[SCM] Samba Shared Repository - branch master updated - tevent-0-9-8-452-g1f38aa0

Matthias Dieter Wallnöfer mdw at samba.org
Fri Sep 18 13:22:07 MDT 2009


The branch, master has been updated
       via  1f38aa0995f7ffa82f670fe5d36046dd6b8f44ac (commit)
       via  bc2a05f0010f5dece89fda13fd525a1a7ca536a0 (commit)
       via  a873ea42caae61162e9d334442e521f7ebbf4935 (commit)
       via  fc61121640b828a3399d09f52eef8e415995c917 (commit)
      from  900a8d435d1b15b3b0453441624727d532b74f55 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 1f38aa0995f7ffa82f670fe5d36046dd6b8f44ac
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Sep 18 20:22:03 2009 +0200

    s4:various scripts under "setup" - Unification
    
    - This unified the shape of those four scripts (comments, command sequence, call
      of SamDB)
    - To consider the samdb.py changes regarding the filter: there is now always the
      possibility either to specify the username or the search filter

commit bc2a05f0010f5dece89fda13fd525a1a7ca536a0
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Sep 18 20:21:29 2009 +0200

    s4:domainlevel/pwsettings - Remove unused import

commit a873ea42caae61162e9d334442e521f7ebbf4935
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Sep 18 20:16:05 2009 +0200

    s4:samdb.py - Unification of the interfaces
    
    - When a user account is requested by a call always the search filter will be
      passed as argument. This helps us to unify the API
    - Add/fix some comments; in particular new comments inform the developer which
      requirements exist if he wants to use calls which manipulate the
      "userPassword" attribute (On s4 no problem - but on certain domain levels on
      Windows Server)

commit fc61121640b828a3399d09f52eef8e415995c917
Author: Matthias Dieter Wallnöfer <mwallnoefer at yahoo.de>
Date:   Fri Sep 18 20:15:12 2009 +0200

    s4:minschema/fullschema - add correct header comments

-----------------------------------------------------------------------

Summary of changes:
 source4/scripting/bin/fullschema        |    2 +-
 source4/scripting/bin/minschema         |    2 +-
 source4/scripting/python/samba/idmap.py |    2 +-
 source4/scripting/python/samba/samdb.py |   90 ++++++++++++++++++-------------
 source4/setup/domainlevel               |    1 -
 source4/setup/enableaccount             |   72 ++++++++++--------------
 source4/setup/newuser                   |   10 ++--
 source4/setup/pwsettings                |    1 -
 source4/setup/setexpiry                 |   50 ++++++++++++-----
 source4/setup/setpassword               |   15 +----
 10 files changed, 130 insertions(+), 115 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/scripting/bin/fullschema b/source4/scripting/bin/fullschema
index 4c73100..4a01b6a 100755
--- a/source4/scripting/bin/fullschema
+++ b/source4/scripting/bin/fullschema
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # 
-#  work out the minimal schema for a set of objectclasses 
+# Works out the full schema
 #
 
 import base64
diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema
index c860495..43f7816 100755
--- a/source4/scripting/bin/minschema
+++ b/source4/scripting/bin/minschema
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 # 
-#  work out the minimal schema for a set of objectclasses 
+# Works out the minimal schema for a set of objectclasses
 #
 
 import base64
diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py
index acc98a5..ad209f4 100644
--- a/source4/scripting/python/samba/idmap.py
+++ b/source4/scripting/python/samba/idmap.py
@@ -34,7 +34,7 @@ class IDmapDB(samba.Ldb):
 
     def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
                  credentials=None, flags=0, options=None):
-        """Opens the IDmap Database.
+        """Opens the IDMap Database
         For parameter meanings see the super class (samba.Ldb)
         """
 
diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index a58d6c5..ef2a0b1 100644
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -37,7 +37,7 @@ class SamDB(samba.Ldb):
 
     def __init__(self, url=None, lp=None, modules_dir=None, session_info=None,
                  credentials=None, flags=0, options=None):
-        """Opens the Sam Database.
+        """Opens the SAM Database
         For parameter meanings see the super class (samba.Ldb)
         """
 
@@ -55,13 +55,25 @@ class SamDB(samba.Ldb):
         super(SamDB, self).connect(url=self.lp.private_path(url), flags=flags,
                 options=options)
 
-    def enable_account(self, user_dn):
-        """Enable an account.
+    def domain_dn(self):
+        # find the DNs for the domain
+        res = self.search(base="",
+                          scope=ldb.SCOPE_BASE,
+                          expression="(defaultNamingContext=*)",
+                          attrs=["defaultNamingContext"])
+        assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
+        return res[0]["defaultNamingContext"][0]
+
+    def enable_account(self, filter):
+        """Enables an account
         
-        :param user_dn: Dn of the account to enable.
+        :param filter: LDAP filter to find the user (eg samccountname=name)
         """
-        res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"])
-        assert len(res) == 1
+        res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                          expression=filter, attrs=["userAccountControl"])
+        assert(len(res) == 1)
+        user_dn = res[0].dn
+
         userAccountControl = int(res[0]["userAccountControl"][0])
         if (userAccountControl & 0x2):
             userAccountControl = userAccountControl & ~0x2 # remove disabled bit
@@ -76,11 +88,16 @@ userAccountControl: %u
 """ % (user_dn, userAccountControl)
         self.modify_ldif(mod)
         
-    def force_password_change_at_next_login(self, user_dn):
-        """Force a password change at next login
+    def force_password_change_at_next_login(self, filter):
+        """Forces a password change at next login
         
-        :param user_dn: Dn of the account to force password change on
+        :param filter: LDAP filter to find the user (eg samccountname=name)
         """
+        res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
+                          expression=filter, attrs=[])
+        assert(len(res) == 1)
+        user_dn = res[0].dn
+
         mod = """
 dn: %s
 changetype: modify
@@ -89,17 +106,12 @@ pwdLastSet: 0
 """ % (user_dn)
         self.modify_ldif(mod)
 
-    def domain_dn(self):
-        # find the DNs for the domain
-        res = self.search(base="",
-                          scope=ldb.SCOPE_BASE,
-                          expression="(defaultNamingContext=*)", 
-                          attrs=["defaultNamingContext"])
-        assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
-        return res[0]["defaultNamingContext"][0]
-
     def newuser(self, username, unixname, password, force_password_change_at_next_login=False):
-        """add a new user record.
+        """Adds a new user
+
+        Note: This call uses the "userPassword" attribute to set the password.
+        This works correctly on SAMBA 4 DCs and on Windows DCs with
+        "2003 Native" or higer domain function level.
         
         :param username: Name of the new user.
         :param unixname: Name of the unix user to map to.
@@ -110,11 +122,8 @@ pwdLastSet: 0
         try:
             user_dn = "CN=%s,CN=Users,%s" % (username, self.domain_dn())
 
-            #
-            #  the new user record. note the reliance on the samdb module to 
-            #  fill in a sid, guid etc
-            #
-            #  now the real work
+            # The new user record. Note the reliance on the SAMLDB module which
+            # fills in the default informations
             self.add({"dn": user_dn, 
                 "sAMAccountName": username,
                 "userPassword": password,
@@ -130,30 +139,34 @@ pwdLastSet: 0
                 idmap = IDmapDB(lp=self.lp)
 
                 user = pwd.getpwnam(unixname)
+
                 # setup ID mapping for this UID
-                
                 idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
 
             except KeyError:
                 pass
 
             if force_password_change_at_next_login:
-                self.force_password_change_at_next_login(user_dn)
+                self.force_password_change_at_next_login("(dn=" + user_dn + ")")
 
             #  modify the userAccountControl to remove the disabled bit
-            self.enable_account(user_dn)
+            self.enable_account("(dn=" + user_dn + ")")
         except:
             self.transaction_cancel()
             raise
         self.transaction_commit()
 
     def setpassword(self, filter, password, force_password_change_at_next_login=False):
-        """Set a password on a user record
+        """Sets the password for a user
         
+        Note: This call uses the "userPassword" attribute to set the password.
+        This works correctly on SAMBA 4 DCs and on Windows DCs with
+        "2003 Native" or higer domain function level.
+
         :param filter: LDAP filter to find the user (eg samccountname=name)
         :param password: Password for the user
+        :param force_password_change_at_next_login: Force password change
         """
-        # connect to the sam 
         self.transaction_start()
         try:
             res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
@@ -174,24 +187,27 @@ userPassword:: %s
                 self.force_password_change_at_next_login(user_dn)
 
             #  modify the userAccountControl to remove the disabled bit
-            self.enable_account(user_dn)
+            self.enable_account(filter)
         except:
             self.transaction_cancel()
             raise
         self.transaction_commit()
 
-    def setexpiry(self, user, expiry_seconds, noexpiry):
-        """Set the account expiry for a user
+    def setexpiry(self, filter, expiry_seconds, noexpiry=False):
+        """Sets the account expiry for a user
         
+        :param filter: LDAP filter to find the user (eg samccountname=name)
         :param expiry_seconds: expiry time from now in seconds
         :param noexpiry: if set, then don't expire password
         """
         self.transaction_start()
         try:
             res = self.search(base=self.domain_dn(), scope=ldb.SCOPE_SUBTREE,
-                              expression=("(samAccountName=%s)" % user),
+                              expression=filter,
                               attrs=["userAccountControl", "accountExpires"])
             assert len(res) == 1
+            user_dn = res[0].dn
+
             userAccountControl = int(res[0]["userAccountControl"][0])
             accountExpires     = int(res[0]["accountExpires"][0])
             if noexpiry:
@@ -201,16 +217,16 @@ userPassword:: %s
                 userAccountControl = userAccountControl & ~0x10000
                 accountExpires = glue.unix2nttime(expiry_seconds + int(time.time()))
 
-            mod = """
+            setexp = """
 dn: %s
 changetype: modify
 replace: userAccountControl
 userAccountControl: %u
 replace: accountExpires
 accountExpires: %u
-""" % (res[0].dn, userAccountControl, accountExpires)
-            # now change the database
-            self.modify_ldif(mod)
+""" % (user_dn, userAccountControl, accountExpires)
+
+            self.modify_ldif(setexp)
         except:
             self.transaction_cancel()
             raise
diff --git a/source4/setup/domainlevel b/source4/setup/domainlevel
index 179adda..dcc26a2 100755
--- a/source4/setup/domainlevel
+++ b/source4/setup/domainlevel
@@ -11,7 +11,6 @@ sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
 
 import samba.getopt as options
 import optparse
-import pwd
 import ldb
 
 from samba.auth import system_session
diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount
index d4e9540..0ca5b39 100755
--- a/source4/setup/enableaccount
+++ b/source4/setup/enableaccount
@@ -1,18 +1,31 @@
 #!/usr/bin/python
 #
-#	Enables a disabled user account on a Samba4 server
-#	Copyright Andrew Tridgell 2005
-#	Copyright Jelmer Vernooij 2008
-#	Released under the GNU GPL version 3 or later
+# Enables an user account on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
-import os, sys
 
-sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
+import sys
+
+sys.path.insert(0, "bin/python")
 
 import samba.getopt as options
 import optparse
-import pwd
-import ldb
 
 from samba.auth import system_session
 from samba.samdb import SamDB
@@ -23,49 +36,24 @@ parser.add_option_group(sambaopts)
 parser.add_option_group(options.VersionOptions(parser))
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
-parser.add_option("-H", help="LDB URL for database or target server", type=str)
-parser.add_option("--base", help="Base DN to search for user under", type=str)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
 
 opts, args = parser.parse_args()
 
-#
-#  print a message if quiet is not set
-#
-def message(text):
-	if not opts.quiet:
-		print text
+filter = opts.filter
 
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+	print "Either the username or '--filter' must be specified!"
 	parser.print_usage()
 	sys.exit(1)
 
-username = args[0]
-
-if username is None:
-	print "username must be specified"
+if filter is None:
+	username = args[0]
+	filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
 
 lp = sambaopts.get_loadparm()
-
 creds = credopts.get_credentials(lp)
 
-if opts.H is not None:
-	url = opts.H
-else:
-	url = lp.get("sam database")
-
-samdb = SamDB(url=url, session_info=system_session(), 
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
               credentials=creds, lp=lp)
-
-domain_dn = opts.base
-if domain_dn is None:
-        domain_dn = SamDB.domain_dn(samdb)
-
-filter = "(&(objectClass=user)(samAccountName=%s))" % username
-
-res = samdb.search(domain_dn, scope=ldb.SCOPE_SUBTREE, 
-		  expression=filter,
-		  attrs=[])
-assert(len(res) == 1)
-user_dn = res[0].dn
-
-samdb.enable_account(user_dn)
+samdb.enable_account(filter)
diff --git a/source4/setup/newuser b/source4/setup/newuser
index cc89e92..422677c 100755
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -1,6 +1,6 @@
 #!/usr/bin/python
 #
-# Add a new user to a Samba4 server
+# Adds a new user to a Samba4 server
 # Copyright Jelmer Vernooij 2008
 #
 # Based on the original in EJS:
@@ -18,6 +18,7 @@
 #   
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
 import sys
 
 # Find right directory when running from source tree
@@ -25,8 +26,10 @@ sys.path.insert(0, "bin/python")
 
 import samba.getopt as options
 import optparse
+
 from getpass import getpass
 from samba.auth import system_session
+from samba.samdb import SamDB
 
 parser = optparse.OptionParser("newuser [options] <username> [<password>]")
 sambaopts = options.SambaOptions(parser)
@@ -34,7 +37,6 @@ parser.add_option_group(sambaopts)
 parser.add_option_group(options.VersionOptions(parser))
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
-parser.add_option("--quiet", help="Be quiet", action="store_true")
 parser.add_option("--unixname", help="Unix Username", type=str)
 parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
 
@@ -56,6 +58,6 @@ if opts.unixname is None:
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
 
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(), 
-		                                     credentials=creds)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+              credentials=creds, lp=lp)
 samdb.newuser(username, opts.unixname, password, force_password_change_at_next_login=opts.must_change_at_next_login)
diff --git a/source4/setup/pwsettings b/source4/setup/pwsettings
index fccd73f..521a58e 100755
--- a/source4/setup/pwsettings
+++ b/source4/setup/pwsettings
@@ -15,7 +15,6 @@ sys.path.insert(0, os.path.join(os.path.dirname(sys.argv[0]), "../bin/python"))
 
 import samba.getopt as options
 import optparse
-import pwd
 import ldb
 
 from samba.auth import system_session
diff --git a/source4/setup/setexpiry b/source4/setup/setexpiry
index db7cdd4..6c6305c 100755
--- a/source4/setup/setexpiry
+++ b/source4/setup/setexpiry
@@ -1,9 +1,23 @@
 #!/usr/bin/python
 #
-#	Sets the password expiry for a user on a Samba4 server
-#	Copyright Andrew Tridgell 2005
-#	Copyright Jelmer Vernooij 2008
-#	Released under the GNU GPL version 3 or later
+# Sets the user password expiry on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
 import sys
@@ -13,32 +27,38 @@ sys.path.insert(0, "bin/python")
 
 import samba.getopt as options
 import optparse
-from getpass import getpass
+
 from samba.auth import system_session
+from samba.samdb import SamDB
 
-parser = optparse.OptionParser("setexpiry [options] <username>")
+parser = optparse.OptionParser("setexpiry [username] [options]")
 sambaopts = options.SambaOptions(parser)
 parser.add_option_group(sambaopts)
 parser.add_option_group(options.VersionOptions(parser))
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
 parser.add_option("--days", help="Days to expiry", type=int)
-parser.add_option("--noexpiry", help="Never expire", action="store_true")
+parser.add_option("--noexpiry", help="Password does never expire", action="store_true")
 
 opts, args = parser.parse_args()
 
-if len(args) == 0:
+if (len(args) == 0) and (filter is None):
+	print "Either the username or '--filter' must be specified!"
 	parser.print_usage()
 	sys.exit(1)
 
-username = args[0]
+days = opts.days
+if days is None:
+	days = 0
+
+if filter is None:
+	username = args[0]
+	filter = "(&(objectClass=user)(sAMAccountName=%s))" % (username)
 
 lp = sambaopts.get_loadparm()
 creds = credopts.get_credentials(lp)
 
-samdb = sambaopts.get_hostconfig().get_samdb(session_info=system_session(), 
-		                                     credentials=creds)
-days = opts.days
-if days is None:
-	days = 0
-samdb.setexpiry(username, days*24*3600, opts.noexpiry)
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+              credentials=creds, lp=lp)
+samdb.setexpiry(filter, days*24*3600, noexpiry=opts.noexpiry)
diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 513730d..5fbba03 100755
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -20,15 +20,13 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 
-import os, sys
+import sys
 
-# Find right directory when running from source tree


-- 
Samba Shared Repository


More information about the samba-cvs mailing list