source4/setup/newuser.pl

   1 #!/usr/bin/perl -w
   2 # simple hack script to add a new user for Samba4
   3
   4
   5 use strict;
   6 use Socket;
   7 use Getopt::Long;
   8
   9 my $opt_password;
  10 my $opt_username;
  11 my $opt_unixname;
  12 my $opt_samdb = "/usr/local/samba/private/sam.ldb";
  13
  14
  15 # generate a random guid. Not a good algorithm.
  16 sub randguid()
  17 {
  18         my $r1 = int(rand(2**32));
  19         my $r2 = int(rand(2**16));
  20         my $r3 = int(rand(2**16));
  21         my $r4 = int(rand(2**16));
  22         my $r5 = int(rand(2**32));
  23         my $r6 = int(rand(2**16));
  24         return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
  25 }
  26
  27 # generate a random password. Poor algorithm :(
  28 sub randpass()
  29 {
  30         my $pass = "";
  31         my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
  32         for (my $i=0;$i<8;$i++) {
  33                 my $c = int(rand(length($chars)));
  34                 $pass .= substr($chars, $c, 1);
  35         }
  36         return $pass;
  37 }
  38
  39 sub search($$)
  40 {
  41         my $expr = shift;
  42         my $attrib = shift;
  43         my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`;
  44         chomp $res;
  45         return $res;
  46 }
  47
  48 ############################################
  49 # show some help
  50 sub ShowHelp()
  51 {
  52         print "
  53 Samba4 newuser
  54
  55 newuser.pl [options]
  56   --username  USERNAME     choose new username
  57   --password  PASSWORD     set password
  58   --samdb     DBPATH       path to sam.ldb
  59
  60 You must provide at least a username
  61
  62 ";
  63         exit(1);
  64 }
  65
  66 my $opt_help;
  67
  68 GetOptions(
  69             'help|h|?' => \$opt_help,
  70             'username=s' => \$opt_username,
  71             'unixname=s' => \$opt_unixname,
  72             'password=s' => \$opt_password,
  73             'samdb=s' => \$opt_samdb
  74             );
  75
  76 if ($opt_help || !$opt_username) {
  77         ShowHelp();
  78 }
  79
  80 if (!$opt_password) {
  81         $opt_password = randpass();
  82         print "chose random password '$opt_password'\n";
  83 }
  84
  85 if (!$opt_unixname) {
  86         $opt_unixname = $opt_username;
  87 }
  88
  89 my $res = "";
  90
  91 # allow provisioning to be run from the source directory
  92 $ENV{"PATH"} .= ":bin:../bin";
  93
  94 $ENV{"LDB_URL"} = $opt_samdb;
  95
  96 my $domain_sid = search("(objectClass=domainDNS)", "objectSid");
  97 my $domain_dn = search("(objectClass=domainDNS)", "dn");
  98
  99 my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`;
 100 chomp $ldif;
 101
 102 my $sid;
 103
 104 # crude way of working out a rid
 105 for (my $i=1001;$i<1100;$i++) {
 106         if (search("objectSid=$domain_sid-$i","objectSid") eq "") {
 107                 $sid = "$domain_sid-$i";
 108                 last;
 109         }
 110 }
 111
 112 print "Chose new SID $sid\n";
 113
 114 my $dom_users = search("name=Domain Users", "dn");
 115
 116
 117 $ldif .= "sAMAccountName: $opt_username\n";
 118 $ldif .= "name: $opt_username\n";
 119 $ldif .= "objectSid: $sid\n";
 120 $ldif .= "objectGUID: " . randguid() . "\n";
 121 $ldif .= "memberOf: $dom_users\n";
 122 $ldif .= "userAccountControl: 0x10200\n";
 123 $ldif .= "sAMAccountType: 0x30000000\n";
 124 $ldif .= "objectClass: user\n";
 125 $ldif .= "unicodePwd: $opt_password\n";
 126 $ldif .= "unixName: $opt_unixname\n";
 127
 128 my $user_dn = "CN=$opt_username,CN=Users,$domain_dn";
 129
 130 open FILE, ">newuser.ldif";
 131 print FILE "dn: $user_dn";
 132 print FILE "$ldif\n";
 133 close FILE;
 134
 135 open FILE, ">modgroup.ldif";
 136 print FILE "
 137 dn: CN=Domain Users,CN=Users,$domain_dn
 138 changetype: modify
 139 add: member
 140 member: $user_dn
 141 ";
 142 close FILE;
 143
 144 system("ldbadd newuser.ldif");
 145 system("ldbmodify modgroup.ldif");