Locking Profiles (Generating .man files)
David Bannon
D.Bannon at latrobe.edu.au
Mon Aug 14 23:01:07 GMT 2000
At 12:42 AM 15/08/2000 +1000, Kelly Smelser wrote:
>I'm trying to figure out how to create locking mandatory profiles. I
>know that the NTUSER.DAT file needs to be renamed NTUSER.MAN for
>"mandatory" and in the NT Policy the "Save Settings on Exit" option
>should be turned off. However, I could use some help on any other
>intricacies to the setup and if anyone has a log off script or something
>for automatically generating these .man files that would be a great deal
>of help as well. Thanks.
Here's a system I used a while ago. Not sure how suitable it is for current
versions of samba, you would need to look at where profiles are stored at
least. The idea was that when a user connected for the first time they had
a profile made for them based on the default profile. When they logged off
the profile was either set to MANADATARY or deleted completely. Please make
sure you are sure of what you are doing with it or you will have a mob of
very angry users on you tail !
#include<stdio.h>
#include<unistd.h>
#include<pwd.h>
#include<grp.h>
#define PROFILES "/homes/profiles/"
#define LOGFILE "/var/log/setprofile.log"
#define MAN_USER_DIR "/homes/" /* mandatory profiles */
/* Programme to 'adjust' a users profile. Will either make
the profile mandatory or delete it depending on
the -R for remove command line switch.
The -K switch will cause to programme to ALWAYS remove the users
profile, no matter where their home directory is. The profile
is assumed to be in their home directory and is found by looking at
passwd file.
In the smb.conf file, in the [homes] definition :
root postexec = /usr/local/sbin/setprofile %u -R
*/
/* This function decides if user should have
a profile 'adjusted', returns 1 if so, 0 if not.
Older version decided on the basis of where user's
home dir is, see define for MAN_USER_DIR.
Now decides on what groups user is member of,
ie, if in nt_prof leave it alone.
*/
int DoThisUser(char *User) {
char Buff[255];
/* sprintf(Buff, "%s%s", MAN_USER_DIR, User);
if (access(Buff, F_OK) == 0) return 1;
return 0; */
int Cnt = 0;
struct group *Gr;
Gr = getgrnam("nt_prof");
while (Gr->gr_mem[Cnt] != 0)
if (strcmp(User, Gr->gr_mem[Cnt++]) == 0) return 0;
return 1;
}
int Log(char *FileName, char *Message) {
FILE *F;
if ((F = fopen(LOGFILE, "at")) != 0) {
fprintf(F, "%s %s\n", Message, FileName);
fclose(F);
}
}
void DoHelp() {
printf("Usage : setprofile user = make profile mandatory\n");
printf("Usage : setprofile user -R = remove profile if in
%s\n",MAN_USER_DIR);
printf("Usage : setprofile user -K = always remove profile.\n");
printf("\nThis programme is normally called ");
printf("by the SAMBA ROOT POSTEXEC function\n");
printf("and is passed the name of the user logging out. \n");
printf("Switches :\n");
printf(" -R Remove the profile (rather than make it mandatory) if\n");
printf(" the user is not in the nt_prof group.\n");
printf(" -K Always remove the users profile.\n");
printf("Errors will be reported in %s\n\n", LOGFILE);
exit(0);
}
/* will get as : /usr/users/dbannon/profile format */
void RemoveProfile(char *PPath) {
char CommBuff[255];
int PID = fork();
if (PID != 0) exit(0); /* Parent process */
sleep(10);
sprintf(CommBuff, "rm -Rf %s", PPath);
if (access(PPath, F_OK) == 0) {
sleep(10); /* Let em finish writing */
system(CommBuff);
if (access(PPath, F_OK) != 0) exit(0);
}
sleep(60); /* try again after 1 min */
if (access(PPath, F_OK) == 0) {
sleep(10); /* Let em finish writing */
system(CommBuff);
if (access(PPath, F_OK) != 0) exit(0);
}
if (access(PPath, F_OK) == 0) Log(PPath, "Cannot remove profile : ");
/* else Log(PPath, "Has not appeared (win95 ?): "); */
exit(1);
}
void main(int argc, char **argv) {
char Buff[255], BuffMAN[255], BuffDAT[255], ProfilePath[255];
int PID;
struct passwd *PW;
if (argc < 2) DoHelp();
if (strcmp("-?", argv[1]) == 0) DoHelp();
if (argc == 3)
if (!strcmp("-K", argv[2])) {
if (PW = getpwnam(argv[1])) { /* Name present */
sprintf(ProfilePath, "%s/profile", PW->pw_dir);
RemoveProfile(ProfilePath); /* Terminates */
} else Log(argv[1], "User does not exist.");
}
/* if not -K, check if user to process */
if (! DoThisUser(argv[1])) {
Log("Not removing ", argv[1]);
exit(0);
}
sprintf(ProfilePath, "%s/%s", PROFILES, argv[1]);
if (argc == 3) {
if (!strcmp("-R", argv[2])) {
/* Log("Removing ", argv[1]); */
RemoveProfile(ProfilePath); /* Terminates */
}
}
/* if to here, renameing as a Mandatory profile */
*Buff = 0;
sprintf(BuffMAN, "%s%s/NTUSER.MAN", PROFILES, argv[1]);
if (access(BuffMAN, F_OK) == 0) {
exit(0); /* Already mandatory */
}
PID = fork();
if (PID != 0) exit(0); /* Parent process */
sleep(10);
sprintf(BuffDAT, "%s%s/NTUSER.DAT", PROFILES, argv[1]);
if (access(BuffDAT, F_OK) == 0) {
sprintf(Buff, "mv %s %s", BuffDAT, BuffMAN);
system(Buff);
if (access(BuffMAN, F_OK) == 0) exit(0);
}
sleep(60); /* try again after 1 min */
if (access(BuffDAT, F_OK) == 0) {
sprintf(Buff, "mv %s %s", BuffDAT, BuffMAN);
system(Buff);
if (access(BuffMAN, F_OK) == 0) exit(0);
}
if (*Buff == 0) Log(BuffDAT, "Has not appeared : ");
else Log(BuffDAT, "Cannot be made MAN : ");
exit(1);
}
------------------------------------------------------------
David Bannon D.Bannon at latrobe.edu.au
School of Biochemistry Phone 61 03 9479 2197
La Trobe University, Plenty Rd, Fax 61 03 9479 2467
Bundoora, Vic, Australia, 3083 http://bioserve.latrobe.edu.au
------------------------------------------------------------
..... Humpty Dumpty was pushed !
More information about the samba-ntdom
mailing list