From a750624f4d005e2bc415e86a38947a7fa10d0cb9 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 20 Aug 2003 21:52:52 +0000
Subject: checlking in initial version of 2.2 scripts so I can start updating
 them (This used to be commit 766a5070d58ada7a871a7fab45b5f7e203264952)

---
 examples/LDAP/smbldap-tools/smbldap-useradd.pl | 460 +++++++++++++++++++++++++
 1 file changed, 460 insertions(+)
 create mode 100755 examples/LDAP/smbldap-tools/smbldap-useradd.pl

(limited to 'examples/LDAP/smbldap-tools/smbldap-useradd.pl')

diff --git a/examples/LDAP/smbldap-tools/smbldap-useradd.pl b/examples/LDAP/smbldap-tools/smbldap-useradd.pl
new file mode 100755
index 0000000000..508487af93
--- /dev/null
+++ b/examples/LDAP/smbldap-tools/smbldap-useradd.pl
@@ -0,0 +1,460 @@
+#!/usr/bin/perl 
+
+#  This code was developped by IDEALX (http://IDEALX.org/) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+#
+#                 Copyright (C) 2002 IDEALX
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+# Purpose of smbldap-useradd : user (posix,shadow,samba) add
+
+use strict;
+use smbldap_tools;
+use smbldap_conf;
+
+
+#####################
+
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('axnmwPG:u:g:d:s:c:k:A:B:C:D:E:F:H:?', \%Options);
+
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+	print "Usage: $0 [-awmugdsckGPABCDEFH?] username\n";
+	print "  -a	is a Windows User (otherwise, Posix stuff only)\n";
+	print "  -w	is a Windows Workstation (otherwise, Posix stuff only)\n";
+	print "  -x	creates rid and primaryGroupID in hex instead of decimal\n";
+	print "  -u	uid\n";
+	print "  -g	gid\n";
+	print "  -G	supplementary comma-separated groups\n";
+	print "  -n	do not create a group\n";
+	print "  -d	home\n";
+	print "  -s	shell\n";
+	print "  -c	gecos\n";
+	print "  -m	creates home directory and copies /etc/skel\n";
+	print "  -k	skeleton dir (with -m)\n";
+	print "  -P     ends by invoking smbldap-passwd.pl\n";
+	print "  -A	can change password ? 0 if no, 1 if yes\n";
+	print "  -B	must change password ? 0 if no, 1 if yes\n";
+	print "  -C	smbHome (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+	print "  -D	homeDrive (letter associated with home share, like 'H:')\n";
+	print "  -E	scriptPath (DOS script to execute on login)\n";
+	print "  -F	profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+	print "  -H	acctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+	print "  -?	show this help message\n";
+	exit (1);
+}
+
+# cause problems when dealing with getpwuid because of the
+# negative ttl and ldap modification
+my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+
+if ($nscd_status == 0) {
+   system "/etc/init.d/nscd stop > /dev/null 2>&1";
+}
+
+# Read options
+my $userUidNumber = $Options{'u'};
+if (!defined($userUidNumber)) { 
+	# find first unused uid starting from $UID_START
+	while (defined(getpwuid($UID_START))) {
+		$UID_START++;
+	}
+	$userUidNumber = $UID_START;
+} elsif (getpwuid($userUidNumber)) { die "Uid already exists.\n"; }
+
+if ($nscd_status == 0) {
+   system "/etc/init.d/nscd start > /dev/null 2>&1";
+}
+
+
+# as rid we use 2 * uid + 1000
+my $userRid = 2 * $userUidNumber + 1000;
+if (defined($Options{'x'})) {
+    $userRid= sprint("%x", $userRid);
+}
+
+my $createGroup = 0;
+my $userGidNumber = $Options{'g'};
+# gid not specified ? 
+if (!defined($userGidNumber)) {
+    # windows machine => $_defaultComputerGid
+    if (defined($Options{'w'})) {
+	$userGidNumber = $_defaultComputerGid;
+#    } elsif (!defined($Options{'n'})) {
+	# create new group (redhat style)
+	# find first unused gid starting from $GID_START
+#	while (defined(getgrgid($GID_START))) {
+#		$GID_START++;
+#	}
+#	$userGidNumber = $GID_START;
+
+#	$createGroup = 1;
+
+    } else {
+	# user will have gid = $_defaultUserGid
+	$userGidNumber = $_defaultUserGid;
+    }
+} else {
+    my $gid;
+    if (($gid = parse_group($userGidNumber)) < 0) {
+	print "$0: unknown group $userGidNumber\n";
+	exit (6);
+    }
+    $userGidNumber = $gid;
+}
+
+# as grouprid we use 2 * gid + 1001
+my $userGroupRid = 2 * $userGidNumber + 1001;
+if (defined($Options{'x'})) {
+    $userGroupRid = sprint("%x", $userGroupRid);
+}
+# Read only first @ARGV
+my $userName = $ARGV[0];
+
+# user must not exist in LDAP (should it be nss-wide ?)
+my ($rc, $dn) = get_user_dn2($userName);
+if ($rc and defined($dn)) {
+    print "$0: user $userName exists\n";
+    exit (9);
+} elsif (!$rc) {
+    print "$0: error in get_user_dn2\n";
+    exit(10);
+}
+
+my $userHomeDirectory;
+my $tmp;
+if (!defined($userHomeDirectory = $Options{'d'}))
+{
+    $userHomeDirectory = $_userHomePrefix.$userName;
+}
+$_userLoginShell = $tmp if (defined($tmp = $Options{'s'}));
+$_userGecos = $tmp if (defined($tmp = $Options{'c'}));
+$_skeletonDir = $tmp if (defined($tmp = $Options{'k'}));
+
+########################
+
+# MACHINE ACCOUNT
+if (defined($tmp = $Options{'w'})) {
+   
+    # add a trailing dollar if missing
+    if ($userName =~ /[^\$]$/s) {
+	$userName .= "\$";
+    }
+
+    #print "About to create machine $userName:\n";
+
+    if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) {
+	die "$0: error while adding posix account\n";
+    }
+
+    if (!$with_smbpasswd) {
+	if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
+	    die "$0: error while adding samba account\n";
+	}
+    } else {
+	if (!add_samba_machine($userName)) {
+	    die "$0: error while adding samba account\n";
+	}
+
+	my $tmpldif =
+"dn: uid=$userName,$computersdn
+changetype: modify
+acctFlags: [W          ]
+
+";
+	die "$0: error while modifying accountflags of $userName\n"
+	    unless (do_ldapmodify($tmpldif) == 0);
+	undef $tmpldif;
+    }
+
+    exit 0;
+}
+
+#######################
+
+# USER ACCOUNT
+
+# add posix account first
+
+my $tmpldif =
+"dn: uid=$userName,$usersdn
+objectclass: top
+objectclass: account
+objectclass: posixAccount
+cn: $userName
+uid: $userName
+uidNumber: $userUidNumber
+gidNumber: $userGidNumber
+homeDirectory: $userHomeDirectory
+loginShell: $_userLoginShell
+gecos: $_userGecos
+description: $_userGecos
+userPassword: {crypt}x
+
+";
+
+die "$0: error while adding posix user $userName\n"
+    unless (do_ldapadd($tmpldif) == 0);
+
+undef $tmpldif;
+
+#if ($createGroup) {
+#    group_add($userName, $userGidNumber);
+#}
+
+group_add_user($userGidNumber, $userName);
+
+my $grouplist;
+# adds to supplementary groups
+if (defined($grouplist = $Options{'G'})) {
+    add_grouplist_user($grouplist, $userName);
+}
+
+# If user was created successfully then we should create his/her home dir
+if (defined($tmp = $Options{'m'})) {
+    if ( !(-e $userHomeDirectory) ) {
+	system "mkdir $userHomeDirectory 2>/dev/null";
+	system "cp -a $_skeletonDir/.[a-z,A-Z]* $_skeletonDir/* $userHomeDirectory 2>/dev/null";
+	system "chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null";
+	system "chmod 700 $userHomeDirectory 2>/dev/null"; 
+    }
+}
+
+
+# Add Samba user infos
+if (defined($Options{'a'})) {
+    if (!$with_smbpasswd) {
+
+	my $winmagic = 2147483647;
+	my $valpwdcanchange = 0;
+	my $valpwdmustchange = $winmagic;
+	my $valacctflags = "[UX]";
+
+	if (defined($tmp = $Options{'A'})) {
+	    if ($tmp != 0) {
+		$valpwdcanchange = "0";
+	    } else {
+		$valpwdcanchange = "$winmagic";
+	    }
+	}
+
+	if (defined($tmp = $Options{'B'})) {
+	    if ($tmp != 0) {
+		$valpwdmustchange = "0";
+	    } else {
+		$valpwdmustchange = "$winmagic";
+	    }
+	}
+
+	if (defined($tmp = $Options{'H'})) {
+	    $valacctflags = "$tmp";
+	}
+
+	my $tmpldif =
+"dn: uid=$userName,$usersdn
+changetype: modify
+objectclass: top
+objectclass: account
+objectclass: posixAccount
+objectClass: sambaAccount
+pwdLastSet: 0
+logonTime: 0
+logoffTime: 2147483647
+kickoffTime: 2147483647
+pwdCanChange: $valpwdcanchange
+pwdMustChange: $valpwdmustchange
+displayName: $_userGecos
+acctFlags: $valacctflags
+rid: $userRid
+
+";
+	
+	die "$0: error while adding samba account to posix user $userName\n"
+	    unless (do_ldapmodify($tmpldif) == 0);
+
+	undef $tmpldif;
+    } else {
+	my $FILE="|smbpasswd -s -a $userName >/dev/null" ;
+	open (FILE, $FILE) || die "$!\n";
+	print FILE <<EOF;
+x
+x
+EOF
+    ;
+	close FILE;
+	if ($?) {
+	    print "$0: error adding samba account\n";
+	    exit (10);
+	}
+    } # with_smbpasswd
+
+    my $valscriptpath = "$userName.cmd";
+    my $valprofilepath = "$_userProfile$userName";
+    my $valsmbhome = "$_userSmbHome";
+    my $valhomedrive = "$_userHomeDrive";
+
+if (defined($tmp = $Options{'C'})) {
+    $valsmbhome = "$tmp";
+}
+
+if (defined($tmp = $Options{'D'})) {
+    $tmp = $tmp.":" unless ($tmp =~ /:/);
+    $valhomedrive = "$tmp";
+}
+
+if (defined($tmp = $Options{'E'})) {
+    $valscriptpath = "$tmp";
+}
+
+if (defined($tmp = $Options{'F'})) {
+    $valprofilepath = "$tmp";
+}
+
+    my $tmpldif =
+"dn: uid=$userName,$usersdn
+changetype: modify
+rid: $userRid
+primaryGroupID: $userGroupRid
+homeDrive: $valhomedrive
+smbHome: $valsmbhome
+profilePath: $valprofilepath
+scriptPath: $valscriptpath
+lmPassword: XXX
+ntPassword: XXX
+
+";
+
+    die "$0: error while modifying samba account of user $userName\n"
+	    unless (do_ldapmodify($tmpldif) == 0);
+    undef $tmpldif;
+}
+
+if (defined($Options{'P'})) {
+    exec "/usr/local/sbin/smbldap-passwd.pl $userName"
+}
+
+exit 0;
+
+########################################
+
+=head1 NAME
+
+       smbldap-useradd.pl - Create a new user or update default new 
+                            user information
+
+=head1 SYNOPSIS
+
+       smbldap-useradd.pl [-c comment] [-d home_dir]
+               [-g initial_group] [-G group[,...]]
+               [-m [-k skeleton_dir]]
+               [-s shell] [-u uid [ -o]] [-P]
+               [-A canchange] [-B mustchange] [-C smbhome]
+               [-D homedrive] [-E scriptpath] [-F profilepath]
+               [-H acctflags] login
+
+=head1 DESCRIPTION
+
+   Creating New Users
+       The smbldap-useradd.pl command creates a new user account using
+       the values specified on the  command  line  and  the default
+       values from the system.
+       The new user account will be entered into the system
+       files as needed, the home directory  will  be  created, and 
+       initial  files copied, depending on the command line options.
+
+       You have to use smbldap-passwd to set the user password.
+       For Samba users, rid is 2*uidNumber+1000, and primaryGroupID
+       is 2*gidNumber+1001. Thus you may want to use
+       smbldap-useradd.pl -a -g "Domain Admins" -u 500 Administrator
+       to create a domain administrator (admin rid is 0x1F4 = 500 and
+       grouprid is 0x200 = 512)
+
+       Without any option, the account created will be an Unix (Posix)
+       account. The following options may be used to add information:
+
+       -a     The user will have a Samba account (and Unix).
+
+       -w     Creates an account for a Samba machine (Workstation), so that 
+              it can join a domain.
+
+       -x     Creates rid and primaryGroupID in hex (for Samba 2.2.2 bug). Else
+              decimal (2.2.2 patched from cvs or 2.2.x, x > 2)
+
+       -c comment
+              The new user's comment field (gecos).
+
+       -d home_dir
+              The new user will be created using home_dir as the value for the
+              user's login directory.  The default is to append the login name
+              to default_home and use that as the login directory name.
+
+       -g initial_group
+              The group name or number of the user's initial login group.  The
+              group  name must exist.  A group number must refer to an already
+              existing group.  The default group number is 1.
+
+       -G group,[...]
+              A list of supplementary groups which the user is also  a  member
+              of.   Each  group is separated from the next by a comma, with no
+              intervening whitespace.  The groups  are  subject  to  the  same
+              restrictions as the group given with the -g option.  The default
+              is for the user to belong only to the initial group.
+
+       -m     The user's home directory will be created if it does not  exist.
+              The  files  contained in skeleton_dir will be copied to the home
+              directory if the -k option is used,  otherwise  the  files  con­
+              tained  in /etc/skel will be used instead.  Any directories con­
+              tained in skeleton_dir or  /etc/skel  will  be  created  in  the
+              user's  home  directory as well.  The -k option is only valid in
+              conjunction with the -m option.  The default is  to  not  create
+              the directory and to not copy any files.
+
+       -s shell
+              The name of the user's login shell.  The  default  is  to  leave
+              this  field blank, which causes the system to select the default
+              login shell.
+
+       -u uid The numerical value of  the  user's  ID.   This  value  must  be
+              unique,  unless  the  -o option is used.  The value must be non-
+              negative.  The default is to use the smallest ID  value  greater
+              than 1000 and greater than every other user.
+
+       -P     ends by invoking smbldap-passwd.pl
+
+       -A     can change password ? 0 if no, 1 if yes
+
+       -B     must change password ? 0 if no, 1 if yes
+
+       -C     smbHome (SMB home share, like '\\\\PDC-SRV\\homes')
+
+       -D     homeDrive (letter associated with home share, like 'H:')
+
+       -E     scriptPath, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
+
+       -F     profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
+
+       -H     acctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
+
+=head1 SEE ALSO
+
+       useradd(1)
+
+=cut
+
+#'
-- 
cgit