Revert "s4: Let the "setpassword" script finally use the "samdb_set_password" routine"

This reverts commit fdd62e9699b181a140292689fcd88a559bc26211.

abartlet and I agreed that this isn't the right way to enforce the password
policies. Sooner or later we've to control them anyway on the directory level.

source4/scripting/python/pyglue.c

@@ -220,69 +220,13 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
 	if (!sid) {
 		PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
 		return NULL;
-	}
-
+	} 
 	retstr = dom_sid_string(NULL, sid);
 	ret = PyString_FromString(retstr);
 	talloc_free(retstr);
-
 	return ret;
 }
 
-static PyObject *py_samdb_set_password(PyLdbObject *self, PyObject *args,
-	PyObject *kwargs)
-{
-	PyObject *py_sam, *py_user_dn, *py_dom_dn, *py_mod, *py_user_change;
-	char *new_password;
-	bool user_change;
-	DATA_BLOB new_pwd_blob;
-	struct ldb_context *sam_ctx;
-	struct ldb_dn *user_dn, *dom_dn;
-	struct ldb_message *mod;
-	TALLOC_CTX *mem_ctx;
-	NTSTATUS status;
-	const char * const kwnames[] = { "samdb", "user_dn", "dom_dn", "mod",
-		"new_password", "user_change", NULL };
-
-	if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOOsO",
-		  discard_const_p(char *, kwnames),
-		  &py_sam, &py_user_dn, &py_dom_dn, &py_mod, &new_password,
-		  &py_user_change))
-		return NULL;
-
-	sam_ctx = PyLdb_AsLdbContext(py_sam);
-
-	mem_ctx = talloc_new(NULL);
-	if (mem_ctx == NULL) {
-		PyErr_NoMemory();
-	}
-
-	if (!PyObject_AsDn(mem_ctx, py_user_dn, sam_ctx, &user_dn)) {
-		PyErr_SetString(PyExc_RuntimeError, "user_dn invalid!");
-		return NULL;
-	}
-
-	if (!PyObject_AsDn(mem_ctx, py_dom_dn, sam_ctx, &dom_dn)) {
-		PyErr_SetString(PyExc_RuntimeError, "dom_dn invalid!");
-		return NULL;
-	}
-
-	mod = PyLdbMessage_AsMessage(py_mod);
-
-	user_change = PyInt_AsLong(py_user_change);
-
-	new_pwd_blob.data = (uint8_t *) new_password;
-	new_pwd_blob.length = strlen((char *) new_pwd_blob.data);
-
-	status = samdb_set_password(sam_ctx, mem_ctx, user_dn, dom_dn, mod,
-		&new_pwd_blob, NULL, NULL, user_change, NULL, NULL);
-
-	talloc_free(mem_ctx);
-
-	PyErr_NTSTATUS_IS_ERR_RAISE(status);
-	Py_RETURN_NONE;
-}
-
 static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args)
 {
 	PyObject *py_ldb;
@@ -496,8 +440,7 @@ static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
 
 	sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
 
-	status = dom_sid_split_rid(NULL, (const struct dom_sid *)sid, NULL,
-		&rid);
+	status = dom_sid_split_rid(NULL, sid, NULL, &rid);
 	if (!NT_STATUS_IS_OK(status)) {
 		PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
 		return NULL;
@@ -527,10 +470,6 @@ static PyMethodDef py_misc_methods[] = {
 	{ "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
 		"samdb_get_domain_sid(samdb)\n"
 		"Get SID of domain in use." },
-	{ "samdb_set_password", (PyCFunction)py_samdb_set_password,
-		METH_VARARGS|METH_KEYWORDS,
-		"samdb_set_password(samdb, user_dn, dom_dn, mod, new_password, user_change)\n"
-		"Set the password of a user" },
 	{ "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS,
 		"ldb_register_samba_handlers(ldb)\n"
 		"Register Samba-specific LDB modules and schemas." },

source4/scripting/python/samba/samdb.py

@@ -161,14 +161,14 @@ pwdLastSet: 0
             assert(len(res) == 1)
             user_dn = res[0].dn
 
-            mod = ldb.Message()
-            mod.dn = user_dn
+            setpw = """
+dn: %s
+changetype: modify
+replace: userPassword
+userPassword:: %s
+""" % (user_dn, base64.b64encode(password))
 
-            glue.samdb_set_password(samdb=self, user_dn=str(user_dn),
-                        dom_dn=self.domain_dn(), mod=mod, new_password=password,
-                        user_change=False)
-
-            self.modify(mod)
+            self.modify_ldif(setpw)
 
             if force_password_change_at_next_login:
                 self.force_password_change_at_next_login(user_dn)