samba - Jul 1998 - Synchronize Unix/SMB passwords with 'synchpasswd'

Hi,

        It's been a while since I created my smbpasswd file, and therefore
it is
no longer in synch with my Unix file.  I've added and removed users over
time,
and now I need a way to update the 'smbpasswd' file without losing the
encrypted passwords that are already in place (ie. I don't want to just run
'makesmbpasswd.sh' again).

        So, I've written the included Perl script to do just that.  This
script,
'synchpasswd', will add all of the new users from your Unix password
file to
your SMB password file.  In addition, system users will be removed, as well as
any accounts that are no longer valid (ie. removed Unix accounts that are
still
in smbpasswd).

        You will need the 'addtosmbpass' script, and it is assumed that
your
original password file was created with the 'makesmbpasswd.sh' script. 
If
not,
then modify the code where it skips the top 3 header lines of the smbpasswd
file.

Cheers,
-- Shawn Clifford


----------  Cut here   --------------

#!/usr/local/bin/perl
# 
# Title: synchpasswd 
# Author: Shawn A. Clifford <sac@nuphase.com> 
# Date: 2-July-1998 
# Purpose: Adds all users in the Unix password file to the SMB 
# password file. If the user is already listed in 
# the SMB password, then no change is made to that entry. 
# All invalid accounts, either no longer present or system 
# accounts, will be removed from the SMB password file.
# It is assumed that the SMB password file was created with
# the 'maksmbpasswd.sh' script, because the top 3 lines of
# the smbpasswd file are omitted as header.
# 
# Externals: Michal Jaegermann's 'addtosmbpass' awk/nawk script, 
# included in the Samba distribution. Look in the 
# Samba binaries directory. Eg. /usr/local/samba/bin 
# 
# Disclaimer: I am not an expert Perl programmer. So this is perhaps 
# a brutish way to achieve our goal. Please feel free 
# to modify this script. I'd appreciate an email of any 
# revisions you make. 
# 
# I take no responsibility for any "adverse" behavior of 
# this script. USE AT YOUR OWN RISK !! 
#
# 
# Modify these definitions to match your site's installation, and 
# your preferences. 
# 
$smb_passwd = "/usr/local/samba/private/smbpasswd" 
$add_script = "/usr/local/samba/bin/addtosmbpass" 
$private_dir = "/usr/local/samba/bin/private" 
$system_id = 99; # Remove user ID's below this value from SMB
# 
# Let's go... 
# 
use Text::ParseWords; # For the 'quotewords' function 
chdir($private_dir);
# 
# Scan through /etc/passwd. Create an array of names to pass to 
# 'addtosmbpass', but omit all system accounts. 
# 
printf("\nCreating a list of Unix users:\n"); 
setpwent; # Initialize the scan 
while (@list = getpwent) { # Fetch the next entry 
($login,$uid) = @list[0,2]; # Grab login name and uid 
if ($uid <= $system_id) { 
printf ("\tOmmitting $login ...\n"); 
} else { 
@USERS = (@USERS, "$login"); 
} 
} 
endpwent; # End of scan
# 
# Add the users 
# 
printf ("\nMerging new users ...\n"); 
unless (fork) { 
exec "$add_script @USERS < $smb_passwd > synch.tmp" 
} 
wait; # Parent waits for child to complete
# 
# Remove all invalid entries from 'synch.tmp'. I check the uid again 
# because the SMB password file may have these entries from before. 
# 
printf ("\nRemoving invalid accounts:\n"); 
open(IN, 'synch.tmp') || die "Can't open temp file:
synch.tmp"
open(OUT, '>synch.out') || die "Can't create output file:
synch.out"
$dummy = <IN> 
$dummy = <IN> # Skip the first 3 lines (header) 
$dummy = <IN> 
while ($line = <IN>) { 
@tokens = quotewords(':', 0, $line); # Tokenize the fields 
($login,$uid) = @tokens[0,1]; # Grab login name & uid 
if ($uid <= $system_id) { # Remove system accounts 
printf ("\tRemoving $login ...\n"); 
next; 
} 
if ( (@validate = getpwnam("$login")) == NULL) { 
printf ("\tNo such user: $login\n"); 
next; 
} 
print OUT $line; # Keep this line 
}
# 
# Clean up the files and store final version of the SMB password file 
# 
close (OUT); 
close (IN); 
unlink ('synch.tmp'); 
rename ('synch.out', $smb_passwd);

---------   Cut here    -----------



====================================//=====================================Shawn
A. Clifford                  //   Title: Senior Systems Analyst
Digital Video Systems             //   Email: sac@dvs.nuphase.com
2800 Biscayne Blvd., 10th Floor  //   Web: http://www.dvs.nuphase.com/~sac/
Miami, FL  33137                //   Work: 305-576-3103   Fax: 305-576-1445
===============================//==========================================     
PGP public key available by finger
-------------- next part --------------
HTML attachment scrubbed and removed

Skipped content of type multipart/alternative-------------- next part
--------------
#!/usr/local/bin/perl

#
#  Title:	synchpasswd
#  Author:	Shawn A. Clifford <sac@nuphase.com>
#  Date:	2-July-1998
#  Purpose:	Adds all users in the Unix password file to the SMB
#		password file.  If the user is already listed in
#		the SMB password, then no change is made to that entry.
#		All invalid accounts, either no longer present or system
#		accounts, will be removed from the SMB password file.
#
#  Externals:	Michal Jaegermann's 'addtosmbpass' awk/nawk script,
#		included in the Samba distribution.  Look in the
#		Samba binaries directory.  Eg. /usr/local/samba/bin
#
#  Disclaimer:	I am not an expert Perl programmer.  So this is perhaps
#		a brutish way to achieve our goal.  Please feel free
#		to modify this script.  I'd appreciate an email of any
#		revisions you make.
#
#		I take no responsibility for any "adverse" behavior of
#		this script.  USE AT YOUR OWN RISK !!
#
#  Modification History:
#
#  Who	Date		Description
#  ---	-----------	-----------------------------------------------------
#  SAC	03-Jul-1998	Handle comment lines correctly.
#

#
#  Modify these definitions to match your site's installation, and 
#  your preferences.
#
$smb_passwd  = "/usr/local/samba/private/smbpasswd";
$add_script  = "/usr/local/samba/bin/addtosmbpass";
$private_dir = "/usr/local/samba/bin/private";
$system_id   = 99;		# Remove user ID's below this value from SMB

#
#  Let's go...
#
use Text::ParseWords;		# For the 'quotewords' function
chdir($private_dir);

#
#  Scan through /etc/passwd.  Create an array of names to pass to
#  'addtosmbpass', but omit all system accounts.
#
printf("\nCreating a list of Unix users:\n");
setpwent;				# Initialize the scan
while (@list = getpwent) {		# Fetch the next entry
	($login,$uid) = @list[0,2];	# Grab login name and uid
	if ($uid <= $system_id) {
		printf ("\tOmmitting $login ...\n");
	} else {
		@USERS = (@USERS, "$login");
	}
}
endpwent;				# End of scan

#
#  Add the users
#
printf ("\nMerging new users ...\n");
unless (fork) {
	exec "$add_script @USERS < $smb_passwd > synch.tmp";
}
wait;				# Parent waits for child to complete

#
#  Remove all invalid entries from 'synch.tmp'.  I check the uid again
#  because the SMB password file may have these entries from before.
#
printf ("\nRemoving invalid accounts:\n");
open(IN, 'synch.tmp') || die "Can't open temp file: 
synch.tmp";
open(OUT, '>synch.out') || die "Can't create output file: 
synch.out";
while ($line = <IN>) {
	if ($line =~ /#/) {			# Keep comment lines
		printf ("\tWriting comment line ...\n");
		print OUT $line;
		next;
	}
	@tokens = quotewords(':', 0, $line);	# Tokenize the fields
	($login,$uid) = @tokens[0,1];		# Grab login name & uid
	if ($uid <= $system_id) {		# Remove system accounts
		printf ("\tRemoving $login ...\n");
		next;
	}
	if ( (@validate = getpwnam("$login")) == NULL) {
		printf ("\tNo such user:  $login\n");
		next;
	}
	print OUT $line;			# Keep this line
}

#
#  Clean up the files and store final version of the SMB password file
#
close (OUT);
close (IN);
unlink ('synch.tmp');
rename ('synch.out', $smb_passwd);
-------------- next part --------------
#!/bin/perl 
# 
# buildsmbpasswd Unix-password-file SMB-password-file 
# 
# build the smbpasswd file from the /var/yp/passwd file. 
# passwords in the smbpasswd file for accounts which exist in both files 
# are preserved. 
# account in the smbpasswd file which do not exist in /var/yp/passwd 
# are discarded. 
# the resulting smbpasswd file is printed to standard output. 
# 
# todd pfaff 
# may 28, 1997
# Todd Pfaff \ Email: pfaff@mcmaster.ca 
# Computing and Information Services \ Voice: (905) 525-9140 x22920 
# ABB 132 \ FAX: (905) 528-3773 
# McMaster University \ 
# Hamilton, Ontario, Canada L8S 4M1 \
# $passwd="/var/yp/passwd"; 
$passwd=@ARGV[0] || die; 
# $smbpasswd="/usr/local/samba/private/smbpasswd"; 
$smbpasswd=@ARGV[1] || die; 
$osmbpasswd="$smbpasswd.old";
open(PW,"<$passwd"); 
while(<PW>) { 
chop; 
push @pw, $_; 
} 
close PW;
rename $smbpasswd, $osmbpasswd;
open(PW,"<$osmbpasswd"); 
while(<PW>) { 
chop; 
($uname,$uid,$pw1,$pw2,$fname,$dir,$shell)=split(':'); 
$spw{$uname}=$_; 
} 
close PW;
open(PW,">$smbpasswd"); 
foreach $account (@pw) { 
($uname,$pw,$uid,$gid,$fname,$dir,$shell)=split(':',$account); 
$pw1="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; 
$pw2="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; 
if($spw{$uname}) { 
($xuname,$xuid,$pw1,$pw2,$xfname,$xdir,$xshell)=split(':',$spw{$uname});
} 
printf(PW 
"%s:%s:%s:%s:%s:%s:%s\n",$uname,$uid,$pw1,$pw2,$fname,$dir,$shell); 
} 
close(PW);