summaryrefslogtreecommitdiff
path: root/source4/script
diff options
context:
space:
mode:
Diffstat (limited to 'source4/script')
-rwxr-xr-xsource4/script/newuser.pl146
1 files changed, 146 insertions, 0 deletions
diff --git a/source4/script/newuser.pl b/source4/script/newuser.pl
new file mode 100755
index 0000000000..7930b24e37
--- /dev/null
+++ b/source4/script/newuser.pl
@@ -0,0 +1,146 @@
+#!/usr/bin/perl -w
+# simple hack script to add a new user for Samba4
+
+
+use strict;
+use Socket;
+use Getopt::Long;
+
+my $opt_password;
+my $opt_username;
+my $opt_unixname;
+my $opt_samdb = "/usr/local/samba/private/sam.ldb";
+
+
+# generate a random guid. Not a good algorithm.
+sub randguid()
+{
+ my $r1 = int(rand(2**32));
+ my $r2 = int(rand(2**16));
+ my $r3 = int(rand(2**16));
+ my $r4 = int(rand(2**16));
+ my $r5 = int(rand(2**32));
+ my $r6 = int(rand(2**16));
+ return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
+}
+
+# generate a random password. Poor algorithm :(
+sub randpass()
+{
+ my $pass = "";
+ my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
+ for (my $i=0;$i<8;$i++) {
+ my $c = int(rand(length($chars)));
+ $pass .= substr($chars, $c, 1);
+ }
+ return $pass;
+}
+
+sub search($$)
+{
+ my $expr = shift;
+ my $attrib = shift;
+ my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`;
+ chomp $res;
+ return $res;
+}
+
+############################################
+# show some help
+sub ShowHelp()
+{
+ print "
+Samba4 newuser
+
+provision.pl [options]
+ --username USERNAME choose new username
+ --password PASSWORD set password
+ --samdb DBPATH path to sam.ldb
+
+You must provide at least a username
+
+";
+ exit(1);
+}
+
+my $opt_help;
+
+GetOptions(
+ 'help|h|?' => \$opt_help,
+ 'username=s' => \$opt_username,
+ 'unixname=s' => \$opt_unixname,
+ 'password=s' => \$opt_password,
+ 'samdb=s' => \$opt_samdb
+ );
+
+if ($opt_help || !$opt_username) {
+ ShowHelp();
+}
+
+if (!$opt_password) {
+ $opt_password = randpass();
+ print "chose random password '$opt_password'\n";
+}
+
+if (!$opt_unixname) {
+ $opt_unixname = $opt_username;
+}
+
+my $res = "";
+
+# allow provisioning to be run from the source directory
+$ENV{"PATH"} .= ":bin";
+
+$ENV{"LDB_URL"} = $opt_samdb;
+
+my $domain_sid = search("(objectClass=domainDNS)", "objectSid");
+my $domain_dn = search("(objectClass=domainDNS)", "dn");
+
+my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`;
+chomp $ldif;
+
+$ldif .= "name: $opt_username\n";
+
+my $sid;
+
+# crude way of working out a rid
+for (my $i=1001;$i<1100;$i++) {
+ if (search("objectSid=$domain_sid-$i","objectSid") eq "") {
+ $sid = "$domain_sid-$i";
+ last;
+ }
+}
+
+print "Chose new SID $sid\n";
+
+$ldif .= "objectSid: $sid\n";
+
+$ldif .= "objectGUID: " . randguid() . "\n";
+
+my $dom_users = search("name=Domain Users", "dn");
+
+$ldif .= "memberOf: $dom_users\n";
+
+$ldif .= "userAccountControl: 0x10200\n";
+$ldif .= "sAMAccountType: 0x30000000\n";
+$ldif .= "unicodePwd: $opt_password\n";
+$ldif .= "unixName: $opt_unixname\n";
+
+my $user_dn = "CN=$opt_username,CN=Users,$domain_dn";
+
+open FILE, ">newuser.ldif";
+print FILE "dn: $user_dn";
+print FILE "$ldif\n";
+close FILE;
+
+open FILE, ">modgroup.ldif";
+print FILE "
+dn: CN=Domain Users,CN=Users,$domain_dn
+changetype: modify
+add: member
+member: $user_dn
+";
+close FILE;
+
+system("ldbadd newuser.ldif");
+system("ldbmodify modgroup.ldif");