diff options
Diffstat (limited to 'source4/script')
-rwxr-xr-x | source4/script/newuser.pl | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/source4/script/newuser.pl b/source4/script/newuser.pl new file mode 100755 index 0000000000..7930b24e37 --- /dev/null +++ b/source4/script/newuser.pl @@ -0,0 +1,146 @@ +#!/usr/bin/perl -w +# simple hack script to add a new user for Samba4 + + +use strict; +use Socket; +use Getopt::Long; + +my $opt_password; +my $opt_username; +my $opt_unixname; +my $opt_samdb = "/usr/local/samba/private/sam.ldb"; + + +# generate a random guid. Not a good algorithm. +sub randguid() +{ + my $r1 = int(rand(2**32)); + my $r2 = int(rand(2**16)); + my $r3 = int(rand(2**16)); + my $r4 = int(rand(2**16)); + my $r5 = int(rand(2**32)); + my $r6 = int(rand(2**16)); + return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); +} + +# generate a random password. Poor algorithm :( +sub randpass() +{ + my $pass = ""; + my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; + for (my $i=0;$i<8;$i++) { + my $c = int(rand(length($chars))); + $pass .= substr($chars, $c, 1); + } + return $pass; +} + +sub search($$) +{ + my $expr = shift; + my $attrib = shift; + my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; + chomp $res; + return $res; +} + +############################################ +# show some help +sub ShowHelp() +{ + print " +Samba4 newuser + +provision.pl [options] + --username USERNAME choose new username + --password PASSWORD set password + --samdb DBPATH path to sam.ldb + +You must provide at least a username + +"; + exit(1); +} + +my $opt_help; + +GetOptions( + 'help|h|?' => \$opt_help, + 'username=s' => \$opt_username, + 'unixname=s' => \$opt_unixname, + 'password=s' => \$opt_password, + 'samdb=s' => \$opt_samdb + ); + +if ($opt_help || !$opt_username) { + ShowHelp(); +} + +if (!$opt_password) { + $opt_password = randpass(); + print "chose random password '$opt_password'\n"; +} + +if (!$opt_unixname) { + $opt_unixname = $opt_username; +} + +my $res = ""; + +# allow provisioning to be run from the source directory +$ENV{"PATH"} .= ":bin"; + +$ENV{"LDB_URL"} = $opt_samdb; + +my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); +my $domain_dn = search("(objectClass=domainDNS)", "dn"); + +my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; +chomp $ldif; + +$ldif .= "name: $opt_username\n"; + +my $sid; + +# crude way of working out a rid +for (my $i=1001;$i<1100;$i++) { + if (search("objectSid=$domain_sid-$i","objectSid") eq "") { + $sid = "$domain_sid-$i"; + last; + } +} + +print "Chose new SID $sid\n"; + +$ldif .= "objectSid: $sid\n"; + +$ldif .= "objectGUID: " . randguid() . "\n"; + +my $dom_users = search("name=Domain Users", "dn"); + +$ldif .= "memberOf: $dom_users\n"; + +$ldif .= "userAccountControl: 0x10200\n"; +$ldif .= "sAMAccountType: 0x30000000\n"; +$ldif .= "unicodePwd: $opt_password\n"; +$ldif .= "unixName: $opt_unixname\n"; + +my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; + +open FILE, ">newuser.ldif"; +print FILE "dn: $user_dn"; +print FILE "$ldif\n"; +close FILE; + +open FILE, ">modgroup.ldif"; +print FILE " +dn: CN=Domain Users,CN=Users,$domain_dn +changetype: modify +add: member +member: $user_dn +"; +close FILE; + +system("ldbadd newuser.ldif"); +system("ldbmodify modgroup.ldif"); |