mirror of
https://github.com/samba-team/samba.git
synced 2025-01-25 06:04:04 +03:00
7ca399c075
We were returning just true/false and discarding error number and string. This checking probably breaks swat, will fix it in next round as swat is what made me look into this as I had no way to get back error messages to show to the users. Simo. (This used to be commit 35886b4ae68be475b0fc8b2689ca04d766661261)
124 lines
2.7 KiB
Plaintext
124 lines
2.7 KiB
Plaintext
#!/bin/sh
|
|
exec smbscript "$0" ${1+"$@"}
|
|
/*
|
|
set a user's password on a Samba4 server
|
|
Copyright Andrew Tridgell 2005
|
|
Copyright Andrew Bartlett 2006
|
|
Released under the GNU GPL v2 or later
|
|
*/
|
|
|
|
options = GetOptions(ARGV,
|
|
"POPT_AUTOHELP",
|
|
'username=s',
|
|
'filter=s',
|
|
'newpassword=s',
|
|
"POPT_COMMON_SAMBA",
|
|
"POPT_COMMON_VERSION",
|
|
"POPT_COMMON_CREDENTIALS",
|
|
'quiet');
|
|
|
|
if (options == undefined) {
|
|
println("Failed to parse options");
|
|
return -1;
|
|
}
|
|
|
|
libinclude("base.js");
|
|
libinclude("provision.js");
|
|
|
|
/*
|
|
print a message if quiet is not set
|
|
*/
|
|
function message()
|
|
{
|
|
if (options["quiet"] == undefined) {
|
|
print(vsprintf(arguments));
|
|
}
|
|
}
|
|
|
|
/*
|
|
show some help
|
|
*/
|
|
function ShowHelp()
|
|
{
|
|
print("
|
|
Samba4 newuser
|
|
|
|
newuser [options]
|
|
--username USERNAME username
|
|
--filter LDAPFILTER LDAP Filter to set password on
|
|
--newpassword PASSWORD set password
|
|
|
|
You must provide either a filter or a username, as well as password
|
|
");
|
|
exit(1);
|
|
}
|
|
|
|
if (options['username'] == undefined && options['filter'] == undefined) {
|
|
ShowHelp();
|
|
}
|
|
|
|
if (options['newpassword'] == undefined) {
|
|
ShowHelp();
|
|
}
|
|
|
|
var lp = loadparm_init();
|
|
var samdb = lp.get("sam database");
|
|
var ldb = ldb_init();
|
|
random_init(local);
|
|
ldb.session_info = system_session();
|
|
ldb.credentials = options.get_credentials();
|
|
|
|
/* connect to the sam */
|
|
var ok = ldb.connect(samdb);
|
|
assert(ok);
|
|
|
|
ldb.transaction_start();
|
|
|
|
/* find the DNs for the domain and the domain users group */
|
|
var attrs = new Array("defaultNamingContext");
|
|
var attrs2 = new Array("cn");
|
|
res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
|
|
assert(res.error == 0);
|
|
assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
|
|
var domain_dn = res.msgs[0].defaultNamingContext;
|
|
assert(domain_dn != undefined);
|
|
|
|
if (options['filter'] != undefined) {
|
|
var res = ldb.search(options['filter'],
|
|
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
|
|
if (res.error != 0 || res.msgs.length != 1) {
|
|
message("Failed to find record for filter %s\n", options['filter']);
|
|
exit(1);
|
|
}
|
|
} else {
|
|
var res = ldb.search(sprintf("samAccountName=%s", options['username']),
|
|
domain_dn, ldb.SCOPE_SUBTREE, attrs2);
|
|
if (res.error != 0 || res.msgs.length != 1) {
|
|
message("Failed to find record for user %s\n", options['username']);
|
|
exit(1);
|
|
}
|
|
}
|
|
|
|
var mod = sprintf("
|
|
dn: %s
|
|
changetype: modify
|
|
replace: sambaPassword
|
|
sambaPassword: %s
|
|
",
|
|
res[0].dn, options['newpassword']);
|
|
var ok = ldb.modify(mod);
|
|
if (ok.error != 0) {
|
|
message("set password for %s failed - %s\n",
|
|
res[0].dn, ok.errstr);
|
|
ldb.transaction_cancel();
|
|
exit(1);
|
|
} else {
|
|
message("set password for %s (%s) succeded\n",
|
|
res[0].dn, res[0].cn);
|
|
|
|
ldb.transaction_commit();
|
|
}
|
|
|
|
|
|
return 0;
|