summaryrefslogtreecommitdiff
path: root/source4/setup/setpassword
blob: 618e304077379bce4b61b8a27131e0ddd9cef896 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
	set a user's password on a Samba4 server
	Copyright Andrew Tridgell 2005
	Copyright Andrew Bartlett 2006
	Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
		"POPT_AUTOHELP",
		'username=s',
		'filter=s',
		'newpassword=s',
		"POPT_COMMON_SAMBA",
		"POPT_COMMON_VERSION",
		"POPT_COMMON_CREDENTIALS",
		'quiet');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message() 
{
	if (options["quiet"] == undefined) {
		print(vsprintf(arguments));
	}
}

/*
 show some help
*/
function ShowHelp()
{
	print("
Samba4 newuser

newuser [options]
  --username     USERNAME     username
  --filter       LDAPFILTER   LDAP Filter to set password on
  --newpassword  PASSWORD     set password

You must provide either a filter or a username, as well as password
");
	exit(1);
}

if (options['username'] == undefined && options['filter'] == undefined) {
	ShowHelp();
}

if (options['newpassword'] == undefined) {
	ShowHelp();
}

	var lp = loadparm_init();
	var samdb = lp.get("sam database");
	var ldb = ldb_init();
	random_init(local);
	ldb.session_info = system_session();
	ldb.credentials = options.get_credentials();

	/* connect to the sam */
	var ok = ldb.connect(samdb);
	assert(ok);

	ldb.transaction_start();

/* find the DNs for the domain and the domain users group */
var attrs = new Array("defaultNamingContext");
var attrs2 = new Array("cn");
res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
assert(res.error == 0);
assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
var domain_dn = res.msgs[0].defaultNamingContext;
assert(domain_dn != undefined);

if (options['filter'] != undefined) {
    var res = ldb.search(options['filter'],
	domain_dn, ldb.SCOPE_SUBTREE, attrs2);
    if (res.error != 0 || res.msgs.length != 1) {
	message("Failed to find record for filter %s\n", options['filter']);
	exit(1);
    }
} else {
    var res = ldb.search(sprintf("samAccountName=%s", options['username']), 
    domain_dn, ldb.SCOPE_SUBTREE, attrs2);
    if (res.error != 0 || res.msgs.length != 1) {
	message("Failed to find record for user %s\n", options['username']);
	exit(1);
    }
}

var mod = sprintf("
dn: %s
changetype: modify
replace: sambaPassword
sambaPassword: %s
",
    res[0].dn, options['newpassword']);
var ok = ldb.modify(mod);
if (ok.error != 0) {
	message("set password for %s failed - %s\n",
	    res[0].dn, ok.errstr);
	ldb.transaction_cancel();
	exit(1);
} else {
	message("set password for %s (%s) succeded\n",
	    res[0].dn, res[0].cn);
	
	ldb.transaction_commit();
}


return 0;