sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-09 09:57:48 +03:00
Code

Make the setup/newuser and setup/setpassword scripts actually work...

Browse Source 
These need a testsuite, but this will come soon.

Andrew Bartlett
This commit is contained in:
Andrew Bartlett 2008-03-28 12:08:54 +11:00
parent ddf9d6ef70
commit fbcaa622bd
3 changed files with 91 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
source/scripting/python/samba/samdb.py
View File

@ -77,10 +77,15 @@ unixName: %s
:param user_dn: Dn of the account to enable.
"""
res = self.search(user_dn, SCOPE_ONELEVEL, None, ["userAccountControl"])
res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"])
assert len(res) == 1
userAccountControl = res[0].userAccountControl
userAccountControl = userAccountControl - 2 # remove disabled bit
userAccountControl = res[0]["userAccountControl"][0]
userAccountControl = int(userAccountControl)
if (userAccountControl & 0x2):
userAccountControl = userAccountControl & ~0x2 # remove disabled bit
if (userAccountControl & 0x20):
userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit
mod = """
dn: %s
changetype: modify
@ -103,13 +108,9 @@ userAccountControl: %u
res = self.search("", scope=ldb.SCOPE_BASE,
expression="(defaultNamingContext=*)",
attrs=["defaultNamingContext"])
assert(len(res) == 1 and res[0].defaultNamingContext is not None)
assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
domain_dn = res[0]["defaultNamingContext"][0]
assert(domain_dn is not None)
dom_users = self.searchone(basedn=domain_dn, attribute="dn",
expression="name=Domain Users")
assert(dom_users is not None)
user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn)
#
@ -123,19 +124,44 @@ userAccountControl: %u
"sambaPassword": password,
"objectClass": "user"})
# add the user to the users group as well
modgroup = """
# modify the userAccountControl to remove the disabled bit
self.enable_account(user_dn)
self.transaction_commit()
def setpassword(self, filter, password):
"""Set a password on a user record
:param filter: LDAP filter to find the user (eg samccountname=name)
:param password: Password for the user
"""
# connect to the sam
self.transaction_start()
# find the DNs for the domain
res = self.search("", scope=ldb.SCOPE_BASE,
expression="(defaultNamingContext=*)",
attrs=["defaultNamingContext"])
assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
domain_dn = res[0]["defaultNamingContext"][0]
assert(domain_dn is not None)
res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
expression=filter,
attrs=[])
assert(len(res) == 1)
user_dn = res[0].dn
setpw = """
dn: %s
changetype: modify
add: member
member: %s
""" % (dom_users, user_dn)
replace: sambaPassword
sambaPassword: %s
""" % (user_dn, password)
self.modify(modgroup)
self.modify_ldif(setpw)
# modify the userAccountControl to remove the disabled bit
enable_account(self, user_dn)
self.enable_account(user_dn)
self.transaction_commit()
def set_domain_sid(self, sid):

6
source/setup/newuser
View File

@ -10,7 +10,7 @@ import samba.getopt as options
import optparse
import pwd
import sys
from getpass import getpass
from auth import system_session
from samba.samdb import SamDB
@ -40,9 +40,7 @@ username = args[0]
if len(args) > 1:
password = args[1]
else:
random_init(local)
options.password = randpass(12)
print "chose random password %s\n" % password
password = getpass("New Password: ")
if opts.unixname is None:
opts.unixname = username

159
source/setup/setpassword
View File

@ -1,123 +1,58 @@
#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
set a user's password on a Samba4 server
Copyright Andrew Tridgell 2005
Copyright Andrew Bartlett 2006
Released under the GNU GPL v2 or later
*/
#!/usr/bin/python
#
# add a new user to a Samba4 server
# Copyright Andrew Tridgell 2005
# Copyright Jelmer Vernooij 2008
# Released under the GNU GPL v2 or later
#
options = GetOptions(ARGV,
"POPT_AUTOHELP",
'username=s',
'filter=s',
'newpassword=s',
"POPT_COMMON_SAMBA",
"POPT_COMMON_VERSION",
"POPT_COMMON_CREDENTIALS",
'quiet');
import samba.getopt as options
import optparse
import pwd
import sys
from getpass import getpass
from auth import system_session
from samba.samdb import SamDB
if (options == undefined) {
println("Failed to parse options");
return -1;
}
parser = optparse.OptionParser("setpassword [username] [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
parser.add_option("--newpassword", help="Set password", type=str)
libinclude("base.js");
libinclude("provision.js");
opts, args = parser.parse_args()
/*
print a message if quiet is not set
*/
function message()
{
if (options["quiet"] == undefined) {
print(vsprintf(arguments));
}
}
#
# print a message if quiet is not set
#
def message(text):
if not opts.quiet:
print text
/*
show some help
*/
function ShowHelp()
{
print("
Samba4 newuser
if len(args) == 0:
parser.print_usage()
sys.exit(1)
newuser [options]
--username USERNAME username
--filter LDAPFILTER LDAP Filter to set password on
--newpassword PASSWORD set password
password = opts.password;
if password is None:
password = getpass("New Password: ")
You must provide either a filter or a username, as well as password
");
exit(1);
}
filter = opts.filter
if (options['username'] == undefined && options['filter'] == undefined) {
ShowHelp();
}
if filter is None:
username = args[0]
if username is None:
print "Either username or --filter must be specified"
if (options['newpassword'] == undefined) {
ShowHelp();
}
var lp = loadparm_init();
var samdb = lp.get("sam database");
var ldb = ldb_init();
random_init(local);
ldb.session_info = system_session();
ldb.credentials = options.get_credentials();
/* connect to the sam */
var ok = ldb.connect(samdb);
assert(ok);
ldb.transaction_start();
/* find the DNs for the domain and the domain users group */
var attrs = new Array("defaultNamingContext");
var attrs2 = new Array("cn");
res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
assert(res.error == 0);
assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
var domain_dn = res.msgs[0].defaultNamingContext;
assert(domain_dn != undefined);
if (options['filter'] != undefined) {
var res = ldb.search(options['filter'],
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
if (res.error != 0 || res.msgs.length != 1) {
message("Failed to find record for filter %s\n", options['filter']);
exit(1);
}
} else {
var res = ldb.search(sprintf("samAccountName=%s", options['username']),
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
if (res.error != 0 || res.msgs.length != 1) {
message("Failed to find record for user %s\n", options['username']);
exit(1);
}
}
var mod = sprintf("
dn: %s
changetype: modify
replace: sambaPassword
sambaPassword: %s
",
res[0].dn, options['newpassword']);
var ok = ldb.modify(mod);
if (ok.error != 0) {
message("set password for %s failed - %s\n",
res[0].dn, ok.errstr);
ldb.transaction_cancel();
exit(1);
} else {
message("set password for %s (%s) succeded\n",
res[0].dn, res[0].cn);
ldb.transaction_commit();
}
filter = "(&(objectclass=user)(samAccountName=" + username + "))"
return 0;
creds = credopts.get_credentials()
lp = sambaopts.get_loadparm()
samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
samdb.setpassword(filter, password)