2010-06-24 14:33:58 +10:00
#!/usr/bin/env python
2010-03-01 23:03:41 +01:00
#
# user management
#
# Copyright Jelmer Vernooij 2010 <jelmer@samba.org>
2011-05-19 16:17:07 -04:00
# Copyright Theresa Halloran 2011 <theresahalloran@gmail.com>
2011-07-15 12:07:03 -04:00
# Copyright Giampaolo Lauria 2011 <lauria2@yahoo.com>
2010-03-01 23:03:41 +01:00
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import samba . getopt as options
2011-07-28 17:03:57 +10:00
import sys , ldb
2011-06-27 12:59:41 -04:00
from getpass import getpass
2011-05-19 16:17:07 -04:00
from samba . auth import system_session
from samba . samdb import SamDB
2011-06-27 12:59:41 -04:00
from samba import gensec
2010-03-01 23:03:41 +01:00
from samba . net import Net
from samba . netcmd import (
Command ,
2011-04-01 15:59:15 +11:00
CommandError ,
2010-03-01 23:03:41 +01:00
SuperCommand ,
2011-05-19 16:17:07 -04:00
Option ,
2010-03-01 23:03:41 +01:00
)
2011-06-27 12:59:41 -04:00
2011-07-15 13:46:27 -04:00
2010-04-09 02:31:57 +02:00
class cmd_user_add ( Command ) :
2011-07-26 13:25:58 -04:00
""" Creates a new user """
2011-07-15 13:46:27 -04:00
synopsis = " % prog user add <username> [<password>] [options] "
2010-03-01 23:03:41 +01:00
2011-07-26 13:25:58 -04:00
takes_options = [
Option ( " -H " , " --URL " , help = " LDB URL for database or target server " , type = str ,
metavar = " URL " , dest = " H " ) ,
Option ( " --must-change-at-next-login " ,
help = " Force password to be changed on next login " ,
action = " store_true " ) ,
Option ( " --use-username-as-cn " ,
help = " Force use of username as user ' s CN " ,
action = " store_true " ) ,
Option ( " --userou " ,
help = " Alternative location (without domainDN counterpart) to default CN=Users in which new user object will be created " ,
type = str ) ,
Option ( " --surname " , help = " User ' s surname " , type = str ) ,
Option ( " --given-name " , help = " User ' s given name " , type = str ) ,
Option ( " --initials " , help = " User ' s initials " , type = str ) ,
Option ( " --profile-path " , help = " User ' s profile path " , type = str ) ,
Option ( " --script-path " , help = " User ' s logon script path " , type = str ) ,
Option ( " --home-drive " , help = " User ' s home drive letter " , type = str ) ,
Option ( " --home-directory " , help = " User ' s home directory path " , type = str ) ,
Option ( " --job-title " , help = " User ' s job title " , type = str ) ,
Option ( " --department " , help = " User ' s department " , type = str ) ,
Option ( " --company " , help = " User ' s company " , type = str ) ,
Option ( " --description " , help = " User ' s description " , type = str ) ,
Option ( " --mail-address " , help = " User ' s email address " , type = str ) ,
Option ( " --internet-address " , help = " User ' s home page " , type = str ) ,
Option ( " --telephone-number " , help = " User ' s phone number " , type = str ) ,
Option ( " --physical-delivery-office " , help = " User ' s office location " , type = str ) ,
]
takes_args = [ " username " , " password? " ]
def run ( self , username , password = None , credopts = None , sambaopts = None ,
versionopts = None , H = None , must_change_at_next_login = None ,
use_username_as_cn = None , userou = None , surname = None , given_name = None , initials = None ,
profile_path = None , script_path = None , home_drive = None , home_directory = None ,
job_title = None , department = None , company = None , description = None ,
mail_address = None , internet_address = None , telephone_number = None , physical_delivery_office = None ) :
while 1 :
if password is not None and password is not ' ' :
break
password = getpass ( " New Password: " )
2010-03-01 23:03:41 +01:00
lp = sambaopts . get_loadparm ( )
2011-07-26 13:25:58 -04:00
creds = credopts . get_credentials ( lp )
2011-07-15 15:23:36 -04:00
try :
2011-07-26 13:25:58 -04:00
samdb = SamDB ( url = H , session_info = system_session ( ) ,
credentials = creds , lp = lp )
samdb . newuser ( username , password ,
force_password_change_at_next_login_req = must_change_at_next_login ,
useusernameascn = use_username_as_cn , userou = userou , surname = surname , givenname = given_name , initials = initials ,
profilepath = profile_path , homedrive = home_drive , scriptpath = script_path , homedirectory = home_directory ,
jobtitle = job_title , department = department , company = company , description = description ,
mailaddress = mail_address , internetaddress = internet_address ,
telephonenumber = telephone_number , physicaldeliveryoffice = physical_delivery_office )
except Exception , e :
raise CommandError ( " Failed to add user ' %s ' : " % username , e )
2011-07-15 15:23:36 -04:00
2011-07-26 13:25:58 -04:00
print ( " User ' %s ' created successfully " % username )
2010-03-01 23:03:41 +01:00
2011-07-15 13:46:27 -04:00
2010-03-01 23:03:41 +01:00
class cmd_user_delete ( Command ) :
2011-08-15 12:07:50 +10:00
""" Delete a user """
2011-07-26 13:25:58 -04:00
2011-09-06 13:35:00 -04:00
synopsis = " % prog user delete <username> [options] "
2010-03-01 23:03:41 +01:00
2011-08-15 12:07:50 +10:00
takes_options = [
Option ( " -H " , " --URL " , help = " LDB URL for database or target server " , type = str ,
metavar = " URL " , dest = " H " ) ,
]
takes_args = [ " username " ]
def run ( self , username , credopts = None , sambaopts = None , versionopts = None , H = None ) :
2010-03-01 23:03:41 +01:00
lp = sambaopts . get_loadparm ( )
2010-12-08 08:20:54 +11:00
creds = credopts . get_credentials ( lp , fallback_machine = True )
2010-03-01 23:03:41 +01:00
2011-08-15 12:07:50 +10:00
try :
samdb = SamDB ( url = H , session_info = system_session ( ) ,
credentials = creds , lp = lp )
samdb . deleteuser ( username )
except Exception , e :
raise CommandError ( ' Failed to remove user " %s " ' % username , e )
print ( " Deleted user %s " % username )
2011-06-27 12:59:41 -04:00
2011-07-15 13:46:27 -04:00
2011-09-06 13:35:00 -04:00
2011-05-19 16:17:07 -04:00
class cmd_user_enable ( Command ) :
""" Enables a user """
2011-07-15 13:58:00 -04:00
synopsis = " % prog user enable (<username>|--filter <filter>) [options] "
2011-05-19 16:17:07 -04:00
takes_options = [
2011-07-25 11:56:10 -04:00
Option ( " -H " , " --URL " , help = " LDB URL for database or target server " , type = str ,
metavar = " URL " , dest = " H " ) ,
2011-05-19 16:17:07 -04:00
Option ( " --filter " , help = " LDAP Filter to set password on " , type = str ) ,
]
takes_args = [ " username? " ]
def run ( self , username = None , sambaopts = None , credopts = None ,
versionopts = None , filter = None , H = None ) :
if username is None and filter is None :
raise CommandError ( " Either the username or ' --filter ' must be specified! " )
if filter is None :
2011-07-28 17:14:28 +10:00
filter = " (&(objectClass=user)(sAMAccountName= %s )) " % ( ldb . binary_encode ( username ) )
2011-05-19 16:17:07 -04:00
lp = sambaopts . get_loadparm ( )
creds = credopts . get_credentials ( lp , fallback_machine = True )
samdb = SamDB ( url = H , session_info = system_session ( ) ,
credentials = creds , lp = lp )
2011-06-01 14:41:51 +10:00
try :
samdb . enable_account ( filter )
except Exception , msg :
2011-07-15 15:23:36 -04:00
raise CommandError ( " Failed to enable user ' %s ' : %s " % ( username or filter , msg ) )
print ( " Enabled user ' %s ' " % ( username or filter ) )
2011-06-01 14:41:51 +10:00
2011-05-19 16:17:07 -04:00
2011-07-15 13:46:27 -04:00
2011-05-19 16:24:00 -04:00
class cmd_user_setexpiry ( Command ) :
""" Sets the expiration of a user account """
2011-05-19 16:17:07 -04:00
2011-07-15 13:46:27 -04:00
synopsis = " % prog user setexpiry (<username>|--filter <filter>) [options] "
2011-05-19 16:24:00 -04:00
takes_options = [
2011-07-25 11:56:10 -04:00
Option ( " -H " , " --URL " , help = " LDB URL for database or target server " , type = str ,
metavar = " URL " , dest = " H " ) ,
2011-05-19 16:24:00 -04:00
Option ( " --filter " , help = " LDAP Filter to set password on " , type = str ) ,
2011-07-18 10:03:16 -04:00
Option ( " --days " , help = " Days to expiry " , type = int , default = 0 ) ,
Option ( " --noexpiry " , help = " Password does never expire " , action = " store_true " , default = False ) ,
2011-05-19 16:24:00 -04:00
]
takes_args = [ " username? " ]
2011-07-26 13:25:58 -04:00
2011-05-19 16:24:00 -04:00
def run ( self , username = None , sambaopts = None , credopts = None ,
versionopts = None , H = None , filter = None , days = None , noexpiry = None ) :
if username is None and filter is None :
raise CommandError ( " Either the username or ' --filter ' must be specified! " )
if filter is None :
2011-07-28 17:14:28 +10:00
filter = " (&(objectClass=user)(sAMAccountName= %s )) " % ( ldb . binary_encode ( username ) )
2011-05-19 16:24:00 -04:00
lp = sambaopts . get_loadparm ( )
creds = credopts . get_credentials ( lp )
samdb = SamDB ( url = H , session_info = system_session ( ) ,
credentials = creds , lp = lp )
2011-06-01 14:46:04 +10:00
try :
samdb . setexpiry ( filter , days * 24 * 3600 , no_expiry_req = noexpiry )
except Exception , msg :
2011-07-15 15:23:36 -04:00
raise CommandError ( " Failed to set expiry for user ' %s ' : %s " % ( username or filter , msg ) )
print ( " Set expiry for user ' %s ' to %u days " % ( username or filter , days ) )
2010-03-01 23:03:41 +01:00
2011-06-27 12:59:41 -04:00
2011-07-27 18:41:56 +10:00
class cmd_user_password ( Command ) :
""" Change password for a user account (the one provided in authentication) """
synopsis = " % prog user password [options] "
takes_options = [
Option ( " --newpassword " , help = " New password " , type = str ) ,
]
def run ( self , credopts = None , sambaopts = None , versionopts = None ,
newpassword = None ) :
lp = sambaopts . get_loadparm ( )
creds = credopts . get_credentials ( lp )
2011-07-28 15:14:03 +10:00
# get old password now, to get the password prompts in the right order
old_password = creds . get_password ( )
2011-07-27 18:41:56 +10:00
net = Net ( creds , lp , server = credopts . ipaddress )
password = newpassword
while 1 :
if password is not None and password is not ' ' :
break
password = getpass ( " New Password: " )
try :
net . change_password ( password )
except Exception , msg :
raise CommandError ( " Failed to change password : %s " % msg )
print " Changed password OK "
2011-06-27 12:59:41 -04:00
class cmd_user_setpassword ( Command ) :
""" (Re)sets the password of a user account """
2011-07-15 13:46:27 -04:00
synopsis = " % prog user setpassword (<username>|--filter <filter>) [options] "
2011-06-27 12:59:41 -04:00
takes_options = [
2011-07-25 11:56:10 -04:00
Option ( " -H " , " --URL " , help = " LDB URL for database or target server " , type = str ,
metavar = " URL " , dest = " H " ) ,
2011-06-27 12:59:41 -04:00
Option ( " --filter " , help = " LDAP Filter to set password on " , type = str ) ,
Option ( " --newpassword " , help = " Set password " , type = str ) ,
Option ( " --must-change-at-next-login " ,
2011-07-18 10:03:16 -04:00
help = " Force password to be changed on next login " ,
action = " store_true " ) ,
2011-06-27 12:59:41 -04:00
]
takes_args = [ " username? " ]
def run ( self , username = None , filter = None , credopts = None , sambaopts = None ,
versionopts = None , H = None , newpassword = None ,
must_change_at_next_login = None ) :
if filter is None and username is None :
raise CommandError ( " Either the username or ' --filter ' must be specified! " )
password = newpassword
2011-07-15 15:23:36 -04:00
while 1 :
if password is not None and password is not ' ' :
break
2011-06-27 12:59:41 -04:00
password = getpass ( " New Password: " )
if filter is None :
2011-07-28 17:03:57 +10:00
filter = " (&(objectClass=user)(sAMAccountName= %s )) " % ( ldb . binary_encode ( username ) )
2011-06-27 12:59:41 -04:00
lp = sambaopts . get_loadparm ( )
creds = credopts . get_credentials ( lp )
creds . set_gensec_features ( creds . get_gensec_features ( ) | gensec . FEATURE_SEAL )
samdb = SamDB ( url = H , session_info = system_session ( ) ,
credentials = creds , lp = lp )
try :
samdb . setpassword ( filter , password ,
force_change_at_next_login = must_change_at_next_login ,
username = username )
2011-07-15 15:23:36 -04:00
except Exception , msg :
raise CommandError ( " Failed to set password for user ' %s ' : %s " % ( username or filter , msg ) )
2011-06-27 12:59:41 -04:00
print " Changed password OK "
2011-07-15 15:23:36 -04:00
2010-03-01 23:03:41 +01:00
class cmd_user ( SuperCommand ) :
2011-08-02 13:50:15 -04:00
""" User management * """
2010-03-01 23:03:41 +01:00
subcommands = { }
2010-04-09 02:31:57 +02:00
subcommands [ " add " ] = cmd_user_add ( )
2010-03-01 23:03:41 +01:00
subcommands [ " delete " ] = cmd_user_delete ( )
2011-05-19 16:17:07 -04:00
subcommands [ " enable " ] = cmd_user_enable ( )
2011-05-19 16:24:00 -04:00
subcommands [ " setexpiry " ] = cmd_user_setexpiry ( )
2011-07-27 18:41:56 +10:00
subcommands [ " password " ] = cmd_user_password ( )
2011-06-27 12:59:41 -04:00
subcommands [ " setpassword " ] = cmd_user_setpassword ( )