[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-1435-g56a0f99
Matthias Dieter Wallnöfer
mdw at samba.org
Mon Sep 7 14:05:01 MDT 2009
The branch, master has been updated
via 56a0f995b8a6f1d439a12a8c106477024a606886 (commit)
via 41ce496691c7d2a12cdd9db7ba293f0f7783d88d (commit)
via 7837768c134a9bb67d6cf53eb95c77feaf826026 (commit)
via fdd62e9699b181a140292689fcd88a559bc26211 (commit)
from 0d07ce19496ffbc20a5be2548476a07033acb6d7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 56a0f995b8a6f1d439a12a8c106477024a606886
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Mon Sep 7 12:38:44 2009 +0200
s4:tests/iconv - Fix a warning
commit 41ce496691c7d2a12cdd9db7ba293f0f7783d88d
Author: Andrew Kroeger <andrew at id10ts.net>
Date: Sun Sep 6 22:28:56 2009 -0500
s4:pwsettings: Correct off by factor of 10 for ticks.
The tick conversion math was off by a factor of 10 due to the incorrect usage of
the "e" notation. The expression "XeY" means "X * (10^Y)", so the correct
expression is 1e7 to get the correct adjustment for ticks.
commit 7837768c134a9bb67d6cf53eb95c77feaf826026
Author: Andrew Kroeger <andrew at id10ts.net>
Date: Sun Sep 6 22:25:53 2009 -0500
gitignore: Ignore additional auto-generated files.
commit fdd62e9699b181a140292689fcd88a559bc26211
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Wed Aug 19 12:37:11 2009 +0200
s4: Let the "setpassword" script finally use the "samdb_set_password" routine
The "setpassword" script should use the "samdb_set_password" call to change
the NT user password. Windows Server tests show that "userPassword" is not the
right place to save the NT password and does not inherit the password complexity.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 4 ++
lib/util/charset/tests/iconv.c | 3 +-
source4/scripting/python/pyglue.c | 65 ++++++++++++++++++++++++++++++-
source4/scripting/python/samba/samdb.py | 14 +++---
source4/setup/pwsettings | 8 ++--
5 files changed, 80 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 8d671d8..8425302 100644
--- a/.gitignore
+++ b/.gitignore
@@ -356,6 +356,10 @@ librpc/gen_ndr/*_c.h
librpc/gen_ndr/*_s.c
librpc/gen_ndr/cli_named_pipe_auth.[ch]
librpc/gen_ndr/srv_named_pipe_auth.[ch]
+librpc/gen_ndr/cli_ntlmssp.[ch]
+librpc/gen_ndr/cli_schannel.[ch]
+librpc/gen_ndr/srv_ntlmssp.[ch]
+librpc/gen_ndr/srv_schannel.[ch]
lib/tevent/Makefile
lib/tevent/tevent.so
lib/tevent/libtevent.so*
diff --git a/lib/util/charset/tests/iconv.c b/lib/util/charset/tests/iconv.c
index 0f09ac8..3e2546d 100644
--- a/lib/util/charset/tests/iconv.c
+++ b/lib/util/charset/tests/iconv.c
@@ -441,7 +441,8 @@ static bool test_string2key(struct torture_context *tctx)
torture_fail(tctx, "Failed to convert fixed buffer to UTF8\n");
}
- torture_assert(tctx, strcmp(correct, out1) == 0, "conversion gave incorrect result\n");
+ torture_assert(tctx, strcmp(correct, (const char *) out1) == 0,
+ "conversion gave incorrect result\n");
talloc_free(mem_ctx);
diff --git a/source4/scripting/python/pyglue.c b/source4/scripting/python/pyglue.c
index 42c04c1..3e6233b 100644
--- a/source4/scripting/python/pyglue.c
+++ b/source4/scripting/python/pyglue.c
@@ -220,13 +220,69 @@ static PyObject *py_samdb_get_domain_sid(PyLdbObject *self, PyObject *args)
if (!sid) {
PyErr_SetString(PyExc_RuntimeError, "samdb_domain_sid failed");
return NULL;
- }
+ }
+
retstr = dom_sid_string(NULL, sid);
ret = PyString_FromString(retstr);
talloc_free(retstr);
+
return ret;
}
+static PyObject *py_samdb_set_password(PyLdbObject *self, PyObject *args,
+ PyObject *kwargs)
+{
+ PyObject *py_sam, *py_user_dn, *py_dom_dn, *py_mod, *py_user_change;
+ char *new_password;
+ bool user_change;
+ DATA_BLOB new_pwd_blob;
+ struct ldb_context *sam_ctx;
+ struct ldb_dn *user_dn, *dom_dn;
+ struct ldb_message *mod;
+ TALLOC_CTX *mem_ctx;
+ NTSTATUS status;
+ const char * const kwnames[] = { "samdb", "user_dn", "dom_dn", "mod",
+ "new_password", "user_change", NULL };
+
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "OOOOsO",
+ discard_const_p(char *, kwnames),
+ &py_sam, &py_user_dn, &py_dom_dn, &py_mod, &new_password,
+ &py_user_change))
+ return NULL;
+
+ sam_ctx = PyLdb_AsLdbContext(py_sam);
+
+ mem_ctx = talloc_new(NULL);
+ if (mem_ctx == NULL) {
+ PyErr_NoMemory();
+ }
+
+ if (!PyObject_AsDn(mem_ctx, py_user_dn, sam_ctx, &user_dn)) {
+ PyErr_SetString(PyExc_RuntimeError, "user_dn invalid!");
+ return NULL;
+ }
+
+ if (!PyObject_AsDn(mem_ctx, py_dom_dn, sam_ctx, &dom_dn)) {
+ PyErr_SetString(PyExc_RuntimeError, "dom_dn invalid!");
+ return NULL;
+ }
+
+ mod = PyLdbMessage_AsMessage(py_mod);
+
+ user_change = PyInt_AsLong(py_user_change);
+
+ new_pwd_blob.data = (uint8_t *) new_password;
+ new_pwd_blob.length = strlen((char *) new_pwd_blob.data);
+
+ status = samdb_set_password(sam_ctx, mem_ctx, user_dn, dom_dn, mod,
+ &new_pwd_blob, NULL, NULL, user_change, NULL, NULL);
+
+ talloc_free(mem_ctx);
+
+ PyErr_NTSTATUS_IS_ERR_RAISE(status);
+ Py_RETURN_NONE;
+}
+
static PyObject *py_ldb_register_samba_handlers(PyObject *self, PyObject *args)
{
PyObject *py_ldb;
@@ -440,7 +496,8 @@ static PyObject *py_dom_sid_to_rid(PyLdbObject *self, PyObject *args)
sid = dom_sid_parse_talloc(NULL, PyString_AsString(py_sid));
- status = dom_sid_split_rid(NULL, sid, NULL, &rid);
+ status = dom_sid_split_rid(NULL, (const struct dom_sid *)sid, NULL,
+ &rid);
if (!NT_STATUS_IS_OK(status)) {
PyErr_SetString(PyExc_RuntimeError, "dom_sid_split_rid failed");
return NULL;
@@ -470,6 +527,10 @@ static PyMethodDef py_misc_methods[] = {
{ "samdb_get_domain_sid", (PyCFunction)py_samdb_get_domain_sid, METH_VARARGS,
"samdb_get_domain_sid(samdb)\n"
"Get SID of domain in use." },
+ { "samdb_set_password", (PyCFunction)py_samdb_set_password,
+ METH_VARARGS|METH_KEYWORDS,
+ "samdb_set_password(samdb, user_dn, dom_dn, mod, new_password, user_change)\n"
+ "Set the password of a user" },
{ "ldb_register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers, METH_VARARGS,
"ldb_register_samba_handlers(ldb)\n"
"Register Samba-specific LDB modules and schemas." },
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a58d6c5..b78c8f3 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -161,14 +161,14 @@ pwdLastSet: 0
assert(len(res) == 1)
user_dn = res[0].dn
- setpw = """
-dn: %s
-changetype: modify
-replace: userPassword
-userPassword:: %s
-""" % (user_dn, base64.b64encode(password))
+ mod = ldb.Message()
+ mod.dn = user_dn
+
+ glue.samdb_set_password(samdb=self, user_dn=str(user_dn),
+ dom_dn=self.domain_dn(), mod=mod, new_password=password,
+ user_change=True)
- self.modify_ldif(setpw)
+ self.modify(mod)
if force_password_change_at_next_login:
self.force_password_change_at_next_login(user_dn)
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings
index 49bb551..f26bcf7 100755
--- a/source4/setup/pwsettings
+++ b/source4/setup/pwsettings
@@ -74,8 +74,8 @@ try:
pwd_hist_len = int(res[0]["pwdHistoryLength"][0])
min_pwd_len = int(res[0]["minPwdLength"][0])
# ticks -> days
- min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (10e7 * 60 * 60 * 24))
- max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (10e7 * 60 * 60 * 24))
+ min_pwd_age = int(abs(int(res[0]["minPwdAge"][0])) / (1e7 * 60 * 60 * 24))
+ max_pwd_age = int(abs(int(res[0]["maxPwdAge"][0])) / (1e7 * 60 * 60 * 24))
except:
if args[0] == "show":
print "ERROR: Password informations missing in your AD domain object!"
@@ -153,7 +153,7 @@ elif args[0] == "set":
else:
min_pwd_age = int(opts.min_pwd_age)
# days -> ticks
- min_pwd_age = -int(min_pwd_age * (24 * 60 * 60 * 10e7))
+ min_pwd_age = -int(min_pwd_age * (24 * 60 * 60 * 1e7))
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
@@ -168,7 +168,7 @@ elif args[0] == "set":
else:
max_pwd_age = int(opts.max_pwd_age)
# days -> ticks
- max_pwd_age = -int(max_pwd_age * (24 * 60 * 60 * 10e7))
+ max_pwd_age = -int(max_pwd_age * (24 * 60 * 60 * 1e7))
m = ldb.Message()
m.dn = ldb.Dn(samdb, domain_dn)
--
Samba Shared Repository
More information about the samba-cvs
mailing list