samba - Apr 2003 - How I got Samba 2.2.8a to run on OpenBSD 3.2 i386

First of all, GREAT WORK! I now have my very own Windoze domain thanks to
Samba :)

Now, getting Samba to work fully on OpenBSD was harder than I'd think it
would be.
To get smbd to compile somewhat cleanly, I had to hack
./source/include/config.h thusly: remove USE_SETREUID, add USE_SETEUID.

Then, I hacked sec_ctx.c like the attached diff shows, to get rid of some
assert_gid panic when changing passwords from Windoze. Stuff seems to work
this way, so I'm happy. Suggestion: add a #if #endif block for this or
something.

Furthermore I had to add a SRV DNS record as shown in lan.zone to get a
WinXP client to "see" the PDC.
There's a bit of a problem there: it joins, reboots, I can log in, then I
log out, try to log in again, and immedietly get some stupid error about
not finding the PDC, which is bullshit considering what really happened is
it talked to it and didn't get what it expected...
And that's that. I log in locally, re-join, reboot, repeat ad absurdum.
Without the SRV record it would just not find the PDC at all. Yes, I've
applied the SignOrSeal registry hack. No, it does not help. Service Pack 1a
if that means anything.

Anyway.

Then I wrote two perl scripts for user management:

smbadduser - adds users dynamically (please use this only as shown in
attached smb.conf! logging is really necessary, considering the program's
non-quality)

smbchpasswd - quick 'passwd' drop-in (not used in attached smb.conf
since I
since I wrote it have hacked the original 'passwd' to use getuid instead
of
getlogin or something like that... STFW on 'openbsd passwd "who are
you"'
to figure out what 
to do if you want to fix it yourself. Attached smb.conf shows how to chat
with a fixed 'passwd' program.)

Use smbchpasswd with:
passwd program = /usr/local/bin/smbchpasswd %u
passwd chat = new-pass %n\n pwd-ok

Or at least I think that chat line is correct... YMMV. I might have
forgotten a newline.

As a little easter egg, check the 'message command' setting. Message
echoing :)


 - Samuel "Wolf on Air" Ljungkvist
-------------- next part --------------
--- sec_ctx.c	Sun Apr 20 03:10:59 2003
+++ sec_ctx.c~	Sun Apr 20 03:09:00 2003
@@ -145,10 +145,10 @@
 
 	/* this looks a little strange, but is needed to cope with
 	   systems that put the current egid in the group list
-	   returned from getgroups() (tridge) 
+	   returned from getgroups() (tridge) */
 	save_re_gid();
 	set_effective_gid(gid);
-	setgid(gid);*/
+	setgid(gid);
 
 	ngroups = sys_getgroups(0,&grp);
 	if (ngroups <= 0) {
@@ -164,7 +164,7 @@
 		goto fail;
 	}
 
-	//restore_re_gid();
+	restore_re_gid();
 
 	(*p_ngroups) = ngroups;
 	(*p_groups) = groups;
@@ -179,7 +179,7 @@
 
 fail:
 	SAFE_FREE(groups);
-	//restore_re_gid();
+	restore_re_gid();
 	return -1;
 }
 
-------------- next part --------------
#!/usr/bin/perl -W
use Fcntl qw(:DEFAULT :flock);
$pwd_mkdb = "/usr/sbin/pwd_mkdb";
$master_passwd = "/etc/master.passwd";
umask(077);

die "You are not root!\n" if $<;
$newname = pop(@ARGV);
exit if !defined $newname;

print scalar localtime() . " - $0 $newname\n";
die "$newname already exists!\n" if ($newname eq "root" ||
getpwnam($newname));

system($pwd_mkdb, '-p', '-c', $master_passwd);
die "Invalid $master_passwd - cannot add any users!\n" if $?;

for($newuid = 10000; $newuid < 32767; ++$newuid){
	last if !getpwuid($newuid);
}
die "No free UID!\n" if ($newuid >= 32767); # doesn't happen

open(MPW, ">> $master_passwd") or die "Can't open
$master_passwd: $!\n";
flock(MPW, LOCK_EX) or die "Can't lock $master_passwd!\n";
print MPW "$newname:*:$newuid:32767::0:0::/dev/null:/sbin/nologin\n";
flock(MPW, LOCK_UN);
close MPW;

system($pwd_mkdb, '-p', '-u', $newname, $master_passwd);
die "pwd_mkdb failed!" if $?;
-------------- next part --------------
#!/usr/bin/perl -W
use Fcntl qw(:DEFAULT :flock);
use IPC::Open2;
$pwd_mkdb = "/usr/sbin/pwd_mkdb";
$passwd_tmp = "/etc/ptmp";
$master_passwd = "/etc/master.passwd";
umask(077);

exit if $<;
$username = pop(@ARGV);

exit if !defined $username;
getpwnam($username) or exit;

system(split(/\s+/, "$pwd_mkdb -c $master_passwd"));
exit if $?;

print "new-pwd";
$newpwd = <STDIN>;
chomp($newpwd);

sysopen(NEW_PW, $passwd_tmp, O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK|O_SHLOCK, 0600)
or exit;
open(OLD_PW, "< $master_passwd");
while(<OLD_PW>){
	@user = split(/:/);
	if($user[0] eq $username){
		$user[1] = encrypt($newpwd);
	}
	print NEW_PW join(':', @user);
}
close OLD_PW;

system($pwd_mkdb, '-p', '-u', $username, $passwd_tmp);
exit if $?;

close NEW_PW;
unlink $passwd_tmp;

print "pwd-ok";

sub encrypt{
	local $passwd = $_;
	open2(\*ENCRD, \*ENCWR, "/usr/bin/encrypt");
	print ENCWR $passwd;
	close ENCWR;
	$passwd = <ENCRD>;
	chomp $passwd;
	close ENCRD;
	die "encrypt failed" if (wait == -1 || $? != 0);
	return $passwd;
}
-------------- next part --------------
# Global parameters
[global]
	workgroup = LAN
	netbios name = ROUTER
	server string = 
	interfaces = lo0 ne4
	bind interfaces only = Yes
	encrypt passwords = Yes
	passwd program = /usr/bin/passwd %u
	passwd chat = Changing\s*\spassword\sfor\s%u.\nNew\spassword: %n\n
\nRetype\snew\spassword: %n\n \n
	min passwd length = 6
	unix password sync = Yes
	syslog only = Yes
	max log size = 0
	time server = Yes
	load printers = No
	disable spoolss = Yes
	show add printer wizard = No
	mangling method = hash2
	domain admin group = root @wheel
	domain guest group = nobody @nobody
	add user script = /usr/local/bin/smbadduser '%u'
>>/var/log/smbadduser
	delete user script = /usr/bin/yes|/usr/sbin/rmuser '%u'
	logon script = logon.cmd
	logon drive = Z:
	logon home = \\%N\%U\profile
	domain logons = Yes
	os level = 64
	preferred master = Yes
	domain master = Yes
	wins support = Yes
	message command = /usr/local/bin/smbclient -M '%f' -U '%t' -I
'%I'<%s;rm %s&
	write list = root
	map archive = No
	csc policy = disable

[netlogon]
	path = /etc/samba/netlogon
	browseable = No

[homes]
	read only = No
	browseable = No
-------------- next part --------------
@ IN SOA lan.triplefusion.net. hostmaster.lan.triplefusion.net. (2003041203
28800 7200 604800 86400)

		IN NS	router
		IN MX	0 router

krb4-realm	IN TXT	"#lan.triplefusion.net"
krb5-realm	IN TXT	"#lan.triplefusion.net"
_kerberos	IN TXT	"#lan.triplefusion.net"
_ldap._tcp.dc._msdcs IN SRV 0 0 389 router

localhost	IN A	127.0.0.1
router		IN A	10.0.0.1
woa		IN A	10.0.0.2
maria		IN A	10.0.0.3
laptop		IN A	10.0.0.4