convertsambaaccount

samba-3.0.22.tar.gz 编译smb服务器的源码

#!/usr/bin/perl  -w
##
## Convert an LDIF file containing sambaAccount entries
## to the new sambaSamAccount objectclass
##
## Copyright Gerald (Jerry) Carter	2003
##
## Usage: convertSambaAccount --sid=<Domain SID> \
##       --input=<input ldif> --output=<output ldif> \
##       --changetype=[modify|add]
##
## You can generate an input ldif file using:
## $ ldapsearch -LL -x -h ldapsrv -D cn=root,dc=company,dc=com \
##   -b dc=copmany,dc=com > /tmp/samba3.alpha23.ldif
##
## Note the "-LL" so no additional comments are generated
##


use strict;
use Net::LDAP::LDIF;
use Getopt::Long;


##############################################################################
## local variables

my ( $domain, $domsid, $changetype );
my ( $ldif, $ldif2 );
my ( $entry, @objclasses, $obj );
my ( $is_samba_account, $is_samba_group );
my ( %attr_map, %group_attr_map, $key );
my ( @dels, $deletion, @adds, $addition );
my ( $result, %options );


##############################################################################
## Print the option usage

sub usage {

	print "convertSambaAccount <options>\n";
	print "Options:\n";
	print "  --help         print this help message\n";
	print "  --input        input LDIF filename\n";
	print "  --output       output LDIF filename\n";
	print "  --sid          domain SID\n";
	print "  --changetype   [modify|add] (default is 'add')\n";
}


##############################################################################
##                               MAIN DRIVER                                ##
##############################################################################

##
## hashes to map old attribute names to new ones 
##

%attr_map = ( 
	lmPassword	=> 'sambaLMPassword',
	ntPassword	=> 'sambaNTPassword',
	pwdLastSet	=> 'sambaPwdLastSet',
	pwdMustChange	=> 'sambaPwdMustChange',
	pwdCanChange	=> 'sambaPwdCanChange',
	homeDrive	=> 'sambaHomeDrive',
	smbHome		=> 'sambaHomePath',
	scriptPath	=> 'sambaLogonScript',
	profilePath	=> 'sambaProfilePath',
	kickoffTime	=> 'sambaKickoffTime',
	logonTime	=> 'sambaLogonTime',
	logoffTime	=> 'sambaLogoffTime',
	userWorkstations	=> 'sambaUserWorkstations',
	domain		=> 'sambaDomainName',
	acctFlags	=> 'sambaAcctFlags',
);

%group_attr_map = (
	ntSid		=> 'sambaSID',
	ntGroupType	=> 'sambaGroupType',
);

##
## process command line args
##

$result = GetOptions(\%options,
			"help", 
			"input=s", 
			"output=s", 
			"sid=s",
			"changetype=s");

if (!$result && ($#ARGV != -1)) {
	usage();
	exit 1;
}

if ( defined($options{'help'}) ) {
	usage();
	exit 0;
}


if ( !defined( $options{'sid'} ) ) {
	print "You must provide a domain sid\n";
	exit 1;
}

$domsid = $options{'sid'};

$changetype = 'add';
if ( defined( $options{'changetype'} ) ) {
	$changetype = $options{'changetype'};
}

##
## open files
##

$ldif = Net::LDAP::LDIF->new ($options{'input'}, "r") or die $!;

if ( "$changetype" eq "add" ) {
	$ldif2 = Net::LDAP::LDIF->new ($options{'output'}, "w") or die $!;
}
elsif ( "$changetype" eq "modify" ) {
	open( OUTPUT, ">$options{'output'}" ) or die $!;
}
else {
	print "Bad changetype!\n";
	exit 1;
}

##
## process LDIF 
##

while ( !$ldif->eof ) {
	undef ( $entry );
	$entry = $ldif->read_entry();

	## skip entry if we find an error
	if ( $ldif->error() ) {
		print "Error msg: ",$ldif->error(),"\n";
		print "Error lines:\n",$ldif->error_lines(),"\n";
		next;
	}

	##
	## check to see if we have anything to do on this
	## entry.  If not just write it out
	##
	@objclasses = $entry->get_value( "objectClass" );
	undef ( $is_samba_account );
	undef ( $is_samba_group );
	@adds = ();
	@dels = ();
	foreach $obj ( @objclasses ) {
		if ( "$obj" eq "sambaAccount" ) {
			$is_samba_account = 1;
		} elsif ( "$obj" eq "sambaGroupMapping" ) {
			$is_samba_group = 1;
		}
	}

	if ( defined ( $is_samba_account ) ) {
		##
		## start editing the sambaAccount
		##

		@dels = ( 'objectclass: sambaAccount', 'rid' );
		@adds = ('objectclass: sambaSamAccount', "sambaSID: " .  ${domsid} . "-" . ${entry}->get_value( 'rid' ) );
		$entry->delete( 'objectclass' => [ 'sambaAccount' ] );
		$entry->add( 'objectclass' => 'sambaSamAccount' );

		$entry->add( 'sambaSID' => $domsid."-".$entry->get_value( "rid" ) );
		$entry->delete( 'rid' );
	
		if ( defined($entry->get_value( "primaryGroupID" )) ) {
			push @adds, "sambaPrimaryGroupSID: " . $domsid."-".$entry->get_value( "primaryGroupID" );
			push @dels, "primaryGroupID";
			$entry->add( 'sambaPrimaryGroupSID' => $domsid."-".$entry->get_value( "primaryGroupID" ) );
			$entry->delete( 'primaryGroupID' );
		}
	

		foreach $key ( keys %attr_map ) {
			if ( defined($entry->get_value($key)) ) {
				push @adds, "$attr_map{$key}: " . $entry->get_value($key);
				push @dels, "$key";
				$entry->add( $attr_map{$key} => $entry->get_value($key) );
				$entry->delete( $key );
			}
		}
	} elsif ( defined ( $is_samba_group ) ) {
		foreach $key ( keys %group_attr_map ) {
			if ( defined($entry->get_value($key)) ) {
				push @adds, "$group_attr_map{$key}: " . $entry->get_value($key);
				push @dels, "$key";
				$entry->add( $group_attr_map{$key} => $entry->get_value($key) );
				$entry->delete( $key );
			}
		}
	}
	
	## see if we should write full entries or only the changes
	
	if ( "$changetype" eq "add" ) {
		$ldif2->write_entry( $entry );
	}
	else {
		if ( defined ( $is_samba_account ) || defined ( $is_samba_group ) ){
			if ( @adds + @dels > 0 ) {
				print OUTPUT "dn: " . $entry->dn . "\n";
				foreach $addition (@adds) {
					$addition =~ /(^\w+):/;
					print OUTPUT "add: " . $1  . "\n";
					print OUTPUT "$addition\n-\n";
				}
				foreach $deletion (@dels) {
					if ( $deletion =~ /^(\w+):\s(.*)/ ) {
						print OUTPUT "delete: $1\n$1: $2\n-\n";
					} else {
						print OUTPUT "delete: $deletion\n-\n"
					}
				}
				print OUTPUT "\n"
			}
		}
	}
}