Context Navigation

source: npl/fileserver/smb-ldap-tool/modified/smbldap_tools.pm @ b7b790b

perl-5.22

Last change on this file since b7b790b was c5c522c, checked in by Edwin Eefting <edwin@datux.nl>, 9 years ago
initial commit, transferred from cleaned syn3 svn tree
Property mode set to `100755`
File size: 28.6 KB

Line
1	#!/usr/bin/perl -w
2	use strict;
3	package smbldap_tools;
4	use Net::LDAP;
5	use Crypt::SmbHash;
6	use Unicode::MapUTF8 qw(to_utf8 from_utf8);
7
8
9	# $Id: smbldap_tools.pm 4204 2008-10-17 13:17:15Z edwin $
10	#
11	# This code was developped by IDEALX (http://IDEALX.org/) and
12	# contributors (their names can be found in the CONTRIBUTORS file).
13	#
14	# Copyright (C) 2001-2002 IDEALX
15	#
16	# This program is free software; you can redistribute it and/or
17	# modify it under the terms of the GNU General Public License
18	# as published by the Free Software Foundation; either version 2
19	# of the License, or (at your option) any later version.
20	#
21	# This program is distributed in the hope that it will be useful,
22	# but WITHOUT ANY WARRANTY; without even the implied warranty of
23	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24	# GNU General Public License for more details.
25	#
26	# You should have received a copy of the GNU General Public License
27	# along with this program; if not, write to the Free Software
28	# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
29	# USA.
30
31
32	# ugly funcs using global variables and spawning openldap clients
33
34	my $smbldap_conf;
35	if (-e "/etc/smbldap-tools/smbldap.conf") {
36	$smbldap_conf="/etc/smbldap-tools/smbldap.conf";
37	} else {
38	$smbldap_conf="/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
39	}
40
41	my $smbldap_bind_conf;
42	if (-e "/etc/smbldap-tools/smbldap_bind.conf") {
43	$smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
44	} else {
45	$smbldap_bind_conf="/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
46	}
47	my $samba_conf;
48	if (-e "/etc/samba/smb.conf") {
49	$samba_conf="/etc/samba/smb.conf";
50	} else {
51	$samba_conf="/usr/local/samba/lib/smb.conf";
52	}
53
54	use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
55	use Exporter;
56	$VERSION = 1.00;
57
58	@ISA = qw(Exporter);
59	use vars qw(%config $ldap);
60
61	@EXPORT = qw(
62	get_user_dn
63	get_group_dn
64	is_group_member
65	is_samba_user
66	is_unix_user
67	is_nonldap_unix_user
68	is_user_valid
69	does_sid_exist
70	get_dn_from_line
71	add_posix_machine
72	add_samba_machine
73	add_samba_machine_smbpasswd
74	group_add_user
75	add_grouplist_user
76	disable_user
77	delete_user
78	group_add
79	group_del
80	get_homedir
81	read_user
82	read_user_entry
83	read_group
84	read_group_entry
85	read_group_entry_gid
86	find_groups_of
87	parse_group
88	group_remove_member
89	group_get_members
90	do_ldapadd
91	do_ldapmodify
92	get_user_dn2
93	connect_ldap_master
94	group_type_by_name
95	subst_configvar
96	read_config
97	read_parameter
98	subst_user
99	split_arg_comma
100	list_union
101	list_minus
102	get_next_id
103	print_banner
104	getDomainName
105	getLocalSID
106	utf8Encode
107	utf8Decode
108	%config
109	);
110
111	sub print_banner
112	{
113	print STDERR "(c) Jerome Tournier - IDEALX 2004 (http://www.idealx.com)- Licensed under the GPL\n"
114	unless $config{no_banner};
115	}
116
117	sub read_parameter
118	{
119	my $line=shift;
120	## check for a param = value
121	if ($_=~/=/) {
122	my ($param,$val);
123	if ($_=~/\s.?\s=\s".*"/) {
124	($param,$val) = /\s(.?)\s=\s"(.*)"/;
125	} elsif ($_=~/\s.?\s=\s'.*'/) {
126	($param,$val) = /\s(.?)\s=\s'(.*)'/;
127	} else {
128	($param,$val) = /\s(.?)\s=\s(.*)/;
129	}
130	return ($param,$val);
131	}
132	}
133
134	sub subst_configvar
135	{
136	my $value = shift;
137	my $vars = shift;
138
139	$value =~ s/\$\{([^}]+)\}/$vars->{$1} ? $vars->{$1} : $1/eg;
140	return $value;
141	}
142
143	sub read_conf
144	{
145	my %conf;
146	open (CONFIGFILE, "$smbldap_conf") \|\| die "Unable to open $smbldap_conf for reading !\n";
147	while (<CONFIGFILE>) {
148	chomp($_);
149	## throw away comments
150	next if ( /^\s#/ \|\| /^\s$/ \|\| /^\s*\;/);
151	## check for a param = value
152	my ($parameter,$value)=read_parameter($_);
153	$value = &subst_configvar($value, \%conf);
154	$conf{$parameter}=$value;
155	}
156	close (CONFIGFILE);
157
158	if ($< == 0) {
159	open (CONFIGFILE, "$smbldap_bind_conf") \|\| die "Unable to open $smbldap_bind_conf for reading !\n";
160	while (<CONFIGFILE>) {
161	chomp($_);
162	## throw away comments
163	next if ( /^\s#/ \|\| /^\s$/ \|\| /^\s*\;/);
164	## check for a param = value
165	my ($parameter,$value)=read_parameter($_);
166	$value = &subst_configvar($value, \%conf);
167	$conf{$parameter}=$value;
168	}
169	close (CONFIGFILE);
170	} else {
171	$conf{slaveDN}=$conf{slavePw}=$conf{masterDN}=$conf{masterPw}="";
172	}
173	# automatically find SID
174	if (not $conf{SID}) {
175	$conf{SID} = getLocalSID() \|\|
176	die "Unable to determine domain SID: please edit your smbldap.conf,
177	or start your samba server for a few minutes to allow for SID generation to proceed\n";
178	}
179	return(%conf);
180	}
181
182	sub read_smbconf
183	{
184	my %conf;
185	my $smbconf="$samba_conf";
186	open (CONFIGFILE, "$smbconf") \|\| die "Unable to open $smbconf for reading !\n";
187	my $global=0;
188	my $prevline="";
189	while (<CONFIGFILE>) {
190	chomp;
191	if (/^(.*)\\$/) {
192	$prevline.=$1;
193	next;
194	}
195	$_=$prevline.$_;
196	$prevline="";
197	if (/^\[global\]/) {
198	$global=1;
199	}
200	if ($global == 1) {
201	if (/^\[/ and !/\[global\]/) {
202	$global=0;
203	} else {
204	## throw away comments
205	#next if ( ! /workgroup/i );
206	next if ( /^\s#/ \|\| /^\s$/ \|\| /^\s*\;/ \|\| /\[/);
207	## check for a param = value
208	my ($parameter,$value)=read_parameter($_);
209	$value = &subst_configvar($value, \%conf);
210	$conf{$parameter}=$value;
211	}
212	}
213	}
214	close (CONFIGFILE);
215	return(%conf);
216	}
217	my %smbconf;
218	#=read_smbconf();
219
220	sub getLocalSID {
221	my $string = `LANG= PATH=/opt/IDEALX/bin:/usr/local/bin:/usr/bin:/bin net getlocalsid 2>/dev/null`;
222	my ($domain,$sid)=($string =~ m/^SID for domain (\S+) is: (\S+)$/ );
223
224	return $sid;
225	}
226
227	# let's read the configurations file...
228	%config=read_conf();
229
230	sub get_parameter {
231	# this function return the value for a parameter. The name of the parameter can be either this
232	# defined in smb.conf or smbldap.conf
233	my $parameter_smb=shift;
234	my $parameter_smbldap=shift;
235	if (defined $config{$parameter_smbldap} and $config{$parameter_smbldap} ne "") {
236	return $config{$parameter_smbldap};
237	} elsif (defined $smbconf{$parameter_smb} and $smbconf{$parameter_smb} ne "") {
238	return $smbconf{$parameter_smb};
239	} else {
240	#print "could not find parameter's value (parameter given: $parameter_smbldap or $parameter_smb) !!\n";
241	undef $smbconf{$parameter_smb};
242	}
243
244	}
245
246	$config{sambaDomain}=get_parameter("workgroup","sambaDomain");
247	$config{suffix}=get_parameter("ldap suffix","suffix");
248	$config{usersdn}=get_parameter("ldap user suffix","usersdn");
249	if ($config{usersdn} !~ m/,/ ) {$config{usersdn}=$config{usersdn}.",".$config{suffix};}
250	$config{groupsdn}=get_parameter("ldap group suffix","groupsdn");
251	if ($config{groupsdn} !~ m/,/ ) {$config{groupsdn}=$config{groupsdn}.",".$config{suffix};}
252	$config{computersdn}=get_parameter("ldap machine suffix","computersdn");
253	if ($config{computersdn} !~ m/,/ ) {$config{computersdn}=$config{computersdn}.",".$config{suffix};}
254	$config{idmapdn}=get_parameter("ldap idmap suffix","idmapdn");
255	if (defined $config{idmapdn}) {
256	if ($config{idmapdn} !~ m/,/ ) {$config{idmapdn}=$config{idmapdn}.",".$config{suffix};}
257	}
258
259	# next uidNumber and gidNumber available are stored in sambaDomainName object
260	if (!defined $config{sambaUnixIdPooldn}) {
261	$config{sambaUnixIdPooldn}="sambaDomainName=$config{sambaDomain},$config{suffix}";
262	}
263	if (!defined $config{masterLDAP}) {
264	$config{masterLDAP}="127.0.0.1";
265	}
266	if (!defined $config{masterPort}) {
267	$config{masterPort}="389";
268	}
269	if (!defined $config{slaveLDAP}) {
270	$config{slaveLDAP}="127.0.0.1";
271	}
272	if (!defined $config{slavePort}) {
273	$config{slavePort}="389";
274	}
275	if (!defined $config{ldapTLS}) {
276	$config{ldapTLS}="0";
277	}
278
279	sub connect_ldap_master
280	{
281	# bind to a directory with dn and password
282	my $ldap_master = Net::LDAP->new(
283	"$config{masterLDAP}",
284	port => "$config{masterPort}",
285	version => 3,
286	timeout => 60,
287	# debug => 0xffff,
288	);
289
290	if ($ldap_master)
291	{
292	if ($config{ldapTLS} == 1) {
293	$ldap_master->start_tls(
294	verify => "$config{verify}",
295	clientcert => "$config{clientcert}",
296	clientkey => "$config{clientkey}",
297	cafile => "$config{cafile}"
298	);
299	}
300	$ldap_master->bind ( "$config{masterDN}",
301	password => "$config{masterPw}"
302	);
303	$ldap=$ldap_master;
304	}
305	else
306	{
307	print "Cant connect LDAP master...trying slave..\n";
308	my $ldap_slave = Net::LDAP->new(
309	"$config{slaveLDAP}",
310	port => "$config{slavePort}",
311	version => 3,
312	timeout => 60,
313	# debug => 0xffff,
314	);
315	if ($config{ldapTLS} == 1) {
316	$ldap_slave->start_tls(
317	verify => "$config{verify}",
318	clientcert => "$config{clientcert}",
319	clientkey => "$config{clientkey}",
320	cafile => "$config{cafile}"
321	);
322	}
323	$ldap_slave->bind ( "$config{slaveDN}",
324	password => "$config{slavePw}"
325	);
326	$ldap=$ldap_slave;
327	}
328	return ($ldap);
329	}
330
331	sub get_user_dn
332	{
333	my $user = shift;
334	my $dn='';
335	my $mesg = $ldap->search ( base => $config{suffix},
336	scope => $config{scope},
337	filter => "(&(objectclass=posixAccount)(uid=$user))"
338	);
339	$mesg->code && die $mesg->error;
340	foreach my $entry ($mesg->all_entries) {
341	$dn= $entry->dn;
342	}
343	chomp($dn);
344	if ($dn eq '') {
345	return undef;
346	}
347	$dn="dn: ".$dn;
348	return $dn;
349	}
350
351
352	sub get_user_dn2
353	{
354	my $user = shift;
355	my $dn='';
356	my $mesg = $ldap->search ( base => $config{suffix},
357	scope => $config{scope},
358	filter => "(&(objectclass=posixAccount)(uid=$user))"
359	);
360	$mesg->code && warn "failed to perform search; ", $mesg->error;
361
362	foreach my $entry ($mesg->all_entries) {
363	$dn= $entry->dn;
364	}
365	chomp($dn);
366	if ($dn eq '') {
367	return (1,undef);
368	}
369	$dn="dn: ".$dn;
370	return (1,$dn);
371	}
372
373
374	sub get_group_dn
375	{
376	my $group = shift;
377	my $dn='';
378	my $filter;
379	if ($group =~ /^\d+$/) {
380	$filter="(&(objectclass=posixGroup)(\|(cn=$group)(gidNumber=$group)))";
381	} else {
382	$filter="(&(objectclass=posixGroup)(cn=$group))";
383	}
384	my $mesg = $ldap->search ( base => $config{groupsdn},
385	scope => $config{scope},
386	filter => $filter
387	);
388	$mesg->code && die $mesg->error;
389	foreach my $entry ($mesg->all_entries) {
390	$dn= $entry->dn;
391	}
392	chomp($dn);
393	if ($dn eq '') {
394	return undef;
395	}
396	$dn="dn: ".$dn;
397	return $dn;
398	}
399
400	# return (success, dn)
401	# bool = is_samba_user($username)
402	sub is_samba_user
403	{
404	my $user = shift;
405	my $mesg = $ldap->search ( base => $config{suffix},
406	scope => $config{scope},
407	filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
408	);
409	$mesg->code && die $mesg->error;
410	return ($mesg->count ne 0);
411	}
412
413	sub is_unix_user
414	{
415	my $user = shift;
416	my $mesg = $ldap->search ( base => $config{suffix},
417	scope => $config{scope},
418	filter => "(&(objectClass=posixAccount)(uid=$user))"
419	);
420	$mesg->code && die $mesg->error;
421	return ($mesg->count ne 0);
422	}
423
424	sub is_nonldap_unix_user
425	{
426	my $user = shift;
427	my $uid = getpwnam($user);
428
429	if ($uid) {
430	return 1;
431	} else {
432	return 0;
433	}
434	}
435
436
437	sub is_group_member
438	{
439	my $dn_group = shift;
440	my $user = shift;
441	my $mesg = $ldap->search ( base => $dn_group,
442	scope => 'base',
443	filter => "(&(memberUid=$user))"
444	);
445	$mesg->code && die $mesg->error;
446	return ($mesg->count ne 0);
447	}
448
449	# all entries = does_sid_exist($sid,$config{scope})
450	sub does_sid_exist
451	{
452	my $sid = shift;
453	my $dn_group=shift;
454	my $mesg = $ldap->search ( base => $dn_group,
455	scope => $config{scope},
456	filter => "(sambaSID=$sid)"
457	#filter => "(&(objectClass=sambaSAMAccount\|objectClass=sambaGroupMapping)(sambaSID=$sid))"
458	);
459	$mesg->code && die $mesg->error;
460	return ($mesg);
461	}
462
463	# try to bind with user dn and password to validate current password
464	sub is_user_valid
465	{
466	my ($user, $dn, $pass) = @_;
467	my $userLdap = Net::LDAP->new(
468	"$config{slaveLDAP}",
469	port => "$config{slavePort}",
470	version => 3,
471	timeout => 60
472	)
473	or warn "erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the master server\n";
474	if (!$userLdap) {
475	# connection to the slave failed: trying to contact the master ...
476	$userLdap = Net::LDAP->new(
477	"$config{masterLDAP}",
478	port => "$config{masterPort}",
479	version => 3,
480	timeout => 60
481	)
482	or die "erreur LDAP: Can't contact master ldap server ($@)\n";
483	}
484	if ($userLdap) {
485	if ($config{ldapTLS} == 1) {
486	$userLdap->start_tls(
487	verify => "$config{verify}",
488	clientcert => "$config{clientcert}",
489	clientkey => "$config{clientkey}",
490	cafile => "$config{cafile}"
491	);
492	}
493	my $mesg= $userLdap->bind (dn => $dn, password => $pass );
494	if ($mesg->code eq 0) {
495	$userLdap->unbind;
496	return 1;
497	} else {
498	if ($userLdap->bind()) {
499	$userLdap->unbind;
500	return 0;
501	} else {
502	print ("The LDAP directory is not available.\n Check the server, cables ...");
503	$userLdap->unbind;
504	return 0;
505	}
506	die "Problem : contact your administrator";
507	}
508	}
509	}
510
511
512	# dn = get_dn_from_line ($dn_line)
513	# helper to get "a=b,c=d" from "dn: a=b,c=d"
514	sub get_dn_from_line
515	{
516	my $dn = shift;
517	$dn =~ s/^dn: //;
518	return $dn;
519	}
520
521
522	# success = add_posix_machine($user, $uid, $gid)
523	sub add_posix_machine
524	{
525	my ($user,$uid,$gid,$wait) = @_;
526	if (!defined $wait) {
527	$wait=0;
528	}
529	# bind to a directory with dn and password
530	my $add = $ldap->add ( "uid=$user,$config{computersdn}",
531	attr => [
532	'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'],
533	'cn' => "$user",
534	'sn' => "$user",
535	'uid' => "$user",
536	'uidNumber' => "$uid",
537	'gidNumber' => "$gid",
538	'homeDirectory' => '/dev/null',
539	'loginShell' => '/bin/false',
540	'description' => 'Computer',
541	'gecos' => 'Computer',
542	]
543	);
544
545	$add->code && warn "failed to add entry: ", $add->error ;
546	sleep($wait);
547	return 1;
548	}
549
550
551	# success = add_samba_machine_smbpasswd($computername)
552	sub add_samba_machine_smbpasswd
553	{
554	my $user = shift;
555	system "smbpasswd -a -m $user";
556	return 1;
557	}
558
559	sub add_samba_machine
560	{
561	my ($user, $uid) = @_;
562	my $sambaSID = 2 * $uid + 1000;
563	my $name = $user;
564	$name =~ s/.$//s;
565
566	my ($lmpassword,$ntpassword) = ntlmgen $name;
567	my $modify = $ldap->modify ( "uid=$user,$config{computersdn}",
568	changes => [
569	replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
570	add => [sambaPwdLastSet => '0'],
571	add => [sambaLogonTime => '0'],
572	add => [sambaLogoffTime => '2147483647'],
573	add => [sambaKickoffTime => '2147483647'],
574	add => [sambaPwdCanChange => '0'],
575	add => [sambaPwdMustChange => '0'],
576	add => [sambaAcctFlags => '[W ]'],
577	add => [sambaLMPassword => "$lmpassword"],
578	add => [sambaNTPassword => "$ntpassword"],
579	add => [sambaSID => "$config{SID}-$sambaSID"],
580	add => [sambaPrimaryGroupSID => "$config{SID}-0"]
581	]
582	);
583
584	$modify->code && die "failed to add entry: ", $modify->error ;
585
586	return 1;
587	}
588
589	sub group_add_user
590	{
591	my ($group, $userid) = @_;
592	my $members='';
593	my $dn_line = get_group_dn($group);
594	if (!defined(get_group_dn($group))) {
595	print "$0: group \"$group\" doesn't exist\n";
596	exit (6);
597	}
598	if (!defined($dn_line)) {
599	return 1;
600	}
601	my $dn = get_dn_from_line("$dn_line");
602	# on look if the user is already present in the group
603	my $is_member=is_group_member($dn,$userid);
604	if ($is_member == 1) {
605	print "User \"$userid\" already member of the group \"$group\".\n";
606	} else {
607	# bind to a directory with dn and password
608	# It does not matter if the user already exist, Net::LDAP will add the user
609	# if he does not exist, and ignore him if his already in the directory.
610	my $modify = $ldap->modify ( "$dn",
611	changes => [
612	add => [memberUid => $userid]
613	]
614	);
615	$modify->code && die "failed to modify entry: ", $modify->error ;
616	}
617	}
618
619	sub ox_group_add
620	{
621	my ($group, $userid) = @_;
622	my $members='';
623	my $dn_line = get_user_dn($userid);
624	if (!defined(get_user_dn($userid))) {
625	print "$0: user \"$userid\" doesn't exist\n";
626	exit (6);
627	}
628	if (!defined($dn_line)) {
629	return 1;
630	}
631	my $dn = get_dn_from_line("$dn_line");
632	my $modify = $ldap->modify ( $dn, add => [OXGroupID => $group]);
633	$modify->code && die "failed to modify entry: ", $modify->error ;
634	}
635
636
637
638
639	sub ox_group_del
640	{
641	my ($userid) = shift;
642	my $dn_line = get_user_dn($userid);
643	if (!defined(get_user_dn($userid))) {
644	print "$0: user \"$userid\" doesn't exist\n";
645	exit (6);
646	}
647	if (!defined($dn_line)) {
648	return 1;
649	}
650	my $dn = get_dn_from_line("$dn_line");
651	# bind to a directory with dn and password
652	# It does not matter if the user already exist, Net::LDAP will add the user
653	# if he does not exist, and ignore him if his already in the directory.
654	my $modify = $ldap->modify ( $dn, delete => ("OXGroupID"));
655	$modify->code
656
657	}
658
659
660	sub group_del
661	{
662	my $group_dn=shift;
663	# bind to a directory with dn and password
664	my $modify = $ldap->delete ($group_dn);
665	$modify->code && die "failed to delete group : ", $modify->error ;
666	}
667
668
669	sub add_grouplist_user
670	{
671	my ($grouplist, $user) = @_;
672	ox_group_del("$user");
673	my @array = split(/,/, $grouplist);
674	foreach my $group (@array) {
675	group_add_user($group, $user);
676	ox_group_add($group, $user);
677	}
678	}
679
680	sub disable_user
681	{
682	my $user = shift;
683	my $dn_line;
684	my $dn = get_dn_from_line($dn_line);
685
686	if (!defined($dn_line = get_user_dn($user))) {
687	print "$0: user $user doesn't exist\n";
688	exit (10);
689	}
690	my $modify = $ldap->modify ( "$dn",
691	changes => [
692	replace => [userPassword => '{crypt}!x']
693	]
694	);
695	$modify->code && die "failed to modify entry: ", $modify->error ;
696
697	if (is_samba_user($user)) {
698	my $modify = $ldap->modify ( "$dn",
699	changes => [
700	replace => [sambaAcctFlags => '[D ]']
701	]
702	);
703	$modify->code && die "failed to modify entry: ", $modify->error ;
704	}
705	}
706
707	# delete_user($user)
708	sub delete_user
709	{
710	my $user = shift;
711	my $dn_line;
712
713	if (!defined($dn_line = get_user_dn($user))) {
714	print "$0: user $user doesn't exist\n";
715	exit (10);
716	}
717
718	my $dn = get_dn_from_line($dn_line);
719	my $modify = $ldap->delete("ou=addr,".$dn);
720	$modify = $ldap->delete($dn);
721	}
722
723	# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
724	sub group_add
725	{
726	my ($gname, $gid, $force) = @_;
727	my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
728	if ($nscd_status == 0) {
729	system "/etc/init.d/nscd stop > /dev/null 2>&1";
730	}
731	if (!defined($gid)) {
732	#while (defined(getgrgid($config{GID_START}))) {
733	# $config{GID_START}++;
734	#}
735	#$gid = $config{GID_START};
736	$gid=get_next_id($config{groupsdn},"gidNumber");
737	} else {
738	if (!defined($force)) {
739	if (defined(getgrgid($gid))) {
740	return undef;
741	}
742	}
743	}
744	if ($nscd_status == 0) {
745	system "/etc/init.d/nscd start > /dev/null 2>&1";
746	}
747	my $modify = $ldap->add ( "cn=$gname,$config{groupsdn}",
748	attrs => [
749	objectClass => [ 'top', 'posixGroup' ],
750	cn => "$gname",
751	gidNumber => "$gid"
752	]
753	);
754
755	$modify->code && die "failed to add entry: ", $modify->error ;
756	return $gid;
757	}
758
759	# $homedir = get_homedir ($user)
760	sub get_homedir
761	{
762	my $user = shift;
763	my $homeDir='';
764	my $entry;
765	my $mesg = $ldap->search (
766	base =>$config{usersdn},
767	scope => $config{scope},
768	filter => "(&(objectclass=posixAccount)(uid=$user))"
769	);
770	$mesg->code && die $mesg->error;
771
772	my $nb=$mesg->count;
773	if ($nb > 1) {
774	print "Aborting: there are $nb existing user named $user\n";
775	foreach $entry ($mesg->all_entries) {
776	my $dn=$entry->dn;
777	print " $dn\n";
778	}
779	exit (4);
780	} else {
781	$entry = $mesg->shift_entry();
782	$homeDir= $entry->get_value("homeDirectory");
783	}
784
785	chomp $homeDir;
786	if ($homeDir eq '') {
787	return undef;
788	}
789	return $homeDir;
790	}
791
792	# search for an user
793	sub read_user
794	{
795	my $user = shift;
796	my $lines ='';
797	my $mesg = $ldap->search ( # perform a search
798	base => $config{suffix},
799	scope => $config{scope},
800	filter => "(&(objectclass=posixAccount)(uid=$user))"
801	);
802
803	$mesg->code && die $mesg->error;
804	foreach my $entry ($mesg->all_entries) {
805	$lines.= "dn: " . $entry->dn."\n";
806	foreach my $attr ($entry->attributes) {
807	{
808	$lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
809	}
810	}
811	}
812	chomp $lines;
813	if ($lines eq '') {
814	return undef;
815	}
816	return $lines;
817	}
818
819	# search for a user
820	# return the attributes in an array
821	sub read_user_entry
822	{
823	my $user = shift;
824	my $mesg = $ldap->search ( # perform a search
825	base => $config{suffix},
826	scope => $config{scope},
827	filter => "(&(objectclass=posixAccount)(uid=$user))"
828	);
829
830	$mesg->code && die $mesg->error;
831	my $entry = $mesg->entry();
832	return $entry;
833	}
834
835	# search for a group
836	sub read_group
837	{
838	my $user = shift;
839	my $lines ='';
840	my $mesg = $ldap->search ( # perform a search
841	base => $config{groupsdn},
842	scope => $config{scope},
843	filter => "(&(objectclass=posixGroup)(cn=$user))"
844	);
845
846	$mesg->code && die $mesg->error;
847	foreach my $entry ($mesg->all_entries) {
848	$lines.= "dn: " . $entry->dn."\n";
849	foreach my $attr ($entry->attributes) {
850	{
851	$lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
852	}
853	}
854	}
855	chomp $lines;
856	if ($lines eq '') {
857	return undef;
858	}
859	return $lines;
860	}
861
862	# find groups of a given user
863	##### MODIFIE ########
864	sub find_groups_of {
865	my $user = shift;
866	my @groups = ();
867	my $mesg = $ldap->search ( # perform a search
868	base => $config{groupsdn},
869	scope => $config{scope},
870	filter => "(&(objectclass=posixGroup)(memberuid=$user))"
871	);
872	$mesg->code && die $mesg->error;
873
874	my $entry;
875	while ($entry = $mesg->shift_entry()) {
876	push(@groups, scalar($entry->get_value('cn')));
877	}
878	return (@groups);
879	}
880
881	sub read_group_entry {
882	my $group = shift;
883	my $entry;
884	my %res;
885	my $mesg = $ldap->search ( # perform a search
886	base => $config{groupsdn},
887	scope => $config{scope},
888	filter => "(&(objectclass=posixGroup)(cn=$group))"
889	);
890
891	$mesg->code && die $mesg->error;
892	my $nb=$mesg->count;
893	if ($nb > 1) {
894	print "Error: $nb groups exist \"cn=$group\"\n";
895	foreach $entry ($mesg->all_entries) {
896	my $dn=$entry->dn; print " $dn\n";
897	}
898	exit 11;
899	} else {
900	$entry = $mesg->shift_entry();
901	}
902	return $entry;
903	}
904
905	sub read_group_entry_gid {
906	my $group = shift;
907	my %res;
908	my $mesg = $ldap->search ( # perform a search
909	base => $config{groupsdn},
910	scope => $config{scope},
911	filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
912	);
913
914	$mesg->code && die $mesg->error;
915	my $entry = $mesg->shift_entry();
916	return $entry;
917	}
918
919	# return the gidnumber for a group given as name or gid
920	# -1 : bad group name
921	# -2 : bad gidnumber
922	sub parse_group
923	{
924	my $userGidNumber = shift;
925	if ($userGidNumber =~ /[^\d]/ ) {
926	my $gname = $userGidNumber;
927	my $gidnum = getgrnam($gname);
928	if ($gidnum !~ /\d+/) {
929	return -1;
930	} else {
931	$userGidNumber = $gidnum;
932	}
933	} elsif (!defined(getgrgid($userGidNumber))) {
934	return -2;
935	}
936	return $userGidNumber;
937	}
938
939	# remove $user from $group
940	sub group_remove_member
941	{
942	my ($group, $user) = @_;
943	my $members='';
944	my $grp_line = get_group_dn($group);
945	if (!defined($grp_line)) {
946	return 0;
947	}
948	my $dn = get_dn_from_line($grp_line);
949	# we test if the user exist in the group
950	my $is_member=is_group_member($dn,$user);
951	if ($is_member == 1) {
952	# delete only the user from the group
953	my $modify = $ldap->modify ( "$dn",
954	changes => [
955	delete => [memberUid => ["$user"]]
956	]
957	);
958	$modify->code && die "failed to delete entry: ", $modify->error ;
959	}
960	return 1;
961	}
962
963	sub group_get_members
964	{
965	my ($group) = @_;
966	my $members;
967	my @resultat;
968	my $grp_line = get_group_dn($group);
969	if (!defined($grp_line)) {
970	return 0;
971	}
972	my $mesg = $ldap->search (
973	base => $config{groupsdn},
974	scope => $config{scope},
975	filter => "(&(objectclass=posixgroup)(cn=$group))"
976	);
977	$mesg->code && die $mesg->error;
978	foreach my $entry ($mesg->all_entries) {
979	foreach my $attr ($entry->attributes) {
980	if ($attr=~/\bmemberUid\b/) {
981	foreach my $ent ($entry->get_value($attr)) {
982	push (@resultat,$ent);
983	}
984	}
985	}
986	}
987	return @resultat;
988	}
989
990	sub do_ldapmodify
991	{
992	my $ldif = shift;
993	my $FILE = "\|$config{ldapmodify} -r >/dev/null";
994	open (FILE, $FILE) \|\| die "$!\n";
995	print FILE <<EOF;
996	$ldif
997	EOF
998	;
999	close FILE;
1000	my $rc = $?;
1001	return $rc;
1002	}
1003
1004	sub group_type_by_name {
1005	my $type_name = shift;
1006	my %groupmap = (
1007	'domain' => 2,
1008	'local' => 4,
1009	'builtin' => 5
1010	);
1011	return $groupmap{$type_name};
1012	}
1013
1014	sub subst_user
1015	{
1016	my ($str, $username) = @_;
1017	$str =~ s/%U/$username/ if ($str);
1018	return($str);
1019	}
1020
1021	# all given mails are stored in a table (remove the comma separated)
1022	sub split_arg_comma {
1023	my $arg = shift;
1024	my @args;
1025	if (defined($arg)) {
1026	if ($arg eq '-') {
1027	@args = ( );
1028	} else {
1029	@args = split(/\s,\s/, $arg);
1030	}
1031	}
1032	return (@args);
1033	}
1034
1035	sub list_union {
1036	my ($list1, $list2) = @_;
1037	my @res = @$list1;
1038	foreach my $e (@$list2) {
1039	if (! grep($_ eq $e, @$list1)) {
1040	push(@res, $e);
1041	}
1042	}
1043	return @res;
1044	}
1045
1046	sub list_minus {
1047	my ($list1, $list2) = @_;
1048	my @res = ();
1049	foreach my $e (@$list1) {
1050	if (! grep( $_ eq $e, @$list2 )) {
1051	push(@res, $e);
1052	}
1053	}
1054	return @res;
1055	}
1056
1057	sub get_next_id($$) {
1058	my $ldap_base_dn = shift;
1059	my $attribute = shift;
1060	my $tries = 0;
1061	my $found=0;
1062	my $next_uid_mesg;
1063	my $nextuid;
1064	if ($ldap_base_dn =~ m/$config{usersdn}/i) {
1065	# when adding a new user, we'll check if the uidNumber available is not
1066	# already used for a computer's account
1067	$ldap_base_dn=$config{suffix}
1068	}
1069	do {
1070	$next_uid_mesg = $ldap->search(
1071	base => $config{sambaUnixIdPooldn},
1072	filter => "(objectClass=sambaUnixIdPool)",
1073	scope => "base"
1074	);
1075	$next_uid_mesg->code && die "Error looking for next uid";
1076	if ($next_uid_mesg->count != 1) {
1077	die "Could not find base dn, to get next $attribute";
1078	}
1079	my $entry = $next_uid_mesg->entry(0);
1080
1081	$nextuid = $entry->get_value($attribute);
1082	my $modify=$ldap->modify( "$config{sambaUnixIdPooldn}",
1083	changes => [
1084	replace => [ $attribute => $nextuid + 1 ]
1085	]
1086	);
1087	$modify->code && die "Error: ", $modify->error;
1088	# let's check if the id found is really free (in ou=Groups or ou=Users)...
1089	my $check_uid_mesg = $ldap->search(
1090	base => $ldap_base_dn,
1091	filter => "($attribute=$nextuid)",
1092	);
1093	$check_uid_mesg->code && die "Cannot confirm $attribute $nextuid is free";
1094	if ($check_uid_mesg->count == 0) {
1095	$found=1;
1096	return $nextuid;
1097	}
1098	$tries++;
1099	print "Cannot confirm $attribute $nextuid is free: checking for the next one\n"
1100	} while ($found != 1);
1101	die "Could not allocate $attribute!";
1102	}
1103
1104	sub utf8Encode {
1105	my $arg = shift;
1106
1107	return to_utf8(
1108	-string=> $arg,
1109	-charset => 'ISO-8859-1',
1110	);
1111	}
1112
1113	sub utf8Decode {
1114	my $arg = shift;
1115
1116	return from_utf8(
1117	-string=> $arg,
1118	-charset => 'ISO-8859-1',
1119	);
1120	}
1121
1122	1;
1123

Note: See TracBrowser for help on using the repository browser.

Download in other formats: