summaryrefslogtreecommitdiff
path: root/source4/scripting
diff options
context:
space:
mode:
authorMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-08-19 12:37:11 +0200
committerMatthias Dieter Wallnöfer <mwallnoefer@yahoo.de>2009-09-07 12:29:34 +0200
commitfdd62e9699b181a140292689fcd88a559bc26211 (patch)
tree56461242c76d178c268fb77a205188f6c5c4c78c /source4/scripting
parent0d07ce19496ffbc20a5be2548476a07033acb6d7 (diff)
downloadsamba-fdd62e9699b181a140292689fcd88a559bc26211.tar.gz
samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.bz2
samba-fdd62e9699b181a140292689fcd88a559bc26211.zip
s4: Let the "setpassword" script finally use the "samdb_set_password" routine
The "setpassword" script should use the "samdb_set_password" call to change the NT user password. Windows Server tests show that "userPassword" is not the right place to save the NT password and does not inherit the password complexity.
Diffstat (limited to 'source4/scripting')
-rw-r--r--source4/scripting/python/pyglue.c65
-rw-r--r--source4/scripting/python/samba/samdb.py14
2 files changed, 70 insertions, 9 deletions
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 42c04c1f38..3e6233b4c4 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -220,13 +220,69 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
if (!sid) {
PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
return NULL;
- }
+ }
+
retstr = dom_sid_string(NULL, sid);
ret = PyString_FromString(retstr);
talloc_free(retstr);
+
return ret;
}
+static PyObject *py_samdb_set_password(PyLdbObject *self, PyObject *args,
+ PyObject *kwargs)
+{
+ PyObject *py_sam, *py_user_dn, *py_dom_dn, *py_mod, *py_user_change;
+ char *new_password;
+ bool user_change;
+ DATA_BLOB new_pwd_blob;
+ struct ldb_context *sam_ctx;
+ struct ldb_dn *user_dn, *dom_dn;
+ struct ldb_message *mod;
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ const char * const kwnames[] = { "samdb", "user_dn", "dom_dn", "mod",
+ "new_password", "user_change", NULL };
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOOsO",
+ discard_const_p(char *, kwnames),
+ &py_sam, &py_user_dn, &py_dom_dn, &py_mod, &new_password,
+ &py_user_change))
+ return NULL;
+
+ sam_ctx = PyLdb_AsLdbContext(py_sam);
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ }
+
+ if (!PyObject_AsDn(mem_ctx, py_user_dn, sam_ctx, &user_dn)) {
+ PyErr_SetString(PyExc_RuntimeError, "user_dn invalid!");
+ return NULL;
+ }
+
+ if (!PyObject_AsDn(mem_ctx, py_dom_dn, sam_ctx, &dom_dn)) {
+ PyErr_SetString(PyExc_RuntimeError, "dom_dn invalid!");
+ return NULL;
+ }
+
+ mod = PyLdbMessage_AsMessage(py_mod);
+
+ user_change = PyInt_AsLong(py_user_change);
+
+ new_pwd_blob.data = (uint8_t *) new_password;
+ new_pwd_blob.length = strlen((char *) new_pwd_blob.data);
+
+ status = samdb_set_password(sam_ctx, mem_ctx, user_dn, dom_dn, mod,
+ &new_pwd_blob, NULL, NULL, user_change, NULL, NULL);
+
+ talloc_free(mem_ctx);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+ Py_RETURN_NONE;
+}
+
static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args)
{
PyObject *py_ldb;
@@ -440,7 +496,8 @@ static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
- status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+ status = dom_sid_split_rid(NULL, (const struct dom_sid *)sid, NULL,
+ &rid);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
return NULL;
@@ -470,6 +527,10 @@ static PyMethodDef py_misc_methods[] = {
{ "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
"samdb_get_domain_sid(samdb)\n"
"Get SID of domain in use." },
+ { "samdb_set_password", (PyCFunction)py_samdb_set_password,
+ METH_VARARGS|METH_KEYWORDS,
+ "samdb_set_password(samdb, user_dn, dom_dn, mod, new_password, user_change)\n"
+ "Set the password of a user" },
{ "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS,
"ldb_register_samba_handlers(ldb)\n"
"Register Samba-specific LDB modules and schemas." },
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a58d6c5b12..b78c8f37d9 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -161,14 +161,14 @@ pwdLastSet: 0
assert(len(res) == 1)
user_dn = res[0].dn
- setpw = """
-dn: %s
-changetype: modify
-replace: userPassword
-userPassword:: %s
-""" % (user_dn, base64.b64encode(password))
+ mod = ldb.Message()
+ mod.dn = user_dn
+
+ glue.samdb_set_password(samdb=self, user_dn=str(user_dn),
+ dom_dn=self.domain_dn(), mod=mod, new_password=password,
+ user_change=True)
- self.modify_ldif(setpw)
+ self.modify(mod)
if force_password_change_at_next_login:
self.force_password_change_at_next_login(user_dn)