#!/bin/sh # This is a sample script showing how one connect the userfirewall # system to a samba server. # The samba server authenticate users. Once done, we know who is connected # and from where (which IP number). # From there, we can learn the supplementary groups and send this to the # firewall. # We can hook this script to the homes share. In general, the users # access this share and stay connected all the time. The homes # share in smb.conf would look like # [homes] # comment = Home Directories # browseable = no # writable = yes # root preexec = /root/sambasendid --firewall your_firewall --port 999 --id secretid login %U %I # root postexec = /root/sambasendid --firewall your_firewall --port 999 --id secretid logout %U %I # You can also bring the firewall up to date in case it was rebooted # by doing # sambasendid --firewall firewall --port 999 --id secretid --logall FIREWALL= PORT=999 ID= while [ $# -gt 0 ] do if [ "$1" = "--firewall" ] ; then shift FIREWALL=$1 shift elif [ "$1" = "--port" ] ; then shift PORT=$1 shift elif [ "$1" = "--id" ] ; then shift ID=$1 shift else break fi done if [ "$1" = "--logall" ] ; then # Use smbstatus to send information about users # currently logged in. You use that when the firewall # has been installed or for some reason is out of sync # This is using smbstatus output to send the various request /usr/lib/linuxconf/lib/firesendid --fhost $FIREWALL --port $PORT \ --id $ID reset smbstatus -S | sed 's/(//;s/)//' | ( read line read line read line read line while read a uid b c d ip rest do echo $uid $ip done \ ) | sort -u | ( while read uid ip rest do if [ "$uid" != "" -a "$uid" != "nobody" -a "$uid" != "root" ] ; then /usr/lib/linuxconf/lib/firesendid --fhost $FIREWALL --port $PORT \ --id $ID login $uid $ip/255.255.255.255 `/usr/lib/linuxconf/lib/user2groups $uid` fi done ) elif [ "$1" = "login" ] ; then /usr/lib/linuxconf/lib/firesendid --fhost $FIREWALL --port $PORT \ --id $ID $* `/usr/lib/linuxconf/lib/user2groups $2` elif [ "$1" = "logout" ] ; then /usr/lib/linuxconf/lib/firesendid --fhost $FIREWALL --port $PORT \ --id $ID $* else logger -s -t sambasendid expect login or logout as the first argument fi