e-smith-samba/sme8/e-smith-samba-2.2.0-ldap-auth.patch

diff -up e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps
--- e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth      2010-11-01 12:00:21.000000000 -0600
+++ e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps        2010-11-01 12:03:56.000000000 -0600
@@ -5,12 +5,25 @@ package esmith;
 use strict;
 use Errno;
 use esmith::AccountsDB;
+use esmith::ConfigDB;
+use esmith::util;
 
 # events: console-save, bootstrap-console-save, group-modify-samba, group-create
 #         post-install, post-upgrade, workgroup-update
 my $debug = "--debuglevel=1";
 
 my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
+my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";
+
+my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
+my $pw = esmith::util::LdapPassword();
+
+if ($ldapauth eq 'enabled')
+{
+    # Add the LDAP admin password in secret.tdb
+    warn "Couldn't add LDAP password in secret.tdb\n" unless
+        system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
+}
 
 my $g = `/usr/bin/net getlocalsid`;
 unless ($g =~ /SID.*is: (.+)/) {
@@ -20,6 +33,12 @@ unless ($g =~ /SID.*is: (.+)/) {
     rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
     $g = `/usr/bin/net getlocalsid`;
     $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
+    if ($ldapauth eq 'enabled')
+    {
+        # Add the LDAP admin password in secret.tdb
+        warn "Couldn't add LDAP password in secret.tdb\n" unless
+            system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
+    }
 }
 my $local_sid = $1;
 
diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend
--- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth       2005-02-17 16:04:02.000000000 -0700
+++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend 2010-11-01 12:06:50.000000000 -0600
@@ -1,4 +1,25 @@
 {
 #Set the Samba user account dbase backend
-}
+    if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
+    {
+        my $base = esmith::util::ldapBase ($DomainName);
+        $OUT .= <<EOF;
+passdb backend = ldapsam:ldap://localhost
+
+ldap admin dn = cn=root,$base
+ldap suffix = $base
+ldap group suffix = ou=Groups
+ldap user suffix = ou=Users
+ldap machine suffix = ou=Computers
+ldap delete dn = no
+ldap passwd sync = yes
+ldap ssl = off
+EOF
+    }
+    else
+    {
+        $OUT .= <<EOF;
 passdb backend = smbpasswd:/etc/samba/smbpasswd
+EOF
+    }
+}
diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync
--- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth    2007-12-15 08:53:08.000000000 -0700
+++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync      2010-11-01 12:09:26.000000000 -0600
@@ -5,10 +5,23 @@
 # NOTE2: You do NOT need these to allow workstations to change only
 #        the encrypted SMB passwords. They allow the Unix password
 #        to be kept in sync with the SMB password.
-}
+
+    if ( ($ldap{Authentication} || 'disabled') eq 'enabled')
+    {
+        $OUT .= <<EOF;
+unix password sync = no
+pam password change = no
+EOF
+    }
+    else
+    {
+        $OUT .= <<'EOF';
 unix password sync = Yes
 pam password change = Yes
 
 passwd program = /usr/bin/passwd %u 
 passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
 check password script = /sbin/e-smith/samba_check_password
+EOF
+    }
+}
diff -up e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth e-smith-samba-2.2.0/root/var/service/smbd/run
--- e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth     2010-11-01 12:00:21.000000000 -0600
+++ e-smith-samba-2.2.0/root/var/service/smbd/run       2010-11-01 12:11:21.000000000 -0600
@@ -8,6 +8,8 @@
 #fi
 # We currently don't care about /etc/sysconfig/samba, but that may change.
 
+ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled)
+
 status=$(/sbin/e-smith/config getprop smb status)
 if [ "$status" = "disabled" ]
 then
@@ -39,5 +41,10 @@ do
     [ -r "$tdb" ] && tdbbackup "$tdb" .bak
 done
 
+if [ "$ldapauth" == "enabled" ]
+then
+    /usr/bin/smbpasswd -w "$(cat /etc/ldap.secret)"
+fi
+
 exec 2>&1
 exec $smbd -F
diff -up e-smith-samba-2.2.0/createlinks.ldap-auth e-smith-samba-2.2.0/createlinks
--- e-smith-samba-2.2.0/createlinks.ldap-auth   2007-12-15 08:53:09.000000000 -0700
+++ e-smith-samba-2.2.0/createlinks     2010-11-01 12:14:17.000000000 -0600
@@ -31,7 +31,8 @@
 
 my $event = "console-save";
 
-$event = "bootstrap-console-save";
+$event = "bootstrap-ldap-save";
+templates2events("/etc/samba/smb.conf", $event);
 event_link("update-domain-group-maps", $event, "56");
 
 $event = "group-create";
1	diff -up e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps
2	--- e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps.ldap-auth 2010-11-01 12:00:21.000000000 -0600
3	+++ e-smith-samba-2.2.0/root/etc/e-smith/events/actions/update-domain-group-maps 2010-11-01 12:03:56.000000000 -0600
4	@@ -5,12 +5,25 @@ package esmith;
5	use strict;
6	use Errno;
7	use esmith::AccountsDB;
8	+use esmith::ConfigDB;
9	+use esmith::util;
10
11	# events: console-save, bootstrap-console-save, group-modify-samba, group-create
12	# post-install, post-upgrade, workgroup-update
13	my $debug = "--debuglevel=1";
14
15	my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
16	+my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";
17	+
18	+my $ldapauth = $c->get('ldap')->prop('Authentication') \|\| 'disabled';
19	+my $pw = esmith::util::LdapPassword();
20	+
21	+if ($ldapauth eq 'enabled')
22	+{
23	+ # Add the LDAP admin password in secret.tdb
24	+ warn "Couldn't add LDAP password in secret.tdb\n" unless
25	+ system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
26	+}
27
28	my $g = `/usr/bin/net getlocalsid`;
29	unless ($g =~ /SID.*is: (.+)/) {
30	@@ -20,6 +33,12 @@ unless ($g =~ /SID.*is: (.+)/) {
31	rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
32	$g = `/usr/bin/net getlocalsid`;
33	$g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
34	+ if ($ldapauth eq 'enabled')
35	+ {
36	+ # Add the LDAP admin password in secret.tdb
37	+ warn "Couldn't add LDAP password in secret.tdb\n" unless
38	+ system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
39	+ }
40	}
41	my $local_sid = $1;
42
43	diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend
44	--- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend.ldap-auth 2005-02-17 16:04:02.000000000 -0700
45	+++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11passdbBackend 2010-11-01 12:06:50.000000000 -0600
46	@@ -1,4 +1,25 @@
47	{
48	#Set the Samba user account dbase backend
49	-}
50	+ if ( ($ldap{Authentication} \|\| 'disabled') eq 'enabled')
51	+ {
52	+ my $base = esmith::util::ldapBase ($DomainName);
53	+ $OUT .= <<EOF;
54	+passdb backend = ldapsam:ldap://localhost
55	+
56	+ldap admin dn = cn=root,$base
57	+ldap suffix = $base
58	+ldap group suffix = ou=Groups
59	+ldap user suffix = ou=Users
60	+ldap machine suffix = ou=Computers
61	+ldap delete dn = no
62	+ldap passwd sync = yes
63	+ldap ssl = off
64	+EOF
65	+ }
66	+ else
67	+ {
68	+ $OUT .= <<EOF;
69	passdb backend = smbpasswd:/etc/samba/smbpasswd
70	+EOF
71	+ }
72	+}
73	diff -up e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync
74	--- e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync.ldap-auth 2007-12-15 08:53:08.000000000 -0700
75	+++ e-smith-samba-2.2.0/root/etc/e-smith/templates/etc/smb.conf/11unixPasswordSync 2010-11-01 12:09:26.000000000 -0600
76	@@ -5,10 +5,23 @@
77	# NOTE2: You do NOT need these to allow workstations to change only
78	# the encrypted SMB passwords. They allow the Unix password
79	# to be kept in sync with the SMB password.
80	-}
81	+
82	+ if ( ($ldap{Authentication} \|\| 'disabled') eq 'enabled')
83	+ {
84	+ $OUT .= <<EOF;
85	+unix password sync = no
86	+pam password change = no
87	+EOF
88	+ }
89	+ else
90	+ {
91	+ $OUT .= <<'EOF';
92	unix password sync = Yes
93	pam password change = Yes
94
95	passwd program = /usr/bin/passwd %u
96	passwd chat = NewUNIXpassword %n\n ReTypenewUNIXpassword* %n\n passwd:allauthenticationtokensupdatedsuccessfully*
97	check password script = /sbin/e-smith/samba_check_password
98	+EOF
99	+ }
100	+}
101	diff -up e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth e-smith-samba-2.2.0/root/var/service/smbd/run
102	--- e-smith-samba-2.2.0/root/var/service/smbd/run.ldap-auth 2010-11-01 12:00:21.000000000 -0600
103	+++ e-smith-samba-2.2.0/root/var/service/smbd/run 2010-11-01 12:11:21.000000000 -0600
104	@@ -8,6 +8,8 @@
105	#fi
106	# We currently don't care about /etc/sysconfig/samba, but that may change.
107
108	+ldapauth=$(/sbin/e-smith/config getprop ldap Authentication \|\| echo disabled)
109	+
110	status=$(/sbin/e-smith/config getprop smb status)
111	if [ "$status" = "disabled" ]
112	then
113	@@ -39,5 +41,10 @@ do
114	[ -r "$tdb" ] && tdbbackup "$tdb" .bak
115	done
116
117	+if [ "$ldapauth" == "enabled" ]
118	+then
119	+ /usr/bin/smbpasswd -w "$(cat /etc/ldap.secret)"
120	+fi
121	+
122	exec 2>&1
123	exec $smbd -F
124	diff -up e-smith-samba-2.2.0/createlinks.ldap-auth e-smith-samba-2.2.0/createlinks
125	--- e-smith-samba-2.2.0/createlinks.ldap-auth 2007-12-15 08:53:09.000000000 -0700
126	+++ e-smith-samba-2.2.0/createlinks 2010-11-01 12:14:17.000000000 -0600
127	@@ -31,7 +31,8 @@
128
129	my $event = "console-save";
130
131	-$event = "bootstrap-console-save";
132	+$event = "bootstrap-ldap-save";
133	+templates2events("/etc/samba/smb.conf", $event);
134	event_link("update-domain-group-maps", $event, "56");
135
136	$event = "group-create";