6 # $Id: smbldap_tools.pm,v 1.1.2.1 2002/06/04 22:25:39 jerry Exp $
8 # This code was developped by IDEALX (http://IDEALX.org/) and
9 # contributors (their names can be found in the CONTRIBUTORS file).
11 # Copyright (C) 2001-2002 IDEALX
13 # This program is free software; you can redistribute it and/or
14 # modify it under the terms of the GNU General Public License
15 # as published by the Free Software Foundation; either version 2
16 # of the License, or (at your option) any later version.
18 # This program is distributed in the hope that it will be useful,
19 # but WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21 # GNU General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
29 # ugly funcs using global variables and spawning openldap clients
31 use vars
qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
44 add_samba_machine_mkntpwd
62 # dn_line = get_user_dn($username)
63 # where dn_line is like "dn: a=b,c=d"
67 my $dn=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^dn:"`;
76 # return (success, dn)
81 my $sr = `$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'`;
83 print "get_user_dn2: error in ldapsearch :
84 $ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'\n";
88 my @lines = split(/\n/, $sr);
90 my @matches = grep(/^dn:/, @lines);
101 # dn_line = get_group_dn($groupname)
102 # where dn_line is like "dn: a=b,c=d"
106 my $dn=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))' | grep "^dn:"`;
115 # bool = is_samba_user($username)
119 my $cmd = "$ldapsearch -b '$suffix' -s '$scope' '(&(objectClass=sambaAccount)(uid=$user))' | grep '^dn:\'";
128 # bool = is_user_valid($username)
129 # try to bind with user dn and password to validate current password
132 my ($user, $dn, $pass) = @_;
133 my $res=`$ldapsearchnobind -b '$usersdn' -s '$scope' -D '$dn' -w '$pass' '(&(objectclass=posixAccount)(uid=$user))' 2>/dev/null | grep "^dn:"`;
141 # dn = get_dn_from_line ($dn_line)
142 # helper to get "a=b,c=d" from "dn: a=b,c=d"
150 # success = add_posix_machine($user, $uid, $gid)
151 sub add_posix_machine
153 my ($user, $uid, $gid) = @_;
156 "dn: uid=$user,$computersdn
158 objectclass: posixAccount
163 homeDirectory: /dev/null
164 loginShell: /bin/false
165 description: Computer
169 die "$0: error while adding posix account to machine $user\n"
170 unless (do_ldapadd
($tmpldif) == 0);
177 # success = add_samba_machine($computername)
178 sub add_samba_machine
181 system "smbpasswd -a -m $user";
186 sub add_samba_machine_mkntpwd
188 my ($user, $uid) = @_;
189 my $rid = 2 * $uid + 1000; # Samba 2.2.2 stuff
194 if ($mk_ntpasswd eq '') {
195 print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
199 my $ntpwd = `$mk_ntpasswd '$name'`;
200 chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
201 chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
204 "dn: uid=$user,$computersdn
207 objectclass: posixAccount
208 objectClass: sambaAccount
211 logoffTime: 2147483647
212 kickoffTime: 2147483647
214 pwdMustChange: 2147483647
216 lmpassword: $lmpassword
217 ntpassword: $ntpassword
223 die "$0: error while adding samba account to $user\n"
224 unless (do_ldapmodify
($tmpldif) == 0);
234 my ($group, $userid) = @_;
237 if (!defined($dn_line = get_group_dn
($group))) {
240 my $dn = get_dn_from_line
($dn_line);
241 my $members = `$ldapsearch -b '$dn' -s base | grep -i "^memberUid:"`;
243 # user already member ?
244 if ($members =~ m/^memberUid: $userid/) {
248 if ($members ne '') {
269 die "$0: error while modifying group $group\n"
270 unless (do_ldapmodify
($tmpldif) == 0);
275 sub add_grouplist_user
277 my ($grouplist, $user) = @_;
278 my @array = split(/,/, $grouplist);
279 foreach my $group (@array) {
280 group_add_user
($group, $user);
284 # XXX FIXME : acctFlags |= D, and not acctFlags = D
290 if (!defined($dn_line = get_user_dn
($user))) {
291 print "$0: user $user doesn't exist\n";
298 replace: userPassword
299 userPassword: {crypt}!x
303 die "$0: error while modifying user $user\n"
304 unless (do_ldapmodify
($tmpldif) == 0);
307 if (is_samba_user
($user)) {
317 die "$0: error while modifying user $user\n"
318 unless (do_ldapmodify
($tmpldif) == 0);
331 if (!defined($dn_line = get_user_dn
($user))) {
332 print "$0: user $user doesn't exist\n";
336 my $dn = get_dn_from_line
($dn_line);
337 system "$ldapdelete $dn >/dev/null";
340 # $success = group_add($groupname, $group_gid, $force_using_existing_gid)
343 my ($gname, $gid, $force) = @_;
345 my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
347 if ($nscd_status == 0) {
348 system "/etc/init.d/nscd stop > /dev/null 2>&1";
351 if (!defined($gid)) {
352 while (defined(getgrgid($GID_START))) {
357 if (!defined($force)) {
358 if (defined(getgrgid($gid))) {
364 if ($nscd_status == 0) {
365 system "/etc/init.d/nscd start > /dev/null 2>&1";
369 "dn: cn=$gname,$groupsdn
370 objectclass: posixGroup
376 die "$0: error while adding posix group $gname\n"
377 unless (do_ldapadd
($tmpldif) == 0);
384 # $homedir = get_homedir ($user)
388 my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`;
390 if ($homeDir eq '') {
393 $homeDir =~ s/^homeDirectory: //;
402 my $lines=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' -LLL`;
415 my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(cn=$user))' -LLL`;
424 # find groups of a given user
428 my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(memberuid=$user))' -LLL | grep "^dn: "`;
437 # return the gidnumber for a group given as name or gid
438 # -1 : bad group name
442 my $userGidNumber = shift;
444 if ($userGidNumber =~ /[^\d]/ ) {
445 my $gname = $userGidNumber;
446 my $gidnum = getgrnam($gname);
447 if ($gidnum !~ /\d+/) {
450 $userGidNumber = $gidnum;
452 } elsif (!defined(getgrgid($userGidNumber))) {
455 return $userGidNumber;
458 # remove $user from $group
459 sub group_remove_member
461 my ($group, $user) = @_;
463 my $grp_line = get_group_dn
($group);
464 if (!defined($grp_line)) {
467 my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`;
469 #print "avant ---\n$members\n";
470 $members =~ s/memberUid: $user\n//;
471 #print "----\n$members\n---\n";
476 if ($members eq '') {
477 $header = "changetype: modify\n";
478 $header .= "delete: memberUid";
480 $header = "changetype: modify\n";
481 $header .= "replace: memberUid";
489 die "$0: error while modifying group $group\n"
490 unless (do_ldapmodify
($tmpldif) == 0);
496 sub group_get_members
501 my $grp_line = get_group_dn
($group);
502 if (!defined($grp_line)) {
505 my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' memberUid | grep -i "^memberUid:"`;
507 my @lines = split (/\n/, $members);
508 foreach my $line (@lines) {
509 $line =~ s/^memberUid: //;
510 push(@members, $line);
517 my ($filename, $filecontent) = @_;
519 open (FILE
, "> $filename") ||
520 die "Cannot open «$filename» for writing: $!\n";
521 print FILE
$filecontent;
525 # wrapper for ldapadd
530 my $tempfile = "/tmp/smbldapadd.$$";
531 file_write
($tempfile, $ldif);
533 my $rc = system "$ldapadd < $tempfile >/dev/null";
542 my $FILE = "|$ldapadd >/dev/null";
543 open (FILE
, $FILE) || die "$!\n";
553 # wrapper for ldapmodify
558 my $tempfile = "/tmp/smbldapmod.$$";
559 file_write
($tempfile, $ldif);
561 my $rc = system "$ldapmodify -r < $tempfile >/dev/null";
570 my $FILE = "|$ldapmodify -r >/dev/null";
571 open (FILE
, $FILE) || die "$!\n";