[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-452-g1f38aa0
Matthias Dieter Wallnöfer
mdw at samba.org
Fri Sep 18 13:22:07 MDT 2009
The branch, master has been updated
via 1f38aa0995f7ffa82f670fe5d36046dd6b8f44ac (commit)
via bc2a05f0010f5dece89fda13fd525a1a7ca536a0 (commit)
via a873ea42caae61162e9d334442e521f7ebbf4935 (commit)
via fc61121640b828a3399d09f52eef8e415995c917 (commit)
from 900a8d435d1b15b3b0453441624727d532b74f55 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1f38aa0995f7ffa82f670fe5d36046dd6b8f44ac
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 18 20:22:03 2009 +0200
s4:various scripts under "setup" - Unification
- This unified the shape of those four scripts (comments, command sequence, call
of SamDB)
- To consider the samdb.py changes regarding the filter: there is now always the
possibility either to specify the username or the search filter
commit bc2a05f0010f5dece89fda13fd525a1a7ca536a0
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 18 20:21:29 2009 +0200
s4:domainlevel/pwsettings - Remove unused import
commit a873ea42caae61162e9d334442e521f7ebbf4935
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 18 20:16:05 2009 +0200
s4:samdb.py - Unification of the interfaces
- When a user account is requested by a call always the search filter will be
passed as argument. This helps us to unify the API
- Add/fix some comments; in particular new comments inform the developer which
requirements exist if he wants to use calls which manipulate the
"userPassword" attribute (On s4 no problem - but on certain domain levels on
Windows Server)
commit fc61121640b828a3399d09f52eef8e415995c917
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date: Fri Sep 18 20:15:12 2009 +0200
s4:minschema/fullschema - add correct header comments
-----------------------------------------------------------------------
Summary of changes:
source4/scripting/bin/fullschema | 2 +-
source4/scripting/bin/minschema | 2 +-
source4/scripting/python/samba/idmap.py | 2 +-
source4/scripting/python/samba/samdb.py | 90 ++++++++++++++++++-------------
source4/setup/domainlevel | 1 -
source4/setup/enableaccount | 72 ++++++++++--------------
source4/setup/newuser | 10 ++--
source4/setup/pwsettings | 1 -
source4/setup/setexpiry | 50 ++++++++++++-----
source4/setup/setpassword | 15 +----
10 files changed, 130 insertions(+), 115 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/scripting/bin/fullschema b/source4/scripting/bin/fullschema
index 4c73100..4a01b6a 100755
--- a/source4/scripting/bin/fullschema
+++ b/source4/scripting/bin/fullschema
@@ -1,6 +1,6 @@
#!/usr/bin/python
#
-# work out the minimal schema for a set of objectclasses
+# Works out the full schema
#
import base64
diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema
index c860495..43f7816 100755
--- a/source4/scripting/bin/minschema
+++ b/source4/scripting/bin/minschema
@@ -1,6 +1,6 @@
#!/usr/bin/python
#
-# work out the minimal schema for a set of objectclasses
+# Works out the minimal schema for a set of objectclasses
#
import base64
diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py
index acc98a5..ad209f4 100644
--- a/source4/scripting/python/samba/idmap.py
+++ b/source4/scripting/python/samba/idmap.py
@@ -34,7 +34,7 @@ class IDmapDB(samba.Ldb):
def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
credentials=None, flags=0, options=None):
- """Opens the IDmap Database.
+ """Opens the IDMap Database
For parameter meanings see the super class (samba.Ldb)
"""
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a58d6c5..ef2a0b1 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -37,7 +37,7 @@ class SamDB(samba.Ldb):
def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
credentials=None, flags=0, options=None):
- """Opens the Sam Database.
+ """Opens the SAM Database
For parameter meanings see the super class (samba.Ldb)
"""
@@ -55,13 +55,25 @@ class SamDB(samba.Ldb):
super(SamDB, self).connect(url=self.lp.private_path(url), flags=flags,
options=options)
- def enable_account(self, user_dn):
- """Enable an account.
+ def domain_dn(self):
+ # find the DNs for the domain
+ res = self.search(base="",
+ scope=ldb.SCOPE_BASE,
+ expression="(defaultNamingContext=*)",
+ attrs=["defaultNamingContext"])
+ assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
+ return res[0]["defaultNamingContext"][0]
+
+ def enable_account(self, filter):
+ """Enables an account
- :param user_dn: Dn of the account to enable.
+ :param filter: LDAP filter to find the user (eg samccountname=name)
"""
- res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"])
- assert len(res) == 1
+ res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+ expression=filter, attrs=["userAccountControl"])
+ assert(len(res) == 1)
+ user_dn = res[0].dn
+
userAccountControl = int(res[0]["userAccountControl"][0])
if (userAccountControl & 0x2):
userAccountControl = userAccountControl & ~0x2 # remove disabled bit
@@ -76,11 +88,16 @@ userAccountControl: %u
""" % (user_dn, userAccountControl)
self.modify_ldif(mod)
- def force_password_change_at_next_login(self, user_dn):
- """Force a password change at next login
+ def force_password_change_at_next_login(self, filter):
+ """Forces a password change at next login
- :param user_dn: Dn of the account to force password change on
+ :param filter: LDAP filter to find the user (eg samccountname=name)
"""
+ res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+ expression=filter, attrs=[])
+ assert(len(res) == 1)
+ user_dn = res[0].dn
+
mod = """
dn: %s
changetype: modify
@@ -89,17 +106,12 @@ pwdLastSet: 0
""" % (user_dn)
self.modify_ldif(mod)
- def domain_dn(self):
- # find the DNs for the domain
- res = self.search(base="",
- scope=ldb.SCOPE_BASE,
- expression="(defaultNamingContext=*)",
- attrs=["defaultNamingContext"])
- assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
- return res[0]["defaultNamingContext"][0]
-
def newuser(self, username, unixname, password, force_password_change_at_next_login=False):
- """add a new user record.
+ """Adds a new user
+
+ Note: This call uses the "userPassword" attribute to set the password.
+ This works correctly on SAMBA 4 DCs and on Windows DCs with
+ "2003 Native" or higer domain function level.
:param username: Name of the new user.
:param unixname: Name of the unix user to map to.
@@ -110,11 +122,8 @@ pwdLastSet: 0
try:
user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn())
- #
- # the new user record. note the reliance on the samdb module to
- # fill in a sid, guid etc
- #
- # now the real work
+ # The new user record. Note the reliance on the SAMLDB module which
+ # fills in the default informations
self.add({"dn": user_dn,
"sAMAccountName": username,
"userPassword": password,
@@ -130,30 +139,34 @@ pwdLastSet: 0
idmap = IDmapDB(lp=self.lp)
user = pwd.getpwnam(unixname)
+
# setup ID mapping for this UID
-
idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
except KeyError:
pass
if force_password_change_at_next_login:
- self.force_password_change_at_next_login(user_dn)
+ self.force_password_change_at_next_login("(dn=" + user_dn + ")")
# modify the userAccountControl to remove the disabled bit
- self.enable_account(user_dn)
+ self.enable_account("(dn=" + user_dn + ")")
except:
self.transaction_cancel()
raise
self.transaction_commit()
def setpassword(self, filter, password, force_password_change_at_next_login=False):
- """Set a password on a user record
+ """Sets the password for a user
+ Note: This call uses the "userPassword" attribute to set the password.
+ This works correctly on SAMBA 4 DCs and on Windows DCs with
+ "2003 Native" or higer domain function level.
+
:param filter: LDAP filter to find the user (eg samccountname=name)
:param password: Password for the user
+ :param force_password_change_at_next_login: Force password change
"""
- # connect to the sam
self.transaction_start()
try:
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
@@ -174,24 +187,27 @@ userPassword:: %s
self.force_password_change_at_next_login(user_dn)
# modify the userAccountControl to remove the disabled bit
- self.enable_account(user_dn)
+ self.enable_account(filter)
except:
self.transaction_cancel()
raise
self.transaction_commit()
- def setexpiry(self, user, expiry_seconds, noexpiry):
- """Set the account expiry for a user
+ def setexpiry(self, filter, expiry_seconds, noexpiry=False):
+ """Sets the account expiry for a user
+ :param filter: LDAP filter to find the user (eg samccountname=name)
:param expiry_seconds: expiry time from now in seconds
:param noexpiry: if set, then don't expire password
"""
self.transaction_start()
try:
res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
- expression=("(samAccountName=%s)" % user),
+ expression=filter,
attrs=["userAccountControl", "accountExpires"])
assert len(res) == 1
+ user_dn = res[0].dn
+
userAccountControl = int(res[0]["userAccountControl"][0])
accountExpires = int(res[0]["accountExpires"][0])
if noexpiry:
@@ -201,16 +217,16 @@ userPassword:: %s
userAccountControl = userAccountControl & ~0x10000
accountExpires = glue.unix2nttime(expiry_seconds + int(time.time()))
- mod = """
+ setexp = """
dn: %s
changetype: modify
replace: userAccountControl
userAccountControl: %u
replace: accountExpires
accountExpires: %u
-""" % (res[0].dn, userAccountControl, accountExpires)
- # now change the database
- self.modify_ldif(mod)
+""" % (user_dn, userAccountControl, accountExpires)
+
+ self.modify_ldif(setexp)
except:
self.transaction_cancel()
raise
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel
index 179adda..dcc26a2 100755
--- a/source4/setup/domainlevel
+++ b/source4/setup/domainlevel
@@ -11,7 +11,6 @@ sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
import samba.getopt as options
import optparse
-import pwd
import ldb
from samba.auth import system_session
diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount
index d4e9540..0ca5b39 100755
--- a/source4/setup/enableaccount
+++ b/source4/setup/enableaccount
@@ -1,18 +1,31 @@
#!/usr/bin/python
#
-# Enables a disabled user account on a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2008
-# Released under the GNU GPL version 3 or later
+# Enables an user account on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
-sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
+import sys
+
+sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-import pwd
-import ldb
from samba.auth import system_session
from samba.samdb import SamDB
@@ -23,49 +36,24 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-parser.add_option("-H", help="LDB URL for database or target server", type=str)
-parser.add_option("--base", help="Base DN to search for user under", type=str)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
opts, args = parser.parse_args()
-#
-# print a message if quiet is not set
-#
-def message(text):
- if not opts.quiet:
- print text
+filter = opts.filter
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
parser.print_usage()
sys.exit(1)
-username = args[0]
-
-if username is None:
- print "username must be specified"
+if filter is None:
+ username = args[0]
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
-
creds = credopts.get_credentials(lp)
-if opts.H is not None:
- url = opts.H
-else:
- url = lp.get("sam database")
-
-samdb = SamDB(url=url, session_info=system_session(),
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
credentials=creds, lp=lp)
-
-domain_dn = opts.base
-if domain_dn is None:
- domain_dn = SamDB.domain_dn(samdb)
-
-filter = "(&(objectClass=user)(samAccountName=%s))" % username
-
-res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
- expression=filter,
- attrs=[])
-assert(len(res) == 1)
-user_dn = res[0].dn
-
-samdb.enable_account(user_dn)
+samdb.enable_account(filter)
diff --git a/source4/setup/newuser b/source4/setup/newuser
index cc89e92..422677c 100755
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -1,6 +1,6 @@
#!/usr/bin/python
#
-# Add a new user to a Samba4 server
+# Adds a new user to a Samba4 server
# Copyright Jelmer Vernooij 2008
#
# Based on the original in EJS:
@@ -18,6 +18,7 @@
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
import sys
# Find right directory when running from source tree
@@ -25,8 +26,10 @@ sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
+
from getpass import getpass
from samba.auth import system_session
+from samba.samdb import SamDB
parser = optparse.OptionParser("newuser [options] <username> [<password>]")
sambaopts = options.SambaOptions(parser)
@@ -34,7 +37,6 @@ parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-parser.add_option("--quiet", help="Be quiet", action="store_true")
parser.add_option("--unixname", help="Unix Username", type=str)
parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
@@ -56,6 +58,6 @@ if opts.unixname is None:
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(),
- credentials=creds)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login=opts.must_change_at_next_login)
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings
index fccd73f..521a58e 100755
--- a/source4/setup/pwsettings
+++ b/source4/setup/pwsettings
@@ -15,7 +15,6 @@ sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
import samba.getopt as options
import optparse
-import pwd
import ldb
from samba.auth import system_session
diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry
index db7cdd4..6c6305c 100755
--- a/source4/setup/setexpiry
+++ b/source4/setup/setexpiry
@@ -1,9 +1,23 @@
#!/usr/bin/python
#
-# Sets the password expiry for a user on a Samba4 server
-# Copyright Andrew Tridgell 2005
-# Copyright Jelmer Vernooij 2008
-# Released under the GNU GPL version 3 or later
+# Sets the user password expiry on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import sys
@@ -13,32 +27,38 @@ sys.path.insert(0, "bin/python")
import samba.getopt as options
import optparse
-from getpass import getpass
+
from samba.auth import system_session
+from samba.samdb import SamDB
-parser = optparse.OptionParser("setexpiry [options] <username>")
+parser = optparse.OptionParser("setexpiry [username] [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
parser.add_option("--days", help="Days to expiry", type=int)
-parser.add_option("--noexpiry", help="Never expire", action="store_true")
+parser.add_option("--noexpiry", help="Password does never expire", action="store_true")
opts, args = parser.parse_args()
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
parser.print_usage()
sys.exit(1)
-username = args[0]
+days = opts.days
+if days is None:
+ days = 0
+
+if filter is None:
+ username = args[0]
+ filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp)
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(),
- credentials=creds)
-days = opts.days
-if days is None:
- days = 0
-samdb.setexpiry(username, days*24*3600, opts.noexpiry)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+samdb.setexpiry(filter, days*24*3600, noexpiry=opts.noexpiry)
diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 513730d..5fbba03 100755
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -20,15 +20,13 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-import os, sys
+import sys
-# Find right directory when running from source tree
--
Samba Shared Repository
More information about the samba-cvs
mailing list