#!/bin/bash # # # This script will retrieve a list of users from a NT Domain controller, and based on group membership of the username, # assign the username to a certain Dansguardian filtergroup. NOTE: You MUST modify several elements of this script to # match your particular configuration. Also, this script depends upon SAMBA 3.02 being installed and joined to a working # NT domain. While this script does not give Dansguardian the ability to select content filtering based on group membership, # it does permit the assignment of users to filtergroups based on group membership thus saving the system administrator # many keystrokes... especially on larger systems. # # If you install this script as a cron job, you can schedule user mapping to take place as often as you like. # # Written by Christopher R. Nighswonger cnighswonger [at] foundations [dot] edu ########## ########## # No copyright retained. This script is in the Public Domain. # This package is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ########## ########## # History # # 0.9 - Dec. 11, 2006 - original release. ########## # First define some variables (You may need to adjust these to match your context.)... uinfo=""; # Initialize account info variable (To be usd for 'net' commands) pwdfile=""; # Initialize password file path/name dgrestart=0; # Initialize restart variable to 0 (No restart) groupa="SFInetAccess"; # Name of first group on W2K Server groupb="DSInetAccess"; # Name of second group on W2K Server groupc="MSInetAccess"; # Name of third group on W2K Server groupd=""; # Name of fourth group on W2K Server (You get the idea...) dggroupa="filter1"; # Filtergroup of first group on DG (Remember: more filtergroups = more resources consumed...) dggroupb="filter2"; # Filtergroup of second group on DG dggroupc="filter1"; # Filtergroup of third group on DG dggroupd=""; # Filtergroup of fourth group on DG dggroupfile="/etc/dansguardian/lists/filtergroupslist"; # Path/name of filtergroupslist file dgtempfile="/tmp/dgtempfile"; # Path/name of a temporary file ########## # If you modify/add anything below this point, please send me a copy at the address commented above... TNX ########## # Verify that we're running as root... if (( `id -u` != 0 )); then { $ECHO "Sorry, must be root. Exiting..."; exit 1; } fi # Define some functions... function usage { echo "usage: usermap [[[-U uname%password] | [-P filename][-r]] | [-h]]"; echo "-U | --Username parameter is required except when using the -P option"; echo "-P | --Pwdfile permits the uname%password to be stored more securely"; echo "-r | --restart parameter is optional and invokes a hard restart of DansGuardian"; echo "-h | --help displays this message"; echo; echo "NOTE: You MUST adjust the variables in the script itself to match your system!"; } function error_exit { echo "$1" 1>&2 exit 1 } # Begin the main script... while [ "$1" != "" ]; do # Grab command line parameters... case $1 in -U | --Username ) shift; uinfo="-U$1"; ;; -P | --Pwdfile ) shift; pwdfile="$1"; ;; -r | --restart ) dgrestart=1; ;; -h | --help ) usage; exit; ;; * ) usage; exit 1; ;; esac shift; done; # Verify presence of -U or -P parameter... if [ "$uinfo" = "" ] && [ "$pwdfile" = "" ]; then echo "The -U or -P parameter is required!"; echo; usage; exit 1; fi # Now we backup the existing filtergroupslist file... # NOTE: You may need to modify these paths to match your context... echo; if [ -e /etc/dansguardian/lists/filtergroupslist ]; then echo "Backing up the current filtergroupslist file..."; mv /etc/dansguardian/lists/filtergroupslist /etc/dansguardian/lists/filtergroupslist.bak; fi #If the -P option is used, retrieve the uname%password data from the indicated file... if [ ! "$pwdfile" = "" ]; then echo "Retrieving uname%password data..."; echo; if read -s <$pwdfile; then uinfo="-U$REPLY"; else error_exit "Unable to retrieve uname%password! Aborting."; fi fi # Now begin usermaping... uname=$(net $uinfo user); # Get a list of users from W2K Server... echo "Mapping users according to group membership..."; echo; for un in $uname; do # For each user in the list... ugroup=$(net $uinfo user info $un); # Retrieve the groups he/she is a member of from the W2K server. # echo "Checking group membership for $un."; # Here for DEBUG for ug in $ugroup; do # For each group the user is a member of... case $ug in # identify the corrisponding fitergroup, associate the user with that # filtergroup and insert the user into the DG filtergroupslist file. $groupa ) #echo "$un is a member of $ug." echo -e "$un=$dggroupa\t\t # $groupa\c" >>$dggroupfile echo >>$dggroupfile ;; $groupb ) #echo "$un is a member of $ug." echo -e "$un=$dggroupb\t\t # $groupb\c" >>$dggroupfile echo >>$dggroupfile ;; $groupc ) #echo "$un is a member of $ug." echo -e "$un=$dggroupc\t\t # $groupc\c" >>$dggroupfile echo >>$dggroupfile ;; # $groupd ) #echo "$un is a member of $ug." # echo -e "$un=$dggroupd\t\t # $groupd\c" >>$dggroupfile # echo >>$dggroupfile # ;; # This case statement could be extended to include any number of NT groups... esac; done; done; # Let's neaten up the file a bit... # NOTE: This routine needs to be looped... I'll do it later... :) echo "Tidying up filtergroupslist..."; echo; # Add our user lists... echo "# <-----------$groupa user accounts----------->" >$dgtempfile; grep $groupa $dggroupfile | sort >>$dgtempfile; echo "# <-----------$groupb user accounts----------->" >>$dgtempfile; grep $groupb $dggroupfile | sort >>$dgtempfile; echo "# <-----------$groupc user accounts----------->" >>$dgtempfile; grep $groupc $dggroupfile | sort >>$dgtempfile; #echo "# <-----------$groupd user accounts----------->" >>$dgtempfile; #grep $groupd $dggroupfile | sort >>$dgtempfile; # We could extend this to match the number of NT groups in the case statement above... # Now put the neatened file in place... echo "Moving new filtergroupslist file into place..."; echo; mv $dgtempfile $dggroupfile; # Now restart DG if called for... if [ $dgrestart = 1 ]; then # You may need to modify this to fit your context... /etc/rc.d/init.d/dansguardian restart; echo; else echo "All finished..."; exit; fi # And we are done. echo "All finished..."; exit