summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/scripting/python/samba/samdb.py58
-rwxr-xr-xsource4/setup/newuser6
-rw-r--r--source4/setup/setpassword181
3 files changed, 102 insertions, 143 deletions
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 3c6bb23c02..de0fd4ba04 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -77,10 +77,15 @@ unixName: %s
:param user_dn: Dn of the account to enable.
"""
- res = self.search(user_dn, SCOPE_ONELEVEL, None, ["userAccountControl"])
+ res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"])
assert len(res) == 1
- userAccountControl = res[0].userAccountControl
- userAccountControl = userAccountControl - 2 # remove disabled bit
+ userAccountControl = res[0]["userAccountControl"][0]
+ userAccountControl = int(userAccountControl)
+ if (userAccountControl & 0x2):
+ userAccountControl = userAccountControl & ~0x2 # remove disabled bit
+ if (userAccountControl & 0x20):
+ userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit
+
mod = """
dn: %s
changetype: modify
@@ -103,13 +108,9 @@ userAccountControl: %u
res = self.search("", scope=ldb.SCOPE_BASE,
expression="(defaultNamingContext=*)",
attrs=["defaultNamingContext"])
- assert(len(res) == 1 and res[0].defaultNamingContext is not None)
+ assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
domain_dn = res[0]["defaultNamingContext"][0]
assert(domain_dn is not None)
- dom_users = self.searchone(basedn=domain_dn, attribute="dn",
- expression="name=Domain Users")
- assert(dom_users is not None)
-
user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn)
#
@@ -123,19 +124,44 @@ userAccountControl: %u
"sambaPassword": password,
"objectClass": "user"})
- # add the user to the users group as well
- modgroup = """
+ # modify the userAccountControl to remove the disabled bit
+ self.enable_account(user_dn)
+ self.transaction_commit()
+
+ def setpassword(self, filter, password):
+ """Set a password on a user record
+
+ :param filter: LDAP filter to find the user (eg samccountname=name)
+ :param password: Password for the user
+ """
+ # connect to the sam
+ self.transaction_start()
+
+ # find the DNs for the domain
+ res = self.search("", scope=ldb.SCOPE_BASE,
+ expression="(defaultNamingContext=*)",
+ attrs=["defaultNamingContext"])
+ assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
+ domain_dn = res[0]["defaultNamingContext"][0]
+ assert(domain_dn is not None)
+
+ res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
+ expression=filter,
+ attrs=[])
+ assert(len(res) == 1)
+ user_dn = res[0].dn
+
+ setpw = """
dn: %s
changetype: modify
-add: member
-member: %s
-""" % (dom_users, user_dn)
-
+replace: sambaPassword
+sambaPassword: %s
+""" % (user_dn, password)
- self.modify(modgroup)
+ self.modify_ldif(setpw)
# modify the userAccountControl to remove the disabled bit
- enable_account(self, user_dn)
+ self.enable_account(user_dn)
self.transaction_commit()
def set_domain_sid(self, sid):
diff --git a/source4/setup/newuser b/source4/setup/newuser
index 03ae4e5ffb..5f53aad9c6 100755
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -10,7 +10,7 @@ import samba.getopt as options
import optparse
import pwd
import sys
-
+from getpass import getpass
from auth import system_session
from samba.samdb import SamDB
@@ -40,9 +40,7 @@ username = args[0]
if len(args) > 1:
password = args[1]
else:
- random_init(local)
- options.password = randpass(12)
- print "chose random password %s\n" % password
+ password = getpass("New Password: ")
if opts.unixname is None:
opts.unixname = username
diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 618e304077..1c87f4b1c8 100644
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -1,123 +1,58 @@
-#!/bin/sh
-exec smbscript "$0" ${1+"$@"}
-/*
- set a user's password on a Samba4 server
- Copyright Andrew Tridgell 2005
- Copyright Andrew Bartlett 2006
- Released under the GNU GPL v2 or later
-*/
-
-options = GetOptions(ARGV,
- "POPT_AUTOHELP",
- 'username=s',
- 'filter=s',
- 'newpassword=s',
- "POPT_COMMON_SAMBA",
- "POPT_COMMON_VERSION",
- "POPT_COMMON_CREDENTIALS",
- 'quiet');
-
-if (options == undefined) {
- println("Failed to parse options");
- return -1;
-}
-
-libinclude("base.js");
-libinclude("provision.js");
-
-/*
- print a message if quiet is not set
-*/
-function message()
-{
- if (options["quiet"] == undefined) {
- print(vsprintf(arguments));
- }
-}
-
-/*
- show some help
-*/
-function ShowHelp()
-{
- print("
-Samba4 newuser
-
-newuser [options]
- --username USERNAME username
- --filter LDAPFILTER LDAP Filter to set password on
- --newpassword PASSWORD set password
-
-You must provide either a filter or a username, as well as password
-");
- exit(1);
-}
-
-if (options['username'] == undefined && options['filter'] == undefined) {
- ShowHelp();
-}
-
-if (options['newpassword'] == undefined) {
- ShowHelp();
-}
-
- var lp = loadparm_init();
- var samdb = lp.get("sam database");
- var ldb = ldb_init();
- random_init(local);
- ldb.session_info = system_session();
- ldb.credentials = options.get_credentials();
-
- /* connect to the sam */
- var ok = ldb.connect(samdb);
- assert(ok);
-
- ldb.transaction_start();
-
-/* find the DNs for the domain and the domain users group */
-var attrs = new Array("defaultNamingContext");
-var attrs2 = new Array("cn");
-res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-assert(res.error == 0);
-assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
-var domain_dn = res.msgs[0].defaultNamingContext;
-assert(domain_dn != undefined);
-
-if (options['filter'] != undefined) {
- var res = ldb.search(options['filter'],
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for filter %s\n", options['filter']);
- exit(1);
- }
-} else {
- var res = ldb.search(sprintf("samAccountName=%s", options['username']),
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for user %s\n", options['username']);
- exit(1);
- }
-}
-
-var mod = sprintf("
-dn: %s
-changetype: modify
-replace: sambaPassword
-sambaPassword: %s
-",
- res[0].dn, options['newpassword']);
-var ok = ldb.modify(mod);
-if (ok.error != 0) {
- message("set password for %s failed - %s\n",
- res[0].dn, ok.errstr);
- ldb.transaction_cancel();
- exit(1);
-} else {
- message("set password for %s (%s) succeded\n",
- res[0].dn, res[0].cn);
-
- ldb.transaction_commit();
-}
-
-
-return 0;
+#!/usr/bin/python
+#
+# add a new user to a Samba4 server
+# Copyright Andrew Tridgell 2005
+# Copyright Jelmer Vernooij 2008
+# Released under the GNU GPL v2 or later
+#
+
+import samba.getopt as options
+import optparse
+import pwd
+import sys
+from getpass import getpass
+from auth import system_session
+from samba.samdb import SamDB
+
+parser = optparse.OptionParser("setpassword [username] [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
+parser.add_option("--newpassword", help="Set password", type=str)
+
+opts, args = parser.parse_args()
+
+#
+# print a message if quiet is not set
+#
+def message(text):
+ if not opts.quiet:
+ print text
+
+if len(args) == 0:
+ parser.print_usage()
+ sys.exit(1)
+
+password = opts.password;
+if password is None:
+ password = getpass("New Password: ")
+
+filter = opts.filter
+
+if filter is None:
+ username = args[0]
+ if username is None:
+ print "Either username or --filter must be specified"
+
+ filter = "(&(objectclass=user)(samAccountName=" + username + "))"
+
+
+creds = credopts.get_credentials()
+
+lp = sambaopts.get_loadparm()
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+samdb.setpassword(filter, password)