-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathadduser
More file actions
executable file
·141 lines (113 loc) · 2.71 KB
/
adduser
File metadata and controls
executable file
·141 lines (113 loc) · 2.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/usr/bin/env ruby
require 'net/ldap'
require 'securerandom'
require 'digest/sha1'
require 'base64'
require 'io/console'
# Generate 16 hex characters of random
def generate_salt
SecureRandom.hex(16)
end
# Hash the password using the given salt. If no salt is supplied, use a new
# one.
def encode_password(plaintext, salt=generate_salt)
raise ArgumentError.new("Password must not be nil") if plaintext.nil?
ssha = Digest::SHA1.digest(plaintext+salt) + salt
return "{SSHA}" + Base64.strict_encode64(ssha).chomp
end
# Check the supplied password against the given hash and return true if they
# match, else false.
def check_password(password, ssha)
decoded = Base64.decode64(ssha.gsub(/^{SSHA}/, ''))
hash = decoded[0..19] # isolate the hash
salt = decoded[20..-1] # isolate the salt
return encode_password(password, salt) == ssha
end
LDAPPASSWD = File.read("ldap.passwd").chomp
ldap = Net::LDAP.new(
:host => '127.0.0.1',
:port => 389,
:auth => {
:method => :simple,
:username => "cn=admin,dc=york,dc=hackspace,dc=org,dc=uk",
:password => LDAPPASSWD
}
)
userbase = "ou=Users,dc=york,dc=hackspace,dc=org,dc=uk"
groupbase = "ou=Groups,dc=york,dc=hackspace,dc=org,dc=uk"
uid = ""
loop do
print "Username: "
uid = gets.chomp
filter = Net::LDAP::Filter.eq( "uid", uid )
persons = ldap.search( :base => userbase, :filter => filter )
break if persons.empty?
puts "Username in use. Try again, Dumdum."
end
newpass = ""
loop do
print "Password: "
newpass = STDIN.noecho(&:gets).chomp
puts
print "Again: "
newpass2 = STDIN.noecho(&:gets).chomp
puts
break if newpass == newpass2
puts "Passwords do not match. Try again, Dumdum."
end
newhash = encode_password(newpass)
print "First name: "
cn = gets.chomp
print "Surname: "
sn = gets.chomp
print "Member? [Y/n]: "
member = gets[0].downcase != 'n'
print "Trustee? [y/N]: "
trustee = gets[0].downcase == 'y'
print "Radius? [Y/n]: "
radius = gets[0].downcase != 'n'
print "Unix? [y/N]: "
unix = gets[0].downcase == 'y'
ldap.add(
:dn => "uid=#{uid},#{userbase}",
:attributes => {
:cn => cn,
:sn => sn,
:uid => uid,
:userPassword => newhash,
:objectclass => [
"top",
"inetOrgPerson",
"person",
"organizationalPerson"
]
}
)
if member then
ldap.add_attribute(
"cn=Members,#{groupbase}",
:member,
"uid=#{uid},#{userbase}"
)
end
if trustee then
ldap.add_attribute(
"cn=Trusteess,#{groupbase}",
:member,
"uid=#{uid},#{userbase}"
)
end
if radius then
ldap.add_attribute(
"cn=Radius,#{groupbase}",
:member,
"uid=#{uid},#{userbase}"
)
end
if unix then
ldap.add_attribute(
"cn=Unix,#{groupbase}",
:member,
"uid=#{uid},#{userbase}"
)
end