diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2008-04-14 11:51:02 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2008-04-14 11:51:02 +0200 |
| commit | 5a37b3fc5d42beffaf4bdca70b1f0c5f80f92280 (patch) | |
| tree | d842d75c14dca09ee5818ac6a36aa2d3189029a4 | |
| parent | 434e625e45a03889596999eb4301bb54128c31a9 (diff) | |
| download | samba-5a37b3fc5d42beffaf4bdca70b1f0c5f80f92280.tar.gz samba-5a37b3fc5d42beffaf4bdca70b1f0c5f80f92280.tar.bz2 samba-5a37b3fc5d42beffaf4bdca70b1f0c5f80f92280.zip | |
Fix newuser and setpassword scripts, and port to idmap.
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database. Users without a
backing unix user will get an allocated uid by idmap later.
Andrew Bartlett
(This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f)
| -rw-r--r-- | source4/scripting/python/samba/idmap.py | 7 | ||||
| -rw-r--r-- | source4/scripting/python/samba/samdb.py | 28 | ||||
| -rwxr-xr-x | source4/setup/newuser | 10 | ||||
| -rw-r--r-- | source4/setup/setpassword | 8 | ||||
| -rwxr-xr-x | source4/setup/tests/blackbox_provision.sh | 7 |
5 files changed, 45 insertions, 15 deletions
diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py index 355565968a..16efcd0470 100644 --- a/source4/scripting/python/samba/idmap.py +++ b/source4/scripting/python/samba/idmap.py @@ -21,6 +21,7 @@ """Convenience functions for using the idmap database.""" import samba +import misc import ldb class IDmapDB(samba.Ldb): @@ -37,11 +38,17 @@ class IDmapDB(samba.Ldb): :param url: URL of the database. """ + self.lp = lp + super(IDmapDB, self).__init__(session_info=session_info, credentials=credentials, modules_dir=modules_dir, lp=lp) if url: self.connect(url) + else: + self.connect(lp.get("idmap database")) + def connect(self, url): + super(IDmapDB, self).connect(misc.private_path(self.lp, url)) def setup_name_mapping(self, sid, type, unixid): """Setup a mapping between a sam name and a unix name. diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index bc3eef7879..198d1e9f5c 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -25,20 +25,29 @@ import samba import misc import ldb +from samba.idmap import IDmapDB +import pwd class SamDB(samba.Ldb): """The SAM database.""" + def __init__(self, url=None, session_info=None, credentials=None, modules_dir=None, lp=None): """Open the Sam Database. :param url: URL of the database. """ + self.lp = lp super(SamDB, self).__init__(session_info=session_info, credentials=credentials, modules_dir=modules_dir, lp=lp) assert misc.dsdb_set_global_schema(self) == 0 if url: self.connect(url) + else: + self.connect(lp.get("sam database")) + + def connect(self, url): + super(SamDB, self).connect(misc.private_path(self.lp, url)) def add_foreign(self, domaindn, sid, desc): """Add a foreign security principle.""" @@ -101,10 +110,27 @@ userAccountControl: %u # now the real work self.add({"dn": user_dn, "sAMAccountName": username, - "unixName": unixname, "sambaPassword": password, "objectClass": "user"}) + res = self.search(user_dn, scope=ldb.SCOPE_BASE, + expression="objectclass=*", + attrs=["objectSid"]) + assert(len(res) == 1) + user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0]) + + + try: + idmap = IDmapDB(lp=self.lp) + + user = pwd.getpwnam(unixname) + # setup ID mapping for this UID + + idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2]) + + except KeyError: + pass + # modify the userAccountControl to remove the disabled bit self.enable_account(user_dn) self.transaction_commit() diff --git a/source4/setup/newuser b/source4/setup/newuser index f622058a5d..04a5440ee1 100755 --- a/source4/setup/newuser +++ b/source4/setup/newuser @@ -45,15 +45,9 @@ else: if opts.unixname is None: opts.unixname = username -try: - pwd.getpwnam(opts.unixname) -except KeyError: - print "ERROR: Unix user '%s' does not exist" % opts.unixname - sys.exit(1) - -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=creds, lp=lp) samdb.newuser(username, opts.unixname, password) diff --git a/source4/setup/setpassword b/source4/setup/setpassword index 31b2f73a25..977a6a5ee8 100644 --- a/source4/setup/setpassword +++ b/source4/setup/setpassword @@ -36,7 +36,7 @@ if len(args) == 0: parser.print_usage() sys.exit(1) -password = opts.password; +password = opts.newpassword; if password is None: password = getpass("New Password: ") @@ -47,12 +47,12 @@ if filter is None: if username is None: print "Either username or --filter must be specified" - filter = "(&(objectclass=user)(samAccountName=" + username + "))" + filter = "(&(objectclass=user)(samAccountName=%s))" % (username) -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) + samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), credentials=creds, lp=lp) samdb.setpassword(filter, password) diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh index 4db226778c..19f37cef2d 100755 --- a/source4/setup/tests/blackbox_provision.sh +++ b/source4/setup/tests/blackbox_provision.sh @@ -31,8 +31,11 @@ testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO -- testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone -testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --blank -testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --partitions-only +testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank +testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only + +testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass +testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass reprovision() { $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision" |