smeserver-loginscript/root/usr/local/bin/generate_netlogon

240 lines
6.6 KiB
Plaintext
Raw Permalink Normal View History

#!/usr/bin/perl -w
my $netlogonTemplate = $ARGV[0];
my $netlogonFile = $ARGV[1];
my $curUser = $ARGV[2];
my $curMachine = $ARGV[3];
my $curArch = $ARGV[4];
my $time = $ARGV[5];
die "Netlogon template argument missing.\n" unless defined ($netlogonTemplate);
die "Netlogon file argument missing.\n" unless defined ($netlogonFile);
die "User argument missing.\n" unless defined ($curUser);
die "Machine argument missing.\n" unless defined ($curMachine);
die "Arch argument missing.\n" unless defined ($curArch);
die "Time argument missing.\n" unless defined ($time);
package esmith;
use strict;
use esmith::util;
BEGIN
{
# Clear PATH and related environment variables so that calls to
# external programs do not cause results to be tainted. See
# "perlsec" manual page for details.
$ENV {'PATH'} = '';
$ENV {'SHELL'} = '/bin/bash';
delete $ENV {'ENV'};
}
esmith::util::setRealToEffective ();
my %accounts;
tie %accounts, 'esmith::config', '/home/e-smith/db/accounts';
# ------------------------------------------------
# Open and read in the template netlogon.bat file.
# ------------------------------------------------
open ( INFILE, "< $netlogonTemplate" ) ||
die "Couldn't open the input file '$netlogonTemplate' : $!\n";
my @infile = <INFILE>;
close ( INFILE );
# --------------------------------------------------
# Open an output file for the generated batch script
# --------------------------------------------------
open ( NETLOGON, "> $netlogonFile" ) ||
die "Couldn't open the output batch file: '$netlogonFile' : $!\n";
print NETLOGON "\@REM $curUser logging in from a $curArch box \015\n";
print NETLOGON "\@REM called $curMachine on $time\015\n";
my $line;
my @activelevels = ( 1 );
my $level = 0;
foreach $line ( @infile )
{
if ( ( index $line, '#if' ) == 0 )
{
if ( $activelevels[ $level ] )
{
if ( ( index $line, '#ifg' ) == 0 )
{
$level++;
my $grouplist = $line;
### Clean the line and get a list of groups:
$grouplist =~ s/\#ifg|\s|\n|\015//g;
my @groups = split ( ',', $grouplist );
### Check if the curUser is in any of the groups:
$activelevels[ $level ] = 0;
my $group;
foreach $group ( @groups )
{
if ( !$activelevels[ $level ] )
{
$activelevels[ $level ] = isInGroup($curUser, $group);
}
}
### If the user is in the list, add a comment to the batch file:
if ( $activelevels[ $level ] )
{
print NETLOGON "REM $line";
}
}
elsif ( ( index $line, '#ifu' ) == 0 )
{
$level++;
my $userlist = $line;
### Clean the line and get a list of users:
$userlist =~ s/\#ifu|\s|\n|\015//g;
my @users = split ( ',', $userlist );
### Check if the curUser matches any in the list:
$activelevels[ $level ] = 0;
my $user;
foreach $user ( @users )
{
if ( !$activelevels[ $level ] )
{
$activelevels[ $level ] = ( $curUser eq $user );
}
}
### If the user is in the list, add a comment to the batch file:
if ( $activelevels[ $level ] )
{
print NETLOGON "REM $line";
}
}
elsif ( ( index $line, '#ifm' ) == 0 )
{
$level++;
my $machinelist = $line;
### Clean the line and get a list of machines:
$machinelist =~ s/\#ifm|\s|\n|\015//g;
my @machines = split ( ',', $machinelist );
### Check if the curMachine matches any in the list:
$activelevels[ $level ] = 0;
my $machine;
foreach $machine ( @machines )
{
if ( !$activelevels[ $level ] )
{
$activelevels[ $level ] = ( $curMachine eq $machine );
}
}
### If the machine is in the list, add a comment to the batch file:
if ( $activelevels[ $level ] )
{
print NETLOGON "REM $line";
}
}
elsif ( ( index $line, '#ifa' ) == 0 )
{
$level++;
my $archlist = $line;
### Clean the line and get a list of architectures:
$archlist =~ s/\#ifa|\s|\n|\015//g;
my @archs = split ( ',', $archlist );
### Check if the curArch matches any in the list:
$activelevels[ $level ] = 0;
my $arch;
foreach $arch ( @archs )
{
if ( !$activelevels[ $level ] )
{
$activelevels[ $level ] = ( $curArch eq $arch );
}
}
### If the arch is in the list, add a comment to the batch file:
if ( $activelevels[ $level ] )
{
print NETLOGON "REM $line";
}
}
else
{
die "Unknown '#if' statement found!\n";
}
}
else
{
$level++;
$activelevels[ $level ] = 0;
}
}
elsif ( ( index $line, '#endif' ) == 0 )
{
die "Stray '#endif' found!\n" unless ( $level > 0 );
if ( $activelevels[ $level ] )
{
print NETLOGON "REM $line";
}
$level--;
}
elsif ( $activelevels[ $level ] )
{
print NETLOGON "$line";
}
}
die "Not enough '#endif' lines in template!\n" unless $level == 0;
close ( NETLOGON );
chmod ( 0744, "$netlogonFile" );
exit (0);
# --------------------------------------------------
# Subroutine to check if a given user is in a group:
# --------------------------------------------------
sub isInGroup($$)
{
my ($user, $group) = @_;
my $value = $accounts{$group};
if ( defined ($value) )
{
my ($type, %properties) = split (/\|/, $value);
if ($type eq 'group')
{
my @members = split (/,/, $properties {'Members'});
my $member;
# TODO: grep (/^$user$/, @members)
foreach $member ( @members )
{
if ( $member eq $user )
{
return 1;
}
}
}
}
return 0;
}