diff --git a/config/etc/group b/config/etc/group index ab5f4af51..51334aafb 100644 --- a/config/etc/group +++ b/config/etc/group @@ -25,6 +25,7 @@ stunnel:x:51: lock:x:54: sshd:x:74: pcap:x:77: +wbpriv:x:88:squid nobody:x:99: users:x:100: snort:x:101: diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index 1ec9ed4f4..7657fe637 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -131,7 +131,6 @@ etc/rc.d/init.d/upnpd #etc/rc.d/init.d/vdradmin #etc/rc.d/init.d/vsftpd #etc/rc.d/init.d/watchdog -#etc/rc.d/init.d/winbind etc/rc.d/init.d/wlanclient #etc/rc.d/init.d/xinetd #etc/rc.d/rc0.d diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 153a5f49e..458b966cb 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -134,7 +134,6 @@ etc/rc.d/init.d/upnpd #etc/rc.d/init.d/vdradmin #etc/rc.d/init.d/vsftpd #etc/rc.d/init.d/watchdog -#etc/rc.d/init.d/winbind etc/rc.d/init.d/wlanclient #etc/rc.d/init.d/xinetd #etc/rc.d/rc0.d diff --git a/config/rootfiles/packages/krb5 b/config/rootfiles/packages/krb5 new file mode 100644 index 000000000..e1e7d64f1 --- /dev/null +++ b/config/rootfiles/packages/krb5 @@ -0,0 +1,165 @@ +#usr/bin/gss-client +#usr/bin/k5srvutil +usr/bin/kadmin +usr/bin/kdestroy +usr/bin/kinit +usr/bin/klist +usr/bin/kpasswd +#usr/bin/krb5-config +#usr/bin/ksu +#usr/bin/kswitch +#usr/bin/ktutil +#usr/bin/kvno +#usr/bin/sclient +#usr/bin/sim_client +#usr/bin/uuclient +#usr/include/gssapi +#usr/include/gssapi.h +#usr/include/gssapi/gssapi.h +#usr/include/gssapi/gssapi_ext.h +#usr/include/gssapi/gssapi_generic.h +#usr/include/gssapi/gssapi_krb5.h +#usr/include/gssapi/mechglue.h +#usr/include/gssrpc +#usr/include/gssrpc/auth.h +#usr/include/gssrpc/auth_gss.h +#usr/include/gssrpc/auth_gssapi.h +#usr/include/gssrpc/auth_unix.h +#usr/include/gssrpc/clnt.h +#usr/include/gssrpc/netdb.h +#usr/include/gssrpc/pmap_clnt.h +#usr/include/gssrpc/pmap_prot.h +#usr/include/gssrpc/pmap_rmt.h +#usr/include/gssrpc/rename.h +#usr/include/gssrpc/rpc.h +#usr/include/gssrpc/rpc_msg.h +#usr/include/gssrpc/svc.h +#usr/include/gssrpc/svc_auth.h +#usr/include/gssrpc/types.h +#usr/include/gssrpc/xdr.h +#usr/include/kadm5 +#usr/include/kadm5/admin.h +#usr/include/kadm5/chpass_util_strings.h +#usr/include/kadm5/kadm_err.h +#usr/include/kdb.h +#usr/include/krad.h +#usr/include/krb5 +#usr/include/krb5.h +#usr/include/krb5/ccselect_plugin.h +#usr/include/krb5/clpreauth_plugin.h +#usr/include/krb5/hostrealm_plugin.h +#usr/include/krb5/kadm5_hook_plugin.h +#usr/include/krb5/kdcpreauth_plugin.h +#usr/include/krb5/krb5.h +#usr/include/krb5/localauth_plugin.h +#usr/include/krb5/locate_plugin.h +#usr/include/krb5/plugin.h +#usr/include/krb5/preauth_plugin.h +#usr/include/krb5/pwqual_plugin.h +#usr/include/profile.h +#usr/include/verto-module.h +#usr/include/verto.h +usr/lib/krb5 +usr/lib/krb5/plugins +usr/lib/krb5/plugins/authdata +usr/lib/krb5/plugins/kdb +usr/lib/krb5/plugins/kdb/db2.so +usr/lib/krb5/plugins/libkrb5 +usr/lib/krb5/plugins/preauth +usr/lib/krb5/plugins/preauth/otp.so +usr/lib/krb5/plugins/preauth/pkinit.so +#usr/lib/libgssapi_krb5.so +usr/lib/libgssapi_krb5.so.2 +usr/lib/libgssapi_krb5.so.2.2 +#usr/lib/libgssrpc.so +usr/lib/libgssrpc.so.4 +usr/lib/libgssrpc.so.4.2 +#usr/lib/libk5crypto.so +usr/lib/libk5crypto.so.3 +usr/lib/libk5crypto.so.3.1 +#usr/lib/libkadm5clnt.so +#usr/lib/libkadm5clnt_mit.so +usr/lib/libkadm5clnt_mit.so.9 +usr/lib/libkadm5clnt_mit.so.9.0 +#usr/lib/libkadm5srv.so +#usr/lib/libkadm5srv_mit.so +usr/lib/libkadm5srv_mit.so.9 +usr/lib/libkadm5srv_mit.so.9.0 +#usr/lib/libkdb5.so +usr/lib/libkdb5.so.7 +usr/lib/libkdb5.so.7.0 +#usr/lib/libkrad.so +usr/lib/libkrad.so.0 +usr/lib/libkrad.so.0.0 +#usr/lib/libkrb5.so +usr/lib/libkrb5.so.3 +usr/lib/libkrb5.so.3.3 +#usr/lib/libkrb5support.so +usr/lib/libkrb5support.so.0 +usr/lib/libkrb5support.so.0.1 +#usr/lib/libverto.so +usr/lib/libverto.so.0 +usr/lib/libverto.so.0.0 +#usr/lib/pkgconfig/gssrpc.pc +#usr/lib/pkgconfig/kadm-client.pc +#usr/lib/pkgconfig/kadm-server.pc +#usr/lib/pkgconfig/kdb.pc +#usr/lib/pkgconfig/krb5-gssapi.pc +#usr/lib/pkgconfig/krb5.pc +#usr/lib/pkgconfig/mit-krb5-gssapi.pc +#usr/lib/pkgconfig/mit-krb5.pc +#usr/sbin/gss-server +#usr/sbin/kadmin.local +#usr/sbin/kadmind +#usr/sbin/kdb5_util +#usr/sbin/kprop +#usr/sbin/kpropd +#usr/sbin/kproplog +#usr/sbin/krb5-send-pr +#usr/sbin/krb5kdc +#usr/sbin/sim_server +#usr/sbin/sserver +#usr/sbin/uuserver +#usr/share/examples +#usr/share/examples/krb5 +#usr/share/examples/krb5/kdc.conf +#usr/share/examples/krb5/krb5.conf +#usr/share/examples/krb5/services.append +#usr/share/gnats +#usr/share/gnats/mit +#usr/share/locale/en_US +#usr/share/locale/en_US/LC_MESSAGES +#usr/share/locale/en_US/LC_MESSAGES/mit-krb5.mo +#usr/share/man/cat1 +#usr/share/man/cat5 +#usr/share/man/cat8 +#usr/share/man/man1/k5srvutil.1 +#usr/share/man/man1/kadmin.1 +#usr/share/man/man1/kdestroy.1 +#usr/share/man/man1/kinit.1 +#usr/share/man/man1/klist.1 +#usr/share/man/man1/kpasswd.1 +#usr/share/man/man1/krb5-config.1 +#usr/share/man/man1/krb5-send-pr.1 +#usr/share/man/man1/ksu.1 +#usr/share/man/man1/kswitch.1 +#usr/share/man/man1/ktutil.1 +#usr/share/man/man1/kvno.1 +#usr/share/man/man1/sclient.1 +#usr/share/man/man5/.k5identity.5 +#usr/share/man/man5/.k5login.5 +#usr/share/man/man5/k5identity.5 +#usr/share/man/man5/k5login.5 +#usr/share/man/man5/kadm5.acl.5 +#usr/share/man/man5/kdc.conf.5 +#usr/share/man/man5/krb5.conf.5 +#usr/share/man/man8/kadmin.local.8 +#usr/share/man/man8/kadmind.8 +#usr/share/man/man8/kdb5_ldap_util.8 +#usr/share/man/man8/kdb5_util.8 +#usr/share/man/man8/kprop.8 +#usr/share/man/man8/kpropd.8 +#usr/share/man/man8/kproplog.8 +#usr/share/man/man8/krb5kdc.8 +#usr/share/man/man8/sserver.8 +var/lib/krb5kdc diff --git a/config/rootfiles/packages/samba b/config/rootfiles/packages/samba index 988206768..aafa112ac 100644 --- a/config/rootfiles/packages/samba +++ b/config/rootfiles/packages/samba @@ -219,10 +219,10 @@ var/ipfire/samba/shares var/ipfire/samba/smb.conf var/ipfire/samba/smb.conf.default var/lib/samba +var/lib/samba/winbindd_privileged var/log/samba var/nmbd etc/rc.d/init.d/samba -etc/rc.d/init.d/winbind srv/web/ipfire/cgi-bin/samba.cgi srv/web/ipfire/cgi-bin/sambahlp.cgi var/ipfire/menu.d/EX-samba.menu diff --git a/doc/language_issues.de b/doc/language_issues.de index 856543955..84079a164 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -21,6 +21,7 @@ WARNING: translation string unused: add-route WARNING: translation string unused: addon WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password +WARNING: translation string unused: adsl settings WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM auth WARNING: translation string unused: advproxy advanced proxy diff --git a/doc/language_issues.en b/doc/language_issues.en index aa957aa3f..dc34d724a 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -20,6 +20,7 @@ WARNING: translation string unused: add xtaccess WARNING: translation string unused: add-route WARNING: translation string unused: admin user password has been changed WARNING: translation string unused: administrator user password +WARNING: translation string unused: adsl settings WARNING: translation string unused: advproxy LDAP auth WARNING: translation string unused: advproxy NTLM auth WARNING: translation string unused: advproxy advanced proxy diff --git a/doc/language_issues.es b/doc/language_issues.es index 117688362..1f6d5fe69 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: addons +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: atm device WARNING: untranslated string: attention @@ -861,6 +867,7 @@ WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: mac filter WARNING: untranslated string: maximum +WARNING: untranslated string: messages WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: model @@ -932,6 +939,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: server restart WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key diff --git a/doc/language_issues.fr b/doc/language_issues.fr index beca0080b..0645609c7 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -604,10 +604,16 @@ WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: addons +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: atm device WARNING: untranslated string: attention @@ -872,6 +878,7 @@ WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: mac filter WARNING: untranslated string: maximum +WARNING: untranslated string: messages WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: model @@ -939,6 +946,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: server restart WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 6162636f6..cb2f82b75 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -661,6 +661,12 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: atm device WARNING: untranslated string: bytes WARNING: untranslated string: capabilities @@ -683,6 +689,7 @@ WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: messages WARNING: untranslated string: model WARNING: untranslated string: modem hardware details WARNING: untranslated string: modem information @@ -712,6 +719,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key WARNING: untranslated string: software version diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 117688362..1f6d5fe69 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -594,10 +594,16 @@ WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: Set time on boot WARNING: untranslated string: addons +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: atm device WARNING: untranslated string: attention @@ -861,6 +867,7 @@ WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: mac filter WARNING: untranslated string: maximum +WARNING: untranslated string: messages WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: model @@ -932,6 +939,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: server restart WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key diff --git a/doc/language_issues.ru b/doc/language_issues.ru index 547e1d406..b84e698cb 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -597,10 +597,16 @@ WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs WARNING: untranslated string: addons +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth WARNING: untranslated string: advproxy cache-digest WARNING: untranslated string: advproxy errmsg cache WARNING: untranslated string: advproxy errmsg invalid upstream proxy WARNING: untranslated string: advproxy errmsg proxy ports equal +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: advproxy proxy port transparent WARNING: untranslated string: atm device WARNING: untranslated string: attention @@ -857,6 +863,7 @@ WARNING: untranslated string: least preferred WARNING: untranslated string: lifetime WARNING: untranslated string: mac filter WARNING: untranslated string: maximum +WARNING: untranslated string: messages WARNING: untranslated string: minimum WARNING: untranslated string: minute WARNING: untranslated string: model @@ -922,6 +929,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: server restart WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key diff --git a/doc/language_issues.tr b/doc/language_issues.tr index cc40178b8..dd58ee757 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -664,6 +664,12 @@ WARNING: translation string unused: yearly firewallhits WARNING: untranslated string: MTU settings WARNING: untranslated string: Number of Countries for the pie chart WARNING: untranslated string: Scan for Songs +WARNING: untranslated string: administrator password +WARNING: untranslated string: administrator username +WARNING: untranslated string: advproxy AUTH method ntlm +WARNING: untranslated string: advproxy AUTH method ntlm auth +WARNING: untranslated string: advproxy group access control +WARNING: untranslated string: advproxy group required WARNING: untranslated string: bytes WARNING: untranslated string: capabilities WARNING: untranslated string: default @@ -683,6 +689,7 @@ WARNING: untranslated string: gen dh WARNING: untranslated string: generate dh key WARNING: untranslated string: imei WARNING: untranslated string: imsi +WARNING: untranslated string: messages WARNING: untranslated string: model WARNING: untranslated string: modem hardware details WARNING: untranslated string: modem information @@ -711,6 +718,8 @@ WARNING: untranslated string: route config changed WARNING: untranslated string: routing config added WARNING: untranslated string: routing config changed WARNING: untranslated string: routing table +WARNING: untranslated string: samba join a domain +WARNING: untranslated string: samba join domain WARNING: untranslated string: show dh WARNING: untranslated string: show tls-auth key WARNING: untranslated string: software version diff --git a/doc/language_missings b/doc/language_missings index 4699f1276..cab98e067 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -14,10 +14,17 @@ # Checking cgi-bin translations for language: fr # ############################################################################ < addon +< administrator password +< administrator username +< adsl settings +< advproxy AUTH method ntlm +< advproxy AUTH method ntlm auth < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy group access control +< advproxy group required < advproxy proxy port transparent < age second < age seconds @@ -337,6 +344,7 @@ < maximum < MB read < MB written +< messages < minimum < minute < model @@ -407,6 +415,8 @@ < qos enter bandwidths < random number generator daemon < red1 +< samba join a domain +< samba join domain < server restart < show dh < snat new source ip address @@ -545,10 +555,17 @@ # Checking cgi-bin translations for language: es # ############################################################################ < addon +< administrator password +< administrator username +< adsl settings +< advproxy AUTH method ntlm +< advproxy AUTH method ntlm auth < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy group access control +< advproxy group required < advproxy proxy port transparent < age second < age seconds @@ -868,6 +885,7 @@ < maximum < MB read < MB written +< messages < minimum < minute < model @@ -954,6 +972,8 @@ < qos enter bandwidths < random number generator daemon < red1 +< samba join a domain +< samba join domain < server restart < Set time on boot < show dh @@ -1069,10 +1089,17 @@ # Checking cgi-bin translations for language: pl # ############################################################################ < addon +< administrator password +< administrator username +< adsl settings +< advproxy AUTH method ntlm +< advproxy AUTH method ntlm auth < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy group access control +< advproxy group required < advproxy proxy port transparent < age second < age seconds @@ -1383,6 +1410,7 @@ < maximum < MB read < MB written +< messages < minimum < minute < model @@ -1455,6 +1483,8 @@ < qos enter bandwidths < random number generator daemon < red1 +< samba join a domain +< samba join domain < server restart < show dh < snat new source ip address @@ -1569,10 +1599,17 @@ ############################################################################ < Add a route < addon +< administrator password +< administrator username +< adsl settings +< advproxy AUTH method ntlm +< advproxy AUTH method ntlm auth < advproxy cache-digest < advproxy errmsg cache < advproxy errmsg invalid upstream proxy < advproxy errmsg proxy ports equal +< advproxy group access control +< advproxy group required < advproxy proxy port transparent < age second < age seconds @@ -1889,6 +1926,7 @@ < maximum < MB read < MB written +< messages < minimum < minute < model @@ -1959,6 +1997,8 @@ < qos enter bandwidths < random number generator daemon < red1 +< samba join a domain +< samba join domain < server restart < show dh < snat new source ip address diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi index 9c3be0b05..9abcb9181 100644 --- a/html/cgi-bin/proxy.cgi +++ b/html/cgi-bin/proxy.cgi @@ -172,6 +172,8 @@ unless (-e $acl_include) { system("touch $acl_include"); } unless (-e $browserdb) { system("touch $browserdb"); } unless (-e $mimetypes) { system("touch $mimetypes"); } +my $HAVE_NTLM_AUTH = (-e "/usr/bin/ntlm_auth"); + open FILE, $browserdb; @useragentlist = sort { reverse(substr(reverse(substr($a,index($a,',')+1)),index(reverse(substr($a,index($a,','))),',')+1)) cmp reverse(substr(reverse(substr($b,index($b,',')+1)),index(reverse(substr($b,index($b,','))),',')+1))} grep !/(^$)|(^\s*#)/,; close(FILE); @@ -264,6 +266,7 @@ $proxysettings{'LDAP_PORT'} = '389'; $proxysettings{'LDAP_BINDDN_USER'} = ''; $proxysettings{'LDAP_BINDDN_PASS'} = ''; $proxysettings{'LDAP_GROUP'} = ''; +$proxysettings{'NTLM_AUTH_GROUP'} = ''; $proxysettings{'NTLM_DOMAIN'} = ''; $proxysettings{'NTLM_PDC'} = ''; $proxysettings{'NTLM_BDC'} = ''; @@ -860,6 +863,7 @@ $checked{'AUTH_METHOD'}{'ncsa'} = ''; $checked{'AUTH_METHOD'}{'ident'} = ''; $checked{'AUTH_METHOD'}{'ldap'} = ''; $checked{'AUTH_METHOD'}{'ntlm'} = ''; +$checked{'AUTH_METHOD'}{'ntlm-auth'} = ''; $checked{'AUTH_METHOD'}{'radius'} = ''; $checked{'AUTH_METHOD'}{$proxysettings{'AUTH_METHOD'}} = "checked='checked'"; @@ -1686,18 +1690,33 @@ print < - $Lang::tr{'advproxy AUTH method'} + $Lang::tr{'advproxy AUTH method'} - $Lang::tr{'advproxy AUTH method none'} - $Lang::tr{'advproxy AUTH method ncsa'} - $Lang::tr{'advproxy AUTH method ident'} - $Lang::tr{'advproxy AUTH method ldap'} - $Lang::tr{'advproxy AUTH method ntlm'} - $Lang::tr{'advproxy AUTH method radius'} + $Lang::tr{'advproxy AUTH method none'} + $Lang::tr{'advproxy AUTH method ncsa'} + $Lang::tr{'advproxy AUTH method ident'} + $Lang::tr{'advproxy AUTH method ldap'} + $Lang::tr{'advproxy AUTH method ntlm'} +END + +if ($HAVE_NTLM_AUTH) { + print <$Lang::tr{'advproxy AUTH method ntlm auth'} +END +} + +print <$Lang::tr{'advproxy AUTH method radius'} END @@ -1976,6 +1995,27 @@ if ($proxysettings{'AUTH_METHOD'} eq 'ntlm') { print < + + + + + + + + + + +
$Lang::tr{'advproxy group access control'}
$Lang::tr{'advproxy group required'}: *  
+END +} + # =================================================================== # LDAP auth settings # =================================================================== @@ -3143,7 +3183,6 @@ END print FILE < 'smbd','NetBIOS Nameserver' => 'nmbd'); -#my %servicenames = ('SMB Daemon' => 'smbd','NetBIOS Nameserver' => 'nmbd','Winbind Daemon' => 'winbindd'); +my %servicenames = ('SMB Daemon' => 'smbd', 'NetBIOS Nameserver' => 'nmbd', 'Winbind Daemon' => 'winbindd'); &Header::showhttpheaders(); @@ -192,6 +191,10 @@ if ($sambasettings{'ACTION'} eq 'globalresetyes') refreshpage(); } +if ($sambasettings{'ACTION'} eq 'join') { + $message .= &joindomain($sambasettings{'USERNAME'}, $sambasettings{'PASSWORD'}); +} + ############################################################################################################################ ################################################ Sicherheitsabfrage für den Reset ########################################## @@ -276,6 +279,7 @@ print FILE </g; + + &Header::openbox('100%', 'left', $Lang::tr{'messages'}); + print "$message\n"; + &Header::closebox(); +} + ############################################################################################################################ ########################################## Aktivieren von Checkboxen und Dropdowns ######################################### @@ -440,14 +457,6 @@ $selected{'SECURITY'}{$sambasettings{'SECURITY'}} = "selected='selected'"; print < -END -; -if ( $message ne "" ) - { - print "
$message"; - } - -print <$Lang::tr{'all services'}
END @@ -875,6 +884,55 @@ END &Header::closebox(); } +if ($sambasettings{'SECURITY'} eq "ADS") { + &Header::openbox('100%', 'center', $Lang::tr{'samba join a domain'}); + + my $AD_DOMAINNAME = uc($mainsettings{'DOMAINNAME'}); + + print < + + +
+ + + + + + + + + + + + + + + + + + +
+ $Lang::tr{'domain'} + + $AD_DOMAINNAME +
+ $Lang::tr{'administrator username'} + + +
+ $Lang::tr{'administrator password'} + + +
+ +
+ +END + + &Header::closebox(); +} + ############################################################################################################################ ############################################### Verwalten von Freigaben #################################################### @@ -1304,3 +1362,13 @@ sub isrunning } return $status; } + +sub joindomain { + my $username = shift; + my $password = shift; + + my @options = ("/usr/local/bin/sambactrl", "join", $username, $password); + my $output = qx(@options); + + return $output; +} diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 556e65cfd..736cdf6f2 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -99,7 +99,10 @@ 'addon' => 'Addons', 'admin user password has been changed' => 'Passwort für Benutzer admin wurde geändert.', 'admin users' => 'Liste der Benutzer mit Super User Rechten', +'administrator password' => 'Administrator-Passwort', 'administrator user password' => 'Passwort für Benutzer "admin":', +'administrator username' => 'Administrator-Benutzername', +'adsl settings' => 'ADSL-Einstellungen', 'advanced' => 'Erweitert', 'advanced server' => 'Erweiterte Server-Optionen', 'advproxy AUTH always required' => 'Authentifizierung für uneingeschränkte Quelladressen erforderlich', @@ -111,7 +114,8 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Lokal', 'advproxy AUTH method none' => 'Keine', -'advproxy AUTH method ntlm' => 'Windows', +'advproxy AUTH method ntlm' => 'Windows NT4-Domäne', +'advproxy AUTH method ntlm auth' => 'Windows Active Directory', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Domains ohne Authentifizierung (eine pro Zeile)', 'advproxy AUTH number of auth processes' => 'Anzahl der Authentifizierungsprozesse', @@ -262,6 +266,8 @@ 'advproxy fake useragent' => 'Gefälschter Useragent für externe Web-Sites', 'advproxy friday' => 'Fre', 'advproxy from' => 'Von', +'advproxy group access control' => 'Gruppenbasierte Zugriffskontrolle', +'advproxy group required' => 'Erforderliche Gruppe', 'advproxy hdd cache size' => 'Cachegröße auf der Festplatte (MB)', 'advproxy invalid num of children' => 'Ungültige Anzahl der Filter-Prozesse', 'advproxy log enabled' => 'Protokoll aktiviert', @@ -1462,6 +1468,7 @@ 'memory' => 'Speicher', 'memory information' => 'Speicherinformationen', 'memory usage per' => 'Speichernutzung pro', +'messages' => 'Meldungen', 'messages logging' => 'Logeinstellungen für /var/log/messages', 'method' => 'Methode:', 'min costs' => 'Minimale Kosten', @@ -1897,6 +1904,8 @@ 'running' => 'LÄUFT', 'safe removal of umounted device' => 'Sie können gefahrlos das abgemeldete Gerät entfernen', 'samba' => 'Samba', +'samba join a domain' => 'Einer Domäne beitreten', +'samba join domain' => 'Domäne beitreten', 'samba status' => 'Samba Status', 'saturday' => 'Samstag', 'save' => 'Speichern', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index f4fafca08..ba9e13488 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -99,7 +99,10 @@ 'addons' => 'Addons', 'admin user password has been changed' => 'Admin user password has been changed.', 'admin users' => 'User with superuser rights', +'administrator password' => 'Administrator password', 'administrator user password' => 'Admin user password:', +'administrator username' => 'Administrator username', +'adsl settings' => 'ADSL settings', 'advanced' => 'Advanced', 'advanced server' => 'Advanced server options', 'advproxy AUTH always required' => 'Require authentication for unrestricted source addresses', @@ -111,7 +114,8 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Local', 'advproxy AUTH method none' => 'None', -'advproxy AUTH method ntlm' => 'Windows', +'advproxy AUTH method ntlm' => 'Windows NT4 Domain', +'advproxy AUTH method ntlm auth' => 'Windows Active Directory', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Domains without authentication (one per line)', 'advproxy AUTH number of auth processes' => 'Number of authentication processes', @@ -262,6 +266,8 @@ 'advproxy fake useragent' => 'Fake useragent submitted to external sites', 'advproxy friday' => 'Fri', 'advproxy from' => 'From', +'advproxy group access control' => 'Group based access control', +'advproxy group required' => 'Required group', 'advproxy hdd cache size' => 'Harddisk cache size (MB)', 'advproxy invalid num of children' => 'Invalid number of filter processes', 'advproxy log enabled' => 'Log enabled', @@ -1492,6 +1498,7 @@ 'memory' => 'Memory', 'memory information' => 'Memory information', 'memory usage per' => 'Memory Usage per', +'messages' => 'Messages', 'messages logging' => 'Logsettings for /var/log/messages', 'method' => 'Method:', 'min costs' => 'Minimum costs', @@ -1929,6 +1936,8 @@ 'running' => 'RUNNING', 'safe removal of umounted device' => 'You can safely remove the unmounted device', 'samba' => 'Samba', +'samba join a domain' => 'Join a domain', +'samba join domain' => 'Join domain', 'samba status' => 'Samba Status', 'saturday' => 'Saturday', 'save' => 'Save', diff --git a/langs/es/cgi-bin/es.pl b/langs/es/cgi-bin/es.pl index 2be3d36e4..8c757a9b3 100644 --- a/langs/es/cgi-bin/es.pl +++ b/langs/es/cgi-bin/es.pl @@ -101,7 +101,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Local', 'advproxy AUTH method none' => 'Ninguno', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Dominios sin autenticación (uno por línea)', 'advproxy AUTH number of auth processes' => 'Número de proceso de autenticación', diff --git a/langs/fr/cgi-bin/fr.pl b/langs/fr/cgi-bin/fr.pl index f4e9518ff..ccd61cb40 100644 --- a/langs/fr/cgi-bin/fr.pl +++ b/langs/fr/cgi-bin/fr.pl @@ -103,7 +103,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Local', 'advproxy AUTH method none' => 'Rien', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Domaines sans authentification (un par ligne)', 'advproxy AUTH number of auth processes' => 'Nombre de processus d\'authentification', diff --git a/langs/nl/cgi-bin/nl.pl b/langs/nl/cgi-bin/nl.pl index b9e4c6f76..fdad1d3ab 100644 --- a/langs/nl/cgi-bin/nl.pl +++ b/langs/nl/cgi-bin/nl.pl @@ -110,7 +110,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Lokaal', 'advproxy AUTH method none' => 'Geen', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Domeinen zonder authenticatie (een per regel)', 'advproxy AUTH number of auth processes' => 'Aantal authenticatieprocessen', diff --git a/langs/pl/cgi-bin/pl.pl b/langs/pl/cgi-bin/pl.pl index a79eed0e9..5a205e1de 100644 --- a/langs/pl/cgi-bin/pl.pl +++ b/langs/pl/cgi-bin/pl.pl @@ -103,7 +103,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Local', 'advproxy AUTH method none' => 'None', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Domeny bez autoryzacji (jedna w linii)', 'advproxy AUTH number of auth processes' => 'Liczba procesów autoryzujących', diff --git a/langs/ru/cgi-bin/ru.pl b/langs/ru/cgi-bin/ru.pl index e3aaab4fb..38b844169 100644 --- a/langs/ru/cgi-bin/ru.pl +++ b/langs/ru/cgi-bin/ru.pl @@ -101,7 +101,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Локальный', 'advproxy AUTH method none' => 'Нет', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Домен без аутентификации (один на строчку)', 'advproxy AUTH number of auth processes' => 'Кол-во процессов аутентификации', diff --git a/langs/tr/cgi-bin/tr.pl b/langs/tr/cgi-bin/tr.pl index 459a80ceb..e2a6d4f6a 100644 --- a/langs/tr/cgi-bin/tr.pl +++ b/langs/tr/cgi-bin/tr.pl @@ -110,7 +110,6 @@ 'advproxy AUTH method ldap' => 'LDAP', 'advproxy AUTH method ncsa' => 'Yerel', 'advproxy AUTH method none' => 'Yok', -'advproxy AUTH method ntlm' => 'Windows', 'advproxy AUTH method radius' => 'RADIUS', 'advproxy AUTH no auth' => 'Kimlik doğrulaması olmayan hedefler (her satırda bir tane)', 'advproxy AUTH number of auth processes' => 'Kimlik doğrulama işlemlerinin sayısı', diff --git a/lfs/krb5 b/lfs/krb5 new file mode 100644 index 000000000..64eb670bd --- /dev/null +++ b/lfs/krb5 @@ -0,0 +1,105 @@ +############################################################################### +# # +# IPFire.org - A linux based firewall # +# Copyright (C) 2007 Michael Tremer & Christian Schmidt # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see . # +# # +############################################################################### + +############################################################################### +# Definitions +############################################################################### + +include Config + +VER = 1.12.1 + +THISAPP = krb5-$(VER) +DL_FILE = $(THISAPP).tar.gz +DL_FROM = $(URL_IPFIRE) +DIR_APP = $(DIR_SRC)/$(THISAPP)/src +TARGET = $(DIR_INFO)/$(THISAPP) +PROG = krb5 +PAK_VER = 1 + +DEPS = "" + +############################################################################### +# Top-level Rules +############################################################################### + +objects = $(DL_FILE) + +$(DL_FILE) = $(DL_FROM)/$(DL_FILE) + +$(DL_FILE)_MD5 = 4a631b3474d3e44773f1ecda96f04400 + +install : $(TARGET) + +check : $(patsubst %,$(DIR_CHK)/%,$(objects)) + +download :$(patsubst %,$(DIR_DL)/%,$(objects)) + +md5 : $(subst %,%_MD5,$(objects)) + +dist: + @$(PAK) + +############################################################################### +# Downloading, checking, md5sum +############################################################################### + +$(patsubst %,$(DIR_CHK)/%,$(objects)) : + @$(CHECK) + +$(patsubst %,$(DIR_DL)/%,$(objects)) : + @$(LOAD) + +$(subst %,%_MD5,$(objects)) : + @$(MD5) + +############################################################################### +# Installation Details +############################################################################### + +$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) + @$(PREBUILD) + @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) + cd $(DIR_APP) && patch -Np2 < $(DIR_SRC)/src/patches/mitkrb-1.12.1-db2_fix-1.patch + + cd $(DIR_APP) && sed -e "s@python2.5/Python.h@& python2.7/Python.h@g" \ + -e "s@-lpython2.5]@&,\n AC_CHECK_LIB(python2.7,main,[PYTHON_LIB=-lpython2.7])@g" \ + -i configure.in + cd $(DIR_APP) && autoconf + + cd $(DIR_APP) && ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var/lib \ + --with-system-et \ + --with-system-ss \ + --enable-dns-for-realm \ + CPPFLAGS="-I/usr/include/et" + + cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE) + cd $(DIR_APP) && make $(EXTRA_INSTALL) install + + for LIB in gssapi_krb5 gssrpc k5crypto kadm5clnt kadm5srv \ + kdb5 kdb_ldap krad krb5 krb5support verto; do \ + chmod -f -v 755 "/usr/lib/lib$$LIB.so"; \ + done + + @rm -rf $(DIR_APP) + @$(POSTBUILD) diff --git a/lfs/samba b/lfs/samba index 603f215b3..4bd42cbb2 100644 --- a/lfs/samba +++ b/lfs/samba @@ -34,7 +34,7 @@ TARGET = $(DIR_INFO)/$(THISAPP) PROG = samba PAK_VER = 58 -DEPS = "cups" +DEPS = "cups krb5" ############################################################################### # Top-level Rules @@ -78,16 +78,27 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) cd $(DIR_APP)/source3 && ./configure \ - --prefix=/usr \ - --libdir=/usr/lib/ \ - --sysconfdir=/var/ipfire \ - --localstatedir=/var \ - --with-piddir=/var/run \ - --with-fhs \ - --with-winbind \ - --disable-swat \ - --enable-cups \ - --with-syslog + --prefix=/usr \ + --libdir=/usr/lib/ \ + --sysconfdir=/var/ipfire \ + --localstatedir=/var \ + --with-cachedir=/var/lib/samba \ + --with-lockdir=/var/lib/samba \ + --with-piddir=/var/run \ + --with-ads \ + --with-acl-support \ + --with-libsmbclient \ + --with-libsmbsharemodes \ + --with-sendfile-support \ + --without-smbwrapper \ + --with-mmap \ + --with-fhs \ + --with-vfs \ + --with-winbind \ + --disable-swat \ + --enable-cups \ + --disable-avahi \ + --with-syslog cd $(DIR_APP)/source3 && make proto && make all $(MAKETUNING) $(EXTRA_MAKE) cd $(DIR_APP)/source3 && make install cd $(DIR_APP)/source3 && chmod -v 644 /usr/include/libsmbclient.h @@ -107,5 +118,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf -mkdir -p /var/log/samba install -v -m 644 $(DIR_SRC)/config/backup/includes/samba /var/ipfire/backup/addons/includes/samba + + -mkdir -p 750 /var/lib/samba/winbindd_privileged + chgrp wbpriv /var/lib/samba/winbindd_privileged + @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/make.sh b/make.sh index 4ca054995..65ca37d74 100755 --- a/make.sh +++ b/make.sh @@ -616,6 +616,7 @@ buildipfire() { ipfiremake foomatic ipfiremake hplip ipfiremake cifs-utils + ipfiremake krb5 ipfiremake samba ipfiremake sudo ipfiremake mc diff --git a/src/initscripts/init.d/samba b/src/initscripts/init.d/samba index d6bdb262a..614c9b834 100644 --- a/src/initscripts/init.d/samba +++ b/src/initscripts/init.d/samba @@ -4,19 +4,28 @@ # Based on sysklogd script from LFS-3.1 and earlier. # Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org -#$LastChangedBy: bdubbs $ -#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $ - . /etc/sysconfig/rc . $rc_functions +function fix_permissions() { + local lockdir="/var/lib/samba/winbindd_privileged" + + chmod 750 "${lockdir}" + chgrp wbpriv "${lockdir}" +} + case "$1" in start) + fix_permissions + boot_mesg "Starting nmbd..." loadproc /usr/sbin/nmbd -D boot_mesg "Starting smbd..." loadproc /usr/sbin/smbd -D + + boot_mesg "Starting winbind..." + loadproc /usr/sbin/winbindd ;; stop) @@ -25,6 +34,9 @@ case "$1" in boot_mesg "Stopping nmbd..." killproc -p /var/run/nmbd.pid /usr/sbin/nmbd + + boot_mesg "Stopping winbind..." + killproc -p /var/run/winbindd.pid /usr/sbin/winbindd ;; reload) @@ -33,6 +45,9 @@ case "$1" in boot_mesg "Reloading nmbd..." reloadproc /usr/sbin/nmbd + + boot_mesg "Reloading winbind..." + reloadproc /usr/sbin/winbindd ;; restart) @@ -44,6 +59,7 @@ case "$1" in status) statusproc /usr/sbin/nmbd statusproc /usr/sbin/smbd + statusproc /usr/sbin/winbindd ;; *) diff --git a/src/initscripts/init.d/winbind b/src/initscripts/init.d/winbind deleted file mode 100644 index 590fddf40..000000000 --- a/src/initscripts/init.d/winbind +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Begin $rc_base/init.d/winbind - -# Based on sysklogd script from LFS-3.1 and earlier. -# Rewritten by Gerard Beekmans - gerard@linuxfromscratch.org - -#$LastChangedBy: bdubbs $ -#$Date: 2005-08-01 14:29:19 -0500 (Mon, 01 Aug 2005) $ - -. /etc/sysconfig/rc -. $rc_functions - -PIDFILE="/var/run/winbindd.pid" -KILLDELAY="10" - -case "$1" in - - start) - boot_mesg "Starting winbind..." - loadproc /usr/sbin/winbindd - ;; - - stop) - boot_mesg "Stopping winbind..." - killproc -p ${PIDFILE} /usr/sbin/winbind - ;; - - reload) - boot_mesg "Reloading winbind..." - reloadproc /usr/sbin/winbindd - ;; - - restart) - $0 stop - sleep 1 - $0 start - ;; - - status) - statusproc /usr/sbin/winbindd - ;; - - *) - echo "Usage: $0 {start|stop|reload|restart|status}" - exit 1 - ;; - -esac - -# End $rc_base/init.d/winbind diff --git a/src/misc-progs/sambactrl.c b/src/misc-progs/sambactrl.c index f81b295cc..45c166d46 100644 --- a/src/misc-progs/sambactrl.c +++ b/src/misc-progs/sambactrl.c @@ -10,165 +10,136 @@ char command[BUFFER_SIZE]; -int main(int argc, char *argv[]) -{ +int main(int argc, char *argv[]) { + if (!(initsetuid())) + exit(1); -if (!(initsetuid())) -exit(1); + // Check what command is asked + if (argc == 1) { + fprintf (stderr, "Missing smbctrl command!\n"); + return 1; -// Check what command is asked -if (argc==1) -{ -fprintf (stderr, "Missing smbctrl command!\n"); -return 1; -} -else if (strcmp(argv[1], "smbuserdisable")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbuserenable")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbuserdelete")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbsafeconf")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); -return 0; -} -else if (strcmp(argv[1], "smbsafeconfcups")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); -return 0; -} -else if (strcmp(argv[1], "smbsafeconfpdc")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); -return 0; -} -else if (strcmp(argv[1], "smbsafeconfpdccups")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); -return 0; -} -else if (strcmp(argv[1], "smbglobalreset")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); -safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings"); -safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global"); -safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc"); -return 0; -} -else if (strcmp(argv[1], "smbsharesreset")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf"); -safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares"); -return 0; -} -else if (strcmp(argv[1], "smbprinterreset")==0) -{ -safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf"); -safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer"); -return 0; -} -else if (strcmp(argv[1], "smbstop")==0) -{ -safe_system("/etc/rc.d/init.d/samba stop >/dev/null"); -safe_system("/usr/local/bin/sambactrl disable"); -return 0; -} -else if (strcmp(argv[1], "smbstart")==0) -{ -safe_system("/etc/rc.d/init.d/samba start >/dev/null"); -safe_system("/usr/local/bin/sambactrl enable"); -return 0; -} -else if (strcmp(argv[1], "smbrestart")==0) -{ -safe_system("/etc/rc.d/init.d/samba restart >/dev/null"); -return 0; -} -else if (strcmp(argv[1], "smbreload")==0) -{ -safe_system("/etc/rc.d/init.d/samba reload >/dev/null"); -return 0; -} -else if (strcmp(argv[1], "smbstatus")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null"); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbuseradd")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null"); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbpcadd")==0) -{ -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null"); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "smbchangepw")==0) -{ -snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); -safe_system(command); -snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); -safe_system(command); -return 0; -} -else if (strcmp(argv[1], "readsmbpasswd")==0) -{ -safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null"); -safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null"); -safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null"); -safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null"); -return 0; -} -else if (strcmp(argv[1], "locksmbpasswd")==0) -{ -safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null"); -safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null"); -safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null"); -safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null"); -return 0; -} -else if (strcmp(argv[1], "enable")==0) -{ -safe_system("touch /var/ipfire/samba/enable"); -safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba"); -safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba"); -safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba"); -return 0; -} -else if (strcmp(argv[1], "disable")==0) -{ -safe_system("unlink /var/ipfire/samba/enable"); -safe_system("rm -rf /etc/rc.d/rc*.d/*samba"); -return 0; -} -return 0; + } else if (strcmp(argv[1], "smbuserdisable") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -d %s >/dev/null", argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "smbuserenable") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -e %s >/dev/null", argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "smbuserdelete") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -x %s >/dev/null", argv[2]); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/userdel %s >/dev/null", argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "smbsafeconf") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); + + } else if (strcmp(argv[1], "smbsafeconfcups") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); + + } else if (strcmp(argv[1], "smbsafeconfpdc") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); + + } else if (strcmp(argv[1], "smbsafeconfpdccups") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/pdc /var/ipfire/samba/shares /var/ipfire/samba/printer > /var/ipfire/samba/smb.conf"); + + } else if (strcmp(argv[1], "smbglobalreset") == 0) { + safe_system("/bin/cat /var/ipfire/samba/default.global /var/ipfire/samba/shares > /var/ipfire/samba/smb.conf"); + safe_system("/bin/cat /var/ipfire/samba/default.settings > /var/ipfire/samba/settings"); + safe_system("/bin/cat /var/ipfire/samba/default.global > /var/ipfire/samba/global"); + safe_system("/bin/cat /var/ipfire/samba/default.pdc > /var/ipfire/samba/pdc"); + + } else if (strcmp(argv[1], "smbsharesreset") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/default.shares > /var/ipfire/samba/smb.conf"); + safe_system("/bin/cat /var/ipfire/samba/default.shares > /var/ipfire/samba/shares"); + + } else if (strcmp(argv[1], "smbprinterreset") == 0) { + safe_system("/bin/cat /var/ipfire/samba/global /var/ipfire/samba/shares /var/default.printer > /var/ipfire/samba/smb.conf"); + safe_system("/bin/cat /var/ipfire/samba/default.printer > /var/ipfire/samba/printer"); + + } else if (strcmp(argv[1], "smbstop") == 0) { + safe_system("/etc/rc.d/init.d/samba stop >/dev/null"); + safe_system("/usr/local/bin/sambactrl disable"); + + } else if (strcmp(argv[1], "smbstart") == 0) { + safe_system("/etc/rc.d/init.d/samba start >/dev/null"); + safe_system("/usr/local/bin/sambactrl enable"); + + } else if (strcmp(argv[1], "smbrestart") == 0) { + safe_system("/etc/rc.d/init.d/samba restart >/dev/null"); + + } else if (strcmp(argv[1], "smbreload") == 0) { + safe_system("/etc/rc.d/init.d/samba reload >/dev/null"); + + } else if (strcmp(argv[1], "smbstatus") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbstatus 2>/dev/null"); + safe_system(command); + + } else if (strcmp(argv[1], "smbuseradd") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambauser >/dev/null"); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba User' -m -g %s -s %s %s >/dev/null", argv[4], argv[5], argv[2]); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "smbpcadd") == 0) { + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/groupadd sambawks >/dev/null"); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/sbin/useradd -c 'Samba Workstation' -g %s -s %s %s >/dev/null", argv[3], argv[4], argv[2]); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/bin/smbpasswd -a -m %s >/dev/null", argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "smbchangepw") == 0) { + snprintf(command, BUFFER_SIZE-1, "echo %s:%s | chpasswd", argv[2], argv[3]); + safe_system(command); + + snprintf(command, BUFFER_SIZE-1, "/usr/bin/printf '%s\n%s\n' | /usr/bin/smbpasswd -as %s >/dev/null", argv[3], argv[3], argv[2]); + safe_system(command); + + } else if (strcmp(argv[1], "readsmbpasswd") == 0) { + safe_system("/bin/chown root:nobody /var/ipfire/samba/private >/dev/null"); + safe_system("/bin/chown root:nobody /var/ipfire/samba/private/smbpasswd >/dev/null"); + safe_system("/bin/chmod 640 /var/ipfire/samba/private/smbpasswd >/dev/null"); + safe_system("/bin/chmod 650 /var/ipfire/samba/private >/dev/null"); + + } else if (strcmp(argv[1], "locksmbpasswd") == 0) { + safe_system("/bin/chown root:root /var/ipfire/samba/private >/dev/null"); + safe_system("/bin/chown root:root /var/ipfire/samba/private/smbpasswd >/dev/null"); + safe_system("/bin/chmod 600 /var/ipfire/samba/private/smbpasswd >/dev/null"); + safe_system("/bin/chmod 600 /var/ipfire/samba/private >/dev/null"); + + } else if (strcmp(argv[1], "enable") == 0) { + safe_system("touch /var/ipfire/samba/enable"); + safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc3.d/S45samba"); + safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc0.d/K48samba"); + safe_system("ln -snf /etc/rc.d/init.d/samba /etc/rc.d/rc6.d/K48samba"); + + } else if (strcmp(argv[1], "disable") == 0) { + safe_system("unlink /var/ipfire/samba/enable"); + safe_system("rm -rf /etc/rc.d/rc*.d/*samba"); + + } else if (strcmp(argv[1], "join") == 0) { + if (argc == 4) { + snprintf(command, BUFFER_SIZE - 1, "/usr/bin/net join -U \"%s%%%s\"", + argv[2], argv[3]); + return safe_system(command); + } else { + fprintf(stderr, "Wrong number of arguments. Need username and password.\n"); + return 1; + } + } + + return 0; } diff --git a/src/paks/samba/install.sh b/src/paks/samba/install.sh index 9c4f7f478..b7a2fc1cc 100644 --- a/src/paks/samba/install.sh +++ b/src/paks/samba/install.sh @@ -22,6 +22,14 @@ ############################################################################ # . /opt/pakfire/lib/functions.sh + +# If the wbpriv group does not exist yet, then create it and put squid +# into it. +if ! getent group wbpriv >/dev/null; then + groupadd -g 88 wbpriv + usermod -a -G wbpriv squid +fi + extract_files restore_backup ${NAME} /usr/local/bin/sambactrl smbstart diff --git a/src/paks/samba/update.sh b/src/paks/samba/update.sh index 6f4cb6064..648b025b7 100644 --- a/src/paks/samba/update.sh +++ b/src/paks/samba/update.sh @@ -23,6 +23,14 @@ # . /opt/pakfire/lib/functions.sh ./uninstall.sh + +# If the wbpriv group does not exist yet, then create it and put squid +# into it. +if ! getent group wbpriv >/dev/null; then + groupadd -g 88 wbpriv + usermod -a -G wbpriv squid +fi + extract_files restore_backup ${NAME} echo "passdb backend = smbpasswd" >> /var/ipfire/samba/smb.conf diff --git a/src/patches/mitkrb-1.12.1-db2_fix-1.patch b/src/patches/mitkrb-1.12.1-db2_fix-1.patch new file mode 100644 index 000000000..f27304c38 --- /dev/null +++ b/src/patches/mitkrb-1.12.1-db2_fix-1.patch @@ -0,0 +1,175 @@ +Submitted By: Pierre Labastie +Date: 2014-03-04 +Initial Package Version: 1.12.1 +Upstream Status: In upstream GIT +Origin: Upstream +Description: Fixes http://krbdev.mit.edu/rt/Ticket/Display.html?id=7860 + +--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.c ++++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.c +@@ -81,9 +81,9 @@ mpool_open(key, fd, pagesize, maxcache) + /* Allocate and initialize the MPOOL cookie. */ + if ((mp = (MPOOL *)calloc(1, sizeof(MPOOL))) == NULL) + return (NULL); +- CIRCLEQ_INIT(&mp->lqh); ++ TAILQ_INIT(&mp->lqh); + for (entry = 0; entry < HASHSIZE; ++entry) +- CIRCLEQ_INIT(&mp->hqh[entry]); ++ TAILQ_INIT(&mp->hqh[entry]); + mp->maxcache = maxcache; + mp->npages = sb.st_size / pagesize; + mp->pagesize = pagesize; +@@ -143,8 +143,8 @@ mpool_new(mp, pgnoaddr, flags) + bp->flags = MPOOL_PINNED | MPOOL_INUSE; + + head = &mp->hqh[HASHKEY(bp->pgno)]; +- CIRCLEQ_INSERT_HEAD(head, bp, hq); +- CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q); ++ TAILQ_INSERT_HEAD(head, bp, hq); ++ TAILQ_INSERT_TAIL(&mp->lqh, bp, q); + return (bp->page); + } + +@@ -168,8 +168,8 @@ mpool_delete(mp, page) + + /* Remove from the hash and lru queues. */ + head = &mp->hqh[HASHKEY(bp->pgno)]; +- CIRCLEQ_REMOVE(head, bp, hq); +- CIRCLEQ_REMOVE(&mp->lqh, bp, q); ++ TAILQ_REMOVE(head, bp, hq); ++ TAILQ_REMOVE(&mp->lqh, bp, q); + + free(bp); + return (RET_SUCCESS); +@@ -208,10 +208,10 @@ mpool_get(mp, pgno, flags) + * of the lru chain. + */ + head = &mp->hqh[HASHKEY(bp->pgno)]; +- CIRCLEQ_REMOVE(head, bp, hq); +- CIRCLEQ_INSERT_HEAD(head, bp, hq); +- CIRCLEQ_REMOVE(&mp->lqh, bp, q); +- CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q); ++ TAILQ_REMOVE(head, bp, hq); ++ TAILQ_INSERT_HEAD(head, bp, hq); ++ TAILQ_REMOVE(&mp->lqh, bp, q); ++ TAILQ_INSERT_TAIL(&mp->lqh, bp, q); + + /* Return a pinned page. */ + bp->flags |= MPOOL_PINNED; +@@ -261,8 +261,8 @@ mpool_get(mp, pgno, flags) + * of the lru chain. + */ + head = &mp->hqh[HASHKEY(bp->pgno)]; +- CIRCLEQ_INSERT_HEAD(head, bp, hq); +- CIRCLEQ_INSERT_TAIL(&mp->lqh, bp, q); ++ TAILQ_INSERT_HEAD(head, bp, hq); ++ TAILQ_INSERT_TAIL(&mp->lqh, bp, q); + + /* Run through the user's filter. */ + if (mp->pgin != NULL) +@@ -311,8 +311,8 @@ mpool_close(mp) + BKT *bp; + + /* Free up any space allocated to the lru pages. */ +- while ((bp = mp->lqh.cqh_first) != (void *)&mp->lqh) { +- CIRCLEQ_REMOVE(&mp->lqh, mp->lqh.cqh_first, q); ++ while ((bp = mp->lqh.tqh_first) != NULL) { ++ TAILQ_REMOVE(&mp->lqh, mp->lqh.tqh_first, q); + free(bp); + } + +@@ -332,8 +332,7 @@ mpool_sync(mp) + BKT *bp; + + /* Walk the lru chain, flushing any dirty pages to disk. */ +- for (bp = mp->lqh.cqh_first; +- bp != (void *)&mp->lqh; bp = bp->q.cqe_next) ++ for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) + if (bp->flags & MPOOL_DIRTY && + mpool_write(mp, bp) == RET_ERROR) + return (RET_ERROR); +@@ -363,8 +362,7 @@ mpool_bkt(mp) + * off any lists. If we don't find anything we grow the cache anyway. + * The cache never shrinks. + */ +- for (bp = mp->lqh.cqh_first; +- bp != (void *)&mp->lqh; bp = bp->q.cqe_next) ++ for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) + if (!(bp->flags & MPOOL_PINNED)) { + /* Flush if dirty. */ + if (bp->flags & MPOOL_DIRTY && +@@ -375,8 +373,8 @@ mpool_bkt(mp) + #endif + /* Remove from the hash and lru queues. */ + head = &mp->hqh[HASHKEY(bp->pgno)]; +- CIRCLEQ_REMOVE(head, bp, hq); +- CIRCLEQ_REMOVE(&mp->lqh, bp, q); ++ TAILQ_REMOVE(head, bp, hq); ++ TAILQ_REMOVE(&mp->lqh, bp, q); + #if defined(DEBUG) && !defined(DEBUG_IDX0SPLIT) + { void *spage; + spage = bp->page; +@@ -450,7 +448,7 @@ mpool_look(mp, pgno) + BKT *bp; + + head = &mp->hqh[HASHKEY(pgno)]; +- for (bp = head->cqh_first; bp != (void *)head; bp = bp->hq.cqe_next) ++ for (bp = head->tqh_first; bp != NULL; bp = bp->hq.tqe_next) + if ((bp->pgno == pgno) && (bp->flags & MPOOL_INUSE)) { + #ifdef STATISTICS + ++mp->cachehit; +@@ -494,8 +492,7 @@ mpool_stat(mp) + + sep = ""; + cnt = 0; +- for (bp = mp->lqh.cqh_first; +- bp != (void *)&mp->lqh; bp = bp->q.cqe_next) { ++ for (bp = mp->lqh.tqh_first; bp != NULL; bp = bp->q.tqe_next) { + (void)fprintf(stderr, "%s%d", sep, bp->pgno); + if (bp->flags & MPOOL_DIRTY) + (void)fprintf(stderr, "d"); + +--- a/src/plugins/kdb/db2/libdb2/mpool/mpool.h ++++ b/src/plugins/kdb/db2/libdb2/mpool/mpool.h +@@ -47,8 +47,8 @@ + + /* The BKT structures are the elements of the queues. */ + typedef struct _bkt { +- CIRCLEQ_ENTRY(_bkt) hq; /* hash queue */ +- CIRCLEQ_ENTRY(_bkt) q; /* lru queue */ ++ TAILQ_ENTRY(_bkt) hq; /* hash queue */ ++ TAILQ_ENTRY(_bkt) q; /* lru queue */ + void *page; /* page */ + db_pgno_t pgno; /* page number */ + +@@ -59,9 +59,9 @@ typedef struct _bkt { + } BKT; + + typedef struct MPOOL { +- CIRCLEQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ ++ TAILQ_HEAD(_lqh, _bkt) lqh; /* lru queue head */ + /* hash queue array */ +- CIRCLEQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; ++ TAILQ_HEAD(_hqh, _bkt) hqh[HASHSIZE]; + db_pgno_t curcache; /* current number of cached pages */ + db_pgno_t maxcache; /* max number of cached pages */ + db_pgno_t npages; /* number of pages in the file */ + +--- a/src/plugins/kdb/db2/libdb2/test/run.test ++++ b/src/plugins/kdb/db2/libdb2/test/run.test +@@ -71,10 +71,11 @@ main() + } + + getnwords() { +- # Delete blank lines because the db code appears not to +- # like empty keys. On Debian Linux, $DICT appears to contain +- # some non-ASCII characters, and "rev" chokes on them. +- sed -e '/^$/d' < $DICT | cat -v | sed -e ${1}q ++ # Delete blank lines because the db code appears not to like ++ # empty keys. Omit lines with non-alphanumeric characters to ++ # avoid shell metacharacters and non-ASCII characters which ++ # could cause 'rev' to choke. ++ LC_ALL=C sed -e '/^$/d' -e '/[^A-Za-z]/d' < $DICT | sed -e ${1}q + } + + # Take the first hundred entries in the dictionary, and make them