summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/smbldap-usermod.pl
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap-usermod.pl')
-rwxr-xr-xexamples/LDAP/smbldap-tools/smbldap-usermod.pl403
1 files changed, 403 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap-usermod.pl b/examples/LDAP/smbldap-tools/smbldap-usermod.pl
new file mode 100755
index 0000000000..dffb95bace
--- /dev/null
+++ b/examples/LDAP/smbldap-tools/smbldap-usermod.pl
@@ -0,0 +1,403 @@
+#!/usr/bin/perl
+
+# This code was developped by IDEALX (http://IDEALX.org/) and
+# contributors (their names can be found in the CONTRIBUTORS file).
+#
+# Copyright (C) 2001-2002 IDEALX
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+
+# Purpose of smbldap-usermod : user (posix,shadow,samba) modification
+
+use strict;
+use smbldap_tools;
+use smbldap_conf;
+
+
+#####################
+
+use Getopt::Std;
+my %Options;
+my $nscd_status;
+
+my $ok = getopts('A:B:C:D:E:F:H:IJxme:f:u:g:G:d:l:s:c:ok:?', \%Options);
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+ print "Usage: $0 [-awmugdsckxABCDEFGHI?] username\n";
+ print " -c gecos\n";
+ print " -d home directory\n";
+ #print " -m move home directory\n";
+ #print " -e expire date (YYYY-MM-DD)\n";
+ #print " -f inactive days\n";
+ print " -u uid\n";
+ print " -o uid can be non unique\n";
+ print " -g gid\n";
+ print " -G supplementary groups (comma separated)\n";
+ print " -l login name\n";
+ print " -s shell\n";
+ print " -x creates rid and primaryGroupID in hex instead of decimal (for Samba 2.2.2 unpatched only)\n";
+ print " -A can change password ? 0 if no, 1 if yes\n";
+ print " -B must change password ? 0 if no, 1 if yes\n";
+ print " -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+ print " -D sambaHomeDrive (letter associated with home share, like 'H:')\n";
+ print " -E sambaLogonScript (DOS script to execute on login)\n";
+ print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+ print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+ print " -I disable an user. Can't be used with -H or -J\n";
+ print " -J enable an user. Can't be used with -H or -I\n";
+ print " -? show this help message\n";
+ exit (1);
+}
+
+if ($< != 0) {
+ print "You must be root to modify an user\n";
+ exit (1);
+}
+
+# Read only first @ARGV
+my $user = $ARGV[0];
+
+# Read user datas
+my $lines = read_user($user);
+if (!defined($lines)) {
+ print "$0: user $user doesn't exist\n";
+ exit (1);
+}
+
+#print "$lines\n";
+my $dn_line;
+if ( $lines =~ /(^dn: .*)/ ) {
+ $dn_line = $1;
+}
+
+chomp($dn_line);
+
+my $samba = 0;
+if ($lines =~ m/objectClass: sambaAccount/) {
+ $samba = 1;
+}
+
+############
+
+my $tmp;
+my $mods;
+
+# Process options
+my $changed_uid;
+my $_userUidNumber;
+my $_userRid;
+if (defined($tmp = $Options{'u'})) {
+ if (defined($Options{'o'})) {
+ $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd stop > /dev/null 2>&1";
+ }
+
+ if (getpwuid($tmp)) {
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd start > /dev/null 2>&1";
+ }
+
+ print "$0: uid number $tmp exists\n";
+ exit (6);
+ }
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd start > /dev/null 2>&1";
+ }
+
+ }
+ $_userUidNumber = $tmp;
+ # as rid we use 2 * uid + 1000
+ my $_userRid = 2 * $_userUidNumber + 1000;
+ if (defined($Options{'x'})) {
+ $_userRid= sprint("%x", $_userRid);
+ }
+ $mods .= "uidNumber: $_userUidNumber\n";
+ if ($samba) {
+ $mods .= "rid: $_userRid\n";
+ }
+ $changed_uid = 1;
+}
+
+my $changed_gid;
+my $_userGidNumber;
+my $_userGroupRid;
+if (defined($tmp = $Options{'g'})) {
+ $_userGidNumber = parse_group($tmp);
+ if ($_userGidNumber < 0) {
+ print "$0: group $tmp doesn't exist\n";
+ exit (6);
+ }
+# as grouprid we use 2 * gid + 1001
+ my $_userGroupRid = 2 * $_userGidNumber + 1001;
+ if (defined($Options{'x'})) {
+ $_userGroupRid = sprint("%x", $_userGroupRid);
+ }
+ $mods .= "gidNumber: $_userGidNumber\n";
+ if ($samba) {
+ $mods .= "primaryGroupID: $_userGroupRid\n";
+ }
+ $changed_gid = 1;
+}
+
+my $changed_shell;
+my $_userLoginShell;
+if (defined($tmp = $Options{'s'})) {
+ $_userLoginShell = $tmp;
+ $mods .= "loginShell: $_userLoginShell\n";
+ $changed_shell = 1;
+}
+
+my $changed_gecos;
+my $_userGecos;
+if (defined($tmp = $Options{'c'})) {
+ $_userGecos = $tmp;
+ $mods .= "gecos: $_userGecos\n";
+ $changed_gecos = 1;
+}
+
+my $changed_homedir;
+my $newhomedir;
+if (defined($tmp = $Options{'d'})) {
+ $newhomedir = $tmp;
+ $mods .= "homeDirectory: $newhomedir\n";
+ $changed_homedir = 1;
+}
+
+
+if (defined($tmp = $Options{'G'})) {
+
+ # remove user from old groups
+ my $groups = find_groups_of $user;
+ my @grplines = split(/\n/, $groups);
+
+ my $grp;
+ foreach $grp (@grplines) {
+ my $gname = "";
+ if ( $grp =~ /dn: cn=([^,]+),/) {
+ $gname = $1;
+ #print "xx $gname\n";
+ }
+ if ($gname ne "") {
+ group_remove_member($gname, $user);
+ }
+ }
+
+ # add user to new groups
+ add_grouplist_user($tmp, $user);
+}
+
+#
+# A : sambaPwdCanChange
+# B : sambaPwdMustChange
+# C : sambaHomePath
+# D : sambaHomeDrive
+# E : sambaLogonScript
+# F : sambaProfilePath
+# H : sambaAcctFlags
+
+my $attr;
+my $winmagic = 2147483647;
+
+if (defined($tmp = $Options{'A'})) {
+ $attr = "sambaPwdCanChange";
+ if ($tmp != 0) {
+ $mods .= "$attr: 0\n";
+ } else {
+ $mods .= "$attr: $winmagic\n";
+ }
+}
+
+if (defined($tmp = $Options{'B'})) {
+ $attr = "sambaPwdMustChange";
+ if ($tmp != 0) {
+ $mods .= "$attr: 0\n";
+ } else {
+ $mods .= "$attr: $winmagic\n";
+ }
+}
+
+if (defined($tmp = $Options{'C'})) {
+ $attr = "sambaHomePath";
+ #$tmp =~ s/\\/\\\\/g;
+ $mods .= "$attr: $tmp\n";
+}
+
+if (defined($tmp = $Options{'D'})) {
+ $attr = "sambaHomeDrive";
+ $tmp = $tmp.":" unless ($tmp =~ /:/);
+ $mods .= "$attr: $tmp\n";
+}
+
+if (defined($tmp = $Options{'E'})) {
+ $attr = "sambaLogonScript";
+ #$tmp =~ s/\\/\\\\/g;
+ $mods .= "$attr: $tmp\n";
+}
+
+if (defined($tmp = $Options{'F'})) {
+ $attr = "sambaProfilePath";
+ #$tmp =~ s/\\/\\\\/g;
+ $mods .= "$attr: $tmp\n";
+}
+
+if (defined($tmp = $Options{'H'})) {
+ $attr = "sambaAcctFlags";
+ #$tmp =~ s/\\/\\\\/g;
+ $mods .= "$attr: $tmp\n";
+} elsif (defined($tmp = $Options{'I'})) {
+ my $flags;
+
+ if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
+ $flags = $1;
+ }
+
+ chomp($flags);
+
+ if ( !($flags =~ /D/) ) {
+ my $letters;
+ if ($flags =~ /(\w+)/) {
+ $letters = $1;
+ }
+ $mods .= "sambaAcctFlags: \[D$letters\]\n";
+ }
+} elsif (defined($tmp = $Options{'J'})) {
+ my $flags;
+
+ if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
+ $flags = $1;
+ }
+
+ chomp($flags);
+
+ if ( $flags =~ /D/ ) {
+ my $letters;
+ if ($flags =~ /(\w+)/) {
+ $letters = $1;
+ }
+ $letters =~ s/D//;
+ $mods .= "sambaAcctFlags: \[$letters\]\n";
+ }
+}
+
+if ($mods ne '') {
+ #print "----\n$dn_line\n$mods\n----\n";
+
+ my $tmpldif =
+"$dn_line
+changetype: modify
+$mods
+";
+
+ die "$0: error while modifying user $user\n"
+ unless (do_ldapmodify($tmpldif) == 0);
+
+ undef $tmpldif;
+}
+
+$nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+
+if ($nscd_status == 0) {
+ system "/etc/init.d/nscd restart > /dev/null 2>&1";
+}
+
+
+############################################################
+
+=head1 NAME
+
+ smbldap-usermod.pl - Modify a user account
+
+=head1 SYNOPSIS
+
+ smbldap-usermod.pl [-c comment] [-d home_dir]
+ [-g initial_group] [-G group[,...]]
+ [-l login_name] [-p passwd]
+ [-s shell] [-u uid [ -o]] [-x]
+ [-A canchange] [-B mustchange] [-C smbhome]
+ [-D homedrive] [-E scriptpath] [-F profilepath]
+ [-H acctflags] login
+
+=head1 DESCRIPTION
+
+ The smbldap-usermod.pl command modifies the system account files
+ to reflect the changes that are specified on the command line.
+ The options which apply to the usermod command are
+
+ -c comment
+ The new value of the user's comment field (gecos).
+
+ -d home_dir
+ The user's new login directory.
+
+ -g initial_group
+ The group name or number of the user's new initial login group.
+ The group name must exist. A group number must refer to an
+ already existing group. The default group number is 1.
+
+ -G group,[...]
+ A list of supplementary groups which the user is also a member
+ of. Each group is separated from the next by a comma, with no
+ intervening whitespace. The groups are subject to the same
+ restrictions as the group given with the -g option. If the user
+ is currently a member of a group which is not listed, the user
+ will be removed from the group
+
+ -l login_name
+ The name of the user will be changed from login to login_name.
+ Nothing else is changed. In particular, the user's home direc­
+ tory name should probably be changed to reflect the new login
+ name.
+
+ -s shell
+ The name of the user's new login shell. Setting this field to
+ blank causes the system to select the default login shell.
+
+ -u uid The numerical value of the user's ID. This value must be
+ unique, unless the -o option is used. The value must be non-
+ negative. Any files which the user owns and which are
+ located in the directory tree rooted at the user's home direc­
+ tory will have the file user ID changed automatically. Files
+ outside of the user's home directory must be altered manually.
+
+ -x Creates rid and primaryGroupID in hex instead of decimal (for
+ Samba 2.2.2 unpatched only - higher versions always use decimal)
+
+ -A can change password ? 0 if no, 1 if yes
+
+ -B must change password ? 0 if no, 1 if yes
+
+ -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
+
+ -D sambaHomeDrive (letter associated with home share, like 'H:')
+
+ -E sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
+
+ -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
+
+ -H sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
+
+ -I disable user. Can't be used with -H or -J
+
+ -J enable user. Can't be used with -H or -I
+
+=head1 SEE ALSO
+
+ usermod(1)
+
+=cut
+
+#'