smbldap_tools.pm

samba-3.0.22.tar.gz 编译smb服务器的源码

# success = add_samba_machine_smbpasswd($computername)
sub add_samba_machine_smbpasswd
  {
    my $user = shift;
    system "smbpasswd -a -m $user";
    return 1;
  }

sub add_samba_machine
  {
	my ($user, $uid) = @_;
	my $sambaSID = 2 * $uid + 1000;
	my $name = $user;
	$name =~ s/.$//s;

	my ($lmpassword,$ntpassword) = ntlmgen $name;	
	my $modify = $ldap->modify ( "uid=$user,$config{computersdn}",
										changes => [
													replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
													add => [sambaPwdLastSet => '0'],
													add => [sambaLogonTime => '0'],
													add => [sambaLogoffTime => '2147483647'],
													add => [sambaKickoffTime => '2147483647'],
													add => [sambaPwdCanChange => '0'],
													add => [sambaPwdMustChange => '0'],
													add => [sambaAcctFlags => '[W          ]'],
													add => [sambaLMPassword => "$lmpassword"],
													add => [sambaNTPassword => "$ntpassword"],
													add => [sambaSID => "$config{SID}-$sambaSID"],
													add => [sambaPrimaryGroupSID => "$config{SID}-0"]
												   ]
									  );
	
	$modify->code && die "failed to add entry: ", $modify->error ;

	return 1;
  }

sub group_add_user
  {
	my ($group, $userid) = @_;
	my $members='';
	my $dn_line = get_group_dn($group);
	if (!defined(get_group_dn($group))) {
	  print "$0: group \"$group\" doesn't exist\n";
	  exit (6); 
	}
	if (!defined($dn_line)) {
	  return 1;
	}
	my $dn = get_dn_from_line("$dn_line");
	# on look if the user is already present in the group
	my $is_member=is_group_member($dn,$userid);
	if ($is_member == 1) {
	  print "User \"$userid\" already member of the group \"$group\".\n";
	} else {
	  # bind to a directory with dn and password
	  # It does not matter if the user already exist, Net::LDAP will add the user
	  # if he does not exist, and ignore him if his already in the directory.
	  my $modify = $ldap->modify ( "$dn",
										  changes => [
													  add => [memberUid => $userid]
													 ]
										);
	  $modify->code && die "failed to modify entry: ", $modify->error ;
	}
  }

sub group_del
  {
	my $group_dn=shift;
	# bind to a directory with dn and password
	my $modify = $ldap->delete ($group_dn);
	$modify->code && die "failed to delete group : ", $modify->error ;
  }

sub add_grouplist_user
  {
	my ($grouplist, $user) = @_;
	my @array = split(/,/, $grouplist);
	foreach my $group (@array) {
	  group_add_user($group, $user);
	}
  }

sub disable_user
  {
	my $user = shift;
	my $dn_line;
	my $dn = get_dn_from_line($dn_line);
	
	if (!defined($dn_line = get_user_dn($user))) {
	  print "$0: user $user doesn't exist\n";
	  exit (10);
	}
	my $modify = $ldap->modify ( "$dn",
										changes => [
													replace => [userPassword => '{crypt}!x']
												   ]
									  );
	$modify->code && die "failed to modify entry: ", $modify->error ;

	if (is_samba_user($user)) {
	  my $modify = $ldap->modify ( "$dn",
										  changes => [
													  replace => [sambaAcctFlags => '[D       ]']
													 ]
										);
	  $modify->code && die "failed to modify entry: ", $modify->error ;
	}
  }

# delete_user($user)
sub delete_user
  {
	my $user = shift;
	my $dn_line;

	if (!defined($dn_line = get_user_dn($user))) {
	  print "$0: user $user doesn't exist\n";
	  exit (10);
	}

	my $dn = get_dn_from_line($dn_line);
	my $modify = $ldap->delete($dn);
  }

# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
sub group_add
  {
	my ($gname, $gid, $force) = @_;
	my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
	if ($nscd_status == 0) {
	  system "/etc/init.d/nscd stop > /dev/null 2>&1";
	}
	if (!defined($gid)) {
	  #while (defined(getgrgid($config{GID_START}))) {
	  #	$config{GID_START}++;
	  #}
	  #$gid = $config{GID_START};
	  $gid=get_next_id($config{groupsdn},"gidNumber");
	} else {
	  if (!defined($force)) {
		if (defined(getgrgid($gid))) {
		  return undef;
		}
	  }
	}
	if ($nscd_status == 0) {
	  system "/etc/init.d/nscd start > /dev/null 2>&1";
	}
	my $modify = $ldap->add ( "cn=$gname,$config{groupsdn}",
									 attrs => [
											   objectClass => 'posixGroup',
											   cn => "$gname",
											   gidNumber => "$gid"
											  ]
								   );
	
	$modify->code && die "failed to add entry: ", $modify->error ;
	return $gid;
  }

# $homedir = get_homedir ($user)
sub get_homedir
  {
	my $user = shift;
	my $homeDir='';
	my $entry;
	my  $mesg = $ldap->search (
									 base   =>$config{usersdn},
									 scope => $config{scope},
									 filter => "(&(objectclass=posixAccount)(uid=$user))"
									);
	$mesg->code && die $mesg->error;

	my $nb=$mesg->count;
	if ($nb > 1) {
	  print "Aborting: there are $nb existing user named $user\n";
	  foreach $entry ($mesg->all_entries) {
		my $dn=$entry->dn;
		print "  $dn\n";
	  }
	  exit (4);
	} else {
	  $entry = $mesg->shift_entry();
	  $homeDir= $entry->get_value("homeDirectory");
	}

	chomp $homeDir;
	if ($homeDir eq '') {
	  return undef;
	}
	return $homeDir;
  }

# search for an user
sub read_user
  {
	my $user = shift;
	my $lines ='';
	my $mesg = $ldap->search ( # perform a search
									base   => $config{suffix},
									scope => $config{scope},
									filter => "(&(objectclass=posixAccount)(uid=$user))"
								   );

	$mesg->code && die $mesg->error;
	foreach my $entry ($mesg->all_entries) {
	  $lines.= "dn: " . $entry->dn."\n";
	  foreach my $attr ($entry->attributes) {
		{
		  $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
		}
	  }
	}
	chomp $lines;
	if ($lines eq '') {
	  return undef;
	}
	return $lines;
  }

# search for a user
# return the attributes in an array
sub read_user_entry
  {
	my $user = shift;
	my  $mesg = $ldap->search ( # perform a search
									 base   => $config{suffix},
									 scope => $config{scope},
									 filter => "(&(objectclass=posixAccount)(uid=$user))"
									);

	$mesg->code && die $mesg->error;
	my $entry = $mesg->entry();
	return $entry;
  }

# search for a group
sub read_group
  {
	my $user = shift;
	my $lines ='';
	my  $mesg = $ldap->search ( # perform a search
									 base   => $config{groupsdn},
									 scope => $config{scope},
									 filter => "(&(objectclass=posixGroup)(cn=$user))"
									);

	$mesg->code && die $mesg->error;
	foreach my $entry ($mesg->all_entries) {
	  $lines.= "dn: " . $entry->dn."\n";
	  foreach my $attr ($entry->attributes) {
		{
		  $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
		}
	  }
	}
	chomp $lines;
	if ($lines eq '') {
	  return undef;
	}
	return $lines;
  }

# find groups of a given user
##### MODIFIE ########
sub find_groups_of {
  my $user = shift;
  my @groups = ();
  my $mesg = $ldap->search ( # perform a search
                                  base   => $config{groupsdn},
                                  scope => $config{scope},
                                  filter => "(&(objectclass=posixGroup)(memberuid=$user))"
                                 );
  $mesg->code && die $mesg->error;

  my $entry;
  while ($entry = $mesg->shift_entry()) {
    push(@groups, scalar($entry->get_value('cn')));
  }
  return (@groups);
}

sub read_group_entry {
  my $group = shift;
  my $entry;
  my %res;
  my  $mesg = $ldap->search ( # perform a search
								   base   => $config{groupsdn},
								   scope => $config{scope},
								   filter => "(&(objectclass=posixGroup)(cn=$group))"
								  );

  $mesg->code && die $mesg->error;
  my $nb=$mesg->count;
  if ($nb > 1) {
    print "Error: $nb groups exist \"cn=$group\"\n";
    foreach $entry ($mesg->all_entries) {
	  my $dn=$entry->dn; print "  $dn\n";
	}
    exit 11;
  } else {
    $entry = $mesg->shift_entry();
  }
  return $entry;
}

sub read_group_entry_gid {
  my $group = shift;
  my %res;
  my  $mesg = $ldap->search ( # perform a search
								   base   => $config{groupsdn},
								   scope => $config{scope},
								   filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
								  );

  $mesg->code && die $mesg->error;
  my $entry = $mesg->shift_entry();
  return $entry;
}

# return the gidnumber for a group given as name or gid
# -1 : bad group name
# -2 : bad gidnumber
sub parse_group
  {
	my $userGidNumber = shift;
	if ($userGidNumber =~ /[^\d]/ ) {
	  my $gname = $userGidNumber;
	  my $gidnum = getgrnam($gname);
	  if ($gidnum !~ /\d+/) {
		return -1;
	  } else {
		$userGidNumber = $gidnum;
	  }
	} elsif (!defined(getgrgid($userGidNumber))) {
	  return -2;
	}
	return $userGidNumber;
  }

# remove $user from $group
sub group_remove_member
  {
	my ($group, $user) = @_;
	my $members='';
	my $grp_line = get_group_dn($group);
	if (!defined($grp_line)) {
	  return 0;
	}
	my $dn = get_dn_from_line($grp_line);
	# we test if the user exist in the group
	my $is_member=is_group_member($dn,$user);
	if ($is_member == 1) {
	  # delete only the user from the group
	  my $modify = $ldap->modify ( "$dn",
										  changes => [
													  delete => [memberUid => ["$user"]]
													 ]
										);
	  $modify->code && die "failed to delete entry: ", $modify->error ;
	}
	return 1;
  }

sub group_get_members
  {
	my ($group) = @_;
	my $members;
	my @resultat;
	my $grp_line = get_group_dn($group);
	if (!defined($grp_line)) {
	  return 0;
	}
	my  $mesg = $ldap->search (
							   base   => $config{groupsdn},
							   scope => $config{scope},
							   filter => "(&(objectclass=posixgroup)(cn=$group))"
							  );
	$mesg->code && die $mesg->error;
	foreach my $entry ($mesg->all_entries) {
	  foreach my $attr ($entry->attributes) {
		if ($attr=~/\bmemberUid\b/) {
		  foreach my $ent ($entry->get_value($attr)) {
			push (@resultat,$ent);
		  }
		}
	  }
	}
	return @resultat;
  }

sub do_ldapmodify
  {
	my $ldif = shift;
	my $FILE = "|$config{ldapmodify} -r >/dev/null";
	open (FILE, $FILE) || die "$!\n";
	print FILE <<EOF;
$ldif
EOF
	;
	close FILE;
	my $rc = $?;
	return $rc;
  }

sub group_type_by_name {
  my $type_name = shift;
  my %groupmap = (
				  'domain' => 2,
				  'local' => 4,
				  'builtin' => 5
				 );
  return $groupmap{$type_name};
}

sub subst_user
  {
	my ($str, $username) = @_;
	$str =~ s/%U/$username/ if ($str);
	return($str);
  }

# all given mails are stored in a table (remove the comma separated)
sub split_arg_comma {
  my $arg = shift;
  my @args;
  if (defined($arg)) {
    if ($arg eq '-') {
      @args = ( );
    } else {
      @args = split(/\s*,\s*/, $arg);
    }
  }
  return (@args);
}

sub list_union {
  my ($list1, $list2) = @_;
  my @res = @$list1;
  foreach my $e (@$list2) {
    if (! grep($_ eq $e, @$list1)) {
      push(@res, $e);
    }
  }
  return @res;
}

sub list_minus {
  my ($list1, $list2) = @_;
  my @res = ();
  foreach my $e (@$list1) {
    if (! grep( $_ eq $e, @$list2 )) {
      push(@res, $e);
    }
  }
  return @res;
}

sub get_next_id($$) {
  my $ldap_base_dn = shift;
  my $attribute = shift;
  my $tries = 0;
  my $found=0;
  my $next_uid_mesg;
  my $nextuid;
  if ($ldap_base_dn =~ m/$config{usersdn}/i) {
	# when adding a new user, we'll check if the uidNumber available is not
	# already used for a computer's account
	$ldap_base_dn=$config{suffix}
  }
  do {
	$next_uid_mesg = $ldap->search(
										  base => $config{sambaUnixIdPooldn},
										  filter => "(objectClass=sambaUnixIdPool)",
										  scope => "base"
										 );
	$next_uid_mesg->code && die "Error looking for next uid";
	if ($next_uid_mesg->count != 1) {
	  die "Could not find base dn, to get next $attribute";
	}
	my $entry = $next_uid_mesg->entry(0);
            
	$nextuid = $entry->get_value($attribute);
	my $modify=$ldap->modify( "$config{sambaUnixIdPooldn}",
									 changes => [
												 replace => [ $attribute => $nextuid + 1 ]
												]
								   );
	$modify->code && die "Error: ", $modify->error;
	# let's check if the id found is really free (in ou=Groups or ou=Users)...
	my $check_uid_mesg = $ldap->search(
											  base => $ldap_base_dn,
											  filter => "($attribute=$nextuid)",
											 );
	$check_uid_mesg->code && die "Cannot confirm $attribute $nextuid is free";
	if ($check_uid_mesg->count == 0) {
	  $found=1;
	  return $nextuid;
	}
	$tries++;
	print "Cannot confirm $attribute $nextuid is free: checking for the next one\n"
  } while ($found != 1);
  die "Could not allocate $attribute!";
}

1;