3 # 05/01/2005 - 18:07:10
5 # mklogon.pl - Login Script Generator
6 # Copyright (C) 2005 Ricky Nance
7 # ricky.nance@gmail.com
8 # http://www.weaubleau.k12.mo.us/~rnance/samba/mklogon.txt
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with this program; if not, write to the Free Software
22 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25 # Version: 1.0 (Stable)
29 # Working on logging to the system logs, Logs user activity, but not errors yet.
34 eval { require Config
::Simple
; };
37 print( "It appears as though you don't have the Config Simple perl module installed.\n" );
38 print("The package is typically called 'Config::Simple' \n");
39 print("and it needs to be installed, before you can use this utility\n");
40 print("Most PERL installations will allow you to use a command like\n");
41 print("\ncpan -i Config::Simple\n");
42 print("from the command line while logged in as the root user.\n");
47 # use Data::Dumper; #Used for debugging purposes
49 # This variable should point to the external conf file, personally I would set
50 # it to /etc/samba/mklogon.conf
53 foreach my $dir ( ( '/etc', '/etc/samba', '/usr/local/samba/lib' ) ) {
54 if ( -e
"$dir/mklogon.conf" ) {
55 $configfile = "$dir/mklogon.conf";
60 # This section will come directly from the samba server. Basically it just makes the script easier to read.
61 my $getopts = GetOptions
(
62 'u|username=s' => \
my $user,
63 'm|machine=s' => \
my $machine,
64 's|servername=s' => \
my $server,
65 'o|ostype=s' => \
my $os,
67 'd|date=s' => \
my $smbdate,
68 'h|help|?' => \
my $help
76 # We want the program to error out if its missing an argument.
77 if ( !defined($user) ) { error
("username"); }
78 if ( !defined($machine) ) { error
("machine name") }
79 if ( !defined($server) ) { error
("server name") }
80 if ( !defined($os) ) { error
("operating system") }
81 if ( !defined($ip) ) { error
("ip address") }
82 if ( !defined($smbdate) ) { error
("date") }
84 # This section will be read from the external config file
85 my $cfg = new Config
::Simple
($configfile) or die "Could not find $configfile";
87 # Read this part from the samba config
88 my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst ) = localtime(time);
89 my $sambaconf = $cfg->param("global.sambaconf") or die "Couldn't find your samba config! \n";
90 my $smbcfg = new Config
::Simple
( filename
=> $sambaconf, syntax
=> "ini" );
91 my $smbprof = $smbcfg->param("profiles.path");
92 my $smbnetlogdir = $smbcfg->param("netlogon.path");
93 my $logging = lc( $cfg->param("global.logging") );
94 my $mkprofile = lc( $cfg->param("global.mkprofile") );
95 my $logdir = $cfg->param("global.logdir");
96 my $logfile = $cfg->param("global.logfile");
97 my $logs = "$logdir\/$logfile";
98 my $logtype = $cfg->param("global.logtype");
99 my $usermap = "usermap.$user";
100 my $osmap = "os.$os";
101 my @ostype = $cfg->param($osmap);
102 my @username = $cfg->param($usermap);
103 my $compname = $cfg->param( -block
=> "machines" );
104 my $ipname = $cfg->param( -block
=> "ip" );
105 my $timesync = $cfg->param("global.timesync");
106 my $altserver = $cfg->param("global.servername");
107 if ( defined($altserver) ) { $server = $altserver; }
108 $server = uc($server);
110 # Lets start logging stuff if it is turned on in the config
111 if ( $logging =~ m/on|yes|1/i ) {
112 if ($logtype =~ m/file/i) {
113 print "----- Logging is turned on in the config. -----\n";
114 print "----- Location of the logfile is \"$logs\" -----\n";
116 printf LOG
"Date: $smbdate Time: ";
117 printf LOG
'%02d', $hour;
119 printf LOG
'%02d', $min;
121 printf LOG
'%02d', $sec;
122 print LOG
" -- User: $user - Machine: $machine - IP: $ip -- \n";
124 } elsif ($logtype =~ m/syslog|system/i){
126 my $alert = "User: $user Logged into $machine ($ip) at $hour:$min.$sec on $smbdate.";
127 openlog
($0, 'cons', 'user');
128 syslog
('alert', $alert);
133 print "----- Logging is turned off in the config. -----\n";
136 # If the user wants to make profiles with this script lets go
137 if ( defined($smbprof) ) {
138 if ( $mkprofile =~ m/on|yes|1/i ) {
139 print "----- Automatic making of user profiles is turned on in the config. ----- \n";
140 ( my $login, my $pass, my $uid, my $gid ) = getpwnam($user)
141 or die "$user not in passwd file \n";
142 $smbprof =~ s/\%U/$user/g;
143 my $dir2 = "$smbprof\/$user";
147 print "Creating " . $user . "'s profile with a uid of $uid\n";
151 # chown $uid, $gid, $smbprof;
152 chown $uid, $gid, $dir2;
154 print $user . "'s profile already exists \n";
157 print "----- Automatic making of user profiles is turned off in the config. ----- \n";
161 # Lets start making the batch files.
162 open LOGON
, ">$smbnetlogdir\/$user.bat" or die "Unable to create userfile $smbnetlogdir\/$user.bat";
163 print LOGON
"\@ECHO OFF \r\n";
165 if ( $timesync =~ m/on|yes|1/i ) {
166 print LOGON
"NET TIME /SET /YES \\\\$server \r\n";
168 print "----- Time syncing to the client is turned off in the config. -----\n";
171 # Mapping from the common section
172 my $common = $cfg->param( -block
=> "common" );
173 for my $key ( keys %$common ) {
174 drive_map
( @
{ $common->{$key} } );
177 my @perform_common = $cfg->param("performcommands.common");
178 if ( defined( $perform_common[0] ) ) {
179 foreach (@perform_common) {
180 print LOGON
"$_ \r\n";
184 # Map shares on a per user basis.
185 drive_map
(@username);
187 # Map shares based on the Operating System.
190 # Map shares only if they are in a group
191 # This line checks against the unix "groups" command, to see the secondary groups of a user.
192 my @usergroups = split( /\s/, do { open my $groups, "-|", groups
=> $user; <$groups> } );
193 foreach (@usergroups) {
194 my $groupmap = "groupmap.$_";
195 my @groupname = $cfg->param($groupmap);
196 drive_map
(@groupname);
199 #Here is where we check the machine name against the config...
200 for my $key ( keys %$compname ) {
201 my $test = $compname->{$key};
202 if ( ref $test eq 'ARRAY' ) {
204 if ( $_ eq $machine ) {
205 my $performit = $cfg->param("performcommands.$key");
206 if ( defined($performit) ) {
207 if ( ref $performit ) {
208 foreach (@
$performit) { print LOGON
"$_ \r\n"; }
210 print LOGON
"$performit \r\n";
216 elsif ( $test eq $machine ) {
217 my $performit = $cfg->param("performcommands.$key");
218 if ( defined($performit) ) {
219 if ( ref $performit ) {
220 foreach (@
$performit) { print LOGON
"$_ \r\n"; }
222 print LOGON
"$performit \r\n";
228 # Here is where we test the ip address against the client to see if they have "Special Mapping"
229 # A huge portion of the ip matching code was made by
230 # Carsten Schaub (rcsu in the #samba chan on freenode.net)
233 for my $key ( sort keys %$ipname ) {
234 if ( ref $ipname->{$key} eq 'ARRAY' ) {
235 foreach ( @
{ $ipname->{$key} } ) {
236 getipval
( $_, $key );
239 getipval
( $ipname->{$key}, $key );
244 my ( $range, $rangename ) = @_;
245 if ( parse
( $ip, ipmap
($range) ) ) {
246 if ( $val eq 'true' ) {
247 my $performit = $cfg->param("performcommands.$rangename");
248 if ( defined($performit) ) {
249 if ( ref $performit ) {
250 foreach (@
$performit) { print LOGON
"$_ \r\n"; }
252 print LOGON
"$performit \r\n";
255 } elsif ( $val eq 'false' ) {
263 my ( $iprange, $iprange2, $ipmask );
264 if ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d
{1,2})$/ ) {
266 $iprange = pack( "U4", $1, $2, $3, $4 );
267 $ipmask = pack( "U4", 0, 0, 0, 0 );
269 for ( my $i = 0 ; $i < $numbits ; $i++ ) {
270 vec( $ipmask, int( $i / 8 ) * 8 + ( 8 - ( $i % 8 ) ) - 1, 1 ) = 1;
272 $iprange &= "$ipmask";
273 } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\/(\d
{1,3})\
.(\d
{1,3})\
.(\d
{1,3})\
.(\d
{1,3})/ ) {
274 # 1.1.1.1/255.255.255.255 notation
275 $iprange = pack( "U4", $1, $2, $3, $4 );
276 $ipmask = pack( "U4", $5, $6, $7, $8 );
277 $iprange &= "$ipmask";
278 } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
280 $iprange = pack( "U4", $1, $2, $3, $4 );
281 $ipmask = pack( "U4", 255, 255, 255, 255 );
282 } elsif ( $pattern =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})\s*\-\s*(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
283 # 1.1.1.1 - 2.2.2.2 notation
284 $iprange = pack( "U4", $1, $2, $3, $4 );
285 $iprange2 = pack( "U4", $5, $6, $7, $8 );
286 $ipmask = pack( "U4", 255, 255, 255, 255 );
290 return $iprange, $ipmask, $iprange2;
294 my ( $origip, $ipbase, $ipmask, $iprange2 ) = @_;
295 $origip =~ m/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/;
296 $origip = pack( "U4", $1, $2, $3, $4 );
297 if ( defined($iprange2) ) {
298 if ( $ipbase le $origip && $origip le $iprange2 ) {
299 return $val = 'true';
301 return $val = 'false';
303 } elsif ( ( "$origip" & "$ipmask" ) eq $ipbase ) {
304 return $val = 'true';
306 return $val = 'false';
310 # This sub will distinguish the drive mappings
313 for ( my $i = 0 ; $i < scalar(@data) ; ) {
314 if ( $data[$i] =~ m/^[a-z]\:$/i ) {
315 my $driveletter = $data[$i];
317 my $sharename = $data[$i];
319 if ( $sharename eq '/home' ) {
320 print LOGON
uc("NET USE $driveletter \\\\$server\\$user \/Y \r\n");
323 uc("NET USE $driveletter \\\\$server\\$sharename \/Y \r\n");
326 print LOGON
uc("$data[$i] \r\n");
337 print "\n\tCritical!!! \n\n\tNo $var specified\n\n\tYou must specify a $var.\n\n";
349 -h
,--help This help screen
.
351 -u
,--username The name of the user from the samba server
.
353 -m
,--machinename The name of the client connecting to the server
.
355 -s
,--server The name of the server this script is running
in.
357 -o
,--os The clients OS
-- Windows
95/98/ME
(Win95
), Windows NT
(WinNT
),
358 Windows
2000 (Win2K
), Windows XP
(WinXP
), and Windows
2003
359 (Win2K3
). Anything
else will be known as
``UNKNOWN
''
360 That snippet is directly from man smb
.conf
.
362 -i
,--ip The clients IP address
.
364 -d
,--date Time
and Date returned from the samba server
.
371 All options MUST be specified
.
373 The mklogon
.conf file MUST be located
in /etc, /etc
/samba
, or
374 /usr/local/samba/lib
.
376 To
use this file from the command line
:
377 $0 -u User
-m machine
-s servername
-o ostype
-i X
.X
.X
.X
-d MM
/DD/YY
379 To
use this file from the samba server add these lines to your
/etc/samba
/smb
.conf
:
382 This line goes
in the
[global
] section
383 login script
= %U.bat
385 This line should be at the end of the
[netlogon
] section
.
386 root preexec
= /path/to
/mklogon
.pl
-u
%U -m
%m -s
%L -o
%a -i
%I -d
%t
