diff options
Diffstat (limited to 'source4')
-rwxr-xr-x | source4/setup/newuser | 141 | ||||
-rwxr-xr-x | source4/setup/newuser.pl | 132 | ||||
-rwxr-xr-x | source4/setup/provision | 2 |
3 files changed, 142 insertions, 133 deletions
diff --git a/source4/setup/newuser b/source4/setup/newuser new file mode 100755 index 0000000000..1a6fbdde27 --- /dev/null +++ b/source4/setup/newuser @@ -0,0 +1,141 @@ +#!/usr/bin/env smbscript +/* + add a new user to a Samba4 server + Copyright Andrew Tridgell 2005 + Released under the GNU GPL v2 or later +*/ + +options = new Object(); +ok = GetOptions(ARGV, options, + "POPT_AUTOHELP", + "POPT_COMMON_SAMBA", + "POPT_COMMON_VERSION", + 'username=s', + 'unixname=s', + 'password=s', + 'quiet'); +if (ok == false) { + println("Failed to parse options: " + options.ERROR); + return -1; +} + +libinclude("base.js"); + +var samdb = lpGet("sam database"); + +/* + print a message if quiet is not set +*/ +function message() +{ + if (options["quiet"] == undefined) { + print(vsprintf(arguments)); + } +} + +/* + search for one attribute as a string + */ +function search(db, expression, attribute) +{ + var attrs = new Array(attribute); + res = ldbSearch(db, expression, attrs); + if (res.length != 1 || + res[0][attribute] == undefined) { + return undefined; + } + return res[0][attribute]; +} + +/* + show some help +*/ +function ShowHelp() +{ + print(" +Samba4 newuser + +newuser [options] + --username USERNAME choose new username + --unixname USERNAME choose unix name of new user + --password PASSWORD set password + +You must provide at least a username +"); + exit(1); +} + +if (options['username'] == undefined) { + ShowHelp(); +} +if (options['password'] == undefined) { + options.password = randpass(12); + printf("chose random password %s\n", options.password); +} +if (options['unixname'] == undefined) { + options.unixname = options.username; +} + +if (getpwnam(options.unixname) == undefined) { + printf("ERROR: Unix user '%s' does not exist\n", options.unixname); + exit(1); +} + +if (search(samdb, "name=" + options.username, "dn") != undefined) { + printf("ERROR: User '%s' already exists\n", options.username); + exit(1); +} + +var domain_dn = search(samdb, "objectClass=domainDNS", "dn"); +assert(domain_dn != undefined); +var dom_users = search(samdb, "name=Domain Users", "dn"); +assert(dom_users != undefined); + +var user_dn = sprintf("CN=%s,CN=Users,%s", options.username, domain_dn); + +/* + the new user record. note the reliance on the samdb module to fill + in a sid, guid etc + */ +var ldif = sprintf(" +dn: %s +sAMAccountName: %s +name: %s +memberOf: %s +unixName: %s +objectGUID: %s +unicodePwd: %s +objectClass: user +", + user_dn, options.username, options.username, dom_users, + options.unixname, randguid(), options.password); + +/* + add the user to the users group as well +*/ +var modgroup = sprintf(" +dn: %s +changetype: modify +add: member +member: %s +", dom_users, user_dn); + +/* + now the real work + */ +message("Adding user %s\n", user_dn); +ok = ldbAdd(samdb, ldif); +if (ok != true) { + message("Failed to add %s\n", user_dn); + exit(1); +} + +message("Modifying group %s\n", dom_users); +ok = ldbModify(samdb, modgroup); +if (ok != true) { + message("Failed to modify %s\n", dom_users); + exit(1); +} + +message("All OK\n"); +return 0; diff --git a/source4/setup/newuser.pl b/source4/setup/newuser.pl deleted file mode 100755 index dc9613e4aa..0000000000 --- a/source4/setup/newuser.pl +++ /dev/null @@ -1,132 +0,0 @@ -#!/usr/bin/perl -w -# simple hack script to add a new user for Samba4 - - -use strict; -use Socket; -use Getopt::Long; - -my $opt_password; -my $opt_username; -my $opt_unixname; -my $opt_samdb = "/usr/local/samba/private/sam.ldb"; - - -# generate a random guid. Not a good algorithm. -sub randguid() -{ - my $r1 = int(rand(2**32)); - my $r2 = int(rand(2**16)); - my $r3 = int(rand(2**16)); - my $r4 = int(rand(2**16)); - my $r5 = int(rand(2**32)); - my $r6 = int(rand(2**16)); - return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6); -} - -# generate a random password. Poor algorithm :( -sub randpass() -{ - my $pass = ""; - my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~"; - for (my $i=0;$i<8;$i++) { - my $c = int(rand(length($chars))); - $pass .= substr($chars, $c, 1); - } - return $pass; -} - -sub search($$) -{ - my $expr = shift; - my $attrib = shift; - my $res = `ldbsearch -H $opt_samdb \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`; - chomp $res; - return $res; -} - -############################################ -# show some help -sub ShowHelp() -{ - print " -Samba4 newuser - -newuser.pl [options] - --username USERNAME choose new username - --password PASSWORD set password - --samdb DBPATH path to sam.ldb - -You must provide at least a username - -"; - exit(1); -} - -my $opt_help; - -GetOptions( - 'help|h|?' => \$opt_help, - 'username=s' => \$opt_username, - 'unixname=s' => \$opt_unixname, - 'password=s' => \$opt_password, - 'samdb=s' => \$opt_samdb - ); - -if ($opt_help || !$opt_username) { - ShowHelp(); -} - -if (!$opt_password) { - $opt_password = randpass(); - print "chose random password '$opt_password'\n"; -} - -if (!$opt_unixname) { - $opt_unixname = $opt_username; -} - -my $res = ""; - -# allow provisioning to be run from the source directory -$ENV{"PATH"} .= ":bin:../bin"; - -$ENV{"LDB_URL"} = $opt_samdb; - -my $domain_sid = search("(objectClass=domainDNS)", "objectSid"); -my $domain_dn = search("(objectClass=domainDNS)", "dn"); - -my $ldif = `ldbsearch -H $opt_samdb 'cn=TemplateUser' | grep -v Template | grep -v '^#'`; -chomp $ldif; - -my $dom_users = search("name=Domain Users", "dn"); - - -$ldif .= "sAMAccountName: $opt_username\n"; -$ldif .= "name: $opt_username\n"; -$ldif .= "objectGUID: " . randguid() . "\n"; -$ldif .= "memberOf: $dom_users\n"; -$ldif .= "userAccountControl: 0x10200\n"; -$ldif .= "sAMAccountType: 0x30000000\n"; -$ldif .= "unicodePwd: $opt_password\n"; -$ldif .= "unixName: $opt_unixname\n"; - -my $user_dn = "CN=$opt_username,CN=Users,$domain_dn"; - -open FILE, ">newuser.ldif"; -print FILE "dn: $user_dn\n"; -print FILE "objectClass: user\n"; -print FILE "$ldif\n"; -close FILE; - -open FILE, ">modgroup.ldif"; -print FILE " -dn: CN=Domain Users,CN=Users,$domain_dn -changetype: modify -add: member -member: $user_dn -"; -close FILE; - -system("ldbadd newuser.ldif"); -system("ldbmodify modgroup.ldif"); diff --git a/source4/setup/provision b/source4/setup/provision index 56c526541d..c516b97f2d 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -53,7 +53,7 @@ function ShowHelp() print(" Samba4 provisioning -provision.pl [options] +provision [options] --realm REALM set realm --domain DOMAIN set domain --domain-guid GUID set domainguid (otherwise random) |