From 10ebbb8955b617f43203eb3ac75c1f72f2b16f7b Mon Sep 17 00:00:00 2001 From: Tomas Edwardsson Date: Tue, 30 Jul 2013 15:18:29 +0000 Subject: Allow for space and dollarsigns in password as well as empty ou --- templates/configure_active_directory.erb | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'templates') diff --git a/templates/configure_active_directory.erb b/templates/configure_active_directory.erb index 35ba86f..c860c78 100644 --- a/templates/configure_active_directory.erb +++ b/templates/configure_active_directory.erb @@ -54,7 +54,7 @@ do esac done -password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>" +password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>' # short hostname from facter my_hostname="<%= hostname -%>" @@ -80,7 +80,7 @@ echo "Please do not kill me; I may be slow" >&2 if [ "$action" = "leave" ]; then logger -st $PROG "Leaving AD domain" - $NET ads $action -U ${winbind_acct}%${password} | grep Deleted && success=true || success=false + $NET ads $action -U "${winbind_acct}%${password}" | grep Deleted && success=true || success=false kdestroy rm -f /etc/krb5.keytab if [ $success = "true" ]; then @@ -105,8 +105,14 @@ ad_settle() { export KRB5CCNAME=$(umask 0077; mktemp -q winbind_cache.XXXXXXXX) if [ "$action" = "join" ]; then + if [ "${target_ou}" != "" ]; then + ou_parameter="createcomputer=\"${target_ou}\"" + else + ou_parameter="" + fi + logger -st $PROG "Joining AD domain" >&2 - $NET ads $action -U ${winbind_acct}%${password} createcomputer="${target_ou}"\ + $NET ads $action -U "${winbind_acct}%${password}" ${ou_parameter} \ | grep Joined && success=true || success=false if [ $success = "false" ]; then @@ -119,10 +125,10 @@ for attempt in $(seq 1 $max_attempts); do echo "$attempt of $max_attempts:" ad_settle echo "Getting TGT for ${winbind_acct}@${my_realm}" >&2 - $EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${my_realm}; + $EXPECT -c spawn -noecho kinit -c $KRB5CCNAME '${winbind_acct}@${my_realm}; expect :; send ${password}\n; - expect eof" + expect eof' klist -c $KRB5CCNAME &> /dev/null && break done -- cgit v1.2.3 From 6d936df97546f8809b42ede32df1d460b06a50a3 Mon Sep 17 00:00:00 2001 From: Tomas Edwardsson Date: Mon, 2 Sep 2013 15:13:58 +0000 Subject: Proper tcl quoting for password in expect See [5] Braces - http://www.tcl.tk/man/tcl8.4/TclCmd/Tcl.htm#M9 --- templates/configure_active_directory.erb | 7 ++++--- templates/verify_active_directory.erb | 5 +++-- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'templates') diff --git a/templates/configure_active_directory.erb b/templates/configure_active_directory.erb index c860c78..4f9b6e0 100644 --- a/templates/configure_active_directory.erb +++ b/templates/configure_active_directory.erb @@ -125,10 +125,11 @@ for attempt in $(seq 1 $max_attempts); do echo "$attempt of $max_attempts:" ad_settle echo "Getting TGT for ${winbind_acct}@${my_realm}" >&2 - $EXPECT -c spawn -noecho kinit -c $KRB5CCNAME '${winbind_acct}@${my_realm}; + $EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${my_realm}; expect :; - send ${password}\n; - expect eof' + send {${password}}; + send \n; + expect eof" klist -c $KRB5CCNAME &> /dev/null && break done diff --git a/templates/verify_active_directory.erb b/templates/verify_active_directory.erb index 5a2a506..0917c49 100644 --- a/templates/verify_active_directory.erb +++ b/templates/verify_active_directory.erb @@ -21,7 +21,7 @@ fi # } >&2 #fi -password="<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>" +password='<%= scope.lookupvar('samba::server::ads::winbind_pass') -%>' # short hostname from facter my_hostname="<%= hostname -%>" @@ -62,7 +62,8 @@ get_tgt() { ( $EXPECT -c "spawn -noecho kinit -c $KRB5CCNAME ${winbind_acct}@${default_realm}; expect :; - send ${password}\n; + send {${password}}; + send \n; expect eof" ) &> /dev/null klist -c $KRB5CCNAME &> /dev/null -- cgit v1.2.3 From 699437673e6d17ba7d444d4916d93e40a2df0022 Mon Sep 17 00:00:00 2001 From: jonoterc Date: Thu, 10 Oct 2013 17:23:18 -0400 Subject: adding shell script for creating a new smb account will be leveraged by a puppet class; only tested against Ubuntu 12.04 --- templates/add_samba_user | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 templates/add_samba_user (limited to 'templates') diff --git a/templates/add_samba_user b/templates/add_samba_user new file mode 100644 index 0000000..1385d4e --- /dev/null +++ b/templates/add_samba_user @@ -0,0 +1,16 @@ +#!/bin/bash + +# This script adds a samba account for a given user and password +# call as: +# > add_samba_user "USERNAME" "PASSWORD" + +/bin/echo -e "$2\n$2\n" | sudo /usr/bin/pdbedit -a "$1" -t 1>/dev/null +results=$? + +if [ $results = 0 ]; then + echo "added samba account for '$1'" +else + echo "could not add samba account for '$1'" +fi + +exit $results -- cgit v1.2.3 From 2238e00d68f486a7dbb18de66465f0acff070c26 Mon Sep 17 00:00:00 2001 From: jonoterc Date: Thu, 10 Oct 2013 17:23:57 -0400 Subject: adding a shell script for checking whether a samba account exists for a given user will be leveraged by a puppet class; only tested against Ubuntu 12.04 --- templates/check_samba_user | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 templates/check_samba_user (limited to 'templates') diff --git a/templates/check_samba_user b/templates/check_samba_user new file mode 100644 index 0000000..75cb4b5 --- /dev/null +++ b/templates/check_samba_user @@ -0,0 +1,16 @@ +#!/bin/bash + +# This script checks to see if a given user account exists on samba +# if so, it returns 0 +# otherwise it returns 1 + +sudo /usr/bin/pdbedit -L | egrep -q "^$1:" +exists=$? + +if [ $exists = 0 ]; then + echo "'$1' is a samba user" +else + echo "no samba account matching '$1'" +fi + +exit $exists -- cgit v1.2.3 From 99b37d9904fd2ac9b587045ddf76b7458a19a559 Mon Sep 17 00:00:00 2001 From: Adam Jahn Date: Sat, 11 Apr 2015 13:32:23 -0400 Subject: remove whitespace --- templates/add_samba_user | 2 +- templates/check_samba_user | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'templates') diff --git a/templates/add_samba_user b/templates/add_samba_user index 1385d4e..cc1d56b 100644 --- a/templates/add_samba_user +++ b/templates/add_samba_user @@ -8,7 +8,7 @@ results=$? if [ $results = 0 ]; then - echo "added samba account for '$1'" + echo "added samba account for '$1'" else echo "could not add samba account for '$1'" fi diff --git a/templates/check_samba_user b/templates/check_samba_user index 75cb4b5..431c3c4 100644 --- a/templates/check_samba_user +++ b/templates/check_samba_user @@ -8,7 +8,7 @@ sudo /usr/bin/pdbedit -L | egrep -q "^$1:" exists=$? if [ $exists = 0 ]; then - echo "'$1' is a samba user" + echo "'$1' is a samba user" else echo "no samba account matching '$1'" fi -- cgit v1.2.3 From 9d63c7be3fa57e4af93c787f8b740658ec14f1f6 Mon Sep 17 00:00:00 2001 From: Alexander Fisher Date: Fri, 22 Jan 2016 15:32:28 +0000 Subject: Remove check_samba_user and add_samba_user scripts Call the pdbedit commands directly from samba::server::user instead --- manifests/server.pp | 16 ---------------- manifests/server/user.pp | 8 +++++--- spec/classes/samba__server_spec.rb | 3 --- spec/defines/samba__server__user_spec.rb | 14 ++++++++++++++ templates/add_samba_user | 16 ---------------- templates/check_samba_user | 16 ---------------- 6 files changed, 19 insertions(+), 54 deletions(-) create mode 100644 spec/defines/samba__server__user_spec.rb delete mode 100644 templates/add_samba_user delete mode 100644 templates/check_samba_user (limited to 'templates') diff --git a/manifests/server.pp b/manifests/server.pp index 550659c..8a5853c 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -58,20 +58,4 @@ class samba::server($interfaces = '', 'os level': value => $os_level; 'preferred master': value => $preferred_master; } - - file {'/sbin/check_samba_user': - # script checks to see if a samba account exists for a given user - owner => root, - group => root, - mode => '0755', - content => template("${module_name}/check_samba_user"), - } - - file {'/sbin/add_samba_user': - # script creates a new samba account for a given user and password - owner => root, - group => root, - mode => '0755', - content => template("${module_name}/add_samba_user"), - } } diff --git a/manifests/server/user.pp b/manifests/server/user.pp index b8f2e61..d10a602 100644 --- a/manifests/server/user.pp +++ b/manifests/server/user.pp @@ -4,10 +4,12 @@ define samba::server::user ( $password, $user_name = $name, ) { + require ::samba::server::install + exec { "add smb account for ${user_name}": - command => "/sbin/add_samba_user '${user_name}' '${password}'" , - unless => "/sbin/check_samba_user '${user_name}'" , + command => "/bin/echo -e '${password}\\n${password}\\n' | /usr/bin/pdbedit --password-from-stdin -a '${user_name}'", + unless => "/usr/bin/pdbedit '${user_name}'", require => [ User[$user_name] ], - notify => Class['samba::server::service'] + notify => Class['samba::server::service'] #TODO: Is this really required?? } } diff --git a/spec/classes/samba__server_spec.rb b/spec/classes/samba__server_spec.rb index 69fa0ec..dbf840a 100644 --- a/spec/classes/samba__server_spec.rb +++ b/spec/classes/samba__server_spec.rb @@ -20,7 +20,4 @@ describe 'samba::server' do it { should contain_samba__server__option('printing') } it { should contain_samba__server__option('printcap name') } it { should contain_samba__server__option('disable spoolss') } - - it { should contain_file('/sbin/check_samba_user').with_owner('root') } - it { should contain_file('/sbin/add_samba_user').with_owner('root') } end diff --git a/spec/defines/samba__server__user_spec.rb b/spec/defines/samba__server__user_spec.rb new file mode 100644 index 0000000..c7ae00c --- /dev/null +++ b/spec/defines/samba__server__user_spec.rb @@ -0,0 +1,14 @@ +require 'spec_helper' + +describe 'samba::server::user', :type => :define do + let(:title) { 'test_user' } + let(:params) {{ :password => 'secret' }} + + it { is_expected.to contain_samba__server__user('test_user') } + it { is_expected.to contain_exec('add smb account for test_user').with( + :command => '/bin/echo -e \'secret\nsecret\n\' | /usr/bin/pdbedit --password-from-stdin -a \'test_user\'', + :unless => '/usr/bin/pdbedit \'test_user\'', + :require => 'User[test_user]', + :notify => 'Class[Samba::Server::Service]' + ) } +end diff --git a/templates/add_samba_user b/templates/add_samba_user deleted file mode 100644 index cc1d56b..0000000 --- a/templates/add_samba_user +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -# This script adds a samba account for a given user and password -# call as: -# > add_samba_user "USERNAME" "PASSWORD" - -/bin/echo -e "$2\n$2\n" | sudo /usr/bin/pdbedit -a "$1" -t 1>/dev/null -results=$? - -if [ $results = 0 ]; then - echo "added samba account for '$1'" -else - echo "could not add samba account for '$1'" -fi - -exit $results diff --git a/templates/check_samba_user b/templates/check_samba_user deleted file mode 100644 index 431c3c4..0000000 --- a/templates/check_samba_user +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -# This script checks to see if a given user account exists on samba -# if so, it returns 0 -# otherwise it returns 1 - -sudo /usr/bin/pdbedit -L | egrep -q "^$1:" -exists=$? - -if [ $exists = 0 ]; then - echo "'$1' is a samba user" -else - echo "no samba account matching '$1'" -fi - -exit $exists -- cgit v1.2.3