bufke/insert_hashes.py

## insert_hashes.py
import base64
import binascii
import subprocess
import sys

# Set these please!
sam_file = "/var/lib/samba/private/sam.ldb.d/DC\=ZENTYAL\,DC\=EXAMPLE\,DC\=ORG.ldb"
user_dn = "ou=Users,dc=zentyal,dc=example,dc=org"
samba_dn = 'CN=Users,DC=zentyal,DC=example,DC=org'
base_dn = "dc=zentyal,dc=example,dc=org"
zentyal3_ldap_password = ""
ldap_hashes = open( "hashes.txt", "r")
# Also uncomment what the script should actually run at the bottom!


# First get users in a reasonable format
# Account for the order of the ldif being random
result = []
uid = uidNumber = gidNumber = sambaSID = userPassword = sambaNTPassword = None
for line in ldap_hashes:
    if line:
        if line[0] == "#":
            if uid and uidNumber and sambaSID and userPassword and sambaNTPassword and gidNumber:
                result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
            else:
                print "error at %s" % uid
            uid = uidNumber = sambaSID = userPassword = sambaNTPassword = None
        elif line[0:4] == "uid:":
            uid = line[5:]
        elif line[0:10] == "uidNumber:":
            uidNumber = line[11:]
        elif line[0:9] == "sambaSID:":
            sambaSID = line[10:]
        elif line[0:13] == "userPassword:":
            userPassword = line[14:]
        elif line[0:13] == "sambaNTPasswo":
            sambaNTPassword = line[17:]
        elif line[0:10] == "gidNumber:":
            gidNumber = line[11:]

if uid and uidNumber and sambaSID and userPassword and sambaNTPassword:
 result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
users = result[1:] # Skip first one

def set_user_hashes(user_dn,uid,uidNumber,sambaSID,userPassword,sambaNTPassword,gidNumber):
    try:
     b64_hash = base64.b64encode(binascii.a2b_hex(sambaNTPassword))
     decoded_userPassword = base64.b64decode(userPassword)

     cmd_unicodePwd = """ldbmodify -H %s --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 <<EOF
dn: CN=%s,%s
changetype: modify
replace: unicodePwd
unicodePwd:: %s
EOF""" % (sam_file, uid, samba_dn, b64_hash)

     cmd_userPassword = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: userPassword
userPassword: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, decoded_userPassword)

     cmd_samba_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: uidNumber
uidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)

     cmd_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: uidNumber
uidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)

     cmd_sambaSID = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: sambaSID
sambaSID: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, sambaSID)

     cmd_gidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: gidNumber
gidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, gidNumber)


     #print cmd_unicodePwd
     #print cmd_samba_uidNumber
     #print cmd_userPassword
     #print cmd_uidNumber
     #print cmd_sambaSID
     #print cmd_gidNumber
     #subprocess.call(cmd_unicodePwd, shell=True)
     #subprocess.call(cmd_samba_uidNumber, shell=True)
     #subprocess.call(cmd_userPassword, shell=True)
     #subprocess.call(cmd_uidNumber, shell=True)
     #subprocess.call(cmd_sambaSID, shell=True)
     #subprocess.call(cmd_gidNumber, shell=True)
    except:
        print "!!!! UNKNOWN ERROR ON %s !!!!" % user_dn
        print "%s %s %s %s %s" % (user_dn,uidNumber,sambaSID,userPassword,sambaNTPassword)
        print sys.exc_info()[0]
        print sys.exc_info()[1]
        print "-----------------------------"

for user in users:
    user_user_dn = "uid=%s,%s" % (user[0], user_dn)
    set_user_hashes(user_user_dn, user[0], user[1], user[2], user[3], user[4], user[5])
	import base64
	import binascii
	import subprocess
	import sys

	# Set these please!
	sam_file = "/var/lib/samba/private/sam.ldb.d/DC\=ZENTYAL\,DC\=EXAMPLE\,DC\=ORG.ldb"
	user_dn = "ou=Users,dc=zentyal,dc=example,dc=org"
	samba_dn = 'CN=Users,DC=zentyal,DC=example,DC=org'
	base_dn = "dc=zentyal,dc=example,dc=org"
	zentyal3_ldap_password = ""
	ldap_hashes = open( "hashes.txt", "r")
	# Also uncomment what the script should actually run at the bottom!


	# First get users in a reasonable format
	# Account for the order of the ldif being random
	result = []
	uid = uidNumber = gidNumber = sambaSID = userPassword = sambaNTPassword = None
	for line in ldap_hashes:
	if line:
	if line[0] == "#":
	if uid and uidNumber and sambaSID and userPassword and sambaNTPassword and gidNumber:
	result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
	else:
	print "error at %s" % uid
	uid = uidNumber = sambaSID = userPassword = sambaNTPassword = None
	elif line[0:4] == "uid:":
	uid = line[5:]
	elif line[0:10] == "uidNumber:":
	uidNumber = line[11:]
	elif line[0:9] == "sambaSID:":
	sambaSID = line[10:]
	elif line[0:13] == "userPassword:":
	userPassword = line[14:]
	elif line[0:13] == "sambaNTPasswo":
	sambaNTPassword = line[17:]
	elif line[0:10] == "gidNumber:":
	gidNumber = line[11:]

	if uid and uidNumber and sambaSID and userPassword and sambaNTPassword:
	result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
	users = result[1:] # Skip first one

	def set_user_hashes(user_dn,uid,uidNumber,sambaSID,userPassword,sambaNTPassword,gidNumber):
	try:
	b64_hash = base64.b64encode(binascii.a2b_hex(sambaNTPassword))
	decoded_userPassword = base64.b64decode(userPassword)

	cmd_unicodePwd = """ldbmodify -H %s --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 <<EOF
	dn: CN=%s,%s
	changetype: modify
	replace: unicodePwd
	unicodePwd:: %s
	EOF""" % (sam_file, uid, samba_dn, b64_hash)

	cmd_userPassword = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
	dn: %s
	changetype: modify
	replace: userPassword
	userPassword: %s
	EOF""" % (base_dn, zentyal3_ldap_password, user_dn, decoded_userPassword)

	cmd_samba_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
	dn: %s
	changetype: modify
	replace: uidNumber
	uidNumber: %s
	EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)

	cmd_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
	dn: %s
	changetype: modify
	replace: uidNumber
	uidNumber: %s
	EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)

	cmd_sambaSID = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
	dn: %s
	changetype: modify
	replace: sambaSID
	sambaSID: %s
	EOF""" % (base_dn, zentyal3_ldap_password, user_dn, sambaSID)

	cmd_gidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
	dn: %s
	changetype: modify
	replace: gidNumber
	gidNumber: %s
	EOF""" % (base_dn, zentyal3_ldap_password, user_dn, gidNumber)


	#print cmd_unicodePwd
	#print cmd_samba_uidNumber
	#print cmd_userPassword
	#print cmd_uidNumber
	#print cmd_sambaSID
	#print cmd_gidNumber
	#subprocess.call(cmd_unicodePwd, shell=True)
	#subprocess.call(cmd_samba_uidNumber, shell=True)
	#subprocess.call(cmd_userPassword, shell=True)
	#subprocess.call(cmd_uidNumber, shell=True)
	#subprocess.call(cmd_sambaSID, shell=True)
	#subprocess.call(cmd_gidNumber, shell=True)
	except:
	print "!!!! UNKNOWN ERROR ON %s !!!!" % user_dn
	print "%s %s %s %s %s" % (user_dn,uidNumber,sambaSID,userPassword,sambaNTPassword)
	print sys.exc_info()[0]
	print sys.exc_info()[1]
	print "-----------------------------"

	for user in users:
	user_user_dn = "uid=%s,%s" % (user[0], user_dn)
	set_user_hashes(user_user_dn, user[0], user[1], user[2], user[3], user[4], user[5])