diff options
Diffstat (limited to 'source4/setup')
| -rwxr-xr-x | source4/setup/domainlevel | 250 | ||||
| -rwxr-xr-x | source4/setup/enableaccount | 65 | ||||
| -rwxr-xr-x | source4/setup/newuser | 69 | ||||
| -rwxr-xr-x | source4/setup/pwsettings | 198 | ||||
| -rwxr-xr-x | source4/setup/setexpiry | 72 | ||||
| -rwxr-xr-x | source4/setup/setpassword | 74 | ||||
| -rwxr-xr-x | source4/setup/tests/blackbox_newuser.sh | 11 | ||||
| -rwxr-xr-x | source4/setup/tests/blackbox_setpassword.sh | 10 |
8 files changed, 12 insertions, 737 deletions
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel deleted file mode 100755 index c37d811dd8..0000000000 --- a/source4/setup/domainlevel +++ /dev/null @@ -1,250 +0,0 @@ -#!/usr/bin/python -# -# Raises domain and forest function levels -# -# Copyright Matthias Dieter Wallnoefer 2009 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -# Notice: At the moment we have some more checks to do here on the special -# attributes (consider attribute "msDS-Behavior-Version). This is due to the -# fact that we on s4 LDB don't implement their change policy (only certain -# values, only increments possible...) yet. - -import sys - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse -import ldb - -from samba.auth import system_session -from samba.samdb import SamDB -from samba import DS_DOMAIN_FUNCTION_2000, DS_DOMAIN_FUNCTION_2003 -from samba import DS_DOMAIN_FUNCTION_2003_MIXED, DS_DOMAIN_FUNCTION_2008 -from samba import DS_DOMAIN_FUNCTION_2008_R2 -from samba import DS_DC_FUNCTION_2000, DS_DC_FUNCTION_2003, DS_DC_FUNCTION_2008 -from samba import DS_DC_FUNCTION_2008_R2 - -parser = optparse.OptionParser("domainlevel (show | raise <options>)") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--forest", type="choice", - choices=["2003", "2008", "2008_R2"], - help="The forest function level (2003 | 2008 | 2008_R2)") -parser.add_option("--domain", type="choice", - choices=["2003", "2008", "2008_R2"], - help="The domain function level (2003 | 2008 | 2008_R2)") -opts, args = parser.parse_args() - -# -# print a message if quiet is not set -# -def message(text): - if not opts.quiet: - print text - -if len(args) == 0: - parser.print_usage() - sys.exit(1) - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -domain_dn = SamDB.domain_dn(samdb) - -res_forest = samdb.search("CN=Partitions,CN=Configuration," + domain_dn, - scope=ldb.SCOPE_BASE, attrs=["msDS-Behavior-Version"]) -assert(len(res_forest) == 1) - -res_domain = samdb.search(domain_dn, scope=ldb.SCOPE_BASE, - attrs=["msDS-Behavior-Version", "nTMixedDomain"]) -assert(len(res_domain) == 1) - -res_dc_s = samdb.search("CN=Sites,CN=Configuration," + domain_dn, - scope=ldb.SCOPE_SUBTREE, expression="(objectClass=nTDSDSA)", - attrs=["msDS-Behavior-Version"]) -assert(len(res_dc_s) >= 1) - -try: - level_forest = int(res_forest[0]["msDS-Behavior-Version"][0]) - level_domain = int(res_domain[0]["msDS-Behavior-Version"][0]) - level_domain_mixed = int(res_domain[0]["nTMixedDomain"][0]) - - min_level_dc = int(res_dc_s[0]["msDS-Behavior-Version"][0]) # Init value - for msg in res_dc_s: - if int(msg["msDS-Behavior-Version"][0]) < min_level_dc: - min_level_dc = int(msg["msDS-Behavior-Version"][0]) - - if level_forest < 0 or level_domain < 0: - print >>sys.stderr, "ERROR: Domain and/or forest function level(s) is/are invalid. Correct them or reprovision!" - sys.exit(1) - if min_level_dc < 0: - print >>sys.stderr, "ERROR: Lowest function level of a DC is invalid. Correct this or reprovision!" - sys.exit(1) - if level_forest > level_domain: - print >>sys.stderr, "ERROR: Forest function level is higher than the domain level(s). Correct this or reprovision!" - sys.exit(1) - if level_domain > min_level_dc: - print >>sys.stderr, "ERROR: Domain function level is higher than the lowest function level of a DC. Correct this or reprovision!" - sys.exit(1) - -except KeyError: - print >>sys.stderr, "ERROR: Could not retrieve the actual domain, forest level and/or lowest DC function level!" - if args[0] == "show": - print >>sys.stderr, "So the levels can't be displayed!" - sys.exit(1) - -if args[0] == "show": - message("Domain and forest function level for domain '" + domain_dn + "'") - if level_forest < DS_DOMAIN_FUNCTION_2003: - message("\nATTENTION: You run SAMBA 4 on a forest function level lower than Windows 2003 (Native). This isn't supported! Please raise!") - if level_domain < DS_DOMAIN_FUNCTION_2003: - message("\nATTENTION: You run SAMBA 4 on a domain function level lower than Windows 2003 (Native). This isn't supported! Please raise!") - if min_level_dc < DS_DC_FUNCTION_2003: - message("\nATTENTION: You run SAMBA 4 on a lowest function level of a DC lower than Windows 2003. This isn't supported! Please step-up or upgrade the concerning DC(s)!") - - message("") - - if level_forest == DS_DOMAIN_FUNCTION_2000: - outstr = "2000" - elif level_forest == DS_DOMAIN_FUNCTION_2003_MIXED: - outstr = "2003 with mixed domains/interim (NT4 DC support)" - elif level_forest == DS_DOMAIN_FUNCTION_2003: - outstr = "2003" - elif level_forest == DS_DOMAIN_FUNCTION_2008: - outstr = "2008" - elif level_forest == DS_DOMAIN_FUNCTION_2008_R2: - outstr = "2008 R2" - else: - outstr = "higher than 2008 R2" - message("Forest function level: (Windows) " + outstr) - - if level_domain == DS_DOMAIN_FUNCTION_2000 and level_domain_mixed != 0: - outstr = "2000 mixed (NT4 DC support)" - elif level_domain == DS_DOMAIN_FUNCTION_2000 and level_domain_mixed == 0: - outstr = "2000" - elif level_domain == DS_DOMAIN_FUNCTION_2003_MIXED: - outstr = "2003 with mixed domains/interim (NT4 DC support)" - elif level_domain == DS_DOMAIN_FUNCTION_2003: - outstr = "2003" - elif level_domain == DS_DOMAIN_FUNCTION_2008: - outstr = "2008" - elif level_domain == DS_DOMAIN_FUNCTION_2008_R2: - outstr = "2008 R2" - else: - outstr = "higher than 2008 R2" - message("Domain function level: (Windows) " + outstr) - - if min_level_dc == DS_DC_FUNCTION_2000: - outstr = "2000" - elif min_level_dc == DS_DC_FUNCTION_2003: - outstr = "2003" - elif min_level_dc == DS_DC_FUNCTION_2008: - outstr = "2008" - elif min_level_dc == DS_DC_FUNCTION_2008_R2: - outstr = "2008 R2" - else: - outstr = "higher than 2008 R2" - message("Lowest function level of a DC: (Windows) " + outstr) - -elif args[0] == "raise": - msgs = [] - - if opts.domain is not None: - arg = opts.domain - - if arg == "2003": - new_level_domain = DS_DOMAIN_FUNCTION_2003 - elif arg == "2008": - new_level_domain = DS_DOMAIN_FUNCTION_2008 - elif arg == "2008_R2": - new_level_domain = DS_DOMAIN_FUNCTION_2008_R2 - - if new_level_domain <= level_domain and level_domain_mixed == 0: - print >>sys.stderr, "ERROR: Domain function level can't be smaller equal to the actual one!" - sys.exit(1) - - if new_level_domain > min_level_dc: - print >>sys.stderr, "ERROR: Domain function level can't be higher than the lowest function level of a DC!" - sys.exit(1) - - # Deactivate mixed/interim domain support - if level_domain_mixed != 0: - m = ldb.Message() - m.dn = ldb.Dn(samdb, domain_dn) - m["nTMixedDomain"] = ldb.MessageElement("0", - ldb.FLAG_MOD_REPLACE, "nTMixedDomain") - samdb.modify(m) - - m = ldb.Message() - m.dn = ldb.Dn(samdb, domain_dn) - m["msDS-Behavior-Version"]= ldb.MessageElement( - str(new_level_domain), ldb.FLAG_MOD_REPLACE, - "msDS-Behavior-Version") - samdb.modify(m) - - level_domain = new_level_domain - - msgs.append("Domain function level changed!") - - if opts.forest is not None: - arg = opts.forest - - if arg == "2003": - new_level_forest = DS_DOMAIN_FUNCTION_2003 - elif arg == "2008": - new_level_forest = DS_DOMAIN_FUNCTION_2008 - elif arg == "2008_R2": - new_level_forest = DS_DOMAIN_FUNCTION_2008_R2 - - if new_level_forest <= level_forest: - print >>sys.stderr, "ERROR: Forest function level can't be smaller equal to the actual one!" - sys.exit(1) - - if new_level_forest > level_domain: - print >>sys.stderr, "ERROR: Forest function level can't be higher than the domain function level(s). Please raise it/them first!" - sys.exit(1) - - m = ldb.Message() - m.dn = ldb.Dn(samdb, "CN=Partitions,CN=Configuration," - + domain_dn) - m["msDS-Behavior-Version"]= ldb.MessageElement( - str(new_level_forest), ldb.FLAG_MOD_REPLACE, - "msDS-Behavior-Version") - samdb.modify(m) - - msgs.append("Forest function level changed!") - - msgs.append("All changes applied successfully!") - - message("\n".join(msgs)) -else: - print >>sys.stderr, "ERROR: Wrong argument '" + args[0] + "'!" - sys.exit(1) diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount deleted file mode 100755 index f8f727c1ee..0000000000 --- a/source4/setup/enableaccount +++ /dev/null @@ -1,65 +0,0 @@ -#!/usr/bin/python -# -# Enables an user account on a Samba4 server -# Copyright Jelmer Vernooij 2008 -# -# Based on the original in EJS: -# Copyright Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import sys - -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse - -from samba.auth import system_session -from samba.samdb import SamDB - -parser = optparse.OptionParser("enableaccount [username] [options]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--filter", help="LDAP Filter to set password on", type=str) - -opts, args = parser.parse_args() - -filter = opts.filter - -if (len(args) == 0) and (filter is None): - print "Either the username or '--filter' must be specified!" - parser.print_usage() - sys.exit(1) - -if filter is None: - username = args[0] - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -samdb.enable_account(filter) diff --git a/source4/setup/newuser b/source4/setup/newuser deleted file mode 100755 index ef65d36dfb..0000000000 --- a/source4/setup/newuser +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/python -# -# Adds a new user to a Samba4 server -# Copyright Jelmer Vernooij 2008 -# -# Based on the original in EJS: -# Copyright Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. - -import sys - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse - -from getpass import getpass -from samba.auth import system_session -from samba.samdb import SamDB - -parser = optparse.OptionParser("newuser [options] <username> [<password>]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--unixname", help="Unix Username", type=str) -parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true") - -opts, args = parser.parse_args() - -if len(args) == 0: - parser.print_usage() - sys.exit(1) - -username = args[0] -if len(args) > 1: - password = args[1] -else: - password = getpass("New Password: ") - -if opts.unixname is None: - opts.unixname = username - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login_req=opts.must_change_at_next_login) diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings deleted file mode 100755 index 59ed5d29bf..0000000000 --- a/source4/setup/pwsettings +++ /dev/null @@ -1,198 +0,0 @@ -#!/usr/bin/python -# -# Sets password settings (Password complexity, history length, minimum password -# length, the minimum and maximum password age) on a Samba4 server -# -# Copyright Matthias Dieter Wallnoefer 2009 -# Copyright Andrew Kroeger 2009 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import sys - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse -import ldb - -from samba.auth import system_session -from samba.samdb import SamDB -from samba.dcerpc.samr import DOMAIN_PASSWORD_COMPLEX - -parser = optparse.OptionParser("pwsettings (show | set <options>)") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--quiet", help="Be quiet", action="store_true") -parser.add_option("--complexity", type="choice", choices=["on","off","default"], - help="The password complexity (on | off | default). Default is 'on'") -parser.add_option("--history-length", - help="The password history length (<integer> | default). Default is 24.", type=str) -parser.add_option("--min-pwd-length", - help="The minimum password length (<integer> | default). Default is 7.", type=str) -parser.add_option("--min-pwd-age", - help="The minimum password age (<integer in days> | default). Default is 0.", type=str) -parser.add_option("--max-pwd-age", - help="The maximum password age (<integer in days> | default). Default is 43.", type=str) - -opts, args = parser.parse_args() - -# -# print a message if quiet is not set -# -def message(text): - if not opts.quiet: - print text - -if len(args) == 0: - parser.print_usage() - sys.exit(1) - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -domain_dn = SamDB.domain_dn(samdb) -res = samdb.search(domain_dn, scope=ldb.SCOPE_BASE, - attrs=["pwdProperties", "pwdHistoryLength", "minPwdLength", "minPwdAge", - "maxPwdAge"]) -assert(len(res) == 1) -try: - pwd_props = int(res[0]["pwdProperties"][0]) - pwd_hist_len = int(res[0]["pwdHistoryLength"][0]) - min_pwd_len = int(res[0]["minPwdLength"][0]) - # ticks -> days - min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (1e7 * 60 * 60 * 24)) - max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (1e7 * 60 * 60 * 24)) -except KeyError: - print >>sys.stderr, "ERROR: Could not retrieve password properties!" - if args[0] == "show": - print >>sys.stderr, "So no settings can be displayed!" - sys.exit(1) - -if args[0] == "show": - message("Password informations for domain '" + domain_dn + "'") - message("") - if pwd_props & DOMAIN_PASSWORD_COMPLEX != 0: - message("Password complexity: on") - else: - message("Password complexity: off") - message("Password history length: " + str(pwd_hist_len)) - message("Minimum password length: " + str(min_pwd_len)) - message("Minimum password age (days): " + str(min_pwd_age)) - message("Maximum password age (days): " + str(max_pwd_age)) - -elif args[0] == "set": - - msgs = [] - m = ldb.Message() - m.dn = ldb.Dn(samdb, domain_dn) - - if opts.complexity is not None: - if opts.complexity == "on" or opts.complexity == "default": - pwd_props = pwd_props | DOMAIN_PASSWORD_COMPLEX - msgs.append("Password complexity activated!") - elif opts.complexity == "off": - pwd_props = pwd_props & (~DOMAIN_PASSWORD_COMPLEX) - msgs.append("Password complexity deactivated!") - - m["pwdProperties"] = ldb.MessageElement(str(pwd_props), - ldb.FLAG_MOD_REPLACE, "pwdProperties") - - if opts.history_length is not None: - if opts.history_length == "default": - pwd_hist_len = 24 - else: - pwd_hist_len = int(opts.history_length) - - if pwd_hist_len < 0 or pwd_hist_len > 24: - print >>sys.stderr, "ERROR: Password history length must be in the range of 0 to 24!" - sys.exit(1) - - m["pwdHistoryLength"] = ldb.MessageElement(str(pwd_hist_len), - ldb.FLAG_MOD_REPLACE, "pwdHistoryLength") - msgs.append("Password history length changed!") - - if opts.min_pwd_length is not None: - if opts.min_pwd_length == "default": - min_pwd_len = 7 - else: - min_pwd_len = int(opts.min_pwd_length) - - if min_pwd_len < 0 or min_pwd_len > 14: - print >>sys.stderr, "ERROR: Minimum password length must be in the range of 0 to 14!" - sys.exit(1) - - m["minPwdLength"] = ldb.MessageElement(str(min_pwd_len), - ldb.FLAG_MOD_REPLACE, "minPwdLength") - msgs.append("Minimum password length changed!") - - if opts.min_pwd_age is not None: - if opts.min_pwd_age == "default": - min_pwd_age = 0 - else: - min_pwd_age = int(opts.min_pwd_age) - - if min_pwd_age < 0 or min_pwd_age > 998: - print >>sys.stderr, "ERROR: Minimum password age must be in the range of 0 to 998!" - sys.exit(1) - - # days -> ticks - min_pwd_age_ticks = -int(min_pwd_age * (24 * 60 * 60 * 1e7)) - - m["minPwdAge"] = ldb.MessageElement(str(min_pwd_age_ticks), - ldb.FLAG_MOD_REPLACE, "minPwdAge") - msgs.append("Minimum password age changed!") - - if opts.max_pwd_age is not None: - if opts.max_pwd_age == "default": - max_pwd_age = 43 - else: - max_pwd_age = int(opts.max_pwd_age) - - if max_pwd_age < 0 or max_pwd_age > 999: - print >>sys.stderr, "ERROR: Maximum password age must be in the range of 0 to 999!" - sys.exit(1) - - # days -> ticks - max_pwd_age_ticks = -int(max_pwd_age * (24 * 60 * 60 * 1e7)) - - m["maxPwdAge"] = ldb.MessageElement(str(max_pwd_age_ticks), - ldb.FLAG_MOD_REPLACE, "maxPwdAge") - msgs.append("Maximum password age changed!") - - if max_pwd_age > 0 and min_pwd_age >= max_pwd_age: - print "ERROR: Maximum password age (%d) must be greater than minimum password age (%d)!" % (max_pwd_age, min_pwd_age) - sys.exit(1) - - samdb.modify(m) - - msgs.append("All changes applied successfully!") - - message("\n".join(msgs)) -else: - print >>sys.stderr, "ERROR: Wrong argument '" + args[0] + "'!" - sys.exit(1) diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry deleted file mode 100755 index 2740326f2b..0000000000 --- a/source4/setup/setexpiry +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/python -# -# Sets the user password expiry on a Samba4 server -# Copyright Jelmer Vernooij 2008 -# -# Based on the original in EJS: -# Copyright Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import sys - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse - -from samba.auth import system_session -from samba.samdb import SamDB - -parser = optparse.OptionParser("setexpiry [username] [options]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--filter", help="LDAP Filter to set password on", type=str) -parser.add_option("--days", help="Days to expiry", type=int) -parser.add_option("--noexpiry", help="Password does never expire", action="store_true") - -opts, args = parser.parse_args() - -filter = opts.filter - -if (len(args) == 0) and (filter is None): - print "Either the username or '--filter' must be specified!" - parser.print_usage() - sys.exit(1) - -days = opts.days -if days is None: - days = 0 - -if filter is None: - username = args[0] - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -samdb.setexpiry(filter, days*24*3600, no_expiry_req=opts.noexpiry) diff --git a/source4/setup/setpassword b/source4/setup/setpassword deleted file mode 100755 index 57772be7a7..0000000000 --- a/source4/setup/setpassword +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/python -# -# Sets a user password on a Samba4 server -# Copyright Jelmer Vernooij 2008 -# -# Based on the original in EJS: -# Copyright Andrew Tridgell 2005 -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see <http://www.gnu.org/licenses/>. -# - -import sys - -# Find right directory when running from source tree -sys.path.insert(0, "bin/python") - -import samba.getopt as options -import optparse - -from getpass import getpass -from samba.auth import system_session -from samba.samdb import SamDB - -parser = optparse.OptionParser("setpassword [username] [options]") -sambaopts = options.SambaOptions(parser) -parser.add_option_group(sambaopts) -parser.add_option_group(options.VersionOptions(parser)) -credopts = options.CredentialsOptions(parser) -parser.add_option_group(credopts) -parser.add_option("-H", help="LDB URL for database or target server", type=str) -parser.add_option("--filter", help="LDAP Filter to set password on", type=str) -parser.add_option("--newpassword", help="Set password", type=str) -parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true") - -opts, args = parser.parse_args() - -filter = opts.filter - -if (len(args) == 0) and (filter is None): - print "Either the username or '--filter' must be specified!" - parser.print_usage() - sys.exit(1) - -password = opts.newpassword; -if password is None: - password = getpass("New Password: ") - -if filter is None: - username = args[0] - filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username) - -lp = sambaopts.get_loadparm() -creds = credopts.get_credentials(lp) - -if opts.H is not None: - url = opts.H -else: - url = lp.get("sam database") - -samdb = SamDB(url=url, session_info=system_session(), credentials=creds, lp=lp) - -samdb.setpassword(filter, password, force_password_change_at_next_login_req=opts.must_change_at_next_login) - diff --git a/source4/setup/tests/blackbox_newuser.sh b/source4/setup/tests/blackbox_newuser.sh index d25c70669b..30e6830be5 100755 --- a/source4/setup/tests/blackbox_newuser.sh +++ b/source4/setup/tests/blackbox_newuser.sh @@ -14,19 +14,20 @@ shift 1 testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc +net="./bin/net" CONFIG="--configfile=$PREFIX/simple-dc/etc/smb.conf" -testit "newuser" $PYTHON ./setup/newuser $CONFIG testuser testpass +testit "newuser" $net newuser $CONFIG testuser testpass # check the enable account script -testit "enableaccount" $PYTHON ./setup/enableaccount $CONFIG testuser +testit "enableaccount" $net enableaccount $CONFIG testuser # check the enable account script -testit "setpassword" $PYTHON ./setup/setpassword $CONFIG testuser --newpassword=testpass2 +testit "setpassword" $net setpassword $CONFIG testuser --newpassword=testpass2 # check the setexpiry script -testit "noexpiry" $PYTHON ./setup/setexpiry $CONFIG testuser --noexpiry -testit "expiry" $PYTHON ./setup/setexpiry $CONFIG testuser --days=7 +testit "noexpiry" $net setexpiry $CONFIG testuser --noexpiry +testit "expiry" $net setexpiry $CONFIG testuser --days=7 exit $failed diff --git a/source4/setup/tests/blackbox_setpassword.sh b/source4/setup/tests/blackbox_setpassword.sh index 77b41a2424..9f8fa6d2c1 100755 --- a/source4/setup/tests/blackbox_setpassword.sh +++ b/source4/setup/tests/blackbox_setpassword.sh @@ -12,14 +12,16 @@ shift 1 . `dirname $0`/../../../testprogs/blackbox/subunit.sh +net="./bin/net" + testit "simple-dc" $PYTHON ./setup/provision --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc -testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass +testit "newuser" $net newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass -testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass +testit "setpassword" $net setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass -testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass --must-change-at-next-login +testit "setpassword" $net setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass --must-change-at-next-login -testit "pwsettings" $PYTHON ./setup/pwsettings --quiet set --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default +testit "pwsettings" $net pwsettings --quiet set --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default exit $failed |