Contributed software for Linux autofs support.

(This used to be commit 883be39077)

examples/autofs/auto.a

@@ -0,0 +1,18 @@
+# automount points below /a
+
+# This is an automounter map and it has the following format
+# key [ -mount-options-separated-by-comma ] location
+# Details may be found in the autofs(5) manpage
+
+# nfs servers
+valepp		-fstype=nfs,rsize=8192,wsize=8192		valepp:/
+galaun		-fstype=nfs,rsize=8192,wsize=8192		galaun:/
+
+# smb-servers
+supra_andreas	-fstype=smb,uuname=andreas			supra:/aheinrich
+supra_cspiel	-fstype=smb,uuname=cspiel			supra:/cspiel
+phonon_andreas	-fstype=smb,uuname=andreas,fmod=3700		phonon:/andreas
+helium_cspiel	-fstype=smb,uuname=cspiel,fmod=3700		helium:/cspiel
+
+#supra_jaz       -fstype=smb,user,fmod=644,dmod=755		supra:/f
+

examples/autofs/mount-smb.doc

@@ -0,0 +1,65 @@
+Date: 		Tue, 07 Apr 1998 
+Contributor: 	Christoph L. Spiel <Christoph_Spiel@physik.tu-muenchen.de>
+Organization:	Munich Institute of Technology, Institute E10
+Subject:	WISHES:LINUX:smbmount
+===============================================================================
+Machine Arch: i386
+Machine OS: linux
+Kernel: 2.1.85
+Samba Version: Version 1.9.18p3
+Mount Version: 2.7i
+Autofs Version: 0.3.14
+
+
+Hi SAMBA developers!
+
+I have written a shell script that marries smbmount and mount
+on a Linux-machine with a 2.1.55+ kernel (i.e., a newer developper
+kernel.  Especially it makes smbmount compatible
+with autofs!  Now, You (when root :-) can say
+	mount -t smb /win-machine/my-share /mntpt
+Concerning the management of the user/password-pairs I have already
+made a step in the right direction, but there is still a lot of
+brain-work to do :-(
+
+The primary problem with the Win passwords
+is that they are under user-control, and not under admin-control
+as the Linux passwords are.  Therfore, I give every SAMBA user
+a
+	~/smb-pass
+file where she can manage her usernames and passwords herself.
+The fundamental mount-tables /etc/fstab and /etc/auto.* only
+list the mount-point and the respective options.  The user´s
+password file is adressed via the uuname=<user_name>-option.
+
+An important "side-effect" is that the password file need not to
+be word-readable.  In fact my script tests for user-only rights of
+this file to close this potential security-hole.
+
+The script mount.smb has to be installed in /sbin and given mode 755.
+No suid is necessary!  I attached an automount table that is currently
+in use on my machine.  A user´s password file looks like this:
+
+$ cat ~/smb-pass
+supra:/cspiel   cspiel  secret
+helium:/c       cspiel  sesame
+^               ^       ^
+|               |       +- password
+|               +- username
++- share-name as in fundamental mount-table.
+
+It would be nice, if someone else tests my script.  Maybe, You have
+already found a better solution than mine.  If You find it useful,
+I would be glad to donate it to the SAMBA-project.
+
+BUGS:
+(1) There is no documentation yet.  (Yes, I consider this a bug!)
+(2) When used with autofs the automounter overruns mount.smb.
+    This means when accessing an automounted share for the 1st time
+    You may get an empty directory.  Retrying several times will
+    cause the mount to complete successfully.
+
+
+Best,
+	Christoph Spiel
+

examples/autofs/mount.smb

@@ -0,0 +1,441 @@
+#!/bin/sh -x
+
+
+# name:			mount.smb  --  interface between mount and smbmount
+# author:		Ch. L. Spiel (cspiel@physik.tu-muenchen.de)
+# $Id: mount.smb,v 1.1 1998/04/13 12:31:10 jht Exp $
+
+# bash version:		1.14.7(1)
+# mount version:	2.7i
+# smbmount version:	1.9.18p3
+
+
+myname=`basename $0`
+passwd_filename="smb-pass"		# name of user smb-password file
+lock_file="/var/lock/$myname"
+log_file="/tmp/mount.smb.log"
+
+PATH=/usr/local/samba/bin:/usr/bin:/bin
+
+# check for an existing lock-file quickly(!)
+if [ -e "$lock_file" ]; then
+	# exit, but don´t touch lock-file
+	exit 0
+fi
+# set up new lock-file
+echo > $lock_file
+
+# initialise log-file
+echo "logging of $myname started at `date`" > $log_file
+chmod --silent 600 $log_file
+echo "called with: $@" >> $log_file
+exec >> $log_file 2>&1
+
+
+
+# set default and initial values
+verbose=false				# be silent
+fake=false				# really do the mount
+fmode="-f 600"				# default file mode
+dmode="-d 700"				# default dir mode
+
+#uid="-u `id | sed 's/^uid=\([0-9]*\).*$/\1/'`"
+uid="-u 0"
+#gid="-g `id | sed 's/^.*gid=\([0-9]*\).*$/\1/'`"
+gid="-g 0"
+
+
+#
+# functions
+#
+
+# exitproc(int exit_code)
+function exit_proc
+{
+	if [ -n "$lock_file" ]; then
+		# remove current lock-file
+		rm "$lock_file"
+	fi
+	# update log-file
+	echo "" >> $log_file
+	echo "$myname´s return value is $1." >> $log_file
+	echo "logging of $myname ended at `date`." >> $log_file
+	# done.
+	exit $1
+}
+
+
+# split_arg(arg)
+# arg ::= id '=' val
+# set id and val on return
+function split_arg
+{
+	id="$1"
+	val="$2"
+	extra="$3"
+} # end of split_arg
+
+
+# split_passwdline(uline)
+function split_passwdline
+{
+	user_name=$1
+	real_password=$2
+	user_id=$3
+	group_id=$4
+	full_name=$5
+	home_dir=$6
+	shell_name=$7
+}
+
+
+# get_homedir(username)
+function get_homedir
+{
+	local temp_ifs
+
+	temp_ifs="$IFS"
+	uline=`grep "^$1" /etc/passwd`
+	if [ -z "$uline" ]; then
+		echo "$myname: unknown user \"$1\""
+		exit_proc 1
+	fi
+	IFS=":"
+	split_passwdline $uline
+	if [ -z "$home_dir" ]; then
+		echo "$myname: user \"$1\" has no home directory"
+		exit_proc 1
+	fi
+	echo "$home_dir"
+	IFS="$temp_ifs"
+}
+
+
+# get_uid(username)
+function get_uid
+{
+	local temp_ifs
+
+	temp_ifs="$IFS"
+	uline=`grep "^$1" /etc/passwd`
+	if [ -z "$uline" ]; then
+		echo "$myname: unknown user \"$1\""
+		exit_proc 1
+	fi
+	IFS=":"
+	split_passwdline $uline
+	echo "$user_id"
+	IFS="$temp_ifs"
+}
+
+
+# get_gid(username)
+function get_gid
+{
+	local temp_ifs
+
+	temp_ifs="$IFS"
+	uline=`grep "^$1" /etc/passwd`
+	if [ -z "$uline" ]; then
+		echo "$myname: unknown user \"$1\""
+		exit_proc 1
+	fi
+	IFS=":"
+	split_passwdline $uline
+	echo "$group_id"
+	IFS="$temp_ifs"
+}
+
+
+# read_passwd_file(sharename)
+function read_passwd_file
+{
+	local pwd_filename pwd_entry temp_ifs share_name fmod
+
+	pwd_filename=`get_homedir $uuname`/$passwd_filename
+	# use uid and gid of user´s /etc/password entry
+	uid="-u `get_uid $uuname`"
+	gid="-g `get_gid $uuname`"
+	# check existence of password file
+	if [ ! -f "$pwd_filename" -o ! -r "$pwd_filename" ]; then
+		echo "$myname: cannot read from user password file \"$pwd_filename\""
+		exit_proc 1
+	fi
+	# check file permissions
+	for f in $pwd_filename{,~,%,.BAK,.bak,.new,.old,.orig,.sav}; do
+		if [ ! -f $f ]; then continue; fi
+		/bin/ls -l $f | grep -q -- "^-r\(w\|-\)------"
+		if [ $? = 1 ]; then
+			echo "$myname: Found security hole: mode of file \"$f\""
+			echo "$myname: Password file must have permission 400 or 600."
+			echo "$myname: Please fix the file´s mode."
+			exit_proc 1
+		fi
+	done
+
+	share_name="$1"		# sharename in smb-format!
+	pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
+	if [ -z "$pwd_entry" ]; then
+		# try uni*-like sharename
+		share_name=`echo $share_name | sed -e 's,^//,,' -e 's,/,:/,'`
+		pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"`
+	fi
+	if [ -z "$pwd_entry" ]; then
+		# sharename was not found in user´s password file
+		echo "$myname: cannot authentify share named \"$1\" via file \"$pwd_filename\""
+		exit_proc 1
+	fi
+	
+	# pwd_entry has the form:
+	# sharename username password
+	temp_ifs="$IFS"
+	IFS="	 "		# <tab> and <space>
+	split_arg $pwd_entry
+	options="$options -U $val"
+	password="$extra"
+	IFS="$temp_ifs"
+}
+
+
+# process_options(opt1, opt2, ..., optN)
+function process_options
+{
+	local temp_ifs
+
+	for j; do
+		temp_ifs="$IFS"	# save current internal-field separator
+		IFS="="		# set new separator
+		split_arg $j	# split argument into identifier and value
+		IFS="$temp_ifs"	# reset old separator
+		case "$id" in
+			port)
+				options="$options -p $val"
+				;;
+			debug)
+				options="$options -d $val"
+				;;
+			log)
+				options="$options -l $val"
+				;;
+			nbname)
+				options="$options -n $val"
+				;;
+			nopwd)
+				options="$options -N"
+				;;
+			maxproto)
+				options="$options -m $val"
+				;;
+			ip)
+				options="$options -I $val"
+				;;
+			uname)
+				options="$options -U $val"
+				;;
+			wrkgrp)
+				options="$options -W $val"
+				;;
+			term)
+				options="$options -t $val"
+				;;
+			sdir)
+				options="$options -D $val"
+				;;
+			pwd)
+				# DO NOT USE THIS OPTION!  It is a severe scurity hole.
+				password="$val"
+				;;
+			uuname)
+				# consult user´s smb-password file
+				uuname="$val"	# uni* user name
+				read_passwd_file "$server_service"
+				;;
+				
+			# ignored options
+			async)
+				# do nothing
+				;;
+			atime)
+				# do nothing
+				;;
+			auto)
+				# do nothing
+				;;
+			defaults)
+				# do nothing
+				;;
+			dev)
+				# do nothing
+				;;
+			exec)
+				# do nothing
+				;;
+			noatime)
+				# do nothing
+				;;
+			noauto)
+				# do nothing
+				;;
+			nodev)
+				# do nothing
+				;;
+			noexec)
+				# do nothing
+				;;
+			nosuid)
+				# do nothing
+				;;
+			nouser)
+				# do nothing
+				;;
+			ro)
+				# do nothing
+				;;
+			rw)
+				# do nothing
+				;;
+			suid)
+				# do nothing
+				;;
+			sync)
+				# do nothing
+				;;
+			user)
+				# do nothing
+				;;
+				
+			# fs options
+			fmod)
+				fmode="-f $val"
+				;;
+			dmod)
+				dmode="-d $val"
+				;;
+			uid)
+			        uid="-u $val"
+				;;
+			gid)
+				gid="-g $val"
+				;;
+			
+			# fallthrough
+			*)
+				echo "$myname: unrecognized option $id"
+				exit_proc 1
+				;;
+		esac
+	done
+} # end of split_options
+
+
+
+#
+# main
+#
+
+
+
+if [ "$verbose" != "false" ]; then
+	# show how we have been called
+	echo "$myname: $*"
+fi
+
+# some checks of the input parameters
+if [ "$#" -lt 2 ]; then
+	echo "$myname: need at least service and mountpoint"
+	exit_proc 1
+fi
+
+if `echo "$2" | grep -vq "^/"`; then
+	echo "$myname: mount point must be an absolut path"
+	exit_proc 1
+fi
+
+
+# copy arguments
+if `echo "$1" | grep -q ":/"`; then
+	# non--standard format, i.e., server:/service
+	server_service=`echo "//$1" | sed -e "sx:/x/x"`
+else
+	# standard format, i.e, //server/service
+	server_service="$1"
+fi
+mntpt="$2"
+
+# copy options
+shift 2		# skip arguments: //server/service and /mnt-point
+for i; do
+	case "$i" in
+		-f | --fake)
+			fake=true
+			;;
+		-h | --help)
+			echo "usage: mount.smb service [password] mountpoint [options]"
+			exit_proc 0
+			;;
+		-v | --verbose)
+			verbose=true
+			;;
+		-V | --version)
+		        echo "$myname: mount.smb-0.1.0"
+			exit_proc 0
+			;;
+		-o)
+			shift			# skip leading -o
+			temp_ifs="$IFS"		# save current internal-field separator
+			IFS=","			# set new separator
+			process_options $*
+			IFS="$temp_ifs"		# reset old separator
+			break			# mount places options at the end -> we are done
+			;;
+		*)
+			echo "$myname: unrecognized option $i"
+			exit_proc 1
+			;;
+	esac
+	shift
+done
+IFS=' '
+
+
+#
+# be careful...
+#
+
+
+# nmblookup server: is node up and running?
+srv=`echo $server_service | sed 's,^//\(.*\)/.*$,\1,'`	# server´s name
+nmblookup "$srv" | grep -q "failed to find name"
+if [ "$?" = 0 ]; then
+	echo "$myname: failed to find server \"$srv\"."
+	exit_proc 1
+fi
+
+
+#
+# perform mount
+#
+
+
+fs_options="$fmode $dmode $uid $gid"	# all options concerning the mounted fs
+if [ "$verbose" = "true" ]; then
+	# display what we would do.  Do not show the password, only show "xxx".
+	echo -n "smbmount $server_service "
+	if [ -n "$password" ]; then	# password is set
+		echo -n "xxx "		# ... but we don´t show it ;-)
+	fi
+	echo "-c \"mount $mntpt $fs_options\" $options"
+#else
+	# supress further messages
+#	exec > /dev/null 2>&1
+#:
+fi
+	
+if [ "$fake" != "true" ]; then
+	smbmount $server_service $password -c "mount $mntpt $fs_options" $options
+	echo "smbmount´s exit code was $?."
+fi
+
+# clean up and exit
+exit_proc 0
+