1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
add a new user to a Samba4 server
Copyright Andrew Tridgell 2005
Released under the GNU GPL v2 or later
*/
options = new Object();
ok = GetOptions(ARGV, options,
"POPT_AUTOHELP",
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
'username=s',
'unixname=s',
'password=s',
'quiet');
if (ok == false) {
println("Failed to parse options: " + options.ERROR);
return -1;
}
libinclude("base.js");
var samdb = lpGet("sam database");
/*
print a message if quiet is not set
*/
function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
}
}
/*
search for one attribute as a string
*/
function search(db, expression, attribute)
{
var attrs = new Array(attribute);
res = ldbSearch(db, expression, attrs);
if (res.length != 1 ||
res[0][attribute] == undefined) {
return undefined;
}
return res[0][attribute];
}
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 newuser
newuser [options]
--username USERNAME choose new username
--unixname USERNAME choose unix name of new user
--password PASSWORD set password
You must provide at least a username
");
exit(1);
}
if (options['username'] == undefined) {
ShowHelp();
}
if (options['password'] == undefined) {
options.password = randpass(12);
printf("chose random password %s\n", options.password);
}
if (options['unixname'] == undefined) {
options.unixname = options.username;
}
if (getpwnam(options.unixname) == undefined) {
printf("ERROR: Unix user '%s' does not exist\n", options.unixname);
exit(1);
}
if (search(samdb, "name=" + options.username, "dn") != undefined) {
printf("ERROR: User '%s' already exists\n", options.username);
exit(1);
}
var domain_dn = search(samdb, "objectClass=domainDNS", "dn");
assert(domain_dn != undefined);
var dom_users = search(samdb, "name=Domain Users", "dn");
assert(dom_users != undefined);
var user_dn = sprintf("CN=%s,CN=Users,%s", options.username, domain_dn);
/*
the new user record. note the reliance on the samdb module to fill
in a sid, guid etc
*/
var ldif = sprintf("
dn: %s
sAMAccountName: %s
name: %s
memberOf: %s
unixName: %s
objectGUID: %s
unicodePwd: %s
objectClass: user
",
user_dn, options.username, options.username, dom_users,
options.unixname, randguid(), options.password);
/*
add the user to the users group as well
*/
var modgroup = sprintf("
dn: %s
changetype: modify
add: member
member: %s
", dom_users, user_dn);
/*
now the real work
*/
message("Adding user %s\n", user_dn);
ok = ldbAdd(samdb, ldif);
if (ok != true) {
message("Failed to add %s\n", user_dn);
exit(1);
}
message("Modifying group %s\n", dom_users);
ok = ldbModify(samdb, modgroup);
if (ok != true) {
message("Failed to modify %s\n", dom_users);
exit(1);
}
message("All OK\n");
return 0;
|
