BzzWare AS, Norway
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
/***************************************************************************
* parse_samba_conf - parses the smb.conf on the machin lwat is running from
* check_samba_conf - Check if samba is configured somewhat correctly
* check_or_create - Check if some objects exists, or try to create them
***************************************************************************/
/***************************************************************************
* parse_samba_conf - parses the smb.conf on the machin lwat is running from
***************************************************************************/
function parse_samba_conf () {
$sambaconffile= @file ('/etc/samba/smb.conf') ;
$section = "empty";
$sambaconf = array () ;
if (empty ($sambaconffile)) return $sambaconf ;
foreach ($sambaconffile as $lines) {
$newline = trim ($lines) ;
switch ($newline[0]) {
case "#":
case ";":
case "";
break ;
case "[";
$section = strtolower(substr($newline, 1, strlen($newline) - 2)) ;
$sambaconf[$section] = array () ;
break ;
default:
list ($key, $value) = explode (" = ", $newline, 2);
$sambaconf[$section][strtolower(trim ($key))] = trim ($value) ;
break ;
}
}
return $sambaconf ;
}
/***************************************************************************
* check_samba_conf - Check if samba is configured somewhat correctly
*****************
* Arguments
* ldap - ldap connection
* base - search base for ldap queries
* authenticated - True if there is already an authenticated connection
* foundbase - If base is found in the ldap db
* smbAdmPW - Samba Adminstrator password
*****************
* return imidiatly if this function has already run
* Set variable to remember that function already has run
* Parse local samba config (may it can help us ...)
* set up search for ldap information from ldapDB
***************************************************************************/
function check_samba ($ldap, $base, $authenticated,
$foundbase = true, $smbAdmPW) {
global $samba_checked, $ldaphost, $groupprefix, $hostprefix;
if ($samba_checked) return ;
$samba_checked = true ;
$sambaconf = parse_samba_conf () ;
$want = array ('sambaDomainName', 'sambaSID') ;
$filter = ('objectClass=sambaDomain') ;
$result = ldap_search ($ldap, $base, $filter, $want) ;
$entries = ldap_get_entries ($ldap, $result) ;
$workgroup = $sambaconf["global"]["workgroup"] ;
switch ($entries[count]) {
case 1:
$workgroup = $entries[0]['sambadomainname'][0] ;
$sambaSID = $entries[0]['sambasid'][0] ;
break ;
}
$ldapSambaAdmin = $sambaconf["global"]["ldap admin dn"] ;
$want = array ("cn", "description") ;
$filter = "(&(objectClass=simpleSecurityObject)(description=samba administrator))" ;
$result = ldap_search ($ldap, $base, $filter, $want) ;
if ($result) {
$entries = ldap_get_entries ($ldap, $result) ;
$ldapSambaAdmin = $entries[0]["dn"];
$found = true ;
}
if (!$ldapSambaAdmin) {
$ldapSambaAdmin = "cn=smbadmin,$base" ;
$found=false ;
}
if ($found) {
$want = array ("cn", "description") ;
list ( $filter, $rest) = explode (",", $ldapSambaAdmin, 2) ;
$result = ldap_search ($ldap, $rest, $filter, $want) ;
if ($result) {
$entries = ldap_get_entries ($ldap, $result) ;
$ldapSambaAdmin = $entries[0]["dn"];
} else {
unset ($entries) ;
}
if (!$ldapSambaAdmin) {
$found=false ;
} else $found=true ;
}
printf ("\n") ;
printf ("\n") ;
printf ("
\n") ;
$want = array("sambaDomainName", "sambaSID") ;
$filter = "sambaDomainname=$workgroup" ;
$result = ldap_search ($ldap, $base, $filter, $want) ;
if ($result) {
$entries = ldap_get_entries ($ldap, $result) ;
} else {
unset ($entries) ;
}
printf ("\n") ;
printf ("\n") ;
printf ("
\n") ;
printf ("\n") ;
printf ("| ldap config for /etc/samba/smb.conf | \n") ;
printf ("
\n") ;
printf ("\n") ;
printf (" | \n") ;
printf ("\n") ;
printf ("passdb backend = ldapsam:ldap://%s
\n", $ldaphost) ;
printf ("ldap suffix = %s
\n", $base) ;
printf ("ldap group suffix = %s
\n", $groupprefix) ;
printf ("ldap machine suffix = %s
\n", $hostprefix) ;
printf ("ldap admin dn = %s
\n", $ldapSambaAdmin) ;
printf ("ldap ssl = start_tls
\n") ;
printf (" | \n") ;
printf ("
\n") ;
}
/***************************************************************************
* check_or_create - Check if some objects exists, or try to create them
***************************************************************************/
function check_or_create ($ldap, $base, $check, $prompt, $authenticated,
$foundbase = true) {
printf ("\n") ;
if (empty($check)) {
printf ("| %s: | %s | \n", $prompt, $base) ;
$filter = substr ($base, 0, strpos ($base, ",")) ;
} else {
printf ("%s: | %s | \n", $prompt, $check) ;
$filter = $check ;
}
$want = array(substr ($filter, 0, strpos ($filter, "="))) ;
$result = ldap_search ($ldap, $base, $filter, $want) ;
if ($result) {
$entries = ldap_get_entries ($ldap, $result) ;
} else {
unset ($entries) ;
}
if (empty ($check))
$check = $base ;
else
$check = sprintf ("%s,%s", $check, $base) ;
if ($entries[0]["dn"] == $check)
printf ("OK | \n") ;
elseif (!$foundbase) printf ("no base, unable to check | ") ;
elseif ($authenticated) {
printf (" | \n") ;
} else {
printf ("%s | \n", _("Not found, please log in"));
$foundbase = false ;
}
printf ("
\n") ;
return $foundbase ;
}
require_once ('functions.php') ;
require('/usr/share/php/smarty/Smarty.class.php') ;
ob_start () ;
loadConfig () ;
loadLocale () ;
session_start() ;
$key = lwat_key () ;
$ldap = lwat_ldap ();
$authenticated = lwat_login ($ldap, readkey("admindn"),
readkey ("adminpw"), $key) ;
switch (readkey("create")) {
case "base":
$info["objectClass"] = array ("top", "dcObject", "organization") ;
$info["o"] = $base ;
$cn = array_slice (ldap_explode_dn($base,0), 1,1);
$cn = explode ("=", $cn[0]) ;
$info[$cn[0]] = $cn[1] ;
ldap_add ($ldap, $base, $info) ;
break ;
case "groupprefix":
case "authprefix":
case "hostprefix":
case "netgroupprefix":
case "automountprefix":
case "variablesprefix":
case "From template":
$info["objectClass"] = array ("top", "organizationalUnit") ;
$value = explode ("=", readkey("value")) ;
$info[$value[0]] = $value[1] ;
if (!ldap_add ($ldap, readkey ("dn"), $info))
debug (array ('dn' => readkey("dn"), 'info' => $info)) ;
break ;
case "smbAdmPW":
$sambaAdmin = readkey ('sambaAdmin') ;
$smbAdmPW = pwgen () ;
$info["userPassword"] = cryptgen($smbAdmPW) ;
if (!ldap_modify ($ldap, "$sambaAdmin", $info))
debug (array ('dn' => "cn=$sambaAdmin", 'info' => $info)) ;
break ;
case "ldapSambaAdmin":
$smbAdmPW = pwgen () ;
$info["objectClass"] = array ("top", "organizationalRole", "simpleSecurityObject") ;
$sambaAdmin = readkey ("sambaAdmin") ;
$info["description"] = "Samba Administrator" ;
$info["userPassword"] = cryptgen($smbAdmPW) ;
$info["cn"] = substr($sambaAdmin, 3, strpos ($sambaAdmin, "," ) - 3) ;
if (!ldap_add ($ldap, "$sambaAdmin", $info))
debug (array ('dn' => "cn=$sambaAdmin", 'info' => $info)) ;
break ;
case "sambaDomainName":
$info["objectClass"] = array ("sambaDomain") ;
$info["sambaAlgorithmicRidbase"] = "1000" ;
$domainName = readkey ("domainName") ;
$info["sambaDomainName"] = $domainName ;
$info["sambaSID"] = readkey ("sid");
if (!ldap_add ($ldap, "sambaDomainName=$domainName,$base", $info))
debug (array ('dn' => "sambaDomainName=$domainName,$base", 'info' => $info)) ;
break ;
case "":
break ;
default:
debug ($_POST) ;
}
$want = array (dn) ;
$basedn = (ldap_explode_dn ($base, 0)) ;
printf ("\n") ;
$foundbase = check_or_create ($ldap, $base, "", "base", $authenticated) ;
if (isset ($groupprefix))
check_or_create ($ldap, $base, $groupprefix, "groupprefix",
$authenticated, $foundbase) ;
if ($useLisGroup === false && isset ($authprefix))
check_or_create ($ldap, $base, $authprefix, "authprefix",
$authenticated, $foundbase) ;
if (isset ($hostprefix))
check_or_create ($ldap, $base, $hostprefix, "hostprefix",
$authenticated, $foundbase) ;
if (isset ($netgroupprefix))
check_or_create ($ldap, $base, $netgroupprefix, "netgroupprefix",
$authenticated, $foundbase) ;
printf ("| useLisGroup: | %s |
\n", ($useLisGroup ? "true" : "false") ) ;
if (isset ($variablesprefix))
check_or_create ($ldap, $base, $variablesprefix,
"variablesprefix", $authenticated, $foundbase) ;
if (isset ($automountprefix))
check_or_create ($ldap, $base, $automountprefix,
"automountprefix", $authenticated, $foundbase) ;
$templates = parse_ini_file ('/etc/lliurex-lwat/admin.ini', true) ;
foreach ($templates as $name => $template) {
$found=strpos ($template["objectClass"], "sambaSamAccount") ;
if ($found !== false)
check_samba ($ldap, $base, $authenticated, $foundbase, $smbAdmPW) ;
}
foreach ($templates as $name => $template) {
$found=strpos ($template["ou"], ",%base%") ;
if ($found !== false)
check_or_create ($ldap, $base, substr ($template["ou"], 0,$found),
"From template", $authenticated, $foundbase) ;
}
printf ("
\n") ;
printf ("\n") ;
}
ldap_close ($ldap);
?>