diff options
author | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-08-19 12:37:11 +0200 |
---|---|---|
committer | Matthias Dieter Wallnöfer <mwallnoefer@yahoo.de> | 2009-09-07 12:29:34 +0200 |
commit | fdd62e9699b181a140292689fcd88a559bc26211 (patch) | |
tree | 56461242c76d178c268fb77a205188f6c5c4c78c /source4 | |
parent | 0d07ce19496ffbc20a5be2548476a07033acb6d7 (diff) | |
download | samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.gz samba-fdd62e9699b181a140292689fcd88a559bc26211.tar.bz2 samba-fdd62e9699b181a140292689fcd88a559bc26211.zip |
s4: Let the "setpassword" script finally use the "samdb_set_password" routine
The "setpassword" script should use the "samdb_set_password" call to change
the NT user password. Windows Server tests show that "userPassword" is not the
right place to save the NT password and does not inherit the password complexity.
Diffstat (limited to 'source4')
-rw-r--r-- | source4/scripting/python/pyglue.c | 65 | ||||
-rw-r--r-- | source4/scripting/python/samba/samdb.py | 14 |
2 files changed, 70 insertions, 9 deletions
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c index 42c04c1f38..3e6233b4c4 100644 --- a/source4/scripting/python/pyglue.c +++ b/source4/scripting/python/pyglue.c @@ -220,13 +220,69 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args) if (!sid) { PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed"); return NULL; - } + } + retstr = dom_sid_string(NULL, sid); ret = PyString_FromString(retstr); talloc_free(retstr); + return ret; } +static PyObject *py_samdb_set_password(PyLdbObject *self, PyObject *args, + PyObject *kwargs) +{ + PyObject *py_sam, *py_user_dn, *py_dom_dn, *py_mod, *py_user_change; + char *new_password; + bool user_change; + DATA_BLOB new_pwd_blob; + struct ldb_context *sam_ctx; + struct ldb_dn *user_dn, *dom_dn; + struct ldb_message *mod; + TALLOC_CTX *mem_ctx; + NTSTATUS status; + const char * const kwnames[] = { "samdb", "user_dn", "dom_dn", "mod", + "new_password", "user_change", NULL }; + + if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOOsO", + discard_const_p(char *, kwnames), + &py_sam, &py_user_dn, &py_dom_dn, &py_mod, &new_password, + &py_user_change)) + return NULL; + + sam_ctx = PyLdb_AsLdbContext(py_sam); + + mem_ctx = talloc_new(NULL); + if (mem_ctx == NULL) { + PyErr_NoMemory(); + } + + if (!PyObject_AsDn(mem_ctx, py_user_dn, sam_ctx, &user_dn)) { + PyErr_SetString(PyExc_RuntimeError, "user_dn invalid!"); + return NULL; + } + + if (!PyObject_AsDn(mem_ctx, py_dom_dn, sam_ctx, &dom_dn)) { + PyErr_SetString(PyExc_RuntimeError, "dom_dn invalid!"); + return NULL; + } + + mod = PyLdbMessage_AsMessage(py_mod); + + user_change = PyInt_AsLong(py_user_change); + + new_pwd_blob.data = (uint8_t *) new_password; + new_pwd_blob.length = strlen((char *) new_pwd_blob.data); + + status = samdb_set_password(sam_ctx, mem_ctx, user_dn, dom_dn, mod, + &new_pwd_blob, NULL, NULL, user_change, NULL, NULL); + + talloc_free(mem_ctx); + + PyErr_NTSTATUS_IS_ERR_RAISE(status); + Py_RETURN_NONE; +} + static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args) { PyObject *py_ldb; @@ -440,7 +496,8 @@ static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args) sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid)); - status = dom_sid_split_rid(NULL, sid, NULL, &rid); + status = dom_sid_split_rid(NULL, (const struct dom_sid *)sid, NULL, + &rid); if (!NT_STATUS_IS_OK(status)) { PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed"); return NULL; @@ -470,6 +527,10 @@ static PyMethodDef py_misc_methods[] = { { "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS, "samdb_get_domain_sid(samdb)\n" "Get SID of domain in use." }, + { "samdb_set_password", (PyCFunction)py_samdb_set_password, + METH_VARARGS|METH_KEYWORDS, + "samdb_set_password(samdb, user_dn, dom_dn, mod, new_password, user_change)\n" + "Set the password of a user" }, { "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS, "ldb_register_samba_handlers(ldb)\n" "Register Samba-specific LDB modules and schemas." }, diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py index a58d6c5b12..b78c8f37d9 100644 --- a/source4/scripting/python/samba/samdb.py +++ b/source4/scripting/python/samba/samdb.py @@ -161,14 +161,14 @@ pwdLastSet: 0 assert(len(res) == 1) user_dn = res[0].dn - setpw = """ -dn: %s -changetype: modify -replace: userPassword -userPassword:: %s -""" % (user_dn, base64.b64encode(password)) + mod = ldb.Message() + mod.dn = user_dn + + glue.samdb_set_password(samdb=self, user_dn=str(user_dn), + dom_dn=self.domain_dn(), mod=mod, new_password=password, + user_change=True) - self.modify_ldif(setpw) + self.modify(mod) if force_password_change_at_next_login: self.force_password_change_at_next_login(user_dn) |