directory-services.sh [plain text]
#! /bin/bash
DSCL=${DSCL:-"/usr/bin/dscl ."}
DSSEARCH=${DSSEARCH:-"/usr/bin/dscl /Search"}
DSEDITGROUP=${DSEDITGROUP:-"/usr/sbin/dseditgroup -n ."}
ASROOT=${ASROOT:-sudo}
ds_list_user_ids()
{
$DSCL -list /Users UniqueID | awk '{print $2}' | sort -n
}
ds_search_user_ids()
{
$DSSEARCH -list /Users UniqueID | awk '{print $2}' | sort -n
}
ds_search_group_ids()
{
$DSSEARCH -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n
}
ds_list_group_ids()
{
$DSCL -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n
}
ds_user_exists()
{
$DSCL -list /Users/$1 > /dev/null 2>&1
}
ds_user_primary_group()
{
gid=$($DSSEARCH -read /Users/$1 PrimaryGroupID | awk '{print $2}')
if [ "$gid" = "" ]; then
gid=$($DSCL -read /Users/$1 PrimaryGroupID | awk '{print $2}')
fi
if [ "$gid" = "" ]; then
false
else
echo $gid
fi
}
ds_find_next_uid()
{
local highest=$(ds_list_user_ids | tail -1)
echo $[$highest + 1]
}
ds_enable_user_for_smb()
{
local user="$1"
local passwd="$2"
$ASROOT $DSCL -passwd /Users/$user $passwd
$ASROOT expect <<EOF
spawn $DSCL -passwd /Users/$user
expect "New Password:"
send -- "$passwd\n"
expect eof
EOF
$ASROOT pwpolicy -u $user -p $passwd \
-sethashtypes SMB-NT on SMB-LANMANAGER on
$ASROOT $DSCL -passwd /Users/$user $passwd
$ASROOT expect <<EOF
spawn $DSCL -passwd /Users/$user
expect "New Password:"
send -- "$passwd\n"
expect eof
EOF
}
ds_create_user()
{
local user="$1"
local passwd="$1"
if ds_user_exists $user ; then
true
else
uid=$(ds_find_next_uid)
$ASROOT $DSCL -create /Users/$user
$ASROOT $DSCL -create /Users/$user RealName Samba\ Test\ User
$ASROOT $DSCL -create /Users/$user UniqueID $uid
$ASROOT $DSCL -create /Users/$user PrimaryGroupID 20
$ASROOT $DSCL -create /Users/$user UserShell /bin/bash
$ASROOT $DSCL -create /Users/$user \
dsAttrTypeStandard:HomeDirectory /tmp/$user
$ASROOT $DSCL -create /Users/$user \
NFSHomeDirectory /tmp/$user
mkdir /tmp/$user
ds_enable_user_for_smb "$user" "$passwd"
fi
}
ds_count_user_groups()
{
local user="$1"
$DSCL -search /Groups GroupMembership $user | \
wc -l | awk '{print $1}'
}
ds_delete_user()
{
local user="$1"
local grouplist=$($DSCL -search /Groups GroupMembership $user | \
awk '{print $1}')
for group in $grouplist; do
$ASROOT $DSCL -delete /Groups/$group GroupMembership $user
done
$ASROOT $DSCL -delete /Users/$user
}
ds_lookup_user_name()
{
uid="$1"
$DSSEARCH -search /Users UniqueID $uid | awk '{print $1}' | head -1
}
ds_lookup_group_name()
{
local gid="$1"
$DSSEARCH -search /Groups PrimaryGroupID $gid | awk '{print $1}' | head -1
}
ds_lookup_group_gid()
{
group="$1"
gid=$($DSSEARCH -read /Groups/$group PrimaryGroupID | \
awk '{print $2 ; exit }')
if [ "$gid" = "" ]; then
gid=$($DSCL -read /Groups/$group PrimaryGroupID | \
awk '{print $2 ; exit }')
fi
if [ "$gid" = "" ]; then
false
else
echo $gid
fi
}
ds_add_user_to_group()
{
local user="$1"
local gid="$2"
local group=$(ds_lookup_group_name $gid)
case $group in
"") false ;;
*) $ASROOT $DSCL -append /Groups/$group GroupMembership $user ;;
esac
}
ds_create_group()
{
local group="$1"
$ASROOT $DSEDITGROUP -o create "$group"
}
ds_delete_group()
{
local group="$1"
$ASROOT $DSEDITGROUP -q -o delete "$group"
}