The branch, v4-0-test has been updated
via ac11c018715a2e59af3a716f8fabe8aeb667e660 (commit)
via 7d1e922a6879110b7953de7560cc4b51ff36ea10 (commit)
via 68f0b4f929748dad3641fd84ee9eea0b109f898b (commit)
via fbcaa622bd1929399e32326349e96b6676a49b96 (commit)
from ddf9d6ef70f0a6b7da420f772b34962fb25d761a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit ac11c018715a2e59af3a716f8fabe8aeb667e660
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Mar 28 13:56:47 2008 +1100
Remove references to the new SWAT.
Andrew Bartlett
commit 7d1e922a6879110b7953de7560cc4b51ff36ea10
Merge: fbcaa622bd1929399e32326349e96b6676a49b96
68f0b4f929748dad3641fd84ee9eea0b109f898b
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Mar 28 13:39:59 2008 +1100
Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
commit 68f0b4f929748dad3641fd84ee9eea0b109f898b
Author: Andrew Kroeger <[EMAIL PROTECTED]>
Date: Thu Mar 27 20:30:22 2008 -0500
WHATSNEW: Update information in preparation of Alpha3.
- Update the listing of prior releases.
- Indicate that python is now required.
- Provide additional information on some of the more user-visible changes.
commit fbcaa622bd1929399e32326349e96b6676a49b96
Author: Andrew Bartlett <[EMAIL PROTECTED]>
Date: Fri Mar 28 12:08:54 2008 +1100
Make the setup/newuser and setup/setpassword scripts actually work...
These need a testsuite, but this will come soon.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
NEWS | 8 +-
WHATSNEW.txt | 20 +++-
source/scripting/python/samba/samdb.py | 58 ++++++++---
source/setup/newuser | 6 +-
source/setup/setpassword | 181 ++++++++++----------------------
5 files changed, 119 insertions(+), 154 deletions(-)
Changeset truncated at 500 lines:
diff --git a/NEWS b/NEWS
index dd01091..8a63719 100644
--- a/NEWS
+++ b/NEWS
@@ -22,12 +22,9 @@ Introduction of LDB
Samba now stores most of its persistent data in a LDAP-like database
called LDB (see ldb(7) for more info).
-Much improved SWAT
+Removed SWAT
==================
-SWAT has had some rather large improvements and is now more than just a
-direct editor for smb.conf. Its layout has been improved. SWAT can now also
-be used for editing run-time data - maintaining user information, provisioning,
-etc. TLS is supported out of the box.
+Unlike previous versions, Samba4 does not provide a web interface at this time.
Built-in KDC
============
@@ -251,7 +248,6 @@ The following parameters have been removed:
- locking
- lock spin count
- lock spin time
-- oplocks
- level2 oplocks
- oplock break wait time
- oplock contention limit
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f6df1ed..1e8f803 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -10,9 +10,9 @@ Samba 4 is currently not yet in a state where it is usable in
production environments. Note the WARNINGS below, and the STATUS file,
which aims to document what should and should not work.
-Samba4 alpha3 follows on from our first alpha release, made in
-September, and the Technology Preview series we have offered for some
-time now.
+Samba4 alpha3 follows on from our second alpha release (made in
+December), the first alpha release (made in September), and the
+Technology Preview series we have offered for some time now.
WARNINGS
========
@@ -70,9 +70,11 @@ CHANGES SINCE Alpha2
In the time since Samba4 Alpha2 was released in December 2007, Samba has
continued to evolve, but you may particularly notice these areas:
- Python Bindings: Bindings for Python are now in place, and used for
+ Python Bindings: Bindings for Python are now in place, and used for
Samba's provision script, slowly displacing EJS as the embedded
- scripting language
+ scripting language. With its increased use, Python is no longer
+ optional, and configure will generate an error if it cannot locate
+ an appropriate Python installation.
SWAT Disabled: Due to a lack of developer time and without a
long-term web developer to maintain it, the SWAT web UI has been
@@ -87,6 +89,14 @@ continued to evolve, but you may particularly notice these
areas:
old (thanks to our long-suffering testers for keeping installations
around that long!)
+ Registry: Samba4 registry interoperability has been improved in
+ both the client utilities and in the registry service exposed by
+ the Samba4 server itself.
+
+ Administrative Tools: Many enhancements have been made that allow
+ better integration with Windows administrative tools, especially
+ Active Directory Users and Computers.
+
These are just some of the highlights of the work done in the past few
months. More details can be found in our GIT history.
diff --git a/source/scripting/python/samba/samdb.py
b/source/scripting/python/samba/samdb.py
index 3c6bb23..de0fd4b 100644
--- a/source/scripting/python/samba/samdb.py
+++ b/source/scripting/python/samba/samdb.py
@@ -77,10 +77,15 @@ unixName: %s
:param user_dn: Dn of the account to enable.
"""
- res = self.search(user_dn, SCOPE_ONELEVEL, None,
["userAccountControl"])
+ res = self.search(user_dn, ldb.SCOPE_BASE, None,
["userAccountControl"])
assert len(res) == 1
- userAccountControl = res[0].userAccountControl
- userAccountControl = userAccountControl - 2 # remove disabled bit
+ userAccountControl = res[0]["userAccountControl"][0]
+ userAccountControl = int(userAccountControl)
+ if (userAccountControl & 0x2):
+ userAccountControl = userAccountControl & ~0x2 # remove disabled
bit
+ if (userAccountControl & 0x20):
+ userAccountControl = userAccountControl & ~0x20 # remove 'no
password required' bit
+
mod = """
dn: %s
changetype: modify
@@ -103,13 +108,9 @@ userAccountControl: %u
res = self.search("", scope=ldb.SCOPE_BASE,
expression="(defaultNamingContext=*)",
attrs=["defaultNamingContext"])
- assert(len(res) == 1 and res[0].defaultNamingContext is not None)
+ assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
domain_dn = res[0]["defaultNamingContext"][0]
assert(domain_dn is not None)
- dom_users = self.searchone(basedn=domain_dn, attribute="dn",
- expression="name=Domain Users")
- assert(dom_users is not None)
-
user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn)
#
@@ -123,19 +124,44 @@ userAccountControl: %u
"sambaPassword": password,
"objectClass": "user"})
- # add the user to the users group as well
- modgroup = """
+ # modify the userAccountControl to remove the disabled bit
+ self.enable_account(user_dn)
+ self.transaction_commit()
+
+ def setpassword(self, filter, password):
+ """Set a password on a user record
+
+ :param filter: LDAP filter to find the user (eg samccountname=name)
+ :param password: Password for the user
+ """
+ # connect to the sam
+ self.transaction_start()
+
+ # find the DNs for the domain
+ res = self.search("", scope=ldb.SCOPE_BASE,
+ expression="(defaultNamingContext=*)",
+ attrs=["defaultNamingContext"])
+ assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None)
+ domain_dn = res[0]["defaultNamingContext"][0]
+ assert(domain_dn is not None)
+
+ res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE,
+ expression=filter,
+ attrs=[])
+ assert(len(res) == 1)
+ user_dn = res[0].dn
+
+ setpw = """
dn: %s
changetype: modify
-add: member
-member: %s
-""" % (dom_users, user_dn)
-
+replace: sambaPassword
+sambaPassword: %s
+""" % (user_dn, password)
- self.modify(modgroup)
+ self.modify_ldif(setpw)
# modify the userAccountControl to remove the disabled bit
- enable_account(self, user_dn)
+ self.enable_account(user_dn)
self.transaction_commit()
def set_domain_sid(self, sid):
diff --git a/source/setup/newuser b/source/setup/newuser
index 03ae4e5..5f53aad 100755
--- a/source/setup/newuser
+++ b/source/setup/newuser
@@ -10,7 +10,7 @@ import samba.getopt as options
import optparse
import pwd
import sys
-
+from getpass import getpass
from auth import system_session
from samba.samdb import SamDB
@@ -40,9 +40,7 @@ username = args[0]
if len(args) > 1:
password = args[1]
else:
- random_init(local)
- options.password = randpass(12)
- print "chose random password %s\n" % password
+ password = getpass("New Password: ")
if opts.unixname is None:
opts.unixname = username
diff --git a/source/setup/setpassword b/source/setup/setpassword
index 618e304..1c87f4b 100644
--- a/source/setup/setpassword
+++ b/source/setup/setpassword
@@ -1,123 +1,58 @@
-#!/bin/sh
-exec smbscript "$0" ${1+"$@"}
-/*
- set a user's password on a Samba4 server
- Copyright Andrew Tridgell 2005
- Copyright Andrew Bartlett 2006
- Released under the GNU GPL v2 or later
-*/
-
-options = GetOptions(ARGV,
- "POPT_AUTOHELP",
- 'username=s',
- 'filter=s',
- 'newpassword=s',
- "POPT_COMMON_SAMBA",
- "POPT_COMMON_VERSION",
- "POPT_COMMON_CREDENTIALS",
- 'quiet');
-
-if (options == undefined) {
- println("Failed to parse options");
- return -1;
-}
-
-libinclude("base.js");
-libinclude("provision.js");
-
-/*
- print a message if quiet is not set
-*/
-function message()
-{
- if (options["quiet"] == undefined) {
- print(vsprintf(arguments));
- }
-}
-
-/*
- show some help
-*/
-function ShowHelp()
-{
- print("
-Samba4 newuser
-
-newuser [options]
- --username USERNAME username
- --filter LDAPFILTER LDAP Filter to set password on
- --newpassword PASSWORD set password
-
-You must provide either a filter or a username, as well as password
-");
- exit(1);
-}
-
-if (options['username'] == undefined && options['filter'] == undefined) {
- ShowHelp();
-}
-
-if (options['newpassword'] == undefined) {
- ShowHelp();
-}
-
- var lp = loadparm_init();
- var samdb = lp.get("sam database");
- var ldb = ldb_init();
- random_init(local);
- ldb.session_info = system_session();
- ldb.credentials = options.get_credentials();
-
- /* connect to the sam */
- var ok = ldb.connect(samdb);
- assert(ok);
-
- ldb.transaction_start();
-
-/* find the DNs for the domain and the domain users group */
-var attrs = new Array("defaultNamingContext");
-var attrs2 = new Array("cn");
-res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-assert(res.error == 0);
-assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
-var domain_dn = res.msgs[0].defaultNamingContext;
-assert(domain_dn != undefined);
-
-if (options['filter'] != undefined) {
- var res = ldb.search(options['filter'],
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for filter %s\n", options['filter']);
- exit(1);
- }
-} else {
- var res = ldb.search(sprintf("samAccountName=%s", options['username']),
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for user %s\n", options['username']);
- exit(1);
- }
-}
-
-var mod = sprintf("
-dn: %s
-changetype: modify
-replace: sambaPassword
-sambaPassword: %s
-",
- res[0].dn, options['newpassword']);
-var ok = ldb.modify(mod);
-if (ok.error != 0) {
- message("set password for %s failed - %s\n",
- res[0].dn, ok.errstr);
- ldb.transaction_cancel();
- exit(1);
-} else {
- message("set password for %s (%s) succeded\n",
- res[0].dn, res[0].cn);
-
- ldb.transaction_commit();
-}
-
-
-return 0;
+#!/usr/bin/python
+#
+# add a new user to a Samba4 server
+# Copyright Andrew Tridgell 2005
+# Copyright Jelmer Vernooij 2008
+# Released under the GNU GPL v2 or later
+#
+
+import samba.getopt as options
+import optparse
+import pwd
+import sys
+from getpass import getpass
+from auth import system_session
+from samba.samdb import SamDB
+
+parser = optparse.OptionParser("setpassword [username] [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
+parser.add_option("--newpassword", help="Set password", type=str)
+
+opts, args = parser.parse_args()
+
+#
+# print a message if quiet is not set
+#
+def message(text):
+ if not opts.quiet:
+ print text
+
+if len(args) == 0:
+ parser.print_usage()
+ sys.exit(1)
+
+password = opts.password;
+if password is None:
+ password = getpass("New Password: ")
+
+filter = opts.filter
+
+if filter is None:
+ username = args[0]
+ if username is None:
+ print "Either username or --filter must be specified"
+
+ filter = "(&(objectclass=user)(samAccountName=" + username + "))"
+
+
+creds = credopts.get_credentials()
+
+lp = sambaopts.get_loadparm()
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+samdb.setpassword(filter, password)
--
Samba Shared Repository
