s4: Let the "setpassword" script finally use the "samdb_set_password" routine

The "setpassword" script should use the "samdb_set_password" call to change the NT user password. Windows Server tests show that "userPassword" is not the right place to save the NT password and does not inherit the password complexity.
author: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> 2009-08-19 12:37:11 +0200
committer: Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> 2009-09-07 12:29:34 +0200
commit: fdd62e9699b181a140292689fcd88a559bc26211 (patch)
tree: 56461242c76d178c268fb77a205188f6c5c4c78c /source4/scripting
parent: 0d07ce19496ffbc20a5be2548476a07033acb6d7 (diff)
download: samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.gz
samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.bz2
samba-fdd62e9699b181a140292689fcd88a559bc26211.zip
2 files changed, 70 insertions, 9 deletions
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 42c04c1f38..3e6233b4c4 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -220,13 +220,69 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
 	if (!sid) {
 		PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
 		return NULL;
-	} 
+	}
+
 	retstr = dom_sid_string(NULL, sid);
 	ret = PyString_FromString(retstr);
 	talloc_free(retstr);
+
 	return ret;
 }
 
+static PyObject *py_samdb_set_password(PyLdbObject *self, PyObject *args,
+	PyObject *kwargs)
+{
+	PyObject *py_sam, *py_user_dn, *py_dom_dn, *py_mod, *py_user_change;
+	char *new_password;
+	bool user_change;
+	DATA_BLOB new_pwd_blob;
+	struct ldb_context *sam_ctx;
+	struct ldb_dn *user_dn, *dom_dn;
+	struct ldb_message *mod;
+	TALLOC_CTX *mem_ctx;
+	NTSTATUS status;
+	const char * const kwnames[] = { "samdb", "user_dn", "dom_dn", "mod",
+		"new_password", "user_change", NULL };
+
+	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOOsO",
+		  discard_const_p(char *, kwnames),
+		  &py_sam, &py_user_dn, &py_dom_dn, &py_mod, &new_password,
+		  &py_user_change))
+		return NULL;
+
+	sam_ctx = PyLdb_AsLdbContext(py_sam);
+
+	mem_ctx = talloc_new(NULL);
+	if (mem_ctx == NULL) {
+		PyErr_NoMemory();
+	}
+
+	if (!PyObject_AsDn(mem_ctx, py_user_dn, sam_ctx, &user_dn)) {
+		PyErr_SetString(PyExc_RuntimeError, "user_dn invalid!");
+		return NULL;
+	}
+
+	if (!PyObject_AsDn(mem_ctx, py_dom_dn, sam_ctx, &dom_dn)) {
+		PyErr_SetString(PyExc_RuntimeError, "dom_dn invalid!");
+		return NULL;
+	}
+
+	mod = PyLdbMessage_AsMessage(py_mod);
+
+	user_change = PyInt_AsLong(py_user_change);
+
+	new_pwd_blob.data = (uint8_t *) new_password;
+	new_pwd_blob.length = strlen((char *) new_pwd_blob.data);
+
+	status = samdb_set_password(sam_ctx, mem_ctx, user_dn, dom_dn, mod,
+		&new_pwd_blob, NULL, NULL, user_change, NULL, NULL);
+
+	talloc_free(mem_ctx);
+
+	PyErr_NTSTATUS_IS_ERR_RAISE(status);
+	Py_RETURN_NONE;
+}
+
 static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args)
 {
 	PyObject *py_ldb;
@@ -440,7 +496,8 @@ static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
 
 	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
 
-	status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+	status = dom_sid_split_rid(NULL, (const struct dom_sid *)sid, NULL,
+		&rid);
 	if (!NT_STATUS_IS_OK(status)) {
 		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
 		return NULL;
@@ -470,6 +527,10 @@ static PyMethodDef py_misc_methods[] = {
 	{ "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
 		"samdb_get_domain_sid(samdb)\n"
 		"Get SID of domain in use." },
+	{ "samdb_set_password", (PyCFunction)py_samdb_set_password,
+		METH_VARARGS|METH_KEYWORDS,
+		"samdb_set_password(samdb, user_dn, dom_dn, mod, new_password, user_change)\n"
+		"Set the password of a user" },
 	{ "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS,
 		"ldb_register_samba_handlers(ldb)\n"
 		"Register Samba-specific LDB modules and schemas." },
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a58d6c5b12..b78c8f37d9 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -161,14 +161,14 @@ pwdLastSet: 0
             assert(len(res) == 1)
             user_dn = res[0].dn
 
-            setpw = """
-dn: %s
-changetype: modify
-replace: userPassword
-userPassword:: %s
-""" % (user_dn, base64.b64encode(password))
+            mod = ldb.Message()
+            mod.dn = user_dn
+
+            glue.samdb_set_password(samdb=self, user_dn=str(user_dn),
+                        dom_dn=self.domain_dn(), mod=mod, new_password=password,
+                        user_change=True)
 
-            self.modify_ldif(setpw)
+            self.modify(mod)
 
             if force_password_change_at_next_login:
                 self.force_password_change_at_next_login(user_dn)
author	Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>	2009-08-19 12:37:11 +0200
committer	Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de>	2009-09-07 12:29:34 +0200
commit	fdd62e9699b181a140292689fcd88a559bc26211 (patch)
tree	56461242c76d178c268fb77a205188f6c5c4c78c /source4/scripting
parent	0d07ce19496ffbc20a5be2548476a07033acb6d7 (diff)
download	samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.gz samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.bz2 samba-fdd62e9699b181a140292689fcd88a559bc26211.zip