diff options
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap-useradd.pl')
-rwxr-xr-x | examples/LDAP/smbldap-tools/smbldap-useradd.pl | 460 |
1 files changed, 460 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap-useradd.pl b/examples/LDAP/smbldap-tools/smbldap-useradd.pl new file mode 100755 index 0000000000..508487af93 --- /dev/null +++ b/examples/LDAP/smbldap-tools/smbldap-useradd.pl @@ -0,0 +1,460 @@ +#!/usr/bin/perl + +# This code was developped by IDEALX (http://IDEALX.org/) and +# contributors (their names can be found in the CONTRIBUTORS file). +# +# Copyright (C) 2002 IDEALX +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +# Purpose of smbldap-useradd : user (posix,shadow,samba) add + +use strict; +use smbldap_tools; +use smbldap_conf; + + +##################### + +use Getopt::Std; +my %Options; + +my $ok = getopts('axnmwPG:u:g:d:s:c:k:A:B:C:D:E:F:H:?', \%Options); + +if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { + print "Usage: $0 [-awmugdsckGPABCDEFH?] username\n"; + print " -a is a Windows User (otherwise, Posix stuff only)\n"; + print " -w is a Windows Workstation (otherwise, Posix stuff only)\n"; + print " -x creates rid and primaryGroupID in hex instead of decimal\n"; + print " -u uid\n"; + print " -g gid\n"; + print " -G supplementary comma-separated groups\n"; + print " -n do not create a group\n"; + print " -d home\n"; + print " -s shell\n"; + print " -c gecos\n"; + print " -m creates home directory and copies /etc/skel\n"; + print " -k skeleton dir (with -m)\n"; + print " -P ends by invoking smbldap-passwd.pl\n"; + print " -A can change password ? 0 if no, 1 if yes\n"; + print " -B must change password ? 0 if no, 1 if yes\n"; + print " -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes')\n"; + print " -D homeDrive (letter associated with home share, like 'H:')\n"; + print " -E scriptPath (DOS script to execute on login)\n"; + print " -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n"; + print " -H acctFlags (samba account control bits like '[NDHTUMWSLKI]')\n"; + print " -? show this help message\n"; + exit (1); +} + +# cause problems when dealing with getpwuid because of the +# negative ttl and ldap modification +my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1"; + +if ($nscd_status == 0) { + system "/etc/init.d/nscd stop > /dev/null 2>&1"; +} + +# Read options +my $userUidNumber = $Options{'u'}; +if (!defined($userUidNumber)) { + # find first unused uid starting from $UID_START + while (defined(getpwuid($UID_START))) { + $UID_START++; + } + $userUidNumber = $UID_START; +} elsif (getpwuid($userUidNumber)) { die "Uid already exists.\n"; } + +if ($nscd_status == 0) { + system "/etc/init.d/nscd start > /dev/null 2>&1"; +} + + +# as rid we use 2 * uid + 1000 +my $userRid = 2 * $userUidNumber + 1000; +if (defined($Options{'x'})) { + $userRid= sprint("%x", $userRid); +} + +my $createGroup = 0; +my $userGidNumber = $Options{'g'}; +# gid not specified ? +if (!defined($userGidNumber)) { + # windows machine => $_defaultComputerGid + if (defined($Options{'w'})) { + $userGidNumber = $_defaultComputerGid; +# } elsif (!defined($Options{'n'})) { + # create new group (redhat style) + # find first unused gid starting from $GID_START +# while (defined(getgrgid($GID_START))) { +# $GID_START++; +# } +# $userGidNumber = $GID_START; + +# $createGroup = 1; + + } else { + # user will have gid = $_defaultUserGid + $userGidNumber = $_defaultUserGid; + } +} else { + my $gid; + if (($gid = parse_group($userGidNumber)) < 0) { + print "$0: unknown group $userGidNumber\n"; + exit (6); + } + $userGidNumber = $gid; +} + +# as grouprid we use 2 * gid + 1001 +my $userGroupRid = 2 * $userGidNumber + 1001; +if (defined($Options{'x'})) { + $userGroupRid = sprint("%x", $userGroupRid); +} +# Read only first @ARGV +my $userName = $ARGV[0]; + +# user must not exist in LDAP (should it be nss-wide ?) +my ($rc, $dn) = get_user_dn2($userName); +if ($rc and defined($dn)) { + print "$0: user $userName exists\n"; + exit (9); +} elsif (!$rc) { + print "$0: error in get_user_dn2\n"; + exit(10); +} + +my $userHomeDirectory; +my $tmp; +if (!defined($userHomeDirectory = $Options{'d'})) +{ + $userHomeDirectory = $_userHomePrefix.$userName; +} +$_userLoginShell = $tmp if (defined($tmp = $Options{'s'})); +$_userGecos = $tmp if (defined($tmp = $Options{'c'})); +$_skeletonDir = $tmp if (defined($tmp = $Options{'k'})); + +######################## + +# MACHINE ACCOUNT +if (defined($tmp = $Options{'w'})) { + + # add a trailing dollar if missing + if ($userName =~ /[^\$]$/s) { + $userName .= "\$"; + } + + #print "About to create machine $userName:\n"; + + if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) { + die "$0: error while adding posix account\n"; + } + + if (!$with_smbpasswd) { + if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) { + die "$0: error while adding samba account\n"; + } + } else { + if (!add_samba_machine($userName)) { + die "$0: error while adding samba account\n"; + } + + my $tmpldif = +"dn: uid=$userName,$computersdn +changetype: modify +acctFlags: [W ] + +"; + die "$0: error while modifying accountflags of $userName\n" + unless (do_ldapmodify($tmpldif) == 0); + undef $tmpldif; + } + + exit 0; +} + +####################### + +# USER ACCOUNT + +# add posix account first + +my $tmpldif = +"dn: uid=$userName,$usersdn +objectclass: top +objectclass: account +objectclass: posixAccount +cn: $userName +uid: $userName +uidNumber: $userUidNumber +gidNumber: $userGidNumber +homeDirectory: $userHomeDirectory +loginShell: $_userLoginShell +gecos: $_userGecos +description: $_userGecos +userPassword: {crypt}x + +"; + +die "$0: error while adding posix user $userName\n" + unless (do_ldapadd($tmpldif) == 0); + +undef $tmpldif; + +#if ($createGroup) { +# group_add($userName, $userGidNumber); +#} + +group_add_user($userGidNumber, $userName); + +my $grouplist; +# adds to supplementary groups +if (defined($grouplist = $Options{'G'})) { + add_grouplist_user($grouplist, $userName); +} + +# If user was created successfully then we should create his/her home dir +if (defined($tmp = $Options{'m'})) { + if ( !(-e $userHomeDirectory) ) { + system "mkdir $userHomeDirectory 2>/dev/null"; + system "cp -a $_skeletonDir/.[a-z,A-Z]* $_skeletonDir/* $userHomeDirectory 2>/dev/null"; + system "chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null"; + system "chmod 700 $userHomeDirectory 2>/dev/null"; + } +} + + +# Add Samba user infos +if (defined($Options{'a'})) { + if (!$with_smbpasswd) { + + my $winmagic = 2147483647; + my $valpwdcanchange = 0; + my $valpwdmustchange = $winmagic; + my $valacctflags = "[UX]"; + + if (defined($tmp = $Options{'A'})) { + if ($tmp != 0) { + $valpwdcanchange = "0"; + } else { + $valpwdcanchange = "$winmagic"; + } + } + + if (defined($tmp = $Options{'B'})) { + if ($tmp != 0) { + $valpwdmustchange = "0"; + } else { + $valpwdmustchange = "$winmagic"; + } + } + + if (defined($tmp = $Options{'H'})) { + $valacctflags = "$tmp"; + } + + my $tmpldif = +"dn: uid=$userName,$usersdn +changetype: modify +objectclass: top +objectclass: account +objectclass: posixAccount +objectClass: sambaAccount +pwdLastSet: 0 +logonTime: 0 +logoffTime: 2147483647 +kickoffTime: 2147483647 +pwdCanChange: $valpwdcanchange +pwdMustChange: $valpwdmustchange +displayName: $_userGecos +acctFlags: $valacctflags +rid: $userRid + +"; + + die "$0: error while adding samba account to posix user $userName\n" + unless (do_ldapmodify($tmpldif) == 0); + + undef $tmpldif; + } else { + my $FILE="|smbpasswd -s -a $userName >/dev/null" ; + open (FILE, $FILE) || die "$!\n"; + print FILE <<EOF; +x +x +EOF + ; + close FILE; + if ($?) { + print "$0: error adding samba account\n"; + exit (10); + } + } # with_smbpasswd + + my $valscriptpath = "$userName.cmd"; + my $valprofilepath = "$_userProfile$userName"; + my $valsmbhome = "$_userSmbHome"; + my $valhomedrive = "$_userHomeDrive"; + +if (defined($tmp = $Options{'C'})) { + $valsmbhome = "$tmp"; +} + +if (defined($tmp = $Options{'D'})) { + $tmp = $tmp.":" unless ($tmp =~ /:/); + $valhomedrive = "$tmp"; +} + +if (defined($tmp = $Options{'E'})) { + $valscriptpath = "$tmp"; +} + +if (defined($tmp = $Options{'F'})) { + $valprofilepath = "$tmp"; +} + + my $tmpldif = +"dn: uid=$userName,$usersdn +changetype: modify +rid: $userRid +primaryGroupID: $userGroupRid +homeDrive: $valhomedrive +smbHome: $valsmbhome +profilePath: $valprofilepath +scriptPath: $valscriptpath +lmPassword: XXX +ntPassword: XXX + +"; + + die "$0: error while modifying samba account of user $userName\n" + unless (do_ldapmodify($tmpldif) == 0); + undef $tmpldif; +} + +if (defined($Options{'P'})) { + exec "/usr/local/sbin/smbldap-passwd.pl $userName" +} + +exit 0; + +######################################## + +=head1 NAME + + smbldap-useradd.pl - Create a new user or update default new + user information + +=head1 SYNOPSIS + + smbldap-useradd.pl [-c comment] [-d home_dir] + [-g initial_group] [-G group[,...]] + [-m [-k skeleton_dir]] + [-s shell] [-u uid [ -o]] [-P] + [-A canchange] [-B mustchange] [-C smbhome] + [-D homedrive] [-E scriptpath] [-F profilepath] + [-H acctflags] login + +=head1 DESCRIPTION + + Creating New Users + The smbldap-useradd.pl command creates a new user account using + the values specified on the command line and the default + values from the system. + The new user account will be entered into the system + files as needed, the home directory will be created, and + initial files copied, depending on the command line options. + + You have to use smbldap-passwd to set the user password. + For Samba users, rid is 2*uidNumber+1000, and primaryGroupID + is 2*gidNumber+1001. Thus you may want to use + smbldap-useradd.pl -a -g "Domain Admins" -u 500 Administrator + to create a domain administrator (admin rid is 0x1F4 = 500 and + grouprid is 0x200 = 512) + + Without any option, the account created will be an Unix (Posix) + account. The following options may be used to add information: + + -a The user will have a Samba account (and Unix). + + -w Creates an account for a Samba machine (Workstation), so that + it can join a domain. + + -x Creates rid and primaryGroupID in hex (for Samba 2.2.2 bug). Else + decimal (2.2.2 patched from cvs or 2.2.x, x > 2) + + -c comment + The new user's comment field (gecos). + + -d home_dir + The new user will be created using home_dir as the value for the + user's login directory. The default is to append the login name + to default_home and use that as the login directory name. + + -g initial_group + The group name or number of the user's initial login group. The + group name must exist. A group number must refer to an already + existing group. The default group number is 1. + + -G group,[...] + A list of supplementary groups which the user is also a member + of. Each group is separated from the next by a comma, with no + intervening whitespace. The groups are subject to the same + restrictions as the group given with the -g option. The default + is for the user to belong only to the initial group. + + -m The user's home directory will be created if it does not exist. + The files contained in skeleton_dir will be copied to the home + directory if the -k option is used, otherwise the files con + tained in /etc/skel will be used instead. Any directories con + tained in skeleton_dir or /etc/skel will be created in the + user's home directory as well. The -k option is only valid in + conjunction with the -m option. The default is to not create + the directory and to not copy any files. + + -s shell + The name of the user's login shell. The default is to leave + this field blank, which causes the system to select the default + login shell. + + -u uid The numerical value of the user's ID. This value must be + unique, unless the -o option is used. The value must be non- + negative. The default is to use the smallest ID value greater + than 1000 and greater than every other user. + + -P ends by invoking smbldap-passwd.pl + + -A can change password ? 0 if no, 1 if yes + + -B must change password ? 0 if no, 1 if yes + + -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes') + + -D homeDrive (letter associated with home share, like 'H:') + + -E scriptPath, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat') + + -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo') + + -H acctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]') + +=head1 SEE ALSO + + useradd(1) + +=cut + +#' |