Draft sanity checker for smbpasswd

Kevin (HxPro) Wheatley hxpro at cinesite.co.uk
Fri Jul 27 10:35:37 GMT 2001


Gerald Carter wrote:
> 
> On Tue, 24 Jul 2001, David Collier-Brown wrote:
> 
> > Kevin, can you check this out and sugegst additions?  You may have
> > to manually unfold lines folded in mail...
> >
> > --dave
> >
> > #!/bin/sh
> > #
> > # checksmbpasswd -- check the smb password file against /etc/passwd
> > #       and /etc/shadow. Reading smbpasswd requires running as root.
> > #       Developed on Solaris, may require fettling --dave c-b
> > #
> > #set -x
> 
> I'll play around with this today.
> 
> cheers, jerry

On IRIX the script doesn't do the right thing to cross check the
paassword files with each other.

My thoughts on it are use associative arrays/hashes in perl - less
dependancy on external programs.

check for duplicate UIDs and names in both files, flag duplicates in the
samba password as critical but perhaps not those in the Unix side of
things. duplicate names however should flag an error on both.

When slurping in the files, throw away the Unix passwords as you don't
need to look at them.

sort the results of both slurps, NIS especially does not give records in
order and diff. Do this on both name and UID, warn about extra entries
and error on mismatches,

Then you can look for further integrity checks in the samba password
file.

Check all machine accounts have a '$' and that there are no true users
with '$', etc, etc.

Perhaps the validity checking on the samba password file should be done
first, i.e. that its format is correct before throwing out too many
false errors in the case of a corrupt file.

Any other ideas ?

Kevin

-- 
| Kevin Wheatley             | These are the opinions of nobody   |
| Technical Services Manager | and are not shared by my employers |
| Cinesite Digital Studios   |                                    |




More information about the samba-technical mailing list