#!/usr/bin/perl -w

# 05/01/2005 - 18:07:10
#
# mklogon.pl - Login Script Generator
# Copyright (C) 2005 Ricky Nance
# ricky.nance@gmail.com
# http://www.weaubleau.k12.mo.us/~rnance/samba/mklogon.txt
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
#

# Version: 1.0 (Stable)
# Revised: 07/28/2005

# Comments...
# Working on logging to the system logs, Logs user activity, but not errors yet.

use strict;
use Getopt::Long;

eval { require Config::Simple; };
if ($@) {
    print("\n");
    print( "It appears as though you don't have the Config Simple perl module installed.\n" );
    print("The package is typically called 'Config::Simple' \n");
    print("and it needs to be installed, before you can use this utility\n");
    print("Most PERL installations will allow you to use a command like\n");
    print("\ncpan -i Config::Simple\n");
    print("from the command line while logged in as the root user.\n");
    print("\n");
    exit(1);
}

# use Data::Dumper; #Used for debugging purposes

# This variable should point to the external conf file, personally I would set
# it to /etc/samba/mklogon.conf
my $configfile;

foreach my $dir ( ( '/etc', '/etc/samba', '/usr/local/samba/lib' ) ) {
    if ( -e "$dir/mklogon.conf" ) {
        $configfile = "$dir/mklogon.conf";
        last;
    }
}

# This section will come directly from the samba server. Basically it just makes the script easier to read.
my $getopts = GetOptions(
    'u|username=s'   => \my $user,
    'm|machine=s'    => \my $machine,
    's|servername=s' => \my $server,
    'o|ostype=s'     => \my $os,
    'i|ip=s'         => \my $ip,
    'd|date=s'       => \my $smbdate,
    'h|help|?'       => \my $help
);

if ($help) {
    help();
    exit(0);
}

# We want the program to error out if its missing an argument.
if ( !defined($user) )    { error("username"); }
if ( !defined($machine) ) { error("machine name") }
if ( !defined($server) )  { error("server name") }
if ( !defined($os) )      { error("operating system") }
if ( !defined($ip) )      { error("ip address") }
if ( !defined($smbdate) ) { error("date") }

# This section will be read from the external config file
my $cfg = new Config::Simple($configfile) or die "Could not find $configfile";

# Read this part from the samba config
my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime(time);
my $sambaconf = $cfg->param("global.sambaconf") or die "Couldn't find your samba config! \n";
my $smbcfg = new Config::Simple( filename => $sambaconf, syntax => "ini" );
my $smbprof = $smbcfg->param("profiles.path");
my $smbnetlogdir = $smbcfg->param("netlogon.path");
my $logging      = lc( $cfg->param("global.logging") );
my $mkprofile    = lc( $cfg->param("global.mkprofile") );
my $logdir       = $cfg->param("global.logdir");
my $logfile      = $cfg->param("global.logfile");
my $logs         = "$logdir\/$logfile";
my $logtype	 = $cfg->param("global.logtype");
my $usermap      = "usermap.$user";
my $osmap	 = "os.$os";
my @ostype	 = $cfg->param($osmap);
my @username     = $cfg->param($usermap);
my $compname     = $cfg->param( -block => "machines" );
my $ipname       = $cfg->param( -block => "ip" );
my $timesync     = $cfg->param("global.timesync");
my $altserver    = $cfg->param("global.servername");
if ( defined($altserver) ) { $server = $altserver; }
$server = uc($server);

# Lets start logging stuff if it is turned on in the config
if ( $logging =~ m/on|yes|1/i ) {
    if ($logtype =~ m/file/i) {
	print "----- Logging is turned on in the config. -----\n";
	print "----- Location of the logfile is \"$logs\" -----\n";
	open LOG, ">>$logs";
	printf LOG "Date: $smbdate Time: ";
	printf LOG '%02d', $hour;
	print LOG ":";
	printf LOG '%02d', $min;
	print LOG ".";
	printf LOG '%02d', $sec;
	print LOG " -- User: $user - Machine: $machine - IP: $ip -- \n";
	close(LOG);
    } elsif ($logtype =~ m/syslog|system/i){
	use Sys::Syslog;
	my $alert = "User: $user Logged into $machine ($ip) at $hour:$min.$sec on $smbdate.";
	openlog($0, 'cons', 'user');
        syslog('alert', $alert);
	closelog();

    }
} else {
    print "----- Logging is turned off in the config. -----\n";
}

# If the user wants to make profiles with this script lets go
if ( defined($smbprof) ) {
    if ( $mkprofile =~ m/on|yes|1/i ) {
        print "----- Automatic making of user profiles is turned on in the config. ----- \n";
        ( my $login, my $pass, my $uid, my $gid ) = getpwnam($user)
          or die "$user not in passwd file \n";
        $smbprof =~ s/\%U/$user/g;
        my $dir2 = "$smbprof\/$user";
        print "$smbprof \n";
        print "$dir2 \n";
        if ( !-e $dir2 ) {
            print "Creating " . $user . "'s profile with a uid of $uid\n";
            mkdir $smbprof;
            mkdir $dir2;
            chomp($user);
#           chown $uid, $gid, $smbprof;
            chown $uid, $gid, $dir2;
        } else {
            print $user . "'s profile already exists \n";
        }
    } else {
        print "----- Automatic making of user profiles is turned off in the config. ----- \n";
    }
}

# Lets start making the batch files.
open LOGON, ">$smbnetlogdir\/$user.bat" or die "Unable to create userfile $smbnetlogdir\/$user.bat";
print LOGON "\@ECHO OFF \r\n";

if ( $timesync =~ m/on|yes|1/i ) {
    print LOGON "NET TIME /SET /YES \\\\$server \r\n";
} else {
    print "----- Time syncing to the client is turned off in the config. -----\n";
}

# Mapping from the common section
my $common = $cfg->param( -block => "common" );
for my $key ( keys %$common ) {
    drive_map( @{ $common->{$key} } );
}

my @perform_common = $cfg->param("performcommands.common");
if ( defined( $perform_common[0] ) ) {
    foreach (@perform_common) {
        print LOGON "$_ \r\n";
    }
}

# Map shares on a per user basis.
drive_map(@username);

# Map shares based on the Operating System.
drive_map(@ostype);

# Map shares only if they are in a group
# This line checks against the unix "groups" command, to see the secondary groups of a user.
my @usergroups = split( /\s/, do { open my $groups, "-|", groups => $user; <$groups> } );
foreach (@usergroups) {
    my $groupmap  = "groupmap.$_";
    my @groupname = $cfg->param($groupmap);
    drive_map(@groupname);
}

#Here is where we check the machine name against the config...
for my $key ( keys %$compname ) {
    my $test = $compname->{$key};
    if ( ref $test eq 'ARRAY' ) {
        foreach (@$test) {
            if ( $_ eq $machine ) {
                my $performit = $cfg->param("performcommands.$key");
                if ( defined($performit) ) {
                    if ( ref $performit ) {
                        foreach (@$performit) { print LOGON "$_ \r\n"; }
                    } else {
                        print LOGON "$performit \r\n";
                    }
                }
            }
        }
    }
    elsif ( $test eq $machine ) {
        my $performit = $cfg->param("performcommands.$key");
        if ( defined($performit) ) {
            if ( ref $performit ) {
                foreach (@$performit) { print LOGON "$_ \r\n"; }
            } else {
                print LOGON "$performit \r\n";
            }
        }
    }
}

# Here is where we test the ip address against the client to see if they have "Special Mapping"
# A huge portion of the ip matching code was made by  
# Carsten Schaub (rcsu in the #samba chan on freenode.net)

my $val;
for my $key ( sort keys %$ipname ) {
    if ( ref $ipname->{$key} eq 'ARRAY' ) {
        foreach ( @{ $ipname->{$key} } ) {
            getipval( $_, $key );
        }
    } else {
        getipval( $ipname->{$key}, $key );
    }
}

sub getipval {
    my ( $range, $rangename ) = @_;
    if ( parse( $ip, ipmap($range) ) ) {
        if ( $val eq 'true' ) {
            my $performit = $cfg->param("performcommands.$rangename");
            if ( defined($performit) ) {
                if ( ref $performit ) {
                    foreach (@$performit) { print LOGON "$_ \r\n"; }
                } else {
                    print LOGON "$performit \r\n";
                }
            }
        } elsif ( $val eq 'false' ) {
        }
    } else {
    }
}

sub ipmap {
    my $pattern = shift;
    my ( $iprange, $iprange2, $ipmask );
    if ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,2})$/ ) {
        # 1.1.1.1/3 notation
        $iprange = pack( "U4", $1, $2, $3, $4 );
        $ipmask = pack( "U4", 0, 0, 0, 0 );
        my $numbits = $5;
        for ( my $i = 0 ; $i < $numbits ; $i++ ) {
            vec( $ipmask, int( $i / 8 ) * 8 + ( 8 - ( $i % 8 ) ) - 1, 1 ) = 1;
        }
        $iprange &= "$ipmask";
    } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/ ) {
        # 1.1.1.1/255.255.255.255 notation
        $iprange = pack( "U4", $1, $2, $3, $4 );
        $ipmask  = pack( "U4", $5, $6, $7, $8 );
        $iprange &= "$ipmask";
    } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
        # 1.1.1.1 notation
        $iprange = pack( "U4", $1, $2, $3, $4 );
        $ipmask = pack( "U4", 255, 255, 255, 255 );
    } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\s*\-\s*(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
        # 1.1.1.1 - 2.2.2.2 notation
        $iprange  = pack( "U4", $1,  $2,  $3,  $4 );
        $iprange2 = pack( "U4", $5,  $6,  $7,  $8 );
        $ipmask   = pack( "U4", 255, 255, 255, 255 );
    } else {
        return;
    }
	return $iprange, $ipmask, $iprange2;
}

sub parse {
    my ( $origip, $ipbase, $ipmask, $iprange2 ) = @_;
    $origip =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
    $origip = pack( "U4", $1, $2, $3, $4 );
    if ( defined($iprange2) ) {
        if ( $ipbase le $origip && $origip le $iprange2 ) {
            return $val = 'true';
        } else {
            return $val = 'false';
        }
    } elsif ( ( "$origip" & "$ipmask" ) eq $ipbase ) {
        return $val = 'true';
    } else {
        return $val = 'false';
    }
}

# This sub will distinguish the drive mappings
sub drive_map {
    my @data = @_;
    for ( my $i = 0 ; $i < scalar(@data) ; ) {
        if ( $data[$i] =~ m/^[a-z]\:$/i ) {
            my $driveletter = $data[$i];
            $i++;
            my $sharename = $data[$i];
            $i++;
            if ( $sharename eq '/home' ) {
                print LOGON uc("NET USE $driveletter \\\\$server\\$user \/Y \r\n");
            } else {
                print LOGON
                  uc("NET USE $driveletter \\\\$server\\$sharename \/Y \r\n");
            }
        } else {
            print LOGON uc("$data[$i] \r\n");
            $i++;
        }
    }
}

close(LOGON);

sub error {
    my $var = shift(@_);
    help();
    print "\n\tCritical!!! \n\n\tNo $var specified\n\n\tYou must specify a $var.\n\n";
    exit(0);
}

sub help {

    print << "EOF" ;

	Usage:   $0 [options]

	Options:

	-h,--help		This help screen.

	-u,--username		The name of the user from the samba server.

	-m,--machinename	The name of the client connecting to the server.

	-s,--server		The name of the server this script is running in.

	-o,--os			The clients OS -- Windows 95/98/ME (Win95), Windows NT (WinNT),
				Windows 2000 (Win2K), Windows  XP  (WinXP), and Windows 2003
				(Win2K3). Anything else will be known as ``UNKNOWN''
				That snippet is directly from man smb.conf. 

	-i,--ip			The clients IP address.

	-d,--date		Time and Date returned from the samba server.



				--IMPORTANT--		
		

				All options MUST be specified.
	
				The mklogon.conf file MUST be located in /etc, /etc/samba, or 
				/usr/local/samba/lib.
	
	To use this file from the command line:
		$0 -u User -m machine -s servername -o ostype -i X.X.X.X -d MM/DD/YY

	To use this file from the samba server add these lines to your /etc/samba/smb.conf:


		This line goes in the [global] section
			login script = %U.bat

		This line should be at the end of the [netlogon] section.
			root preexec = /path/to/mklogon.pl -u %U -m %m -s %L -o %a -i %I -d %t
	
	
EOF

    print "\n\n";

}