2025-01-12 09:18:10 +03:00 · 2009-06-17 09:14:17 +10:00 · 2009-06-17 09:14:17 +10:00 · 2afc6df9b4
commit 2afc6df9b4
parent 0ac46b00ab
3 changed files with 17 additions and 3 deletions
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@ -152,7 +152,7 @@ userAccountControl: %u
            raise
        self.transaction_commit()

-    def setpassword(self, filter, password):
+    def setpassword(self, filter, password, must_change_at_next_login=False):
        """Set a password on a user record
        
        :param filter: LDAP filter to find the user (eg samccountname=name)
@ -184,6 +184,15 @@ userPassword:: %s

            self.modify_ldif(setpw)

+            if must_change_at_next_login:
+                mod = """
+dn: %s
+changetype: modify
+replace: pwdLastSet
+pwdLastSet: 0
+""" % (user_dn)
+                self.modify_ldif(mod)
+
            #  modify the userAccountControl to remove the disabled bit
            self.enable_account(user_dn)
        except:
@ -212,7 +221,7 @@ userPassword:: %s
        glue.dsdb_set_ntds_invocation_id(self, invocation_id)

    def setexpiry(self, user, expiry_seconds, noexpiry):
-        """Set the password expiry for a user
+        """Set the account expiry for a user
        
        :param expiry_seconds: expiry time from now in seconds
        :param noexpiry: if set, then don't expire password
@ -246,3 +255,4 @@ accountExpires: %u
            self.transaction_cancel()
            raise
        self.transaction_commit();
+
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@ -41,6 +41,7 @@ credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
 parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
 parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")

 opts, args = parser.parse_args()

@ -74,4 +75,5 @@ creds = credopts.get_credentials(lp)

 samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), 
              credentials=creds, lp=lp)
-samdb.setpassword(filter, password)
+samdb.setpassword(filter, password, must_change_at_next_login=opts.must_change_at_next_login)
+
--- a/source4/setup/tests/blackbox_setpassword.sh
+++ b/source4/setup/tests/blackbox_setpassword.sh
@ -18,4 +18,6 @@ testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.

 testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass

+testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass --must-change-at-next-login
+
 exit $failed