smbldap-usermod

samba-3.0.22.tar.gz 编译smb服务器的源码

#!/usr/bin/perl -w

# $Id: smbldap-usermod,v 1.13 2005/05/27 14:21:00 jtournier Exp $
#
#  This code was developped by IDEALX (http://IDEALX.org/) and
#  contributors (their names can be found in the CONTRIBUTORS file).
#
#                 Copyright (C) 2001-2002 IDEALX
#
#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#
#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
#  USA.

# Purpose of smbldap-usermod : user (posix,shadow,samba) modification

use strict;
use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";
use smbldap_tools;

#####################

use Getopt::Std;
my %Options;
my $nscd_status;

my $ok = getopts('A:B:C:D:E:F:H:IJM:N:S:PT:ame:f:u:g:G:d:l:r:s:c:ok:?h', \%Options);
if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) || ($Options{'h'}) ) {
  print_banner;
  print "Usage: $0 [-awmugdsckABCDEFGHIPSMT?h] username\n";
  print "Available options are:\n";
  print "  -c    gecos\n";
  print "  -d    home directory\n";
  #print "  -m    move home directory\n";
  #print "  -f    inactive days\n";
  print "  -r    new username (cn, sn and dn are updated)\n";
  print "  -u    uid\n";
  print "  -o    uid can be non unique\n";
  print "  -g    gid\n";
  print "  -G    supplementary groups (comma separated)\n";
  print "  -s    shell\n";
  print "  -N    canonical name\n";
  print "  -S    surname\n";
  print "  -P    ends by invoking smbldap-passwd\n";
  print " For samba users:\n";
  print "  -a    add sambaSAMAccount objectclass\n";
  print "  -e    expire date (\"YYYY-MM-DD HH:MM:SS\")\n";
  print "  -A    can change password ? 0 if no, 1 if yes\n";
  print "  -B    must change password ? 0 if no, 1 if yes\n";
  print "  -C    sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
  print "  -D    sambaHomeDrive (letter associated with home share, like 'H:')\n";
  print "  -E    sambaLogonScript (DOS script to execute on login)\n";
  print "  -F    sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
  print "  -H    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
  print "  -I    disable an user. Can't be used with -H or -J\n";
  print "  -J    enable an user. Can't be used with -H or -I\n";
  print "  -M    mailAddresses (comma seperated)\n";
  print "  -T    mailToAddress (forward address) (comma seperated)\n";
  print "  -?|-h show this help message\n";
  exit (1);
}

if ($< != 0) {
  print "You must be root to modify an user\n";
  exit (1);
}
# Read only first @ARGV
my $user = $ARGV[0];

# Let's connect to the directory first
my $ldap_master=connect_ldap_master();

# Read user data
my $user_entry = read_user_entry($user);
if (!defined($user_entry)) {
  print "$0: user $user doesn't exist\n";
  exit (1);
}

my $samba = 0;
if (grep ($_ =~ /^sambaSamAccount$/i, $user_entry->get_value('objectClass'))) {
  $samba = 1;
}

# get the dn of the user
my $dn= $user_entry->dn();

my $tmp;
my @mods;
my @dels;
if (defined($tmp = $Options{'a'})) {
  # Let's connect to the directory first
  my $winmagic = 2147483647;
  my $valpwdcanchange = 0;
  my $valpwdmustchange = $winmagic;
  my $valpwdlastset = 0; 
  my $valacctflags = "[UX]";
  my $user_entry=read_user_entry($user);
  my $uidNumber = $user_entry->get_value('uidNumber');
  my $userRid = 2 * $uidNumber + 1000;
  # apply changes
  my $modify = $ldap_master->modify ( "$dn",
				      changes => [
						  add => [objectClass => 'sambaSAMAccount'],
						  add => [sambaPwdLastSet => "$valpwdlastset"],
						  add => [sambaLogonTime => '0'],
						  add => [sambaLogoffTime => '2147483647'],
						  add => [sambaKickoffTime => '2147483647'],
						  add => [sambaPwdCanChange => "$valpwdcanchange"],
						  add => [sambaPwdMustChange => "$valpwdmustchange"],
						  add => [displayName => "$config{userGecos}"],
						  add => [sambaSID=> "$config{SID}-$userRid"],
						  add => [sambaAcctFlags => "$valacctflags"],
						 ]
				    );
  $modify->code && warn "failed to modify entry: ", $modify->error ;
}

# Process options
my $changed_uid;
my $_userUidNumber;
my $_userRid;
if (defined($tmp = $Options{'u'})) {
  if (defined($Options{'o'})) {
    $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
	
    if ($nscd_status == 0) {
      system "/etc/init.d/nscd stop > /dev/null 2>&1";
    }

    if (getpwuid($tmp)) {
      if ($nscd_status == 0) {
	system "/etc/init.d/nscd start > /dev/null 2>&1";
      }

      print "$0: uid number $tmp exists\n";
      exit (6);
    }
    if ($nscd_status == 0) {
      system "/etc/init.d/nscd start > /dev/null 2>&1";
    }

  }
  push(@mods, 'uidNumber', $tmp);
  $_userUidNumber = $tmp;
  if ($samba) {
    # as rid we use 2 * uid + 1000
    my $_userRid = 2 * $_userUidNumber + 1000;
    if (defined($Options{'x'})) {
      $_userRid= sprint("%x", $_userRid);
    }
    push(@mods, 'sambaSID', $config{SID}.'-'.$_userRid);
  }
  $changed_uid = 1;
}

my $changed_gid;
my $_userGidNumber;
my $_userGroupSID;
if (defined($tmp = $Options{'g'})) {
  $_userGidNumber = parse_group($tmp);
  if ($_userGidNumber < 0) {
    print "$0: group $tmp doesn't exist\n";
    exit (6);
  }
  push(@mods, 'gidNumber', $_userGidNumber);
  if ($samba) {
    # as grouprid we use the sambaSID attribute's value of the group
    my $group_entry = read_group_entry_gid($_userGidNumber);
    my $_userGroupSID = $group_entry->get_value('sambaSID');
    unless ($_userGroupSID) {
      print "Error: sambaPrimaryGroupSid could not be set (sambaSID for group $_userGidNumber does not exist\n";
      exit (7);
    }
    push(@mods, 'sambaPrimaryGroupSid', $_userGroupSID);
  }
  $changed_gid = 1;
}

if (defined($tmp = $Options{'s'})) {
  push(@mods, 'loginShell' => $tmp);
}


if (defined($tmp = $Options{'c'})) {
  push(@mods, 'gecos' => $tmp,
       'description' => $tmp);
  if ($samba == 1) {
    push(@mods, 'displayName' => $tmp);
  }
}

if (defined($tmp = $Options{'d'})) {
  push(@mods, 'homeDirectory' => $tmp);
}

if (defined($tmp = $Options{'N'})) { 
  push(@mods, 'cn' => $tmp);
}

if (defined($tmp = $Options{'S'})) { 
  push(@mods, 'sn' => $tmp);
}

my $mailobj = 0;
if ($tmp= $Options{'M'}) {
  # action si + or - for adding or deleting an entry
  my $action= '';
  if ($tmp =~ s/^([+-])+\s*//) {
    $action= $1;
  }
  my @userMailLocal = &split_arg_comma($tmp);
  my @mail;
  foreach my $m (@userMailLocal) {
    my $domain = $config{mailDomain};
    if ($m =~ /^(.+)@/) {
      push (@mail, $m);
      # mailLocalAddress contains only the first part
      $m= $1;
    } else {
      push(@mail, $m.($domain ? '@'.$domain : ''));
    }
  }
  if ($action) {
    my @old_MailLocal;
    my @old_mail;
    @old_mail = $user_entry->get_value('mail');
    @old_MailLocal = $user_entry->get_value('mailLocalAddress');
    if ($action eq '+') {
      @userMailLocal = &list_union(\@old_MailLocal, \@userMailLocal);
      @mail = &list_union(\@old_mail, \@mail);
    } elsif ($action eq '-') {
      @userMailLocal = &list_minus(\@old_MailLocal, \@userMailLocal);
      @mail = &list_minus(\@old_mail, \@mail);
    }
  }
  push(@mods, 'mailLocalAddress', [ @userMailLocal ]);
  push(@mods, 'mail' => [ @mail ]);
  $mailobj = 1;
}

if ($tmp= $Options{'T'}) {
  my $action= '';
  my @old;
  # action si + or - for adding or deleting an entry
  if ($tmp =~ s/^([+-])+\s*//) {
    $action= $1;
  }
  my @userMailTo = &split_arg_comma($tmp);
  if ($action) {
    @old = $user_entry->get_value('mailRoutingAddress');
  }
  if ($action eq '+') {
    @userMailTo = &list_union(\@old, \@userMailTo);
  } elsif ($action eq '-') {
    @userMailTo = &list_minus(\@old, \@userMailTo);
  }
  push(@mods, 'mailRoutingAddress', [ @userMailTo ]);
  $mailobj = 1;
}
if ($mailobj) {
  my @objectclass = $user_entry->get_value('objectClass');
  if (! grep ($_ =~ /^inetLocalMailRecipient$/i, @objectclass)) {
    push(@mods, 'objectClass' => [ @objectclass, 'inetLocalMailRecipient' ]);
  }
}


if (defined($tmp = $Options{'G'})) {
  my $action= '';
  if ($tmp =~ s/^([+-])+\s*//) {
    $action= $1;
  }
  if ($action eq '-') {
    # remove user from specified groups
    foreach my $gname (&split_arg_comma($tmp)) {
      group_remove_member($gname, $user);
    }
  } else {
    if ($action ne '+') {
      my @old = &find_groups_of($user);
      # remove user from old groups
      foreach my $gname (@old) {
	if ($gname ne "") {
	  group_remove_member($gname, $user);
	}
      }
    }
    # add user to new groups
    add_grouplist_user($tmp, $user);
  }
}

#
# A : sambaPwdCanChange
# B : sambaPwdMustChange
# C : sambaHomePath
# D : sambaHomeDrive
# E : sambaLogonScript
# F : sambaProfilePath
# H : sambaAcctFlags

my $attr;
my $winmagic = 2147483647;