From 6957c1ab9c649da5bb0d88d6de72f572b0131013 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Pialasse <jpp@koozali.org>
Date: Thu, 5 Jun 2025 16:40:38 -0400
Subject: [PATCH] * Thu Jun 05 2025 Jean-Philippe Pialasse <jpp@koozali.org>
 11.0.0-32.sme - Replicate user accounts to samba Active Directory [SME:
 12799]

---
 .gitignore                                    |  1 +
 root/etc/e-smith/events/actions/update-passwd | 18 +++++++++++++++
 .../e-smith/events/actions/user-create-unix   | 19 +++++++++++++++
 .../e-smith/events/actions/user-delete-unix   | 17 ++++++++++++++
 .../e-smith/events/actions/user-lock-passwd   | 17 ++++++++++++++
 root/etc/e-smith/web/functions/userpassword   | 17 ++++++++++++++
 .../esmith/FormMagick/Panel/useraccounts.pm   | 23 +++++++++++++++++++
 smeserver-base.spec                           |  5 +++-
 8 files changed, 116 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 2c41660..d1c5c15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@
 *.tar.xz
 *.bak
 *gz
+*.patch
diff --git a/root/etc/e-smith/events/actions/update-passwd b/root/etc/e-smith/events/actions/update-passwd
index 542dba2..f0ac80c 100644
--- a/root/etc/e-smith/events/actions/update-passwd
+++ b/root/etc/e-smith/events/actions/update-passwd
@@ -28,6 +28,7 @@ use Errno;
 use esmith::AccountsDB;
 
 my $a = esmith::AccountsDB->open_ro or die "Could not open accounts db";
+my $c = esmith::ConfigDB->open_ro or die "Could not open configuration db";
 
 foreach my $u ($a->users)
 {
@@ -40,6 +41,23 @@ foreach my $u ($a->users)
 
 	system("/usr/bin/smbpasswd", "-d", $user) == 0
 	    or warn("Problem locking smbpassword for user $user\n");
+
+	my $serv = $c->get('samba') || '';
+	if (($serv eq 'service') && ($user ne 'administrator'))
+	{
+	my $samba = $c->get('samba')->prop('status') || 'disabled';
+	my $sambaip = $c->get('samba')->prop('SambaIP') || '';
+	my $sambapwd = $c->get('samba')->prop('Password') || '';
+	if ($sambaip eq '' || $sambapwd eq '')
+        {
+	    $samba = 'disabled';
+        }
+	if ($samba eq 'enabled')
+	{
+	system("/usr/bin/samba-tool", "user", "disable", "$user", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd") == 0
+	    or warn("Problem locking addc password for user $user\n");
+	}
+	}
     }
 }
 
diff --git a/root/etc/e-smith/events/actions/user-create-unix b/root/etc/e-smith/events/actions/user-create-unix
index a34842e..a0d6aa2 100755
--- a/root/etc/e-smith/events/actions/user-create-unix
+++ b/root/etc/e-smith/events/actions/user-create-unix
@@ -134,4 +134,23 @@ if ($ldapauth ne 'enabled')
 system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
     and ( $x = 255, warn "Could not lock (smb) password for $userName\n" );
 
+my $serv = $conf->get('samba') || '';
+if (($serv eq 'service') && ($userName ne 'administrator'))
+{
+my $samba = $conf->get('samba')->prop('status') || 'disabled';
+my $sambaip = $conf->get('samba')->prop('SambaIP') || '';
+my $sambapwd = $conf->get('samba')->prop('Password') || '';
+if ($sambaip eq '' || $sambapwd eq '')
+    {
+        $samba = 'disabled';
+    }
+if ($samba eq 'enabled')
+{
+system("/usr/bin/samba-tool", "user", "add", "$userName", "--random-password", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd")
+    and ( $x = 255, warn "Could not create (addc) user for $userName\n" );
+system("/usr/bin/samba-tool", "user", "disable", "$userName", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd")
+    and ( $x = 255, warn "Could not lock (addc) password for $userName\n" );
+}
+}
+
 exit ($x);
diff --git a/root/etc/e-smith/events/actions/user-delete-unix b/root/etc/e-smith/events/actions/user-delete-unix
index 4219a6e..bff541c 100755
--- a/root/etc/e-smith/events/actions/user-delete-unix
+++ b/root/etc/e-smith/events/actions/user-delete-unix
@@ -75,4 +75,21 @@ $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (lda
 $result = $ldap->ldapdelgroup($userName);
 $result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
 
+my $serv = $conf->get('samba') || '';
+if (($serv eq 'service') && ($userName ne 'administrator'))
+{
+my $samba = $conf->get('samba')->prop('status') || 'disabled';
+my $sambaip = $conf->get('samba')->prop('SambaIP') || '';
+my $sambapwd = $conf->get('samba')->prop('Password') || '';
+if ($sambaip eq '' || $sambapwd eq '')
+    {
+        $samba = 'disabled';
+    }
+if ($samba eq 'enabled')
+{
+system("/usr/bin/samba-tool", "user", "delete", "$userName", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd")
+    and ( $x = 255, warn "Failed to delete (addc) account $userName.\n" );
+}
+}
+
 exit ($x);
diff --git a/root/etc/e-smith/events/actions/user-lock-passwd b/root/etc/e-smith/events/actions/user-lock-passwd
index c680ff7..4c7cf79 100644
--- a/root/etc/e-smith/events/actions/user-lock-passwd
+++ b/root/etc/e-smith/events/actions/user-lock-passwd
@@ -78,6 +78,23 @@ sub lock_user
     {
         $conf->set_value('PasswordSet', 'no');
     }
+
+    my $serv = $conf->get('samba') || '';
+    if (($serv eq 'service') && ($userName ne 'administrator'))
+    {
+    my $samba = $conf->get('samba')->prop('status') || 'disabled';
+    my $sambaip = $conf->get('samba')->prop('SambaIP') || '';
+    my $sambapwd = $conf->get('samba')->prop('Password') || '';
+    if ($sambaip eq '' || $sambapwd eq '')
+    {
+        $samba = 'disabled';
+    }
+    if ($samba eq 'enabled')
+    {
+    system("/usr/bin/samba-tool", "user", "disable", "$userName", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd") == 0
+        or ( $x = 255, warn "Error locking (addc) account $userName" );
+    }
+    }
 }
 
 sub bad_password_users
diff --git a/root/etc/e-smith/web/functions/userpassword b/root/etc/e-smith/web/functions/userpassword
index 7e80ca2..35b0cdb 100644
--- a/root/etc/e-smith/web/functions/userpassword
+++ b/root/etc/e-smith/web/functions/userpassword
@@ -93,6 +93,23 @@ sub change_password {
     $accountdb = esmith::AccountsDB->open();
 
     $q->param(-name => 'status_message', -value => 'PASSWORD_CHANGE_SUCCESS');    
+
+    my $serv = $configdb->get('samba') || '';
+    if (($serv eq 'service') && ($acctName ne 'administrator'))
+    {
+    my $samba = $configdb->get('samba')->prop('status') || 'disabled';
+    my $sambaip = $configdb->get('samba')->prop('SambaIP') || '';
+    my $sambapwd = $configdb->get('samba')->prop('Password') || '';
+    if ($sambaip eq '' || $sambapwd eq '')
+    {
+        $samba = 'disabled';
+    }
+    if ($samba eq 'enabled')
+    {
+    system("/usr/bin/samba-tool", "user", "setpassword", "$acctName", "--newpassword=$pass", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd") == 0
+	or warn ("Error occured while modifying (addc) password for $acctName.\n" );
+    }
+    }
     return;
 }
 
diff --git a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/useraccounts.pm b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/useraccounts.pm
index 06ca5a3..6bd3e3e 100755
--- a/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/useraccounts.pm
+++ b/root/usr/share/perl5/vendor_perl/esmith/FormMagick/Panel/useraccounts.pm
@@ -911,6 +911,29 @@ sub reset_password {
 
         $self->success($self->localise('PASSWORD_CHANGE_SUCCEEDED',
             { acctName => $acctName}));
+
+	my $serv = $configdb->get('samba') || '';
+	if (($serv eq 'service') && ($acctName ne 'administrator'))
+	{
+	my $samba = $configdb->get('samba')->prop('status') || 'disabled';
+	my $sambaip = $configdb->get('samba')->prop('SambaIP') || '';
+	my $sambapwd = $configdb->get('samba')->prop('Password') || '';
+	if ($sambaip eq '' || $sambapwd eq '')
+	{
+	    $samba = 'disabled';
+	}
+	if ($samba eq 'enabled')
+	{
+	my $password = $self->{cgi}->param('password1');
+	unless (($password) = ($password =~ /^([ -~]+)$/ ))
+	{
+	    return $self->error('TAINTED_PASSWORD');
+	}
+	$password = $1;
+	system("/usr/bin/samba-tool", "user", "setpassword", "$acctName", "--newpassword=$password", "-H", "ldap://$sambaip", "--username=administrator", "--password=$sambapwd")  == 0
+	    or warn ("Error occured while modifying (addc) password for $acctName.\n" );
+	}
+	}
     }
     else
     {
diff --git a/smeserver-base.spec b/smeserver-base.spec
index 668541b..820e3d5 100644
--- a/smeserver-base.spec
+++ b/smeserver-base.spec
@@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
 %define name smeserver-base
 Name: %{name}
 %define version 11.0.0
-%define release 31
+%define release 32
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@@ -182,6 +182,9 @@ fi
 
 
 %changelog
+* Thu Jun 05 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-32.sme
+- Replicate user accounts to samba Active Directory [SME: 12799]
+
 * Sun Mar 16 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-31.sme
 - handle dh params with template [SME: 12826]
  TODO timer and event