diff --git a/examples/autofs/auto.a b/examples/autofs/auto.a new file mode 100644 index 00000000000..fc293f5391d --- /dev/null +++ b/examples/autofs/auto.a @@ -0,0 +1,18 @@ +# automount points below /a + +# This is an automounter map and it has the following format +# key [ -mount-options-separated-by-comma ] location +# Details may be found in the autofs(5) manpage + +# nfs servers +valepp -fstype=nfs,rsize=8192,wsize=8192 valepp:/ +galaun -fstype=nfs,rsize=8192,wsize=8192 galaun:/ + +# smb-servers +supra_andreas -fstype=smb,uuname=andreas supra:/aheinrich +supra_cspiel -fstype=smb,uuname=cspiel supra:/cspiel +phonon_andreas -fstype=smb,uuname=andreas,fmod=3700 phonon:/andreas +helium_cspiel -fstype=smb,uuname=cspiel,fmod=3700 helium:/cspiel + +#supra_jaz -fstype=smb,user,fmod=644,dmod=755 supra:/f + diff --git a/examples/autofs/mount-smb.doc b/examples/autofs/mount-smb.doc new file mode 100644 index 00000000000..7eee74fce0d --- /dev/null +++ b/examples/autofs/mount-smb.doc @@ -0,0 +1,65 @@ +Date: Tue, 07 Apr 1998 +Contributor: Christoph L. Spiel +Organization: Munich Institute of Technology, Institute E10 +Subject: WISHES:LINUX:smbmount +=============================================================================== +Machine Arch: i386 +Machine OS: linux +Kernel: 2.1.85 +Samba Version: Version 1.9.18p3 +Mount Version: 2.7i +Autofs Version: 0.3.14 + + +Hi SAMBA developers! + +I have written a shell script that marries smbmount and mount +on a Linux-machine with a 2.1.55+ kernel (i.e., a newer developper +kernel. Especially it makes smbmount compatible +with autofs! Now, You (when root :-) can say + mount -t smb /win-machine/my-share /mntpt +Concerning the management of the user/password-pairs I have already +made a step in the right direction, but there is still a lot of +brain-work to do :-( + +The primary problem with the Win passwords +is that they are under user-control, and not under admin-control +as the Linux passwords are. Therfore, I give every SAMBA user +a + ~/smb-pass +file where she can manage her usernames and passwords herself. +The fundamental mount-tables /etc/fstab and /etc/auto.* only +list the mount-point and the respective options. The userīs +password file is adressed via the uuname=-option. + +An important "side-effect" is that the password file need not to +be word-readable. In fact my script tests for user-only rights of +this file to close this potential security-hole. + +The script mount.smb has to be installed in /sbin and given mode 755. +No suid is necessary! I attached an automount table that is currently +in use on my machine. A userīs password file looks like this: + +$ cat ~/smb-pass +supra:/cspiel cspiel secret +helium:/c cspiel sesame +^ ^ ^ +| | +- password +| +- username ++- share-name as in fundamental mount-table. + +It would be nice, if someone else tests my script. Maybe, You have +already found a better solution than mine. If You find it useful, +I would be glad to donate it to the SAMBA-project. + +BUGS: +(1) There is no documentation yet. (Yes, I consider this a bug!) +(2) When used with autofs the automounter overruns mount.smb. + This means when accessing an automounted share for the 1st time + You may get an empty directory. Retrying several times will + cause the mount to complete successfully. + + +Best, + Christoph Spiel + diff --git a/examples/autofs/mount.smb b/examples/autofs/mount.smb new file mode 100644 index 00000000000..76f1a596e35 --- /dev/null +++ b/examples/autofs/mount.smb @@ -0,0 +1,441 @@ +#!/bin/sh -x + + +# name: mount.smb -- interface between mount and smbmount +# author: Ch. L. Spiel (cspiel@physik.tu-muenchen.de) +# $Id: mount.smb,v 1.1 1998/04/13 12:31:10 jht Exp $ + +# bash version: 1.14.7(1) +# mount version: 2.7i +# smbmount version: 1.9.18p3 + + +myname=`basename $0` +passwd_filename="smb-pass" # name of user smb-password file +lock_file="/var/lock/$myname" +log_file="/tmp/mount.smb.log" + +PATH=/usr/local/samba/bin:/usr/bin:/bin + +# check for an existing lock-file quickly(!) +if [ -e "$lock_file" ]; then + # exit, but donīt touch lock-file + exit 0 +fi +# set up new lock-file +echo > $lock_file + +# initialise log-file +echo "logging of $myname started at `date`" > $log_file +chmod --silent 600 $log_file +echo "called with: $@" >> $log_file +exec >> $log_file 2>&1 + + + +# set default and initial values +verbose=false # be silent +fake=false # really do the mount +fmode="-f 600" # default file mode +dmode="-d 700" # default dir mode + +#uid="-u `id | sed 's/^uid=\([0-9]*\).*$/\1/'`" +uid="-u 0" +#gid="-g `id | sed 's/^.*gid=\([0-9]*\).*$/\1/'`" +gid="-g 0" + + +# +# functions +# + +# exitproc(int exit_code) +function exit_proc +{ + if [ -n "$lock_file" ]; then + # remove current lock-file + rm "$lock_file" + fi + # update log-file + echo "" >> $log_file + echo "$mynameīs return value is $1." >> $log_file + echo "logging of $myname ended at `date`." >> $log_file + # done. + exit $1 +} + + +# split_arg(arg) +# arg ::= id '=' val +# set id and val on return +function split_arg +{ + id="$1" + val="$2" + extra="$3" +} # end of split_arg + + +# split_passwdline(uline) +function split_passwdline +{ + user_name=$1 + real_password=$2 + user_id=$3 + group_id=$4 + full_name=$5 + home_dir=$6 + shell_name=$7 +} + + +# get_homedir(username) +function get_homedir +{ + local temp_ifs + + temp_ifs="$IFS" + uline=`grep "^$1" /etc/passwd` + if [ -z "$uline" ]; then + echo "$myname: unknown user \"$1\"" + exit_proc 1 + fi + IFS=":" + split_passwdline $uline + if [ -z "$home_dir" ]; then + echo "$myname: user \"$1\" has no home directory" + exit_proc 1 + fi + echo "$home_dir" + IFS="$temp_ifs" +} + + +# get_uid(username) +function get_uid +{ + local temp_ifs + + temp_ifs="$IFS" + uline=`grep "^$1" /etc/passwd` + if [ -z "$uline" ]; then + echo "$myname: unknown user \"$1\"" + exit_proc 1 + fi + IFS=":" + split_passwdline $uline + echo "$user_id" + IFS="$temp_ifs" +} + + +# get_gid(username) +function get_gid +{ + local temp_ifs + + temp_ifs="$IFS" + uline=`grep "^$1" /etc/passwd` + if [ -z "$uline" ]; then + echo "$myname: unknown user \"$1\"" + exit_proc 1 + fi + IFS=":" + split_passwdline $uline + echo "$group_id" + IFS="$temp_ifs" +} + + +# read_passwd_file(sharename) +function read_passwd_file +{ + local pwd_filename pwd_entry temp_ifs share_name fmod + + pwd_filename=`get_homedir $uuname`/$passwd_filename + # use uid and gid of userīs /etc/password entry + uid="-u `get_uid $uuname`" + gid="-g `get_gid $uuname`" + # check existence of password file + if [ ! -f "$pwd_filename" -o ! -r "$pwd_filename" ]; then + echo "$myname: cannot read from user password file \"$pwd_filename\"" + exit_proc 1 + fi + # check file permissions + for f in $pwd_filename{,~,%,.BAK,.bak,.new,.old,.orig,.sav}; do + if [ ! -f $f ]; then continue; fi + /bin/ls -l $f | grep -q -- "^-r\(w\|-\)------" + if [ $? = 1 ]; then + echo "$myname: Found security hole: mode of file \"$f\"" + echo "$myname: Password file must have permission 400 or 600." + echo "$myname: Please fix the fileīs mode." + exit_proc 1 + fi + done + + share_name="$1" # sharename in smb-format! + pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"` + if [ -z "$pwd_entry" ]; then + # try uni*-like sharename + share_name=`echo $share_name | sed -e 's,^//,,' -e 's,/,:/,'` + pwd_entry=`grep -v '^#' "$pwd_filename" | grep -i "^$share_name"` + fi + if [ -z "$pwd_entry" ]; then + # sharename was not found in userīs password file + echo "$myname: cannot authentify share named \"$1\" via file \"$pwd_filename\"" + exit_proc 1 + fi + + # pwd_entry has the form: + # sharename username password + temp_ifs="$IFS" + IFS=" " # and + split_arg $pwd_entry + options="$options -U $val" + password="$extra" + IFS="$temp_ifs" +} + + +# process_options(opt1, opt2, ..., optN) +function process_options +{ + local temp_ifs + + for j; do + temp_ifs="$IFS" # save current internal-field separator + IFS="=" # set new separator + split_arg $j # split argument into identifier and value + IFS="$temp_ifs" # reset old separator + case "$id" in + port) + options="$options -p $val" + ;; + debug) + options="$options -d $val" + ;; + log) + options="$options -l $val" + ;; + nbname) + options="$options -n $val" + ;; + nopwd) + options="$options -N" + ;; + maxproto) + options="$options -m $val" + ;; + ip) + options="$options -I $val" + ;; + uname) + options="$options -U $val" + ;; + wrkgrp) + options="$options -W $val" + ;; + term) + options="$options -t $val" + ;; + sdir) + options="$options -D $val" + ;; + pwd) + # DO NOT USE THIS OPTION! It is a severe scurity hole. + password="$val" + ;; + uuname) + # consult userīs smb-password file + uuname="$val" # uni* user name + read_passwd_file "$server_service" + ;; + + # ignored options + async) + # do nothing + ;; + atime) + # do nothing + ;; + auto) + # do nothing + ;; + defaults) + # do nothing + ;; + dev) + # do nothing + ;; + exec) + # do nothing + ;; + noatime) + # do nothing + ;; + noauto) + # do nothing + ;; + nodev) + # do nothing + ;; + noexec) + # do nothing + ;; + nosuid) + # do nothing + ;; + nouser) + # do nothing + ;; + ro) + # do nothing + ;; + rw) + # do nothing + ;; + suid) + # do nothing + ;; + sync) + # do nothing + ;; + user) + # do nothing + ;; + + # fs options + fmod) + fmode="-f $val" + ;; + dmod) + dmode="-d $val" + ;; + uid) + uid="-u $val" + ;; + gid) + gid="-g $val" + ;; + + # fallthrough + *) + echo "$myname: unrecognized option $id" + exit_proc 1 + ;; + esac + done +} # end of split_options + + + +# +# main +# + + + +if [ "$verbose" != "false" ]; then + # show how we have been called + echo "$myname: $*" +fi + +# some checks of the input parameters +if [ "$#" -lt 2 ]; then + echo "$myname: need at least service and mountpoint" + exit_proc 1 +fi + +if `echo "$2" | grep -vq "^/"`; then + echo "$myname: mount point must be an absolut path" + exit_proc 1 +fi + + +# copy arguments +if `echo "$1" | grep -q ":/"`; then + # non--standard format, i.e., server:/service + server_service=`echo "//$1" | sed -e "sx:/x/x"` +else + # standard format, i.e, //server/service + server_service="$1" +fi +mntpt="$2" + +# copy options +shift 2 # skip arguments: //server/service and /mnt-point +for i; do + case "$i" in + -f | --fake) + fake=true + ;; + -h | --help) + echo "usage: mount.smb service [password] mountpoint [options]" + exit_proc 0 + ;; + -v | --verbose) + verbose=true + ;; + -V | --version) + echo "$myname: mount.smb-0.1.0" + exit_proc 0 + ;; + -o) + shift # skip leading -o + temp_ifs="$IFS" # save current internal-field separator + IFS="," # set new separator + process_options $* + IFS="$temp_ifs" # reset old separator + break # mount places options at the end -> we are done + ;; + *) + echo "$myname: unrecognized option $i" + exit_proc 1 + ;; + esac + shift +done +IFS=' ' + + +# +# be careful... +# + + +# nmblookup server: is node up and running? +srv=`echo $server_service | sed 's,^//\(.*\)/.*$,\1,'` # serverīs name +nmblookup "$srv" | grep -q "failed to find name" +if [ "$?" = 0 ]; then + echo "$myname: failed to find server \"$srv\"." + exit_proc 1 +fi + + +# +# perform mount +# + + +fs_options="$fmode $dmode $uid $gid" # all options concerning the mounted fs +if [ "$verbose" = "true" ]; then + # display what we would do. Do not show the password, only show "xxx". + echo -n "smbmount $server_service " + if [ -n "$password" ]; then # password is set + echo -n "xxx " # ... but we donīt show it ;-) + fi + echo "-c \"mount $mntpt $fs_options\" $options" +#else + # supress further messages +# exec > /dev/null 2>&1 +#: +fi + +if [ "$fake" != "true" ]; then + smbmount $server_service $password -c "mount $mntpt $fs_options" $options + echo "smbmountīs exit code was $?." +fi + +# clean up and exit +exit_proc 0 +