================
* NEW: afpd: Put file extension type/creator mapping back in which had
been removed in 3.0.
+* NEW: afpd: new option 'ad domain'. From FR #66.
* UPD: ignore volumes with duplicated volumes paths.
* FIX: volumes and home share with symlinks in the path
* FIX: Copying packages to a Netatalk share could fail, bug #469
#include <atalk/util.h>
#include <atalk/globals.h>
#include <atalk/volume.h>
+#include <atalk/bstrlib.h>
#include "afp_config.h"
#include "auth.h"
return pwent;
/* if we have a NT domain name try with it */
- if (obj->options.ntdomain && obj->options.ntseparator) {
+ if (obj->options.addomain || (obj->options.ntdomain && obj->options.ntseparator)) {
/* FIXME What about charset ? */
- size_t ulen = strlen(obj->options.ntdomain) + strlen(obj->options.ntseparator) + strlen(name);
- if ((p = malloc(ulen +1))) {
- strcpy(p, obj->options.ntdomain);
- strcat(p, obj->options.ntseparator);
- strcat(p, name);
- pwent = getpwnam(p);
- free(p);
- if (pwent) {
- int len = strlen(pwent->pw_name);
- if (len < MAXUSERLEN) {
- strncpy(name,pwent->pw_name, MAXUSERLEN);
- }else{
- LOG(log_error, logtype_uams, "MAJOR:The name %s is longer than %d",pwent->pw_name,MAXUSERLEN);
- }
-
- return pwent;
+ bstring princ;
+ if (obj->options.addomain)
+ princ = bformat("%s@%s", name, obj->options.addomain);
+ else
+ princ = bformat("%s%s%s", obj->options.ntdomain, obj->options.ntseparator, name);
+ pwent = getpwnam(bdata(princ));
+ bdestroy(princ);
+
+ if (pwent) {
+ int len = strlen(pwent->pw_name);
+ if (len < MAXUSERLEN) {
+ strncpy(name,pwent->pw_name, MAXUSERLEN);
+ } else {
+ LOG(log_error, logtype_uams, "The name '%s' is longer than %d", pwent->pw_name, MAXUSERLEN);
}
+ return pwent;
}
}
#ifndef NO_REAL_USER_NAME
gid_t admingid;
int volnamelen;
/* default value for winbind authentication */
- char *ntdomain, *ntseparator;
+ char *ntdomain, *ntseparator, *addomain;
char *logconfig;
char *logfile;
char *mimicmodel;
options->k5realm = iniparser_getstrdup(config, INISEC_GLOBAL, "k5 realm", NULL);
options->listen = iniparser_getstrdup(config, INISEC_GLOBAL, "afp listen", NULL);
options->ntdomain = iniparser_getstrdup(config, INISEC_GLOBAL, "nt domain", NULL);
+ options->addomain = iniparser_getstrdup(config, INISEC_GLOBAL, "ad domain", NULL);
options->ntseparator = iniparser_getstrdup(config, INISEC_GLOBAL, "nt separator", NULL);
options->mimicmodel = iniparser_getstrdup(config, INISEC_GLOBAL, "mimic model", NULL);
options->adminauthuser = iniparser_getstrdup(config, INISEC_GLOBAL, "admin auth user",NULL);
CONFIG_ARG_FREE(obj->options.listen);
if (obj->options.ntdomain)
CONFIG_ARG_FREE(obj->options.ntdomain);
+ if (obj->options.addomain)
+ CONFIG_ARG_FREE(obj->options.addomain);
if (obj->options.ntseparator)
CONFIG_ARG_FREE(obj->options.ntseparator);
if (obj->options.mimicmodel)
.RS 4
.\}
.nf
-\fIname\fR = \fIvalue \fR
-
+ \fIname\fR = \fIvalue \fR
+
.fi
.if n \{\
.RE
Any line beginning with a semicolon (\(lq;\(rq) or a hash (\(lq#\(rq) character is ignored, as are lines containing only whitespace\&.
.PP
Any line ending in a
-\(lq\e\(rq
+\(lq \e \(rq
is continued on the next line in the customary UNIX fashion\&.
.PP
The values following the equals sign in parameters are all either a string (no quotes needed) or a boolean, which may be given as yes/no, 1/0 or true/false\&. Case is not significant in boolean values, but is preserved in string values\&. Some items such as create masks are numeric\&.
.RS 4
.\}
.nf
-[baz]
-path = /foo/bar
-
+ [baz]
+ path = /foo/bar
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-[Homes]
-path = afp\-data
-basedir regex = /home
+ [Homes] path = afp\-data basedir regex = /home
.fi
.if n \{\
.SH "EXPLANATION OF GLOBAL PARAMETERS"
.SS "Authentication Options"
.PP
+ad domain = \fIDOMAIN\fR \fB(G)\fR
+.RS 4
+Append @DOMAIN to username when authenticating\&. Useful in Active Directory environments that otherwise would require the user to enter the full user@domain string\&.
+.RE
+.PP
admin auth user = \fIuser\fR \fB(G)\fR
.RS 4
Specifying eg "\fBadmin auth user = root\fR" whenever a normal user login fails, afpd will try to authenticate as the specified
.RS 4
.\}
.nf
-73: limit of Mac OS X 10\&.1
-80: limit of Mac OS X 10\&.4/10\&.5 (default)
-255: limit of recent Mac OS X
+ 73: limit of Mac OS X 10\&.1 80: limit of Mac
+ OS X 10\&.4/10\&.5 (default) 255: limit of recent Mac OS
+ X
.fi
.if n \{\
.RE
.RS 4
SASL\&. Not yet supported !
.RE
+.sp
.RE
.PP
ldap auth dn = \fIdn\fR \fB(G)\fR
.RS 4
Binary objectGUID from Active Directory
.RE
+.sp
.RE
.PP
ldap group attr = \fIdn\fR \fB(G)\fR
is for directories only\&. Don\'t use with "\fBunix priv = no\fR"\&.
.PP
\fBExample.\ \&Volume for a collaborative workgroup\fR
+
.sp
.if n \{\
.RS 4
.\}
.nf
-file perm = 0660
-directory perm = 0770
+file perm = 0660 directory perm =
+ 0770
.fi
.if n \{\
.RE
.\}
+.sp
.RE
.PP
option will allow you to select another volume encoding\&. E\&.g\&. for western users another useful setting could be vol charset ISO\-8859\-15\&.
\fBafpd\fR
will accept any
-\fBiconv\fR(1)
+\fB iconv \fR(1)
provided charset\&. If a character cannot be converted from the
\fBmac charset\fR
to the selected