That troublemaker again (replace domain logons =, domain master=)
Simo Sorce
idra at samba.org
Mon Nov 12 12:09:01 GMT 2001
Please never delete user comments, this has been yet a problem with swat do not make it a problem of this script too.
On Mon, Nov 12, 2001 at 12:33:02PM -0500, David Collier-Brown wrote:
> "Gerald (Jerry) Carter" wrote:
> > Any volunteers to write it?
>
>
> A really hacky first draft might be the following: it does expose
> the question of what to do about securty = share...
>
>
>
> #!/bin/sh
> #
> # prefilter -- program to lok at smb.conf and warn about
> # changes required for Samba 3.0 "authentication order"
> # option. Syntax is
> # authentication order = [rhosts hostsequiv sam unix local smbserver
> ntdomain]*
> #
> #set -x
>
> main() {
>
> if [ $# -lt 1 ]; then
> say "prefilter: you must provide an smb.conf file."
> say "Usage: prefilter [-opts] file"
> exit 1
> fi
>
> while [ "$1" != "" ]; do
> case "$1" in
> -*) # oops
> say "Unrecognized option \"$1\" ignored."
> ;;
> *) # End of options
> break
> ;;
> esac
> shift
> done
> file="$1"
>
> process $file
> }
>
> process() {
> file=$1
>
> cat $file |\
> sed -e '/^[ ]*;/d' \
> -e 's/\#.*$//' \
> -e '/^[ ]*$/d' |\
> nawk '
> BEGIN {
> # Initial state
> security = "user"
> password_server = ""
> encrypt_passwords = "no"
> authentication_order = ""
> desired_authentication_order = ""
> desired_password_server = ""
> }
> # Print for debugging
> /.*/ { print NR " " $0 }
>
> # Capture options for analysis
> /security[\t ]*=/ {
> gsub("security[\t ]*=", "");
> security = $1
> }
> /password[\t ]*server[\t ]*=/ {
> gsub("password[\t ]*server[\t ]*=", "");
> password_server = $1
> }
> /encrypt[\t ]*passwords[\t ]*=/ {
> gsub("encrypt[\t ]*passwords[\t ]*=", "");
> encrypt_passwords = $1
> }
> /authentication[\t ]*order[\t ]*=/ {
> gsub("authentication[\t ]*order[\t ]*=", "");
> authentication_order = $0
>
> }
> END {
> print "AT END"
> print "SECURITY= " security
> print "AUTHENTICATION ORDER= " authentication_order
> print "ENCRYPT= " encrypt_passwords
> print "SERVER= " password_server
>
> # Set up expected value.
> desired_password_server = ""
> if (security == "") {
> desired_authentication_order = "ANY"
> }
> else if (security ~ /user/) {
> print "USER"
> desired_authentication_order = "smbserver"
> }
> else if (security ~ /share/) {
> print "SHARE"
> desired_authentication_order = "SHARE" # Not
> supported.
> }
> else if (security ~ /domain/) {
> print "DOMAIN"
> desired_authentication_order = "ntdomain"
> }
> else if (security ~ /server/) {
> print "SERVER"
> desired_authentication_order =
> "smbserver|ntdomain"
> desired_password_server = "NONNULL"
> }
> else {
> print "BOGON: security = ", security
> }
>
> # Check for valid values.
> if (desired_authentication_order == "ANY") {
> print "AUTH ANY"
> }
> else if (desired_authentication_order == "SHARE") {
> print "AUTH SHARE - PROBLEM"
> }
> else if (desired_authentication_order == "NONNULL") {
> if (authentication_order != "") {
> print "AUTH NONNULL OK"
> }
> else {
> print "AUTH NONNULL FAILED"
> }
> }
> else if (authentication_order ~
> desired_authentication_order) {
> print "AUTH OK"
> }
> else {
> print "AUTH NG"
>
> }
>
> if (desired_password_server == "NONNULL") {
> if (password_server == "") {
> print "PASSWD NONNULL FAILED"
> }
> else {
> print "PASSWD NONNULL OK"
> }
> }
> else if (desired_password_server == "") {
> print "NO DESIRED PASSWORD SERVER, OK"
> }
> else if (password_server ~ desired_password_server) {
> print "SERVER OK"
> }
> else {
> print "SERVER NG"
> }
>
> } # END
> '
> exit
>
> }
>
> say() {
> echo "$*" 1>&2
> }
>
> main "$@"
>
--
Simo Sorce idra at samba.org
-------------------------------
Samba Team http://www.samba.org
More information about the samba-technical
mailing list