summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-11-16 16:32:55 +1100
committerAndrew Bartlett <abartlet@samba.org>2010-11-16 16:32:55 +1100
commit2e44d0d32980eaec236c8cfc80989b7600c0d25a (patch)
tree67dddec21f107a3cb616d06ad30882aa551d20ad
parent95d33f2f24d7300f2df54ea62b0595ed7d7d0a2c (diff)
downloadsamba-2e44d0d32980eaec236c8cfc80989b7600c0d25a.tar.gz
samba-2e44d0d32980eaec236c8cfc80989b7600c0d25a.tar.bz2
samba-2e44d0d32980eaec236c8cfc80989b7600c0d25a.zip
samba-tool pwsettings Allow setting 'store cleartext'
This allows the 'store cleartext' password policy flag to be (un)set. Andrew Bartlett
-rw-r--r--source4/scripting/python/samba/netcmd/pwsettings.py19
1 files changed, 17 insertions, 2 deletions
diff --git a/source4/scripting/python/samba/netcmd/pwsettings.py b/source4/scripting/python/samba/netcmd/pwsettings.py
index bfec13c29a..4a1645dd91 100644
--- a/source4/scripting/python/samba/netcmd/pwsettings.py
+++ b/source4/scripting/python/samba/netcmd/pwsettings.py
@@ -27,7 +27,7 @@ import ldb
from samba.auth import system_session
from samba.samdb import SamDB
-from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX
+from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX, DOMAIN_PASSWORD_STORE_CLEARTEXT
from samba.netcmd import Command, CommandError, Option
class cmd_pwsettings(Command):
@@ -50,6 +50,8 @@ class cmd_pwsettings(Command):
Option("--quiet", help="Be quiet", action="store_true"),
Option("--complexity", type="choice", choices=["on","off","default"],
help="The password complexity (on | off | default). Default is 'on'"),
+ Option("--store-plaintext", type="choice", choices=["on","off","default"],
+ help="Store plaintext passwords where account have 'store passwords with reversible encryption' set (on | off | default). Default is 'off'"),
Option("--history-length",
help="The password history length (<integer> | default). Default is 24.", type=str),
Option("--min-pwd-length",
@@ -63,7 +65,7 @@ class cmd_pwsettings(Command):
takes_args = ["subcommand"]
def run(self, subcommand, H=None, min_pwd_age=None, max_pwd_age=None,
- quiet=False, complexity=None, history_length=None,
+ quiet=False, complexity=None, store_plaintext=None, history_length=None,
min_pwd_length=None, credopts=None, sambaopts=None,
versionopts=None):
lp = sambaopts.get_loadparm()
@@ -94,6 +96,10 @@ class cmd_pwsettings(Command):
self.message("Password complexity: on")
else:
self.message("Password complexity: off")
+ if pwd_props & DOMAIN_PASSWORD_STORE_CLEARTEXT != 0:
+ self.message("Store plaintext passwords: on")
+ else:
+ self.message("Store plaintext passwords: off")
self.message("Password history length: %d" % pwd_hist_len)
self.message("Minimum password length: %d" % cur_min_pwd_len)
self.message("Minimum password age (days): %d" % cur_min_pwd_age)
@@ -111,6 +117,15 @@ class cmd_pwsettings(Command):
pwd_props = pwd_props & (~DOMAIN_PASSWORD_COMPLEX)
msgs.append("Password complexity deactivated!")
+ if store_plaintext is not None:
+ if store_plaintext == "on" or store_plaintext == "default":
+ pwd_props = pwd_props | DOMAIN_PASSWORD_STORE_CLEARTEXT
+ msgs.append("Plaintext password storage for changed passwords activated!")
+ elif store_plaintext == "off":
+ pwd_props = pwd_props & (~DOMAIN_PASSWORD_STORE_CLEARTEXT)
+ msgs.append("Plaintext password storage for changed passwords deactivated!")
+
+ if complexity is not None or store_plaintext is not None:
m["pwdProperties"] = ldb.MessageElement(str(pwd_props),
ldb.FLAG_MOD_REPLACE, "pwdProperties")