diff options
| author | Gerald Carter <jerry@samba.org> | 2003-12-04 21:59:20 +0000 |
|---|---|---|
| committer | Gerald Carter <jerry@samba.org> | 2003-12-04 21:59:20 +0000 |
| commit | dc058d980b369578b56c53972e8033fc77ee0b48 (patch) | |
| tree | e7567c0106c01d92f908954578cc914a5455df92 /examples/LDAP/smbldap-tools/smbldap_tools.pm | |
| parent | b47a3a920a9a03ecc3e71d6594384cae674b6775 (diff) | |
| download | samba-dc058d980b369578b56c53972e8033fc77ee0b48.tar.gz samba-dc058d980b369578b56c53972e8033fc77ee0b48.tar.bz2 samba-dc058d980b369578b56c53972e8033fc77ee0b48.zip | |
updating top 0.8.2-1 of the smbldap tools
(This used to be commit b798f30f0a83ba00ebbe1b82983ca6690642ad02)
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap_tools.pm')
| -rwxr-xr-x | examples/LDAP/smbldap-tools/smbldap_tools.pm | 482 |
1 files changed, 277 insertions, 205 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap_tools.pm b/examples/LDAP/smbldap-tools/smbldap_tools.pm index 8001442fe8..b7b134f3fd 100755 --- a/examples/LDAP/smbldap-tools/smbldap_tools.pm +++ b/examples/LDAP/smbldap-tools/smbldap_tools.pm @@ -4,6 +4,8 @@ package smbldap_tools; use smbldap_conf; use Net::LDAP; +# $Id: smbldap_tools.pm,v 1.1.6.4 2003/12/04 21:59:20 jerry Exp $ +# # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # @@ -34,36 +36,40 @@ $VERSION = 1.00; @ISA = qw(Exporter); @EXPORT = qw( -get_user_dn -get_group_dn + get_user_dn + get_group_dn is_group_member -is_samba_user + is_samba_user is_unix_user -is_user_valid -get_dn_from_line -add_posix_machine -add_samba_machine -add_samba_machine_mkntpwd -group_add_user -add_grouplist_user -disable_user -delete_user -group_add + is_user_valid + does_sid_exist + get_dn_from_line + add_posix_machine + add_samba_machine + add_samba_machine_mkntpwd + group_add_user + add_grouplist_user + disable_user + delete_user + group_add group_del -get_homedir -read_user + get_homedir + read_user read_user_entry -read_group -find_groups_of -parse_group -group_remove_member -group_get_members -do_ldapadd -do_ldapmodify -get_user_dn2 + read_group + read_group_entry + read_group_entry_gid + find_groups_of + parse_group + group_remove_member + group_get_members + do_ldapadd + do_ldapmodify + get_user_dn2 connect_ldap_master connect_ldap_slave -); + group_type_by_name + ); sub connect_ldap_master { @@ -116,14 +122,14 @@ sub connect_ldap_slave } sub get_user_dn -{ + { my $user = shift; my $dn=''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( base => $suffix, - scope => $scope, - filter => "(&(objectclass=posixAccount)(uid=$user))" - ); + scope => $scope, + filter => "(&(objectclass=posixAccount)(uid=$user))" + ); $mesg->code && die $mesg->error; foreach my $entry ($mesg->all_entries) { $dn= $entry->dn; @@ -131,70 +137,70 @@ sub get_user_dn $ldap_slave->unbind; chomp($dn); if ($dn eq '') { - return undef; + return undef; } $dn="dn: ".$dn; return $dn; -} + } sub get_user_dn2 -{ + { my $user = shift; my $dn=''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( base => $suffix, - scope => $scope, - filter => "(&(objectclass=posixAccount)(uid=$user))" - ); + scope => $scope, + filter => "(&(objectclass=posixAccount)(uid=$user))" + ); $mesg->code && warn "failed to perform search; ", $mesg->error; foreach my $entry ($mesg->all_entries) { - $dn= $entry->dn; + $dn= $entry->dn; } $ldap_slave->unbind; chomp($dn); if ($dn eq '') { - return (1,undef); + return (1,undef); } $dn="dn: ".$dn; return (1,$dn); -} + } sub get_group_dn { - my $group = shift; - my $dn=''; + my $group = shift; + my $dn=''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( base => $groupsdn, - scope => $scope, - filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))" - ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries) { + scope => $scope, + filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))" + ); + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { $dn= $entry->dn; } $ldap_slave->unbind; - chomp($dn); - if ($dn eq '') { + chomp($dn); + if ($dn eq '') { return undef; - } - $dn="dn: ".$dn; - return $dn; + } + $dn="dn: ".$dn; + return $dn; } # return (success, dn) # bool = is_samba_user($username) sub is_samba_user { - my $user = shift; + my $user = shift; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( base => $suffix, - scope => $scope, - filter => "(&(objectClass=sambaSamAccount)(uid=$user))" - ); - $mesg->code && die $mesg->error; + scope => $scope, + filter => "(&(objectClass=sambaSamAccount)(uid=$user))" + ); + $mesg->code && die $mesg->error; $ldap_slave->unbind; return ($mesg->count ne 0); } @@ -217,52 +223,68 @@ sub is_group_member my $dn_group = shift; my $user = shift; my $ldap_slave=connect_ldap_slave(); - my $mesg = $ldap_slave->search ( - base => "$dn_group", + my $mesg = $ldap_slave->search ( base => $dn_group, scope => 'base', filter => "(&(memberUid=$user))" ); $mesg->code && die $mesg->error; $ldap_slave->unbind; - return ($mesg->count ne 0); + return ($mesg->count ne 0); } +# all entries = does_sid_exist($sid,$scope) +sub does_sid_exist + { + my $sid = shift; + my $dn_group=shift; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $dn_group, + scope => $scope, + filter => "(sambaSID=$sid)" + #filter => "(&(objectClass=sambaSAMAccount|objectClass=sambaGroupMapping)(sambaSID=$sid))" + ); + $mesg->code && die $mesg->error; + $ldap_slave->unbind; + return ($mesg); + } # try to bind with user dn and password to validate current password sub is_user_valid { - my ($user, $dn, $pass) = @_; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - my $mesg= $ldap->bind (dn => $dn, password => $pass ); + my ($user, $dn, $pass) = @_; + my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; + my $mesg= $ldap->bind (dn => $dn, password => $pass ); if ($mesg->code eq 0) { - $ldap->unbind; - return 1; + $ldap->unbind; + return 1; } else { - if($ldap->bind()) { + if ($ldap->bind()) { $ldap->unbind; return 0; - } else { + } else { print ("The LDAP directory is not available.\n Check the server, cables ..."); $ldap->unbind; return 0; } die "Problem : contact your administrator"; } -} + } + # dn = get_dn_from_line ($dn_line) # helper to get "a=b,c=d" from "dn: a=b,c=d" sub get_dn_from_line { - my $dn = shift; - $dn =~ s/^dn: //; - return $dn; + my $dn = shift; + $dn =~ s/^dn: //; + return $dn; } + # success = add_posix_machine($user, $uid, $gid) sub add_posix_machine { - my ($user, $uid, $gid) = @_; + my ($user, $uid, $gid) = @_; # bind to a directory with dn and password my $ldap_master=connect_ldap_master(); my $add = $ldap_master->add ( "uid=$user,$computersdn", @@ -288,27 +310,27 @@ sub add_posix_machine # success = add_samba_machine($computername) sub add_samba_machine -{ + { my $user = shift; system "smbpasswd -a -m $user"; return 1; -} + } sub add_samba_machine_mkntpwd { - my ($user, $uid) = @_; - my $sambaSID = 2 * $uid + 1000; - my $name = $user; - $name =~ s/.$//s; + my ($user, $uid) = @_; + my $sambaSID = 2 * $uid + 1000; + my $name = $user; + $name =~ s/.$//s; - if ($mk_ntpasswd eq '') { + if ($mk_ntpasswd eq '') { print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n"; return 0; - } + } - my $ntpwd = `$mk_ntpasswd '$name'`; - chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); - chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); + my $ntpwd = `$mk_ntpasswd '$name'`; + chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); + chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); my $ldap_master=connect_ldap_master(); my $modify = $ldap_master->modify ( "uid=$user,$computersdn", @@ -330,7 +352,7 @@ sub add_samba_machine_mkntpwd $modify->code && die "failed to add entry: ", $modify->error ; - return 1; + return 1; # take down the session $ldap_master->unbind; @@ -339,16 +361,16 @@ sub add_samba_machine_mkntpwd sub group_add_user { - my ($group, $userid) = @_; - my $members=''; - my $dn_line = get_group_dn($group); + my ($group, $userid) = @_; + my $members=''; + my $dn_line = get_group_dn($group); if (!defined(get_group_dn($group))) { print "$0: group \"$group\" doesn't exist\n"; exit (6); } - if (!defined($dn_line)) { + if (!defined($dn_line)) { return 1; - } + } my $dn = get_dn_from_line("$dn_line"); # on look if the user is already present in the group my $is_member=is_group_member($dn,$userid); @@ -367,8 +389,8 @@ sub group_add_user $modify->code && die "failed to modify entry: ", $modify->error ; # take down session $ldap_master->unbind; - } - } + } + } sub group_del { @@ -383,23 +405,23 @@ sub group_del sub add_grouplist_user { - my ($grouplist, $user) = @_; - my @array = split(/,/, $grouplist); - foreach my $group (@array) { + my ($grouplist, $user) = @_; + my @array = split(/,/, $grouplist); + foreach my $group (@array) { group_add_user($group, $user); - } + } } sub disable_user { - my $user = shift; - my $dn_line; + my $user = shift; + my $dn_line; my $dn = get_dn_from_line($dn_line); - - if (!defined($dn_line = get_user_dn($user))) { + + if (!defined($dn_line = get_user_dn($user))) { print "$0: user $user doesn't exist\n"; exit (10); - } + } my $ldap_master=connect_ldap_master(); my $modify = $ldap_master->modify ( "$dn", changes => [ @@ -408,14 +430,14 @@ sub disable_user ); $modify->code && die "failed to modify entry: ", $modify->error ; - if (is_samba_user($user)) { + if (is_samba_user($user)) { my $modify = $ldap_master->modify ( "$dn", changes => [ replace => [sambaAcctFlags => '[D ]'] ] ); $modify->code && die "failed to modify entry: ", $modify->error ; - } + } # take down session $ldap_master->unbind; } @@ -423,43 +445,43 @@ sub disable_user # delete_user($user) sub delete_user { - my $user = shift; - my $dn_line; + my $user = shift; + my $dn_line; - if (!defined($dn_line = get_user_dn($user))) { + if (!defined($dn_line = get_user_dn($user))) { print "$0: user $user doesn't exist\n"; exit (10); - } + } - my $dn = get_dn_from_line($dn_line); + my $dn = get_dn_from_line($dn_line); my $ldap_master=connect_ldap_master(); my $modify = $ldap_master->delete($dn); $ldap_master->unbind; } -# $success = group_add($groupname, $group_gid, $force_using_existing_gid) +# $gid = group_add($groupname, $group_gid, $force_using_existing_gid) sub group_add { - my ($gname, $gid, $force) = @_; - my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1"; - if ($nscd_status == 0) { + my ($gname, $gid, $force) = @_; + my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1"; + if ($nscd_status == 0) { system "/etc/init.d/nscd stop > /dev/null 2>&1"; - } - if (!defined($gid)) { + } + if (!defined($gid)) { while (defined(getgrgid($GID_START))) { - $GID_START++; + $GID_START++; } $gid = $GID_START; - } else { + } else { if (!defined($force)) { - if (defined(getgrgid($gid))) { - return 0; - } + if (defined(getgrgid($gid))) { + return undef; + } } - } - if ($nscd_status == 0) { + } + if ($nscd_status == 0) { system "/etc/init.d/nscd start > /dev/null 2>&1"; - } + } my $ldap_master=connect_ldap_master(); my $modify = $ldap_master->add ( "cn=$gname,$groupsdn", attrs => [ @@ -472,67 +494,67 @@ sub group_add $modify->code && die "failed to add entry: ", $modify->error ; # take down session $ldap_master->unbind; - return 1; + return $gid; } # $homedir = get_homedir ($user) sub get_homedir { - my $user = shift; - my $homeDir=''; + my $user = shift; + my $homeDir=''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( base =>$suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries){ + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { foreach my $attr ($entry->attributes) { - if ($attr=~/\bhomeDirectory\b/){ - foreach my $ent($entry->get_value($attr)) { + if ($attr=~/\bhomeDirectory\b/) { + foreach my $ent ($entry->get_value($attr)) { $homeDir.= $attr.": ".$ent."\n"; - } + } } - } - } + } + } $ldap_slave->unbind; - chomp $homeDir; - if ($homeDir eq '') { + chomp $homeDir; + if ($homeDir eq '') { return undef; - } - $homeDir =~ s/^homeDirectory: //; - return $homeDir; + } + $homeDir =~ s/^homeDirectory: //; + return $homeDir; } # search for an user sub read_user { - my $user = shift; - my $lines =''; + my $user = shift; + my $lines =''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( # perform a search - base => $suffix, - scope => $scope, - filter => "(&(objectclass=posixAccount)(uid=$user))" - ); + base => $suffix, + scope => $scope, + filter => "(&(objectclass=posixAccount)(uid=$user))" + ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries) { + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { $lines.= "dn: " . $entry->dn."\n"; foreach my $attr ($entry->attributes) { - { + { $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n"; - } + } } - } + } # take down session $ldap_slave->unbind; - chomp $lines; - if ($lines eq '') { + chomp $lines; + if ($lines eq '') { return undef; - } - return $lines; + } + return $lines; } # search for a user @@ -556,86 +578,124 @@ sub read_user_entry # search for a group sub read_group { - my $user = shift; - my $lines =''; + my $user = shift; + my $lines =''; my $ldap_slave=connect_ldap_slave(); my $mesg = $ldap_slave->search ( # perform a search - base => $groupsdn, - scope => $scope, - filter => "(&(objectclass=posixGroup)(cn=$user))" - ); + base => $groupsdn, + scope => $scope, + filter => "(&(objectclass=posixGroup)(cn=$user))" + ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries) { + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { $lines.= "dn: " . $entry->dn."\n"; foreach my $attr ($entry->attributes) { - { + { $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n"; - } + } } - } + } # take down session $ldap_slave->unbind; - chomp $lines; - if ($lines eq '') { + chomp $lines; + if ($lines eq '') { return undef; - } - return $lines; + } + return $lines; } # find groups of a given user ##### MODIFIE ######## sub find_groups_of { - my $user = shift; - my $lines =''; + my $user = shift; + my $lines =''; my $ldap_slave=connect_ldap_slave; my $mesg = $ldap_slave->search ( # perform a search - base => $groupsdn, - scope => $scope, - filter => "(&(objectclass=posixGroup)(memberuid=$user))" - ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries) { + base => $groupsdn, + scope => $scope, + filter => "(&(objectclass=posixGroup)(memberuid=$user))" + ); + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { $lines.= "dn: ".$entry->dn."\n"; - } + } $ldap_slave->unbind; - chomp($lines); + chomp($lines); if ($lines eq '') { return undef; } - return $lines; + return $lines; + } + +sub read_group_entry { + my $group = shift; + my $entry; + my %res; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( # perform a search + base => $groupsdn, + scope => $scope, + filter => "(&(objectclass=posixGroup)(cn=$group))" + ); + + $mesg->code && die $mesg->error; + my $nb=$mesg->count; + if ($nb > 1) { + print "Error: $nb groups exist \"cn=$group\"\n"; + foreach $entry ($mesg->all_entries) { my $dn=$entry->dn; print " $dn\n"; } + exit 11; + } else { + $entry = $mesg->shift_entry(); } + return $entry; +} + +sub read_group_entry_gid { + my $group = shift; + my %res; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( # perform a search + base => $groupsdn, + scope => $scope, + filter => "(&(objectclass=posixGroup)(gidNumber=$group))" + ); + + $mesg->code && die $mesg->error; + my $entry = $mesg->shift_entry(); + return $entry; +} # return the gidnumber for a group given as name or gid # -1 : bad group name # -2 : bad gidnumber sub parse_group { - my $userGidNumber = shift; - if ($userGidNumber =~ /[^\d]/ ) { + my $userGidNumber = shift; + if ($userGidNumber =~ /[^\d]/ ) { my $gname = $userGidNumber; my $gidnum = getgrnam($gname); if ($gidnum !~ /\d+/) { - return -1; + return -1; } else { - $userGidNumber = $gidnum; + $userGidNumber = $gidnum; } - } elsif (!defined(getgrgid($userGidNumber))) { + } elsif (!defined(getgrgid($userGidNumber))) { return -2; - } - return $userGidNumber; + } + return $userGidNumber; } # remove $user from $group sub group_remove_member { - my ($group, $user) = @_; - my $members=''; - my $grp_line = get_group_dn($group); - if (!defined($grp_line)) { + my ($group, $user) = @_; + my $members=''; + my $grp_line = get_group_dn($group); + if (!defined($grp_line)) { return 0; - } + } my $dn = get_dn_from_line($grp_line); # we test if the user exist in the group my $is_member=is_group_member($dn,$user); @@ -646,40 +706,40 @@ sub group_remove_member changes => [ delete => [memberUid => ["$user"]] ] - ); + ); $modify->code && die "failed to delete entry: ", $modify->error ; $ldap_master->unbind; - } - return 1; + } + return 1; } sub group_get_members { - my ($group) = @_; - my $members; - my @resultat; - my $grp_line = get_group_dn($group); + my ($group) = @_; + my $members; + my @resultat; + my $grp_line = get_group_dn($group); if (!defined($grp_line)) { return 0; } - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; + my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; + $ldap->bind ; my $mesg = $ldap->search ( base => $groupsdn, - scope => $scope, - filter => "(&(objectclass=posixgroup)(cn=$group))" - ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries){ - foreach my $attr ($entry->attributes){ - if ($attr=~/\bmemberUid\b/){ + scope => $scope, + filter => "(&(objectclass=posixgroup)(cn=$group))" + ); + $mesg->code && die $mesg->error; + foreach my $entry ($mesg->all_entries) { + foreach my $attr ($entry->attributes) { + if ($attr=~/\bmemberUid\b/) { foreach my $ent ($entry->get_value($attr)) { push (@resultat,$ent); - } + } + } } - } -} + } return @resultat; } @@ -697,5 +757,17 @@ EOF return $rc; } +sub group_type_by_name { + my $type_name = shift; + my %groupmap = ( + 'domain' => 2, + 'local' => 4, + 'builtin' => 5 + ); + return $groupmap{$type_name}; +} + + + 1; |