summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/smbldap_tools.pm
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap_tools.pm')
-rwxr-xr-xexamples/LDAP/smbldap-tools/smbldap_tools.pm771
1 files changed, 0 insertions, 771 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap_tools.pm b/examples/LDAP/smbldap-tools/smbldap_tools.pm
deleted file mode 100755
index d33a65b7d1..0000000000
--- a/examples/LDAP/smbldap-tools/smbldap_tools.pm
+++ /dev/null
@@ -1,771 +0,0 @@
-#! /usr/bin/perl -w
-use strict;
-package smbldap_tools;
-use smbldap_conf;
-use Net::LDAP;
-
-# This code was developped by IDEALX (http://IDEALX.org/) and
-# contributors (their names can be found in the CONTRIBUTORS file).
-#
-# Copyright (C) 2001-2002 IDEALX
-#
-# This program is free software; you can redistribute it and/or
-# modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
-# of the License, or (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-# USA.
-
-
-# ugly funcs using global variables and spawning openldap clients
-
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-use Exporter;
-$VERSION = 1.00;
-
-@ISA = qw(Exporter);
-
-@EXPORT = qw(
- get_user_dn
- get_group_dn
- is_group_member
- is_samba_user
- is_unix_user
- is_user_valid
- does_sid_exist
- get_dn_from_line
- add_posix_machine
- add_samba_machine
- add_samba_machine_mkntpwd
- group_add_user
- add_grouplist_user
- disable_user
- delete_user
- group_add
- group_del
- get_homedir
- read_user
- read_user_entry
- read_group
- read_group_entry
- read_group_entry_gid
- find_groups_of
- parse_group
- group_remove_member
- group_get_members
- do_ldapadd
- do_ldapmodify
- get_user_dn2
- connect_ldap_master
- connect_ldap_slave
- group_type_by_name
- );
-
-sub connect_ldap_master
- {
- # bind to a directory with dn and password
- my $ldap_master = Net::LDAP->new(
- "$masterLDAP",
- port => "$masterPort",
- version => 3,
- # debug => 0xffff,
- )
- or die "erreur LDAP: Can't contact master ldap server ($@)";
- if ($ldapSSL == 1) {
- $ldap_master->start_tls(
- # verify => 'require',
- # clientcert => 'mycert.pem',
- # clientkey => 'mykey.pem',
- # decryptkey => sub { 'secret'; },
- # capath => '/usr/local/cacerts/'
- );
- }
- $ldap_master->bind ( "$binddn",
- password => "$masterPw"
- );
- return($ldap_master);
- }
-
-sub connect_ldap_slave
- {
- # bind to a directory with dn and password
- my $ldap_slave = Net::LDAP->new(
- "$slaveLDAP",
- port => "$slavePort",
- version => 3,
- # debug => 0xffff,
- )
- or die "erreur LDAP: Can't contact slave ldap server ($@)";
- if ($ldapSSL == 1) {
- $ldap_slave->start_tls(
- # verify => 'require',
- # clientcert => 'mycert.pem',
- # clientkey => 'mykey.pem',
- # decryptkey => sub { 'secret'; },
- # capath => '/usr/local/cacerts/'
- );
- }
- $ldap_slave->bind ( "$binddn",
- password => "$slavePw"
- );
- return($ldap_slave);
- }
-
-sub get_user_dn
- {
- my $user = shift;
- my $dn='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- $dn= $entry->dn;
- }
- $ldap_slave->unbind;
- chomp($dn);
- if ($dn eq '') {
- return undef;
- }
- $dn="dn: ".$dn;
- return $dn;
- }
-
-
-sub get_user_dn2
- {
- my $user = shift;
- my $dn='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
- $mesg->code && warn "failed to perform search; ", $mesg->error;
-
- foreach my $entry ($mesg->all_entries) {
- $dn= $entry->dn;
- }
- $ldap_slave->unbind;
- chomp($dn);
- if ($dn eq '') {
- return (1,undef);
- }
- $dn="dn: ".$dn;
- return (1,$dn);
- }
-
-
-sub get_group_dn
- {
- my $group = shift;
- my $dn='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- $dn= $entry->dn;
- }
- $ldap_slave->unbind;
- chomp($dn);
- if ($dn eq '') {
- return undef;
- }
- $dn="dn: ".$dn;
- return $dn;
- }
-
-# return (success, dn)
-# bool = is_samba_user($username)
-sub is_samba_user
- {
- my $user = shift;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
- );
- $mesg->code && die $mesg->error;
- $ldap_slave->unbind;
- return ($mesg->count ne 0);
- }
-
-sub is_unix_user
- {
- my $user = shift;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectClass=posixAccount)(uid=$user))"
- );
- $mesg->code && die $mesg->error;
- $ldap_slave->unbind;
- return ($mesg->count ne 0);
- }
-
-sub is_group_member
- {
- my $dn_group = shift;
- my $user = shift;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $dn_group,
- scope => 'base',
- filter => "(&(memberUid=$user))"
- );
- $mesg->code && die $mesg->error;
- $ldap_slave->unbind;
- return ($mesg->count ne 0);
- }
-
-# all entries = does_sid_exist($sid,$scope)
-sub does_sid_exist
- {
- my $sid = shift;
- my $dn_group=shift;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( base => $dn_group,
- scope => $scope,
- filter => "(sambaSID=$sid)"
- #filter => "(&(objectClass=sambaSamAccount|objectClass=sambaGroupMapping)(sambaSID=$sid))"
- );
- $mesg->code && die $mesg->error;
- $ldap_slave->unbind;
- return ($mesg);
- }
-
-# try to bind with user dn and password to validate current password
-sub is_user_valid
- {
- my ($user, $dn, $pass) = @_;
- my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
- my $mesg= $ldap->bind (dn => $dn, password => $pass );
- if ($mesg->code eq 0) {
- $ldap->unbind;
- return 1;
- } else {
- if ($ldap->bind()) {
- $ldap->unbind;
- return 0;
- } else {
- print ("The LDAP directory is not available.\n Check the server, cables ...");
- $ldap->unbind;
- return 0;
- }
- die "Problem : contact your administrator";
- }
- }
-
-
-# dn = get_dn_from_line ($dn_line)
-# helper to get "a=b,c=d" from "dn: a=b,c=d"
-sub get_dn_from_line
- {
- my $dn = shift;
- $dn =~ s/^dn: //;
- return $dn;
- }
-
-
-# success = add_posix_machine($user, $uid, $gid)
-sub add_posix_machine
- {
- my ($user, $uid, $gid) = @_;
- # bind to a directory with dn and password
- my $ldap_master=connect_ldap_master();
- my $add = $ldap_master->add ( "uid=$user,$computersdn",
- attr => [
- 'objectclass' => ['top','inetOrgPerson', 'posixAccount'],
- 'cn' => "$user",
- 'sn' => "$user",
- 'uid' => "$user",
- 'uidNumber' => "$uid",
- 'gidNumber' => "$gid",
- 'homeDirectory' => '/dev/null',
- 'loginShell' => '/bin/false',
- 'description' => 'Computer',
- ]
- );
-
- $add->code && warn "failed to add entry: ", $add->error ;
- # take down the session
- $ldap_master->unbind;
-
- }
-
-
-# success = add_samba_machine($computername)
-sub add_samba_machine
- {
- my $user = shift;
- system "smbpasswd -a -m $user";
- return 1;
- }
-
-sub add_samba_machine_mkntpwd
- {
- my ($user, $uid) = @_;
- my $sambaSID = 2 * $uid + 1000;
- my $name = $user;
- $name =~ s/.$//s;
-
- if ($mk_ntpasswd eq '') {
- print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
- return 0;
- }
-
- my $ntpwd = `$mk_ntpasswd '$name'`;
- chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
- chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
-
- my $ldap_master=connect_ldap_master();
- my $modify = $ldap_master->modify ( "uid=$user,$computersdn",
- changes => [
- replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSamAccount']],
- add => [sambaPwdLastSet => '0'],
- add => [sambaLogonTime => '0'],
- add => [sambaLogoffTime => '2147483647'],
- add => [sambaKickoffTime => '2147483647'],
- add => [sambaPwdCanChange => '0'],
- add => [sambaPwdMustChange => '0'],
- add => [sambaAcctFlags => '[W ]'],
- add => [sambaLMPassword => "$lmpassword"],
- add => [sambaNTPassword => "$ntpassword"],
- add => [sambaSID => "$SID-$sambaSID"],
- add => [sambaPrimaryGroupSID => "$SID-0"]
- ]
- );
-
- $modify->code && die "failed to add entry: ", $modify->error ;
-
- return 1;
- # take down the session
- $ldap_master->unbind;
-
- }
-
-
-sub group_add_user
- {
- my ($group, $userid) = @_;
- my $members='';
- my $dn_line = get_group_dn($group);
- if (!defined(get_group_dn($group))) {
- print "$0: group \"$group\" doesn't exist\n";
- exit (6);
- }
- if (!defined($dn_line)) {
- return 1;
- }
- my $dn = get_dn_from_line("$dn_line");
- # on look if the user is already present in the group
- my $is_member=is_group_member($dn,$userid);
- if ($is_member == 1) {
- print "User \"$userid\" already member of the group \"$group\".\n";
- } else {
- # bind to a directory with dn and password
- my $ldap_master=connect_ldap_master();
- # It does not matter if the user already exist, Net::LDAP will add the user
- # if he does not exist, and ignore him if his already in the directory.
- my $modify = $ldap_master->modify ( "$dn",
- changes => [
- add => [memberUid => $userid]
- ]
- );
- $modify->code && die "failed to modify entry: ", $modify->error ;
- # take down session
- $ldap_master->unbind;
- }
- }
-
-sub group_del
- {
- my $group_dn=shift;
- # bind to a directory with dn and password
- my $ldap_master=connect_ldap_master();
- my $modify = $ldap_master->delete ($group_dn);
- $modify->code && die "failed to delete group : ", $modify->error ;
- # take down session
- $ldap_master->unbind;
- }
-
-sub add_grouplist_user
- {
- my ($grouplist, $user) = @_;
- my @array = split(/,/, $grouplist);
- foreach my $group (@array) {
- group_add_user($group, $user);
- }
- }
-
-sub disable_user
- {
- my $user = shift;
- my $dn_line;
- my $dn = get_dn_from_line($dn_line);
-
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
- my $ldap_master=connect_ldap_master();
- my $modify = $ldap_master->modify ( "$dn",
- changes => [
- replace => [userPassword => '{crypt}!x']
- ]
- );
- $modify->code && die "failed to modify entry: ", $modify->error ;
-
- if (is_samba_user($user)) {
- my $modify = $ldap_master->modify ( "$dn",
- changes => [
- replace => [sambaAcctFlags => '[D ]']
- ]
- );
- $modify->code && die "failed to modify entry: ", $modify->error ;
- }
- # take down session
- $ldap_master->unbind;
- }
-
-# delete_user($user)
-sub delete_user
- {
- my $user = shift;
- my $dn_line;
-
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
-
- my $dn = get_dn_from_line($dn_line);
- my $ldap_master=connect_ldap_master();
- my $modify = $ldap_master->delete($dn);
- $ldap_master->unbind;
- }
-
-# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
-sub group_add
- {
- my ($gname, $gid, $force) = @_;
- my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd stop > /dev/null 2>&1";
- }
- if (!defined($gid)) {
- while (defined(getgrgid($GID_START))) {
- $GID_START++;
- }
- $gid = $GID_START;
- } else {
- if (!defined($force)) {
- if (defined(getgrgid($gid))) {
- return undef;
- }
- }
- }
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd start > /dev/null 2>&1";
- }
- my $ldap_master=connect_ldap_master();
- my $modify = $ldap_master->add ( "cn=$gname,$groupsdn",
- attrs => [
- objectClass => 'posixGroup',
- cn => "$gname",
- gidNumber => "$gid"
- ]
- );
-
- $modify->code && die "failed to add entry: ", $modify->error ;
- # take down session
- $ldap_master->unbind;
- return $gid;
- }
-
-# $homedir = get_homedir ($user)
-sub get_homedir
- {
- my $user = shift;
- my $homeDir='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search (
- base =>$suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- foreach my $attr ($entry->attributes) {
- if ($attr=~/\bhomeDirectory\b/) {
- foreach my $ent ($entry->get_value($attr)) {
- $homeDir.= $attr.": ".$ent."\n";
- }
- }
- }
- }
- $ldap_slave->unbind;
- chomp $homeDir;
- if ($homeDir eq '') {
- return undef;
- }
- $homeDir =~ s/^homeDirectory: //;
- return $homeDir;
- }
-
-# search for an user
-sub read_user
- {
- my $user = shift;
- my $lines ='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( # perform a search
- base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
-
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- $lines.= "dn: " . $entry->dn."\n";
- foreach my $attr ($entry->attributes) {
- {
- $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
- }
- }
- }
- # take down session
- $ldap_slave->unbind;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
- return $lines;
- }
-
-# search for a user
-# return the attributes in an array
-sub read_user_entry
- {
- my $user = shift;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( # perform a search
- base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
-
- $mesg->code && die $mesg->error;
- my $entry = $mesg->entry();
- $ldap_slave->unbind;
- return $entry;
- }
-
-# search for a group
-sub read_group
- {
- my $user = shift;
- my $lines ='';
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(cn=$user))"
- );
-
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- $lines.= "dn: " . $entry->dn."\n";
- foreach my $attr ($entry->attributes) {
- {
- $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
- }
- }
- }
- # take down session
- $ldap_slave->unbind;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
- return $lines;
- }
-
-# find groups of a given user
-##### MODIFIE ########
-sub find_groups_of
- {
- my $user = shift;
- my $lines ='';
- my $ldap_slave=connect_ldap_slave;
- my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(memberuid=$user))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- $lines.= "dn: ".$entry->dn."\n";
- }
- $ldap_slave->unbind;
- chomp($lines);
- if ($lines eq '') {
- return undef;
- }
- return $lines;
- }
-
-sub read_group_entry {
- my $group = shift;
- my $entry;
- my %res;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(cn=$group))"
- );
-
- $mesg->code && die $mesg->error;
- my $nb=$mesg->count;
- if ($nb > 1) {
- print "Error: $nb groups exist \"cn=$group\"\n";
- foreach $entry ($mesg->all_entries) { my $dn=$entry->dn; print " $dn\n"; }
- exit 11;
- } else {
- $entry = $mesg->shift_entry();
- }
- return $entry;
-}
-
-sub read_group_entry_gid {
- my $group = shift;
- my %res;
- my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
- );
-
- $mesg->code && die $mesg->error;
- my $entry = $mesg->shift_entry();
- return $entry;
-}
-
-# return the gidnumber for a group given as name or gid
-# -1 : bad group name
-# -2 : bad gidnumber
-sub parse_group
- {
- my $userGidNumber = shift;
- if ($userGidNumber =~ /[^\d]/ ) {
- my $gname = $userGidNumber;
- my $gidnum = getgrnam($gname);
- if ($gidnum !~ /\d+/) {
- return -1;
- } else {
- $userGidNumber = $gidnum;
- }
- } elsif (!defined(getgrgid($userGidNumber))) {
- return -2;
- }
- return $userGidNumber;
- }
-
-# remove $user from $group
-sub group_remove_member
- {
- my ($group, $user) = @_;
- my $members='';
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
- my $dn = get_dn_from_line($grp_line);
- # we test if the user exist in the group
- my $is_member=is_group_member($dn,$user);
- if ($is_member == 1) {
- my $ldap_master=connect_ldap_master();
- # delete only the user from the group
- my $modify = $ldap_master->modify ( "$dn",
- changes => [
- delete => [memberUid => ["$user"]]
- ]
- );
- $modify->code && die "failed to delete entry: ", $modify->error ;
- $ldap_master->unbind;
- }
- return 1;
- }
-
-sub group_get_members
- {
- my ($group) = @_;
- my $members;
- my @resultat;
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
-
- my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
- $ldap->bind ;
- my $mesg = $ldap->search (
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixgroup)(cn=$group))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
- foreach my $attr ($entry->attributes) {
- if ($attr=~/\bmemberUid\b/) {
- foreach my $ent ($entry->get_value($attr)) {
- push (@resultat,$ent);
- }
- }
- }
- }
- return @resultat;
- }
-
-sub do_ldapmodify
- {
- my $ldif = shift;
- my $FILE = "|$ldapmodify -r >/dev/null";
- open (FILE, $FILE) || die "$!\n";
- print FILE <<EOF;
-$ldif
-EOF
- ;
- close FILE;
- my $rc = $?;
- return $rc;
- }
-
-sub group_type_by_name {
- my $type_name = shift;
- my %groupmap = (
- 'domain' => 2,
- 'local' => 4,
- 'builtin' => 5
- );
- return $groupmap{$type_name};
-}
-
-
-
-1;
-