[PATCH] samba-tool: Create NIS enabled users and unixHomeDirectory attribute

Jelmer Vernooij jelmer at samba.org
Sat Jan 24 03:50:50 MST 2015


On Sat, Jan 24, 2015 at 10:30:46AM +0100, Marc Muehlfeld wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> please review an push, if OK.
> 
> I hoped to get this into 4.2, because users often ask for creating
> accounts with these attributes on the mailing list. But it seems, my
> request got lost the last time. At least it's not in master yet.

Reviewed-By: Jelmer Vernooij <jelmer at samba.org>

Jelmer

> Am 03.11.2014 um 19:48 schrieb Marc Muehlfeld:
> > Hello Jelmer
> > 
> > thanks for looking at my patch.
> > 
> > 
> > Am 30.10.2014 um 21:56 schrieb Jelmer Vernooij:
> >>> @@ -412,8 +414,15 @@ member: %s if sd is not None: 
> >>> ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
> >>> 
> >>> +        if nisdomain is not None: +            if None in 
> >>> (uidnumber, loginshell, unixhome, gidnumber): + raise
> >>> Exception("""Missing parameters. To enable NIS features, +the
> >>> follwing options have to be given: +--nis-domain=, 
> >>> --uidNumber=, --login-shell=, --unix-home=, --gid-number= 
> >>> +Operation cancelled.""") +
> >> Please don't raise Exception for user-facing errors but 
> >> CommandError. The description should generally also be a single 
> >> line like in all Python errors.
> > 
> >> s/follwing/following/
> > 
> > New patch attached. Also with line breaks < 80 characters.
> > 
> > 
> > 
> >>> +            if nisdomain is not None: + 
> >>> ldbmessage2["msSFU30NisDomain"] = 
> >>> ldb.MessageElement(str(nisdomain), ldb.FLAG_MOD_REPLACE, 
> >>> 'msSFU30NisDomain') +                ldbmessage2["msSFU30Name"]
> >>> = ldb.MessageElement(str(username), ldb.FLAG_MOD_REPLACE, 
> >>> 'msSFU30Name') +                ldbmessage2["unixUserPassword"]
> >>> = ldb.MessageElement('ABCD!efgh12345$67890',
> >>> ldb.FLAG_MOD_REPLACE, 'unixUserPassword')
> > 
> >> ^^^ This just seems to hardcode a user password?
> > 
> > Yes. It's the default value that is added e. g. by ADUC, if you
> > enable NIS on an user account. ADUC adds then unixUserPassword:
> > ABCD!efgh12345$67890 automatically. That's why I do the same here.
> > 
> > 
> > There's a way to setup password syncronisation on Windows 
> > http://technet.microsoft.com/en-us/library/cc756870%28WS.10%29.aspx
> >
> > 
> but Samba doesn't have this yet. See Andrews reply on a request about
> > this on the mailing list one month ago: 
> > https://lists.samba.org/archive/samba/2014-September/184960.html 
> > https://lists.samba.org/archive/samba/2014-September/185054.html
> > 
> > 
> > 
> > Regards, Marc
> > 
> > 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJUw2Y+AAoJEFNERvHO3m51KBkIAJZUuGeAeHjhIU8EVNWa84Q+
> ZT/wyg2iZXZ+efFLsXlOY2EZziEyMvqicENx3G66xGQ9bPMzsGNOm4EtBjRhtGfl
> 6pA+JKhl6J+G9AO253MvlQZ6MGfi5sPmgM/lf+Y9UlbPZ7xOMTNeIRdRJpHjo4Rg
> JD3sgEqCpqs6AmVMP8b/0CeqVEk2PFUXLZ8O8AOzxoFwN3tklp08jpR2EWGY7rPL
> 9+h4Kfw258gqkLwSoi/i323yxB2me8v3mHOCB6gAiDcjt6GoNTyM1npFlti/LrGR
> dvuyTpfsKPflFjIMPLlvIFX5p72u/aWxC01t9W0w+PvyU7cjjnbSPQb0QvC4CtI=
> =T/sw
> -----END PGP SIGNATURE-----

> From 2fef8f7a9e3060bca5661644ebdcfd7d4983447a Mon Sep 17 00:00:00 2001
> From: Marc Muehlfeld <mmuehlfeld at samba.org>
> Date: Mon, 3 Nov 2014 19:25:19 +0100
> Subject: [PATCH] samba-tool: Create NIS enabled users and unixHomeDirectory
>  attribute
> 
> Allow to create NIS enabled user accounts via 'samba-tool user add'.
> 
> To create NIS enabled accounts, the parameters
> --uid-number=, --login-shell=, --unix-home=, --gid-number=
> are mandatory. Because we didn't had a parameter to set unixHomeDirectory
> yet, this patch also adds this feature.
> 
> 'unixUserPassword: ABCD!efgh12345$67890' is added by default, when you
> enable NIS on an account in ADUC. The same we do in samba-tool.
> 
> See: https://bugzilla.samba.org/show_bug.cgi?id=10909
> 
> Signed-off-by: Marc Muehlfeld <mmuehlfeld at samba.org>
> ---
>  python/samba/netcmd/user.py | 25 +++++++++++++++++++++++--
>  python/samba/samdb.py       | 18 ++++++++++++++++--
>  2 files changed, 39 insertions(+), 4 deletions(-)
> 
> diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
> index 344f35f..2bc5522 100644
> --- a/python/samba/netcmd/user.py
> +++ b/python/samba/netcmd/user.py
> @@ -71,6 +71,13 @@ samba-tool user create User4 passw4rd --rfc2307-from-nss --gecos 'some text'
>  
>  Example4 shows how to create a new user with Unix UID, GID and login-shell set from the local NSS and GECOS set to 'some text'.
>  
> +Example5:
> +samba-tool user add User5 passw5rd --nis-domain=samdom --unix-home=/home/User5 \
> +           --uid-number=10005 --login-shell=/bin/false --gid-number=10000
> +
> +Example5 shows how to create an RFC2307/NIS domain enabled user account. If
> +--nis-domain is set, then the other four parameters are mandatory.
> +
>  """
>      synopsis = "%prog <username> [<password>] [options]"
>  
> @@ -107,6 +114,9 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
>          Option("--rfc2307-from-nss",
>                  help="Copy Unix user attributes from NSS (will be overridden by explicit UID/GID/GECOS/shell)",
>                  action="store_true"),
> +        Option("--nis-domain", help="User's Unix/RFC2307 NIS domain", type=str),
> +        Option("--unix-home", help="User's Unix/RFC2307 home directory",
> +                type=str),
>          Option("--uid", help="User's Unix/RFC2307 username", type=str),
>          Option("--uid-number", help="User's Unix/RFC2307 numeric UID", type=int),
>          Option("--gid-number", help="User's Unix/RFC2307 primary GID number", type=int),
> @@ -130,7 +140,8 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
>              job_title=None, department=None, company=None, description=None,
>              mail_address=None, internet_address=None, telephone_number=None,
>              physical_delivery_office=None, rfc2307_from_nss=False,
> -            uid=None, uid_number=None, gid_number=None, gecos=None, login_shell=None):
> +            nis_domain=None, unix_home=None, uid=None, uid_number=None,
> +            gid_number=None, gecos=None, login_shell=None):
>  
>          if random_password:
>              password = generate_random_password(128, 255)
> @@ -164,6 +175,14 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
>              if not lp.get("idmap_ldb:use rfc2307"):
>                  self.outf.write("You are setting a Unix/RFC2307 UID or GID. You may want to set 'idmap_ldb:use rfc2307 = Yes' to use those attributes for XID/SID-mapping.\n")
>  
> +        if nis_domain is not None:
> +            if None in (uid_number, login_shell, unix_home, gid_number):
> +                raise CommandError('Missing parameters. To enable NIS features, '
> +                                   'the following options have to be given: '
> +                                   '--nis-domain=, --uidNumber=, --login-shell='
> +                                   ', --unix-home=, --gid-number= Operation '
> +                                   'cancelled.')
> +
>          try:
>              samdb = SamDB(url=H, session_info=system_session(),
>                            credentials=creds, lp=lp)
> @@ -173,7 +192,9 @@ Example4 shows how to create a new user with Unix UID, GID and login-shell set f
>                            jobtitle=job_title, department=department, company=company, description=description,
>                            mailaddress=mail_address, internetaddress=internet_address,
>                            telephonenumber=telephone_number, physicaldeliveryoffice=physical_delivery_office,
> -                          uid=uid, uidnumber=uid_number, gidnumber=gid_number, gecos=gecos, loginshell=login_shell)
> +                          nisdomain=nis_domain, unixhome=unix_home, uid=uid,
> +                          uidnumber=uid_number, gidnumber=gid_number,
> +                          gecos=gecos, loginshell=login_shell)
>          except Exception, e:
>              raise CommandError("Failed to add user '%s': " % username, e)
>  
> diff --git a/python/samba/samdb.py b/python/samba/samdb.py
> index 0ea52fb..e74e823 100644
> --- a/python/samba/samdb.py
> +++ b/python/samba/samdb.py
> @@ -302,7 +302,7 @@ member: %s
>              description=None, mailaddress=None, internetaddress=None,
>              telephonenumber=None, physicaldeliveryoffice=None, sd=None,
>              setpassword=True, uidnumber=None, gidnumber=None, gecos=None,
> -            loginshell=None, uid=None):
> +            loginshell=None, uid=None, nisdomain=None, unixhome=None):
>          """Adds a new user with additional parameters
>  
>          :param username: Name of the new user
> @@ -333,6 +333,8 @@ member: %s
>          :param gecos: RFC2307 Unix GECOS field of the new user
>          :param loginshell: RFC2307 Unix login shell of the new user
>          :param uid: RFC2307 Unix username of the new user
> +        :param nisdomain: RFC2307 Unix NIS domain of the new user
> +        :param unixhome: RFC2307 Unix home directory of the new user
>          """
>  
>          displayname = ""
> @@ -413,7 +415,8 @@ member: %s
>              ldbmessage["nTSecurityDescriptor"] = ndr_pack(sd)
>  
>          ldbmessage2 = None
> -        if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos, loginshell))):
> +        if any(map(lambda b: b is not None, (uid, uidnumber, gidnumber, gecos,
> +                loginshell, nisdomain, unixhome))):
>              ldbmessage2 = ldb.Message()
>              ldbmessage2.dn = ldb.Dn(self, user_dn)
>              ldbmessage2["objectClass"] = ldb.MessageElement('posixAccount', ldb.FLAG_MOD_ADD, 'objectClass')
> @@ -427,6 +430,17 @@ member: %s
>                  ldbmessage2["gecos"] = ldb.MessageElement(str(gecos), ldb.FLAG_MOD_REPLACE, 'gecos')
>              if loginshell is not None:
>                  ldbmessage2["loginShell"] = ldb.MessageElement(str(loginshell), ldb.FLAG_MOD_REPLACE, 'loginShell')
> +            if unixhome is not None:
> +                ldbmessage2["unixHomeDirectory"] = ldb.MessageElement(
> +                    str(unixhome), ldb.FLAG_MOD_REPLACE, 'unixHomeDirectory')
> +            if nisdomain is not None:
> +                ldbmessage2["msSFU30NisDomain"] = ldb.MessageElement(
> +                    str(nisdomain), ldb.FLAG_MOD_REPLACE, 'msSFU30NisDomain')
> +                ldbmessage2["msSFU30Name"] = ldb.MessageElement(
> +                    str(username), ldb.FLAG_MOD_REPLACE, 'msSFU30Name')
> +                ldbmessage2["unixUserPassword"] = ldb.MessageElement(
> +                    'ABCD!efgh12345$67890', ldb.FLAG_MOD_REPLACE,
> +                    'unixUserPassword')
>  
>          self.transaction_start()
>          try:
> -- 
> 1.9.3
> 



-- 
Jelmer Vernooij <jelmer at samba.org> - https://jelmer.uk/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150124/66391d7e/attachment.pgp>


More information about the samba-technical mailing list