smbldap-useradd

samba-3.0.22.tar.gz 编译smb服务器的源码

#!/usr/bin/perl -w

# $Id: smbldap-useradd,v 1.27 2005/05/27 14:21:00 jtournier Exp $
#
#  This code was developped by IDEALX (http://IDEALX.org/) and
#  contributors (their names can be found in the CONTRIBUTORS file).
#
#                 Copyright (C) 2002 IDEALX
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
#  USA.

# Purpose of smbldap-useradd : user (posix,shadow,samba) add

use strict;

use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";
use smbldap_tools;
use Crypt::SmbHash;
#####################


use Getopt::Std;
my %Options;

my $ok = getopts('o:anmwiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:M:N:S:T:?', \%Options);

if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
  print_banner;
  print "Usage: $0 [-awmugdsckABCDEFGHMNPST?] username\n";
  print "  -o  add the user in the organizational unit (relative to the user suffix)\n";
  print "  -a	is a Windows User (otherwise, Posix stuff only)\n";
  print "  -w	is a Windows Workstation (otherwise, Posix stuff only)\n";
  print "  -i	is a trust account (Windows Workstation)\n";
  print "  -u	uid\n";
  print "  -g	gid\n";
  print "  -G	supplementary comma-separated groups\n";
  print "  -n	do not create a group\n";
  print "  -d	home\n";
  print "  -s	shell\n";
  print "  -c	gecos\n";
  print "  -m	creates home directory and copies /etc/skel\n";
  print "  -k	skeleton dir (with -m)\n";
  print "  -t	time. Wait 'time' seconds before exiting (when adding Windows Workstation)\n";
  print "  -P	ends by invoking smbldap-passwd\n";
  print "  -A	can change password ? 0 if no, 1 if yes\n";
  print "  -B	must change password ? 0 if no, 1 if yes\n";
  print "  -C	sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
  print "  -D	sambaHomeDrive (letter associated with home share, like 'H:')\n";
  print "  -E	sambaLogonScript (DOS script to execute on login)\n";
  print "  -F	sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
  print "  -H	sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
  print "  -N	canonical name\n";
  print "  -S	surname\n";
  print "  -M	local mailAddress (comma seperated)\n";
  print "  -T	mailToAddress (forward address) (comma seperated)\n";
  print "  -?	show this help message\n";
  exit (1);
}

my $ldap_master=connect_ldap_master();


# cause problems when dealing with getpwuid because of the
# negative ttl and ldap modification
my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";

if ($nscd_status == 0) {
  system "/etc/init.d/nscd stop > /dev/null 2>&1";
}


# Read only first @ARGV
my $userName = $ARGV[0];

# For computers account, add a trailing dollar if missing
if (defined($Options{'w'})) {
  if ($userName =~ /[^\$]$/s) {
    $userName .= "\$";
  }
}

# untaint $userName (can finish with one or two $)
if ($userName =~ /^([\w -.]+\$?)$/) {
  $userName = $1;
} else {
  print "$0: illegal username\n";
  exit (1);
}

# user must not exist in LDAP (should it be nss-wide ?)
my ($rc, $dn) = get_user_dn2($userName);
if ($rc and defined($dn)) {
  print "$0: user $userName exists\n";
  exit (9);
} elsif (!$rc) {
  print "$0: error in get_user_dn2\n";
  exit(10);
}

# Read options
# we create the user in the specified ou (relative to the users suffix)
my $user_ou=$Options{'o'};
if (defined $user_ou) {
  $config{usersdn}="$user_ou,$config{usersdn}";
}

my $userUidNumber = $Options{'u'};
if (!defined($userUidNumber)) { 
  $userUidNumber=get_next_id($config{usersdn},"uidNumber");
} elsif (getpwuid($userUidNumber)) {
  die "Uid already exists.\n";
}

if ($nscd_status == 0) {
  system "/etc/init.d/nscd start > /dev/null 2>&1";
}

my $createGroup = 0;
my $userGidNumber = $Options{'g'};
# gid not specified ? 
if (!defined($userGidNumber)) {
  # windows machine => $config{defaultComputerGid}
  if (defined($Options{'w'})) {
    $userGidNumber = $config{defaultComputerGid};
    #    } elsif (!defined($Options{'n'})) {
    # create new group (redhat style)
    # find first unused gid starting from $config{GID_START}
    #	while (defined(getgrgid($config{GID_START}))) {
    #		$config{GID_START}++;
    #	}
    #	$userGidNumber = $config{GID_START};

    #	$createGroup = 1;

  } else {
    # user will have gid = $config{defaultUserGid}
    $userGidNumber = $config{defaultUserGid};
  }
} else {
  my $gid;
  if (($gid = parse_group($userGidNumber)) < 0) {
    print "$0: unknown group $userGidNumber\n";
    exit (6);
  }
  $userGidNumber = $gid;
}

my $group_entry;
my $userGroupSID;
my $userRid;
my $user_sid;
if (defined $Options{'a'} or defined $Options{'i'}) {
  # as grouprid we use the value of the sambaSID attribute for
  # group of gidNumber=$userGidNumber
  $group_entry = read_group_entry_gid($userGidNumber);
  $userGroupSID = $group_entry->get_value('sambaSID');
  unless ($userGroupSID) {
    print "Error: SID not set for unix group $userGidNumber\n";
    print "check if your unix group is mapped to an NT group\n";
    exit (7);
  }

  # as rid we use 2 * uid + 1000
  $userRid = 2 * $userUidNumber + 1000;
  # let's test if this SID already exist
  $user_sid="$config{SID}-$userRid";
  my $test_exist_sid=does_sid_exist($user_sid,$config{usersdn});
  if ($test_exist_sid->count == 1) {
    print "User SID already owned by\n";
    # there should not exist more than one entry, but ...
    foreach my $entry ($test_exist_sid->all_entries) {
      my $dn= $entry->dn;
      chomp($dn);
      print "$dn\n";
    }
    exit(7);
  }
}

my $userHomeDirectory;
my ($userCN, $userSN);
my @userMailLocal;
my @userMailTo;
my $tmp;
if (!defined($userHomeDirectory = $Options{'d'})) {
  $userHomeDirectory = &subst_user($config{userHome}, $userName);
}
$userHomeDirectory=~s/\/\//\//;
$config{userLoginShell} = $tmp if (defined($tmp = $Options{'s'}));
$config{userGecos} = $tmp if (defined($tmp = $Options{'c'}));
$config{skeletonDir} = $tmp if (defined($tmp = $Options{'k'}));
$userCN = ($Options{'c'} || $userName);
$userCN = $tmp if (defined($tmp = $Options{'N'}));
$userSN = $userName;
$userSN = $tmp if (defined($tmp = $Options{'S'}));
@userMailLocal = &split_arg_comma($Options{'M'});
@userMailTo = &split_arg_comma($Options{'T'});

########################

# MACHINE ACCOUNT
if (defined($Options{'w'}) or defined($Options{'i'})) {
   
  #print "About to create machine $userName:\n";

  if (!add_posix_machine ($userName,$userUidNumber,$userGidNumber,$Options{'t'})) {
    die "$0: error while adding posix account\n";
  }

  if (defined($Options{'i'})) {
    # For machine trust account
    # Objectclass sambaSAMAccount must be added now !
    my $pass;
    my $pass2;

    system "stty -echo";
    print "New password : ";
    chomp($pass=<STDIN>); 
    print "\n";
    system "stty echo";

    system "stty -echo";
    print "Retype new password : ";
    chomp($pass2=<STDIN>);
    print "\n";
    system "stty echo";

    if ($pass ne $pass2) {
      print "New passwords don't match!\n";
      exit (10);
    }
    my ($lmpassword,$ntpassword) = ntlmgen $pass;
    my $date=time;
    my $modify = $ldap_master->modify ( "uid=$userName,$config{computersdn}",
					changes => [
						    replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
						    add => [sambaLogonTime => '0'],
						    add => [sambaLogoffTime => '2147483647'],
						    add => [sambaKickoffTime => '2147483647'],
						    add => [sambaPwdCanChange => '0'],
						    add => [sambaPwdMustChange => '2147483647'],
						    add => [sambaPwdLastSet => "$date"],
						    add => [sambaAcctFlags => '[I          ]'],
						    add => [sambaLMPassword => "$lmpassword"],
						    add => [sambaNTPassword => "$ntpassword"],
						    add => [sambaSID => "$user_sid"],
						    add => [sambaPrimaryGroupSID => "$config{SID}-515"]
						   ]
				      );

    $modify->code && die "failed to add entry: ", $modify->error ;
  }

  $ldap_master->unbind;
  exit 0;
}

# USER ACCOUNT
# add posix account first

my $add = $ldap_master->add ("uid=$userName,$config{usersdn}",
			     attr => [
				      'objectclass' => ['top','inetOrgPerson','posixAccount','shadowAccount'],
				      'cn'   => "$userCN",
				      'sn'   => "$userSN",
				      'uid'   => "$userName",