That troublemaker again (replace domain logons =, domain master=)
David Collier-Brown
davecb at canada.sun.com
Mon Nov 12 09:36:03 GMT 2001
"Gerald (Jerry) Carter" wrote:
> Any volunteers to write it?
A really hacky first draft might be the following: it does expose
the question of what to do about securty = share...
#!/bin/sh
#
# prefilter -- program to lok at smb.conf and warn about
# changes required for Samba 3.0 "authentication order"
# option. Syntax is
# authentication order = [rhosts hostsequiv sam unix local smbserver
ntdomain]*
#
#set -x
main() {
if [ $# -lt 1 ]; then
say "prefilter: you must provide an smb.conf file."
say "Usage: prefilter [-opts] file"
exit 1
fi
while [ "$1" != "" ]; do
case "$1" in
-*) # oops
say "Unrecognized option \"$1\" ignored."
;;
*) # End of options
break
;;
esac
shift
done
file="$1"
process $file
}
process() {
file=$1
cat $file |\
sed -e '/^[ ]*;/d' \
-e 's/\#.*$//' \
-e '/^[ ]*$/d' |\
nawk '
BEGIN {
# Initial state
security = "user"
password_server = ""
encrypt_passwords = "no"
authentication_order = ""
desired_authentication_order = ""
desired_password_server = ""
}
# Print for debugging
/.*/ { print NR " " $0 }
# Capture options for analysis
/security[\t ]*=/ {
gsub("security[\t ]*=", "");
security = $1
}
/password[\t ]*server[\t ]*=/ {
gsub("password[\t ]*server[\t ]*=", "");
password_server = $1
}
/encrypt[\t ]*passwords[\t ]*=/ {
gsub("encrypt[\t ]*passwords[\t ]*=", "");
encrypt_passwords = $1
}
/authentication[\t ]*order[\t ]*=/ {
gsub("authentication[\t ]*order[\t ]*=", "");
authentication_order = $0
}
END {
print "AT END"
print "SECURITY= " security
print "AUTHENTICATION ORDER= " authentication_order
print "ENCRYPT= " encrypt_passwords
print "SERVER= " password_server
# Set up expected value.
desired_password_server = ""
if (security == "") {
desired_authentication_order = "ANY"
}
else if (security ~ /user/) {
print "USER"
desired_authentication_order = "smbserver"
}
else if (security ~ /share/) {
print "SHARE"
desired_authentication_order = "SHARE" # Not
supported.
}
else if (security ~ /domain/) {
print "DOMAIN"
desired_authentication_order = "ntdomain"
}
else if (security ~ /server/) {
print "SERVER"
desired_authentication_order =
"smbserver|ntdomain"
desired_password_server = "NONNULL"
}
else {
print "BOGON: security = ", security
}
# Check for valid values.
if (desired_authentication_order == "ANY") {
print "AUTH ANY"
}
else if (desired_authentication_order == "SHARE") {
print "AUTH SHARE - PROBLEM"
}
else if (desired_authentication_order == "NONNULL") {
if (authentication_order != "") {
print "AUTH NONNULL OK"
}
else {
print "AUTH NONNULL FAILED"
}
}
else if (authentication_order ~
desired_authentication_order) {
print "AUTH OK"
}
else {
print "AUTH NG"
}
if (desired_password_server == "NONNULL") {
if (password_server == "") {
print "PASSWD NONNULL FAILED"
}
else {
print "PASSWD NONNULL OK"
}
}
else if (desired_password_server == "") {
print "NO DESIRED PASSWORD SERVER, OK"
}
else if (password_server ~ desired_password_server) {
print "SERVER OK"
}
else {
print "SERVER NG"
}
} # END
'
exit
}
say() {
echo "$*" 1>&2
}
main "$@"
More information about the samba-technical
mailing list