mirror of
https://github.com/samba-team/samba.git
synced 2025-01-10 01:18:15 +03:00
146 lines
3.0 KiB
Perl
Executable File
146 lines
3.0 KiB
Perl
Executable File
#!/usr/bin/perl -w
|
|
# simple hack script to add a new user for Samba4
|
|
|
|
|
|
use strict;
|
|
use Socket;
|
|
use Getopt::Long;
|
|
|
|
my $opt_password;
|
|
my $opt_username;
|
|
my $opt_unixname;
|
|
my $opt_samdb = "/usr/local/samba/private/sam.ldb";
|
|
|
|
|
|
# generate a random guid. Not a good algorithm.
|
|
sub randguid()
|
|
{
|
|
my $r1 = int(rand(2**32));
|
|
my $r2 = int(rand(2**16));
|
|
my $r3 = int(rand(2**16));
|
|
my $r4 = int(rand(2**16));
|
|
my $r5 = int(rand(2**32));
|
|
my $r6 = int(rand(2**16));
|
|
return sprintf("%08x-%04x-%04x-%04x-%08x%04x", $r1, $r2, $r3, $r4, $r5, $r6);
|
|
}
|
|
|
|
# generate a random password. Poor algorithm :(
|
|
sub randpass()
|
|
{
|
|
my $pass = "";
|
|
my $chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%\$!~";
|
|
for (my $i=0;$i<8;$i++) {
|
|
my $c = int(rand(length($chars)));
|
|
$pass .= substr($chars, $c, 1);
|
|
}
|
|
return $pass;
|
|
}
|
|
|
|
sub search($$)
|
|
{
|
|
my $expr = shift;
|
|
my $attrib = shift;
|
|
my $res = `ldbsearch \"$expr\" $attrib | grep ^$attrib | cut -d' ' -f2- | head -1`;
|
|
chomp $res;
|
|
return $res;
|
|
}
|
|
|
|
############################################
|
|
# show some help
|
|
sub ShowHelp()
|
|
{
|
|
print "
|
|
Samba4 newuser
|
|
|
|
provision.pl [options]
|
|
--username USERNAME choose new username
|
|
--password PASSWORD set password
|
|
--samdb DBPATH path to sam.ldb
|
|
|
|
You must provide at least a username
|
|
|
|
";
|
|
exit(1);
|
|
}
|
|
|
|
my $opt_help;
|
|
|
|
GetOptions(
|
|
'help|h|?' => \$opt_help,
|
|
'username=s' => \$opt_username,
|
|
'unixname=s' => \$opt_unixname,
|
|
'password=s' => \$opt_password,
|
|
'samdb=s' => \$opt_samdb
|
|
);
|
|
|
|
if ($opt_help || !$opt_username) {
|
|
ShowHelp();
|
|
}
|
|
|
|
if (!$opt_password) {
|
|
$opt_password = randpass();
|
|
print "chose random password '$opt_password'\n";
|
|
}
|
|
|
|
if (!$opt_unixname) {
|
|
$opt_unixname = $opt_username;
|
|
}
|
|
|
|
my $res = "";
|
|
|
|
# allow provisioning to be run from the source directory
|
|
$ENV{"PATH"} .= ":bin";
|
|
|
|
$ENV{"LDB_URL"} = $opt_samdb;
|
|
|
|
my $domain_sid = search("(objectClass=domainDNS)", "objectSid");
|
|
my $domain_dn = search("(objectClass=domainDNS)", "dn");
|
|
|
|
my $ldif = `ldbsearch 'cn=TemplateUser' | grep -v Template | grep -v '^#'`;
|
|
chomp $ldif;
|
|
|
|
my $sid;
|
|
|
|
# crude way of working out a rid
|
|
for (my $i=1001;$i<1100;$i++) {
|
|
if (search("objectSid=$domain_sid-$i","objectSid") eq "") {
|
|
$sid = "$domain_sid-$i";
|
|
last;
|
|
}
|
|
}
|
|
|
|
print "Chose new SID $sid\n";
|
|
|
|
my $dom_users = search("name=Domain Users", "dn");
|
|
|
|
|
|
$ldif .= "sAMAccountName: $opt_username\n";
|
|
$ldif .= "name: $opt_username\n";
|
|
$ldif .= "objectSid: $sid\n";
|
|
$ldif .= "objectGUID: " . randguid() . "\n";
|
|
$ldif .= "memberOf: $dom_users\n";
|
|
$ldif .= "userAccountControl: 0x10200\n";
|
|
$ldif .= "sAMAccountType: 0x30000000\n";
|
|
$ldif .= "objectClass: user\n";
|
|
$ldif .= "unicodePwd: $opt_password\n";
|
|
$ldif .= "unixName: $opt_unixname\n";
|
|
|
|
my $user_dn = "CN=$opt_username,CN=Users,$domain_dn";
|
|
|
|
open FILE, ">newuser.ldif";
|
|
print FILE "dn: $user_dn";
|
|
print FILE "$ldif\n";
|
|
close FILE;
|
|
|
|
open FILE, ">modgroup.ldif";
|
|
print FILE "
|
|
dn: CN=Domain Users,CN=Users,$domain_dn
|
|
changetype: modify
|
|
add: member
|
|
member: $user_dn
|
|
";
|
|
close FILE;
|
|
|
|
system("ldbadd newuser.ldif");
|
|
system("ldbmodify modgroup.ldif");
|