summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/smbldap_tools.pm
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap_tools.pm')
-rwxr-xr-xexamples/LDAP/smbldap-tools/smbldap_tools.pm482
1 files changed, 277 insertions, 205 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap_tools.pm b/examples/LDAP/smbldap-tools/smbldap_tools.pm
index 8001442fe8..b7b134f3fd 100755
--- a/examples/LDAP/smbldap-tools/smbldap_tools.pm
+++ b/examples/LDAP/smbldap-tools/smbldap_tools.pm
@@ -4,6 +4,8 @@ package smbldap_tools;
use smbldap_conf;
use Net::LDAP;
+# $Id: smbldap_tools.pm,v 1.1.6.4 2003/12/04 21:59:20 jerry Exp $
+#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
@@ -34,36 +36,40 @@ $VERSION = 1.00;
@ISA = qw(Exporter);
@EXPORT = qw(
-get_user_dn
-get_group_dn
+ get_user_dn
+ get_group_dn
is_group_member
-is_samba_user
+ is_samba_user
is_unix_user
-is_user_valid
-get_dn_from_line
-add_posix_machine
-add_samba_machine
-add_samba_machine_mkntpwd
-group_add_user
-add_grouplist_user
-disable_user
-delete_user
-group_add
+ is_user_valid
+ does_sid_exist
+ get_dn_from_line
+ add_posix_machine
+ add_samba_machine
+ add_samba_machine_mkntpwd
+ group_add_user
+ add_grouplist_user
+ disable_user
+ delete_user
+ group_add
group_del
-get_homedir
-read_user
+ get_homedir
+ read_user
read_user_entry
-read_group
-find_groups_of
-parse_group
-group_remove_member
-group_get_members
-do_ldapadd
-do_ldapmodify
-get_user_dn2
+ read_group
+ read_group_entry
+ read_group_entry_gid
+ find_groups_of
+ parse_group
+ group_remove_member
+ group_get_members
+ do_ldapadd
+ do_ldapmodify
+ get_user_dn2
connect_ldap_master
connect_ldap_slave
-);
+ group_type_by_name
+ );
sub connect_ldap_master
{
@@ -116,14 +122,14 @@ sub connect_ldap_slave
}
sub get_user_dn
-{
+ {
my $user = shift;
my $dn='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
$mesg->code && die $mesg->error;
foreach my $entry ($mesg->all_entries) {
$dn= $entry->dn;
@@ -131,70 +137,70 @@ sub get_user_dn
$ldap_slave->unbind;
chomp($dn);
if ($dn eq '') {
- return undef;
+ return undef;
}
$dn="dn: ".$dn;
return $dn;
-}
+ }
sub get_user_dn2
-{
+ {
my $user = shift;
my $dn='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
$mesg->code && warn "failed to perform search; ", $mesg->error;
foreach my $entry ($mesg->all_entries) {
- $dn= $entry->dn;
+ $dn= $entry->dn;
}
$ldap_slave->unbind;
chomp($dn);
if ($dn eq '') {
- return (1,undef);
+ return (1,undef);
}
$dn="dn: ".$dn;
return (1,$dn);
-}
+ }
sub get_group_dn
{
- my $group = shift;
- my $dn='';
+ my $group = shift;
+ my $dn='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
$dn= $entry->dn;
}
$ldap_slave->unbind;
- chomp($dn);
- if ($dn eq '') {
+ chomp($dn);
+ if ($dn eq '') {
return undef;
- }
- $dn="dn: ".$dn;
- return $dn;
+ }
+ $dn="dn: ".$dn;
+ return $dn;
}
# return (success, dn)
# bool = is_samba_user($username)
sub is_samba_user
{
- my $user = shift;
+ my $user = shift;
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( base => $suffix,
- scope => $scope,
- filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
- );
- $mesg->code && die $mesg->error;
+ scope => $scope,
+ filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
+ );
+ $mesg->code && die $mesg->error;
$ldap_slave->unbind;
return ($mesg->count ne 0);
}
@@ -217,52 +223,68 @@ sub is_group_member
my $dn_group = shift;
my $user = shift;
my $ldap_slave=connect_ldap_slave();
- my $mesg = $ldap_slave->search (
- base => "$dn_group",
+ my $mesg = $ldap_slave->search ( base => $dn_group,
scope => 'base',
filter => "(&(memberUid=$user))"
);
$mesg->code && die $mesg->error;
$ldap_slave->unbind;
- return ($mesg->count ne 0);
+ return ($mesg->count ne 0);
}
+# all entries = does_sid_exist($sid,$scope)
+sub does_sid_exist
+ {
+ my $sid = shift;
+ my $dn_group=shift;
+ my $ldap_slave=connect_ldap_slave();
+ my $mesg = $ldap_slave->search ( base => $dn_group,
+ scope => $scope,
+ filter => "(sambaSID=$sid)"
+ #filter => "(&(objectClass=sambaSAMAccount|objectClass=sambaGroupMapping)(sambaSID=$sid))"
+ );
+ $mesg->code && die $mesg->error;
+ $ldap_slave->unbind;
+ return ($mesg);
+ }
# try to bind with user dn and password to validate current password
sub is_user_valid
{
- my ($user, $dn, $pass) = @_;
- my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
- my $mesg= $ldap->bind (dn => $dn, password => $pass );
+ my ($user, $dn, $pass) = @_;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ my $mesg= $ldap->bind (dn => $dn, password => $pass );
if ($mesg->code eq 0) {
- $ldap->unbind;
- return 1;
+ $ldap->unbind;
+ return 1;
} else {
- if($ldap->bind()) {
+ if ($ldap->bind()) {
$ldap->unbind;
return 0;
- } else {
+ } else {
print ("The LDAP directory is not available.\n Check the server, cables ...");
$ldap->unbind;
return 0;
}
die "Problem : contact your administrator";
}
-}
+ }
+
# dn = get_dn_from_line ($dn_line)
# helper to get "a=b,c=d" from "dn: a=b,c=d"
sub get_dn_from_line
{
- my $dn = shift;
- $dn =~ s/^dn: //;
- return $dn;
+ my $dn = shift;
+ $dn =~ s/^dn: //;
+ return $dn;
}
+
# success = add_posix_machine($user, $uid, $gid)
sub add_posix_machine
{
- my ($user, $uid, $gid) = @_;
+ my ($user, $uid, $gid) = @_;
# bind to a directory with dn and password
my $ldap_master=connect_ldap_master();
my $add = $ldap_master->add ( "uid=$user,$computersdn",
@@ -288,27 +310,27 @@ sub add_posix_machine
# success = add_samba_machine($computername)
sub add_samba_machine
-{
+ {
my $user = shift;
system "smbpasswd -a -m $user";
return 1;
-}
+ }
sub add_samba_machine_mkntpwd
{
- my ($user, $uid) = @_;
- my $sambaSID = 2 * $uid + 1000;
- my $name = $user;
- $name =~ s/.$//s;
+ my ($user, $uid) = @_;
+ my $sambaSID = 2 * $uid + 1000;
+ my $name = $user;
+ $name =~ s/.$//s;
- if ($mk_ntpasswd eq '') {
+ if ($mk_ntpasswd eq '') {
print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
return 0;
- }
+ }
- my $ntpwd = `$mk_ntpasswd '$name'`;
- chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
- chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
+ my $ntpwd = `$mk_ntpasswd '$name'`;
+ chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
+ chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
my $ldap_master=connect_ldap_master();
my $modify = $ldap_master->modify ( "uid=$user,$computersdn",
@@ -330,7 +352,7 @@ sub add_samba_machine_mkntpwd
$modify->code && die "failed to add entry: ", $modify->error ;
- return 1;
+ return 1;
# take down the session
$ldap_master->unbind;
@@ -339,16 +361,16 @@ sub add_samba_machine_mkntpwd
sub group_add_user
{
- my ($group, $userid) = @_;
- my $members='';
- my $dn_line = get_group_dn($group);
+ my ($group, $userid) = @_;
+ my $members='';
+ my $dn_line = get_group_dn($group);
if (!defined(get_group_dn($group))) {
print "$0: group \"$group\" doesn't exist\n";
exit (6);
}
- if (!defined($dn_line)) {
+ if (!defined($dn_line)) {
return 1;
- }
+ }
my $dn = get_dn_from_line("$dn_line");
# on look if the user is already present in the group
my $is_member=is_group_member($dn,$userid);
@@ -367,8 +389,8 @@ sub group_add_user
$modify->code && die "failed to modify entry: ", $modify->error ;
# take down session
$ldap_master->unbind;
- }
- }
+ }
+ }
sub group_del
{
@@ -383,23 +405,23 @@ sub group_del
sub add_grouplist_user
{
- my ($grouplist, $user) = @_;
- my @array = split(/,/, $grouplist);
- foreach my $group (@array) {
+ my ($grouplist, $user) = @_;
+ my @array = split(/,/, $grouplist);
+ foreach my $group (@array) {
group_add_user($group, $user);
- }
+ }
}
sub disable_user
{
- my $user = shift;
- my $dn_line;
+ my $user = shift;
+ my $dn_line;
my $dn = get_dn_from_line($dn_line);
-
- if (!defined($dn_line = get_user_dn($user))) {
+
+ if (!defined($dn_line = get_user_dn($user))) {
print "$0: user $user doesn't exist\n";
exit (10);
- }
+ }
my $ldap_master=connect_ldap_master();
my $modify = $ldap_master->modify ( "$dn",
changes => [
@@ -408,14 +430,14 @@ sub disable_user
);
$modify->code && die "failed to modify entry: ", $modify->error ;
- if (is_samba_user($user)) {
+ if (is_samba_user($user)) {
my $modify = $ldap_master->modify ( "$dn",
changes => [
replace => [sambaAcctFlags => '[D ]']
]
);
$modify->code && die "failed to modify entry: ", $modify->error ;
- }
+ }
# take down session
$ldap_master->unbind;
}
@@ -423,43 +445,43 @@ sub disable_user
# delete_user($user)
sub delete_user
{
- my $user = shift;
- my $dn_line;
+ my $user = shift;
+ my $dn_line;
- if (!defined($dn_line = get_user_dn($user))) {
+ if (!defined($dn_line = get_user_dn($user))) {
print "$0: user $user doesn't exist\n";
exit (10);
- }
+ }
- my $dn = get_dn_from_line($dn_line);
+ my $dn = get_dn_from_line($dn_line);
my $ldap_master=connect_ldap_master();
my $modify = $ldap_master->delete($dn);
$ldap_master->unbind;
}
-# $success = group_add($groupname, $group_gid, $force_using_existing_gid)
+# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
sub group_add
{
- my ($gname, $gid, $force) = @_;
- my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
- if ($nscd_status == 0) {
+ my ($gname, $gid, $force) = @_;
+ my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+ if ($nscd_status == 0) {
system "/etc/init.d/nscd stop > /dev/null 2>&1";
- }
- if (!defined($gid)) {
+ }
+ if (!defined($gid)) {
while (defined(getgrgid($GID_START))) {
- $GID_START++;
+ $GID_START++;
}
$gid = $GID_START;
- } else {
+ } else {
if (!defined($force)) {
- if (defined(getgrgid($gid))) {
- return 0;
- }
+ if (defined(getgrgid($gid))) {
+ return undef;
+ }
}
- }
- if ($nscd_status == 0) {
+ }
+ if ($nscd_status == 0) {
system "/etc/init.d/nscd start > /dev/null 2>&1";
- }
+ }
my $ldap_master=connect_ldap_master();
my $modify = $ldap_master->add ( "cn=$gname,$groupsdn",
attrs => [
@@ -472,67 +494,67 @@ sub group_add
$modify->code && die "failed to add entry: ", $modify->error ;
# take down session
$ldap_master->unbind;
- return 1;
+ return $gid;
}
# $homedir = get_homedir ($user)
sub get_homedir
{
- my $user = shift;
- my $homeDir='';
+ my $user = shift;
+ my $homeDir='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search (
base =>$suffix,
scope => $scope,
filter => "(&(objectclass=posixAccount)(uid=$user))"
);
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries){
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
foreach my $attr ($entry->attributes) {
- if ($attr=~/\bhomeDirectory\b/){
- foreach my $ent($entry->get_value($attr)) {
+ if ($attr=~/\bhomeDirectory\b/) {
+ foreach my $ent ($entry->get_value($attr)) {
$homeDir.= $attr.": ".$ent."\n";
- }
+ }
}
- }
- }
+ }
+ }
$ldap_slave->unbind;
- chomp $homeDir;
- if ($homeDir eq '') {
+ chomp $homeDir;
+ if ($homeDir eq '') {
return undef;
- }
- $homeDir =~ s/^homeDirectory: //;
- return $homeDir;
+ }
+ $homeDir =~ s/^homeDirectory: //;
+ return $homeDir;
}
# search for an user
sub read_user
{
- my $user = shift;
- my $lines ='';
+ my $user = shift;
+ my $lines ='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( # perform a search
- base => $suffix,
- scope => $scope,
- filter => "(&(objectclass=posixAccount)(uid=$user))"
- );
+ base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
$lines.= "dn: " . $entry->dn."\n";
foreach my $attr ($entry->attributes) {
- {
+ {
$lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
- }
+ }
}
- }
+ }
# take down session
$ldap_slave->unbind;
- chomp $lines;
- if ($lines eq '') {
+ chomp $lines;
+ if ($lines eq '') {
return undef;
- }
- return $lines;
+ }
+ return $lines;
}
# search for a user
@@ -556,86 +578,124 @@ sub read_user_entry
# search for a group
sub read_group
{
- my $user = shift;
- my $lines ='';
+ my $user = shift;
+ my $lines ='';
my $ldap_slave=connect_ldap_slave();
my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(cn=$user))"
- );
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(cn=$user))"
+ );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
$lines.= "dn: " . $entry->dn."\n";
foreach my $attr ($entry->attributes) {
- {
+ {
$lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
- }
+ }
}
- }
+ }
# take down session
$ldap_slave->unbind;
- chomp $lines;
- if ($lines eq '') {
+ chomp $lines;
+ if ($lines eq '') {
return undef;
- }
- return $lines;
+ }
+ return $lines;
}
# find groups of a given user
##### MODIFIE ########
sub find_groups_of
{
- my $user = shift;
- my $lines ='';
+ my $user = shift;
+ my $lines ='';
my $ldap_slave=connect_ldap_slave;
my $mesg = $ldap_slave->search ( # perform a search
- base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixGroup)(memberuid=$user))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries) {
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(memberuid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
$lines.= "dn: ".$entry->dn."\n";
- }
+ }
$ldap_slave->unbind;
- chomp($lines);
+ chomp($lines);
if ($lines eq '') {
return undef;
}
- return $lines;
+ return $lines;
+ }
+
+sub read_group_entry {
+ my $group = shift;
+ my $entry;
+ my %res;
+ my $ldap_slave=connect_ldap_slave();
+ my $mesg = $ldap_slave->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(cn=$group))"
+ );
+
+ $mesg->code && die $mesg->error;
+ my $nb=$mesg->count;
+ if ($nb > 1) {
+ print "Error: $nb groups exist \"cn=$group\"\n";
+ foreach $entry ($mesg->all_entries) { my $dn=$entry->dn; print " $dn\n"; }
+ exit 11;
+ } else {
+ $entry = $mesg->shift_entry();
}
+ return $entry;
+}
+
+sub read_group_entry_gid {
+ my $group = shift;
+ my %res;
+ my $ldap_slave=connect_ldap_slave();
+ my $mesg = $ldap_slave->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
+ );
+
+ $mesg->code && die $mesg->error;
+ my $entry = $mesg->shift_entry();
+ return $entry;
+}
# return the gidnumber for a group given as name or gid
# -1 : bad group name
# -2 : bad gidnumber
sub parse_group
{
- my $userGidNumber = shift;
- if ($userGidNumber =~ /[^\d]/ ) {
+ my $userGidNumber = shift;
+ if ($userGidNumber =~ /[^\d]/ ) {
my $gname = $userGidNumber;
my $gidnum = getgrnam($gname);
if ($gidnum !~ /\d+/) {
- return -1;
+ return -1;
} else {
- $userGidNumber = $gidnum;
+ $userGidNumber = $gidnum;
}
- } elsif (!defined(getgrgid($userGidNumber))) {
+ } elsif (!defined(getgrgid($userGidNumber))) {
return -2;
- }
- return $userGidNumber;
+ }
+ return $userGidNumber;
}
# remove $user from $group
sub group_remove_member
{
- my ($group, $user) = @_;
- my $members='';
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
+ my ($group, $user) = @_;
+ my $members='';
+ my $grp_line = get_group_dn($group);
+ if (!defined($grp_line)) {
return 0;
- }
+ }
my $dn = get_dn_from_line($grp_line);
# we test if the user exist in the group
my $is_member=is_group_member($dn,$user);
@@ -646,40 +706,40 @@ sub group_remove_member
changes => [
delete => [memberUid => ["$user"]]
]
- );
+ );
$modify->code && die "failed to delete entry: ", $modify->error ;
$ldap_master->unbind;
- }
- return 1;
+ }
+ return 1;
}
sub group_get_members
{
- my ($group) = @_;
- my $members;
- my @resultat;
- my $grp_line = get_group_dn($group);
+ my ($group) = @_;
+ my $members;
+ my @resultat;
+ my $grp_line = get_group_dn($group);
if (!defined($grp_line)) {
return 0;
}
- my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
- $ldap->bind ;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
my $mesg = $ldap->search (
base => $groupsdn,
- scope => $scope,
- filter => "(&(objectclass=posixgroup)(cn=$group))"
- );
- $mesg->code && die $mesg->error;
- foreach my $entry ($mesg->all_entries){
- foreach my $attr ($entry->attributes){
- if ($attr=~/\bmemberUid\b/){
+ scope => $scope,
+ filter => "(&(objectclass=posixgroup)(cn=$group))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ foreach my $attr ($entry->attributes) {
+ if ($attr=~/\bmemberUid\b/) {
foreach my $ent ($entry->get_value($attr)) {
push (@resultat,$ent);
- }
+ }
+ }
}
- }
-}
+ }
return @resultat;
}
@@ -697,5 +757,17 @@ EOF
return $rc;
}
+sub group_type_by_name {
+ my $type_name = shift;
+ my %groupmap = (
+ 'domain' => 2,
+ 'local' => 4,
+ 'builtin' => 5
+ );
+ return $groupmap{$type_name};
+}
+
+
+
1;
generated by cgit (git 2.34.1) at 2025-01-07 08:55:38 +0000