[PATCH] samba-tool: Create NIS enabled users and unixHomeDirectory attribute
Jelmer Vernooij
jelmer at samba.org
Sat Jan 24 03:50:50 MST 2015
On Sat, Jan 24, 2015 at 10:30:46AM +0100, Marc Muehlfeld wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> please review an push, if OK.
>
> I hoped to get this into 4.2, because users often ask for creating
> accounts with these attributes on the mailing list. But it seems, my
> request got lost the last time. At least it's not in master yet.
Reviewed-By: Jelmer Vernooij <jelmer at samba.org>
Jelmer
> Am 03.11.2014 um 19:48 schrieb Marc Muehlfeld:
> > Hello Jelmer
> >
> > thanks for looking at my patch.
> >
> >
> > Am 30.10.2014 um 21:56 schrieb Jelmer Vernooij:
> >>> @@ -412,8 +414,15 @@ member: %s if sd is not None:
> >>> ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
> >>>
> >>> + if nisdomain is not None: + if None in
> >>> (uidnumber, loginshell, unixhome, gidnumber): + raise
> >>> Exception("""Missing parameters. To enable NIS features, +the
> >>> follwing options have to be given: +--nis-domain=,
> >>> --uidNumber=, --login-shell=, --unix-home=, --gid-number=
> >>> +Operation cancelled.""") +
> >> Please don't raise Exception for user-facing errors but
> >> CommandError. The description should generally also be a single
> >> line like in all Python errors.
> >
> >> s/follwing/following/
> >
> > New patch attached. Also with line breaks < 80 characters.
> >
> >
> >
> >>> + if nisdomain is not None: +
> >>> ldbmessage2["msSFU30NisDomain"] =
> >>> ldb.MessageElement(str(nisdomain), ldb.FLAG_MOD_REPLACE,
> >>> 'msSFU30NisDomain') + ldbmessage2["msSFU30Name"]
> >>> = ldb.MessageElement(str(username), ldb.FLAG_MOD_REPLACE,
> >>> 'msSFU30Name') + ldbmessage2["unixUserPassword"]
> >>> = ldb.MessageElement('ABCD!efgh12345$67890',
> >>> ldb.FLAG_MOD_REPLACE, 'unixUserPassword')
> >
> >> ^^^ This just seems to hardcode a user password?
> >
> > Yes. It's the default value that is added e. g. by ADUC, if you
> > enable NIS on an user account. ADUC adds then unixUserPassword:
> > ABCD!efgh12345$67890 automatically. That's why I do the same here.
> >
> >
> > There's a way to setup password syncronisation on Windows
> > http://technet.microsoft.com/en-us/library/cc756870%28WS.10%29.aspx
> >
> >
> but Samba doesn't have this yet. See Andrews reply on a request about
> > this on the mailing list one month ago:
> > https://lists.samba.org/archive/samba/2014-September/184960.html
> > https://lists.samba.org/archive/samba/2014-September/185054.html
> >
> >
> >
> > Regards, Marc
> >
> >
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQEcBAEBAgAGBQJUw2Y+AAoJEFNERvHO3m51KBkIAJZUuGeAeHjhIU8EVNWa84Q+
> ZT/wyg2iZXZ+efFLsXlOY2EZziEyMvqicENx3G66xGQ9bPMzsGNOm4EtBjRhtGfl
> 6pA+JKhl6J+G9AO253MvlQZ6MGfi5sPmgM/lf+Y9UlbPZ7xOMTNeIRdRJpHjo4Rg
> JD3sgEqCpqs6AmVMP8b/0CeqVEk2PFUXLZ8O8AOzxoFwN3tklp08jpR2EWGY7rPL
> 9+h4Kfw258gqkLwSoi/i323yxB2me8v3mHOCB6gAiDcjt6GoNTyM1npFlti/LrGR
> dvuyTpfsKPflFjIMPLlvIFX5p72u/aWxC01t9W0w+PvyU7cjjnbSPQb0QvC4CtI=
> =T/sw
> -----END PGP SIGNATURE-----
> From 2fef8f7a9e3060bca5661644ebdcfd7d4983447a Mon Sep 17 00:00:00 2001
> From: Marc Muehlfeld <mmuehlfeld at samba.org>
> Date: Mon, 3 Nov 2014 19:25:19 +0100
> Subject: [PATCH] samba-tool: Create NIS enabled users and unixHomeDirectory
> attribute
>
> Allow to create NIS enabled user accounts via 'samba-tool user add'.
>
> To create NIS enabled accounts, the parameters
> --uid-number=, --login-shell=, --unix-home=, --gid-number=
> are mandatory. Because we didn't had a parameter to set unixHomeDirectory
> yet, this patch also adds this feature.
>
> 'unixUserPassword: ABCD!efgh12345$67890' is added by default, when you
> enable NIS on an account in ADUC. The same we do in samba-tool.
>
> See: https://bugzilla.samba.org/show_bug.cgi?id=10909
>
> Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
> ---
> python/samba/netcmd/user.py | 25 +++++++++++++++++++++++--
> python/samba/samdb.py | 18 ++++++++++++++++--
> 2 files changed, 39 insertions(+), 4 deletions(-)
>
> diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
> index 344f35f..2bc5522 100644
> --- a/python/samba/netcmd/user.py
> +++ b/python/samba/netcmd/user.py
> @@ -71,6 +71,13 @@ samba-tool user create User4 passw4rd --rfc2307-from-nss --gecos 'some text'
>
> Example4 shows how to create a new user with Unix UID, GID and login-shell set from the local NSS and GECOS set to 'some text'.
>
> +Example5:
> +samba-tool user add User5 passw5rd --nis-domain=samdom --unix-home=/home/User5 \
> + --uid-number=10005 --login-shell=/bin/false --gid-number=10000
> +
> +Example5 shows how to create an RFC2307/NIS domain enabled user account. If
> +--nis-domain is set, then the other four parameters are mandatory.
> +
> """
> synopsis = "%prog <username> [<password>] [options]"
>
> @@ -107,6 +114,9 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
> Option("--rfc2307-from-nss",
> help="Copy Unix user attributes from NSS (will be overridden by explicit UID/GID/GECOS/shell)",
> action="store_true"),
> + Option("--nis-domain", help="User's Unix/RFC2307 NIS domain", type=str),
> + Option("--unix-home", help="User's Unix/RFC2307 home directory",
> + type=str),
> Option("--uid", help="User's Unix/RFC2307 username", type=str),
> Option("--uid-number", help="User's Unix/RFC2307 numeric UID", type=int),
> Option("--gid-number", help="User's Unix/RFC2307 primary GID number", type=int),
> @@ -130,7 +140,8 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
> job_title=None, department=None, company=None, description=None,
> mail_address=None, internet_address=None, telephone_number=None,
> physical_delivery_office=None, rfc2307_from_nss=False,
> - uid=None, uid_number=None, gid_number=None, gecos=None, login_shell=None):
> + nis_domain=None, unix_home=None, uid=None, uid_number=None,
> + gid_number=None, gecos=None, login_shell=None):
>
> if random_password:
> password = generate_random_password(128, 255)
> @@ -164,6 +175,14 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
> if not lp.get("idmap_ldb:use rfc2307"):
> self.outf.write("You are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping.\n")
>
> + if nis_domain is not None:
> + if None in (uid_number, login_shell, unix_home, gid_number):
> + raise CommandError('Missing parameters. To enable NIS features, '
> + 'the following options have to be given: '
> + '--nis-domain=, --uidNumber=, --login-shell='
> + ', --unix-home=, --gid-number= Operation '
> + 'cancelled.')
> +
> try:
> samdb = SamDB(url=H, session_info=system_session(),
> credentials=creds, lp=lp)
> @@ -173,7 +192,9 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
> jobtitle=job_title, department=department, company=company, description=description,
> mailaddress=mail_address, internetaddress=internet_address,
> telephonenumber=telephone_number, physicaldeliveryoffice=physical_delivery_office,
> - uid=uid, uidnumber=uid_number, gidnumber=gid_number, gecos=gecos, loginshell=login_shell)
> + nisdomain=nis_domain, unixhome=unix_home, uid=uid,
> + uidnumber=uid_number, gidnumber=gid_number,
> + gecos=gecos, loginshell=login_shell)
> except Exception, e:
> raise CommandError("Failed to add user '%s': " % username, e)
>
> diff --git a/python/samba/samdb.py b/python/samba/samdb.py
> index 0ea52fb..e74e823 100644
> --- a/python/samba/samdb.py
> +++ b/python/samba/samdb.py
> @@ -302,7 +302,7 @@ member: %s
> description=None, mailaddress=None, internetaddress=None,
> telephonenumber=None, physicaldeliveryoffice=None, sd=None,
> setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
> - loginshell=None, uid=None):
> + loginshell=None, uid=None, nisdomain=None, unixhome=None):
> """Adds a new user with additional parameters
>
> :param username: Name of the new user
> @@ -333,6 +333,8 @@ member: %s
> :param gecos: RFC2307 Unix GECOS field of the new user
> :param loginshell: RFC2307 Unix login shell of the new user
> :param uid: RFC2307 Unix username of the new user
> + :param nisdomain: RFC2307 Unix NIS domain of the new user
> + :param unixhome: RFC2307 Unix home directory of the new user
> """
>
> displayname = ""
> @@ -413,7 +415,8 @@ member: %s
> ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
>
> ldbmessage2 = None
> - if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos, loginshell))):
> + if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos,
> + loginshell, nisdomain, unixhome))):
> ldbmessage2 = ldb.Message()
> ldbmessage2.dn = ldb.Dn(self, user_dn)
> ldbmessage2["objectClass"] = ldb.MessageElement('posixAccount', ldb.FLAG_MOD_ADD, 'objectClass')
> @@ -427,6 +430,17 @@ member: %s
> ldbmessage2["gecos"] = ldb.MessageElement(str(gecos), ldb.FLAG_MOD_REPLACE, 'gecos')
> if loginshell is not None:
> ldbmessage2["loginShell"] = ldb.MessageElement(str(loginshell), ldb.FLAG_MOD_REPLACE, 'loginShell')
> + if unixhome is not None:
> + ldbmessage2["unixHomeDirectory"] = ldb.MessageElement(
> + str(unixhome), ldb.FLAG_MOD_REPLACE, 'unixHomeDirectory')
> + if nisdomain is not None:
> + ldbmessage2["msSFU30NisDomain"] = ldb.MessageElement(
> + str(nisdomain), ldb.FLAG_MOD_REPLACE, 'msSFU30NisDomain')
> + ldbmessage2["msSFU30Name"] = ldb.MessageElement(
> + str(username), ldb.FLAG_MOD_REPLACE, 'msSFU30Name')
> + ldbmessage2["unixUserPassword"] = ldb.MessageElement(
> + 'ABCD!efgh12345$67890', ldb.FLAG_MOD_REPLACE,
> + 'unixUserPassword')
>
> self.transaction_start()
> try:
> --
> 1.9.3
>
--
Jelmer Vernooij <jelmer at samba.org> - https://jelmer.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150124/66391d7e/attachment.pgp>
More information about the samba-technical
mailing list