", onerror => 'undef'); - - # Entries to init. - my @ous = ("Groups", "People", "Users"); # ous for Organizational Units. - my @users = ("root", "ntp", "www", "admin", "public"); - my @groups = ("shared", "slocate", "nobody", @users); - - # Groups to map with samba, their names and their rids. - my %mapping = - ( - 'admin' => ['Domain Admins', "512"], - 'shared' => ['Domain Users', "513"], - 'nobody' => ['Domain Guests', "514"] - ); - - # Check for already initialized entries. - my %ou_done = (); - my %group_done = (); - my %user_done = (); - my $smb_domain_done; - while (not $ldif->eof()) - { - my $entry = $ldif->read_entry(); - if ($ldif->error()) - { - warn "Error msg: ", $ldif->error(), "\n"; - warn "Error lines:\n", $ldif->error_lines(), "\n"; - } - else - { - my $dn = $entry->dn || ""; - - $smb_domain_done = 1 - if ($dn eq "sambaDomainName=$smb_server,$base"); - - foreach (@ous) - { - $ou_done{$_} = 1 - if ($dn eq "ou=$_,$base"); - } - - foreach (@groups) - { - $group_done{$_} = 1 - if ($dn eq "cn=$_,ou=Groups,$base"); - } - - foreach (@users) - { - $user_done{$_} = 1 - if ($dn eq "uid=$_,ou=Users,$base"); - } - } - } - $ldif->done(); - - # Produce ldif code. - unless ($smb_domain_done) - { - my $smb_domain = Net::LDAP::Entry->new(); - $smb_domain->dn("sambaDomainName=$smb_server,$base"); - $smb_domain->add - ( - "objectClass" => "sambaDomain", - "sambaAlgorithmicRidBase" => "1000", - "sambaDomainName" => $smb_server, - "sambaSID" => $local_sid, - ); - - $writer->write($smb_domain); - } - - foreach (@ous) - { - next if $ou_done{$_}; - - my $ou = Net::LDAP::Entry->new(); - $ou->dn("ou=$_,$base"); - $ou->add - ( - "ou" => $_, - "objectClass" => ["organizationalUnit", "top"] - ); - - $writer->write($ou); - } - - my $group_info = parse_file("/etc/group", @groups); - - foreach (@groups) - { - next if $group_done{$_}; - - my ($name, $passwd, $gid, $members) = @{$group_info->{$_}}; - - die "Unable to find $_ informations in /etc/group.\n" - unless ($name ne "" && $gid ne ""); - - my $group = Net::LDAP::Entry->new(); - $group->dn("cn=$_,ou=Groups,$base"); - - if ($mapping{$_}) - { - my ($dname, $rid) = @{$mapping{$_}}; - $group->add - ( - "objectClass" => ["posixGroup", "sambaGroupMapping", "top"], - "cn" => $name, - "gidNumber" => $gid, - "memberUid" => [split(/,/, $members || "")], - "description" => "Local Unix group", - "displayName" => $dname, - "sambaGroupType" => "2", - "sambaSID" => $local_sid . "-" . $rid - ); - } - else - { - $group->add - ( - "objectClass" => ["posixGroup", "top"], - "cn" => $name, - "gidNumber" => $gid, - "memberUid" => [split(/,/, $members || "")] - ); - } - - $writer->write($group); - } - - my $passwd_info = parse_file("/etc/passwd", @users); - my $shadow_info = parse_file("/etc/shadow", @users); - - foreach (@users) - { - next if $user_done{$_}; - - my ($name, undef, $uid, $gid, $comment, $home, $shell) - = @{$passwd_info->{$_}}; - my (undef, $passwd, $lastchange, $min, $max, $warning, $inactive, - $expire, $flag) = @{$shadow_info->{$_}}; - - die "Unable to find $_ informations in /etc/passwd.\n" - unless ($name ne "" && $uid ne "" && $gid ne "" && $home ne ""); - - my $user = Net::LDAP::Entry->new(); - $user->dn("uid=$_,ou=Users,$base"); - $user->add - ( - "objectClass" => ["account", "posixAccount", "shadowAccount", - "top"], - "cn" => $name, - "uid" => $name, - "gecos" => $comment || "no comment", - "uidNumber" => $uid, - "gidNumber" => $gid, - "userPassword" => "{crypt}" . ($passwd || "*"), - "homeDirectory" => $home, - "loginShell" => $shell || "/bin/false", - "shadowLastChange" => $lastchange || int(time / (24 * 3600)), - "shadowMin" => $min || "-1", - "shadowMax" => $max || "99999", - "shadowWarning" => $warning || "7", - "shadowInactive" => $inactive || "-1", - "shadowExpire" => $expire || "-1", - "shadowFlag" => $flag || "-1" - ); - - $writer->write($user); - } - -$writer->done(); -close(DISCARD) || die "Child exited early."; -} -else # child -{ - # Add entries to slapd base. - unless (system("/usr/sbin/slapadd -b $base") == 0) - { - die "Failed to add ldif entries to $base via slapadd.\n"; - } - - # Make sure ldap db are owned by ldap - system("/bin/chown ldap:ldap /var/lib/ldap/*") == 0 - or die "Failed to chown ldap db.\n"; - - exit 0; -} - -# Update dump to assute consistency. -unless (system("/usr/sbin/slapcat", - "-b", $base, - "-l", "/home/e-smith/db/ldap/$domain.ldif") == 0) -{ - die "Failed to update slapd dump (/home/e-smith/db/ldap/$domain.ldif).\n"; -} - -# Parse a file with fields separated by ':' (ie /etc/{group,passwd,shadow}). -sub parse_file -{ - # We are only interested in @keep accounts. - my ($file, @keep) = @_; - - my %result = (); - - open(FILE, $file) or die("open: $!"); - - my @line; - while() - { - chomp; - @line = split(/:/); - foreach (@keep) - { - $result{$_} = [ @line ] - if ($line[0] eq $_); - } - } - - return \%result; -} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/11SambaDomain mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/11SambaDomain --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/11SambaDomain 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/11SambaDomain 2008-04-02 10:42:01.000000000 -0600 @@ -0,0 +1,10 @@ +{ + my ($smb_server) = $smb{ServerName}; + $smb_server =~ tr/[a-z]/[A-Z]/; + + $OUT .= "dn: sambaDomainName=$smb_server,$ldapBase\n"; + $OUT .= "objectClass: sambaDomain\n"; + $OUT .= "sambaAlgorithmicRidBase: 1000\n"; + $OUT .= "sambaDomainName: $smb_server\n"; + $OUT .= "sambaSID: $local_sid\n"; +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/12UserGroupContainers mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/12UserGroupContainers --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/12UserGroupContainers 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/12UserGroupContainers 2008-04-02 10:42:01.000000000 -0600 @@ -0,0 +1,10 @@ +{ + foreach (@ous) + { + $OUT .= "dn: ou=$_,$ldapBase\n"; + $OUT .= "objectClass: top\n"; + $OUT .= "objectClass: organizationalUnit\n"; + $OUT .= "ou: $_\n\n"; + } +} + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50groups 2008-04-02 10:42:01.000000000 -0600 @@ -0,0 +1,44 @@ +{ + my $group_info = parse_file("/etc/group", @groups); + + foreach my $group (@groups) + { + # Skip groups in db but not in /etc/group. + next unless ($group_info->{$group}); + + my ($name, $passwd, $gid, $members) = @{$group_info->{$group}}; + + $OUT .= "dn: cn=$group,ou=Groups,$ldapBase\n"; + + if ($mapping{$group}) + { + my ($dname, $rid) = @{$mapping{$group}}; + + $OUT .= utf8("objectClass: posixGroup\n"); + $OUT .= utf8("objectClass: sambaGroupMapping\n"); + $OUT .= utf8("objectClass: top\n"); + $OUT .= utf8("cn: $name\n"); + $OUT .= utf8("gidNumber: $gid\n"); + foreach (split(/,/, $members || "")) + { + $OUT .= utf8("memberUid: $_\n"); + } + $OUT .= utf8("description: Local Unix group\n"); + $OUT .= utf8("displayName: $dname\n"); + $OUT .= utf8("sambaGroupType: 2\n"); + $OUT .= utf8("sambaSID: $local_sid" . "-" . "$rid\n\n"); + } + else + { + $OUT .= utf8("objectClass: posixGroup\n"); + $OUT .= utf8("objectClass: top\n"); + $OUT .= utf8("cn: $name\n"); + $OUT .= utf8("gidNumber: $gid\n"); + foreach (split(/,/, $members || "")) + { + $OUT .= utf8("memberUid: $_\n"); + } + $OUT .= "\n"; + } + } +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50people mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50people --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50people 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50people 2008-04-02 10:42:01.000000000 -0600 @@ -0,0 +1,60 @@ +{ + @peoples = ($a->users, $a->groups); + + foreach my $people (@peoples) + { + my $key = $people->key; + my $type = $people->prop('type'); + + if ($type eq 'user') + { + my $first = $people->prop('FirstName') || ''; + my $last = $people->prop('LastName') || ''; + my $name = "$first $last"; + my $phone = $people->prop('Phone') || ''; + my $company = $people->prop('Company') || ''; + my $dept = $people->prop('Dept') || ''; + my $city = $people->prop('City') || ''; + my $street = $people->prop('Street') || ''; + + $OUT .= utf8("dn: uid=$key,ou=People,$ldapBase\n"); + $OUT .= utf8("objectClass: person\n"); + $OUT .= utf8("objectClass: organizationalPerson\n"); + $OUT .= utf8("objectClass: inetOrgPerson\n"); + $OUT .= utf8("uid: $key\n"); + $OUT .= utf8("cn: $name\n"); + $OUT .= utf8("givenName: $first\n"); + $OUT .= utf8("sn: $last\n"); + $OUT .= utf8("mail: $key\@$DomainName\n"); + $OUT .= utf8("telephoneNumber: $phone\n"); + $OUT .= utf8("o: $company\n"); + $OUT .= utf8("ou: $dept\n"); + $OUT .= utf8("l: $city\n"); + $OUT .= utf8("street: $street\n\n"); + } + elsif ($type eq 'group') + { + my $desc = $people->prop('Description') || ''; + my $phone = $ldap{defaultPhoneNumber} || ''; + my $company = $ldap{defaultCompany} || ''; + my $dept = $ldap{defaultDepartment} || ''; + my $city = $ldap{defaultCity} || ''; + my $street = $ldap{defaultStreet} || ''; + + $OUT .= utf8("dn: uid=$key,ou=People,$ldapBase\n"); + $OUT .= utf8("objectClass: person\n"); + $OUT .= utf8("objectClass: organizationalPerson\n"); + $OUT .= utf8("objectClass: inetOrgPerson\n"); + $OUT .= utf8("uid: $key\n"); + $OUT .= utf8("cn: $desc\n"); + $OUT .= utf8("sn: $desc\n"); + $OUT .= utf8("mail: $key\@$DomainName\n"); + $OUT .= utf8("telephoneNumber: $phone\n"); + $OUT .= utf8("o: $company\n"); + $OUT .= utf8("ou: $dept\n"); + $OUT .= utf8("l: $city\n"); + $OUT .= utf8("street: $street\n\n"); + } + } +} + diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users 1969-12-31 17:00:00.000000000 -0700 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/50users 2008-04-02 10:42:01.000000000 -0600 @@ -0,0 +1,36 @@ +{ + my $passwd_info = parse_file("/etc/passwd", @users); + my $shadow_info = parse_file("/etc/shadow", @users); + + foreach my $user (@users) + { + # Skip users in db but not in /etc/passwd. + next unless ($passwd_info->{$user}); + + my ($name, undef, $uid, $gid, $comment, $home, $shell) + = @{$passwd_info->{$user}}; + my (undef, $passwd, $lastchange, $min, $max, $warning, $inactive, + $expire, $flag) = @{$shadow_info->{$user}}; + + $OUT .= utf8("dn: uid=$user,ou=Users,$ldapBase\n"); + $OUT .= utf8("objectClass: account\n"); + $OUT .= utf8("objectClass: posixAccount\n"); + $OUT .= utf8("objectClass: shadowAccount\n"); + $OUT .= utf8("objectClass: top\n"); + $OUT .= utf8("cn: $name\n"); + $OUT .= utf8("uid: $name\n"); + $OUT .= utf8("gecos: " . ($comment || "no comment") . "\n"); + $OUT .= utf8("uidNumber: $uid\n"); + $OUT .= utf8("gidNumber: $gid\n"); + $OUT .= utf8("userPassword: {crypt}" . ($passwd || "*") . "\n"); + $OUT .= utf8("homeDirectory: $home\n"); + $OUT .= utf8("loginShell: " . ($shell || "/bin/false") . "\n"); + $OUT .= utf8("shadowLastChange: " . ($lastchange || int(time / (24 * 3600))) . "\n"); + $OUT .= utf8("shadowMin: " . ($min || "-1") . "\n"); + $OUT .= utf8("shadowMax: " . ($max || "99999") . "\n"); + $OUT .= utf8("shadowWarning: " . ($warning || "7") . "\n"); + $OUT .= utf8("shadowInactive: " . ($inactive || "-1") . "\n"); + $OUT .= utf8("shadowExpire: " . ($expire || "-1") . "\n"); + $OUT .= utf8("shadowFlag: " . ($flag || "-1") . "\n\n"); + } +} diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin --- e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2008-04-02 10:42:47.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2008-04-02 10:42:01.000000000 -0600 @@ -1,14 +1,63 @@ { + use esmith::ConfigDB; use esmith::AccountsDB; use esmith::util; $a = esmith::AccountsDB->open_ro; + $c = esmith::ConfigDB->open_ro; $ldapBase = esmith::util::ldapBase ($DomainName); + $local_sid = `/usr/bin/net getlocalsid -s /dev/null -n $smb{ServerName}`; + $local_sid =~ s/SID.*is: (.+)/$1/; + chomp($local_sid); sub utf8 { my $t = shift; utf8::encode($t); return $t; } + # Basic entries to init. + @ous = ("Groups", "People", "Users"); # ous for Organizational Units. + @users = ("root", "ntp", "www", "admin", "public"); + @groups = ("shared", "slocate", "nobody", @users); + + # Groups to map with samba, their names and their rids. + %mapping = + ( + 'admin' => ['Domain Admins', "512"], + 'shared' => ['Domain Users', "513"], + 'nobody' => ['Domain Guests', "514"] + ); + + # Add users and groups from db. + foreach my $account ($a->users, $a->groups) + { + @users = (@users, $account->key); + @groups = (@groups, $account->key); + } + + # Parse a file with fields separated by ':' (ie /etc/{group,passwd,shadow}). + sub parse_file + { + # We are only interested in @keep accounts. + my ($file, @keep) = @_; + + my %result = (); + + open(FILE, $file) or die("open: $!"); + + my @line; + while() + { + chomp; + @line = split(/:/); + foreach (@keep) + { + $result{$_} = [ @line ] + if ($line[0] eq $_); + } + } + + return \%result; + } $OUT = ""; } diff -Nur -x '*.orig' -x '*.rej' e-smith-base+ldap-4.19.1/root/var/service/ldap/run mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run --- e-smith-base+ldap-4.19.1/root/var/service/ldap/run 2008-04-02 10:42:47.000000000 -0600 +++ mezzanine_patched_e-smith-base+ldap-4.19.1/root/var/service/ldap/run 2008-04-02 10:42:01.000000000 -0600 @@ -38,7 +38,6 @@ fi sed -e 's/objectClass: group/objectClass: posixGroup/' < $ldif | \ setuidgid ldap slapadd -c - /etc/e-smith/events/actions/ldap-init-accounts fi fi