sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00
Code

Fix newuser and setpassword scripts, and port to idmap.

Browse Source 
The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database.  Users without a
backing unix user will get an allocated uid by idmap later.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2008-04-14 11:51:02 +02:00
parent 416d2e3a52
commit 8bd8bc1475
5 changed files with 45 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
source/scripting/python/samba/idmap.py
View File

@ -21,6 +21,7 @@
"""Convenience functions for using the idmap database."""
import samba
import misc
import ldb
class IDmapDB(samba.Ldb):
@ -37,11 +38,17 @@ class IDmapDB(samba.Ldb):
:param url: URL of the database.
"""
self.lp = lp
super(IDmapDB, self).__init__(session_info=session_info, credentials=credentials,
modules_dir=modules_dir, lp=lp)
if url:
self.connect(url)
else:
self.connect(lp.get("idmap database"))
def connect(self, url):
super(IDmapDB, self).connect(misc.private_path(self.lp, url))
def setup_name_mapping(self, sid, type, unixid):
"""Setup a mapping between a sam name and a unix name.

28
source/scripting/python/samba/samdb.py
View File

@ -25,20 +25,29 @@
import samba
import misc
import ldb
from samba.idmap import IDmapDB
import pwd
class SamDB(samba.Ldb):
"""The SAM database."""
def __init__(self, url=None, session_info=None, credentials=None,
modules_dir=None, lp=None):
"""Open the Sam Database.
:param url: URL of the database.
"""
self.lp = lp
super(SamDB, self).__init__(session_info=session_info, credentials=credentials,
modules_dir=modules_dir, lp=lp)
assert misc.dsdb_set_global_schema(self) == 0
if url:
self.connect(url)
else:
self.connect(lp.get("sam database"))
def connect(self, url):
super(SamDB, self).connect(misc.private_path(self.lp, url))
def add_foreign(self, domaindn, sid, desc):
"""Add a foreign security principle."""
@ -101,10 +110,27 @@ userAccountControl: %u
# now the real work
self.add({"dn": user_dn,
"sAMAccountName": username,
"unixName": unixname,
"sambaPassword": password,
"objectClass": "user"})
res = self.search(user_dn, scope=ldb.SCOPE_BASE,
expression="objectclass=*",
attrs=["objectSid"])
assert(len(res) == 1)
user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0])
try:
idmap = IDmapDB(lp=self.lp)
user = pwd.getpwnam(unixname)
# setup ID mapping for this UID
idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
except KeyError:
pass
# modify the userAccountControl to remove the disabled bit
self.enable_account(user_dn)
self.transaction_commit()

10
source/setup/newuser
View File

@ -45,15 +45,9 @@ else:
if opts.unixname is None:
opts.unixname = username
try:
pwd.getpwnam(opts.unixname)
except KeyError:
print "ERROR: Unix user '%s' does not exist" % opts.unixname
sys.exit(1)
creds = credopts.get_credentials()
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
samdb.newuser(username, opts.unixname, password)

8
source/setup/setpassword
View File

@ -36,7 +36,7 @@ if len(args) == 0:
parser.print_usage()
sys.exit(1)
password = opts.password;
password = opts.newpassword;
if password is None:
password = getpass("New Password: ")
@ -47,12 +47,12 @@ if filter is None:
if username is None:
print "Either username or --filter must be specified"
filter = "(&(objectclass=user)(samAccountName=" + username + "))"
filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
creds = credopts.get_credentials()
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
samdb.setpassword(filter, password)

7
source/setup/tests/blackbox_provision.sh
View File

@ -31,8 +31,11 @@ testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --
testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc
testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member
testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone
testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --blank
testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --partitions-only
testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank
testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only
testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass
testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass
reprovision() {
$PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision"