1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
set a user's password on a Samba4 server
Copyright Andrew Tridgell 2005
Copyright Andrew Bartlett 2006
Released under the GNU GPL v2 or later
*/
options = GetOptions(ARGV,
"POPT_AUTOHELP",
'username=s',
'filter=s',
'newpassword=s',
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
"POPT_COMMON_CREDENTIALS",
'quiet');
if (options == undefined) {
println("Failed to parse options");
return -1;
}
libinclude("base.js");
libinclude("provision.js");
/*
print a message if quiet is not set
*/
function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
}
}
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 newuser
newuser [options]
--username USERNAME username
--filter LDAPFILTER LDAP Filter to set password on
--newpassword PASSWORD set password
You must provide either a filter or a username, as well as password
");
exit(1);
}
if (options['username'] == undefined && options['filter'] == undefined) {
ShowHelp();
}
if (options['newpassword'] == undefined) {
ShowHelp();
}
var lp = loadparm_init();
var samdb = lp.get("sam database");
var ldb = ldb_init();
random_init(local);
ldb.session_info = system_session();
ldb.credentials = options.get_credentials();
/* connect to the sam */
var ok = ldb.connect(samdb);
assert(ok);
ldb.transaction_start();
/* find the DNs for the domain and the domain users group */
var attrs = new Array("defaultNamingContext");
var attrs2 = new Array("cn");
res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
assert(res.error == 0);
assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
var domain_dn = res.msgs[0].defaultNamingContext;
assert(domain_dn != undefined);
if (options['filter'] != undefined) {
var res = ldb.search(options['filter'],
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
if (res.error != 0 || res.msgs.length != 1) {
message("Failed to find record for filter %s\n", options['filter']);
exit(1);
}
} else {
var res = ldb.search(sprintf("samAccountName=%s", options['username']),
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
if (res.error != 0 || res.msgs.length != 1) {
message("Failed to find record for user %s\n", options['username']);
exit(1);
}
}
var mod = sprintf("
dn: %s
changetype: modify
replace: sambaPassword
sambaPassword: %s
",
res[0].dn, options['newpassword']);
var ok = ldb.modify(mod);
if (ok.error != 0) {
message("set password for %s failed - %s\n",
res[0].dn, ok.errstr);
ldb.transaction_cancel();
exit(1);
} else {
message("set password for %s (%s) succeded\n",
res[0].dn, res[0].cn);
ldb.transaction_commit();
}
return 0;
|
