The branch, v4-0-test has been updated via ac11c018715a2e59af3a716f8fabe8aeb667e660 (commit) via 7d1e922a6879110b7953de7560cc4b51ff36ea10 (commit) via 68f0b4f929748dad3641fd84ee9eea0b109f898b (commit) via fbcaa622bd1929399e32326349e96b6676a49b96 (commit) from ddf9d6ef70f0a6b7da420f772b34962fb25d761a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test - Log ----------------------------------------------------------------- commit ac11c018715a2e59af3a716f8fabe8aeb667e660 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 28 13:56:47 2008 +1100 Remove references to the new SWAT. Andrew Bartlett commit 7d1e922a6879110b7953de7560cc4b51ff36ea10 Merge: fbcaa622bd1929399e32326349e96b6676a49b96 68f0b4f929748dad3641fd84ee9eea0b109f898b Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 28 13:39:59 2008 +1100 Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local commit 68f0b4f929748dad3641fd84ee9eea0b109f898b Author: Andrew Kroeger <[EMAIL PROTECTED]> Date: Thu Mar 27 20:30:22 2008 -0500 WHATSNEW: Update information in preparation of Alpha3. - Update the listing of prior releases. - Indicate that python is now required. - Provide additional information on some of the more user-visible changes. commit fbcaa622bd1929399e32326349e96b6676a49b96 Author: Andrew Bartlett <[EMAIL PROTECTED]> Date: Fri Mar 28 12:08:54 2008 +1100 Make the setup/newuser and setup/setpassword scripts actually work... These need a testsuite, but this will come soon. Andrew Bartlett ----------------------------------------------------------------------- Summary of changes: NEWS | 8 +- WHATSNEW.txt | 20 +++- source/scripting/python/samba/samdb.py | 58 ++++++++--- source/setup/newuser | 6 +- source/setup/setpassword | 181 ++++++++++---------------------- 5 files changed, 119 insertions(+), 154 deletions(-) Changeset truncated at 500 lines: diff --git a/NEWS b/NEWS index dd01091..8a63719 100644 --- a/NEWS +++ b/NEWS @@ -22,12 +22,9 @@ Introduction of LDB Samba now stores most of its persistent data in a LDAP-like database called LDB (see ldb(7) for more info). -Much improved SWAT +Removed SWAT ================== -SWAT has had some rather large improvements and is now more than just a -direct editor for smb.conf. Its layout has been improved. SWAT can now also -be used for editing run-time data - maintaining user information, provisioning, -etc. TLS is supported out of the box. +Unlike previous versions, Samba4 does not provide a web interface at this time. Built-in KDC ============ @@ -251,7 +248,6 @@ The following parameters have been removed: - locking - lock spin count - lock spin time -- oplocks - level2 oplocks - oplock break wait time - oplock contention limit diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f6df1ed..1e8f803 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -10,9 +10,9 @@ Samba 4 is currently not yet in a state where it is usable in production environments. Note the WARNINGS below, and the STATUS file, which aims to document what should and should not work. -Samba4 alpha3 follows on from our first alpha release, made in -September, and the Technology Preview series we have offered for some -time now. +Samba4 alpha3 follows on from our second alpha release (made in +December), the first alpha release (made in September), and the +Technology Preview series we have offered for some time now. WARNINGS ======== @@ -70,9 +70,11 @@ CHANGES SINCE Alpha2 In the time since Samba4 Alpha2 was released in December 2007, Samba has continued to evolve, but you may particularly notice these areas: - Python Bindings: Bindings for Python are now in place, and used for + Python Bindings: Bindings for Python are now in place, and used for Samba's provision script, slowly displacing EJS as the embedded - scripting language + scripting language. With its increased use, Python is no longer + optional, and configure will generate an error if it cannot locate + an appropriate Python installation. SWAT Disabled: Due to a lack of developer time and without a long-term web developer to maintain it, the SWAT web UI has been @@ -87,6 +89,14 @@ continued to evolve, but you may particularly notice these areas: old (thanks to our long-suffering testers for keeping installations around that long!) + Registry: Samba4 registry interoperability has been improved in + both the client utilities and in the registry service exposed by + the Samba4 server itself. + + Administrative Tools: Many enhancements have been made that allow + better integration with Windows administrative tools, especially + Active Directory Users and Computers. + These are just some of the highlights of the work done in the past few months. More details can be found in our GIT history. diff --git a/source/scripting/python/samba/samdb.py b/source/scripting/python/samba/samdb.py index 3c6bb23..de0fd4b 100644 --- a/source/scripting/python/samba/samdb.py +++ b/source/scripting/python/samba/samdb.py @@ -77,10 +77,15 @@ unixName: %s :param user_dn: Dn of the account to enable. """ - res = self.search(user_dn, SCOPE_ONELEVEL, None, ["userAccountControl"]) + res = self.search(user_dn, ldb.SCOPE_BASE, None, ["userAccountControl"]) assert len(res) == 1 - userAccountControl = res[0].userAccountControl - userAccountControl = userAccountControl - 2 # remove disabled bit + userAccountControl = res[0]["userAccountControl"][0] + userAccountControl = int(userAccountControl) + if (userAccountControl & 0x2): + userAccountControl = userAccountControl & ~0x2 # remove disabled bit + if (userAccountControl & 0x20): + userAccountControl = userAccountControl & ~0x20 # remove 'no password required' bit + mod = """ dn: %s changetype: modify @@ -103,13 +108,9 @@ userAccountControl: %u res = self.search("", scope=ldb.SCOPE_BASE, expression="(defaultNamingContext=*)", attrs=["defaultNamingContext"]) - assert(len(res) == 1 and res[0].defaultNamingContext is not None) + assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) domain_dn = res[0]["defaultNamingContext"][0] assert(domain_dn is not None) - dom_users = self.searchone(basedn=domain_dn, attribute="dn", - expression="name=Domain Users") - assert(dom_users is not None) - user_dn = "CN=%s,CN=Users,%s" % (username, domain_dn) # @@ -123,19 +124,44 @@ userAccountControl: %u "sambaPassword": password, "objectClass": "user"}) - # add the user to the users group as well - modgroup = """ + # modify the userAccountControl to remove the disabled bit + self.enable_account(user_dn) + self.transaction_commit() + + def setpassword(self, filter, password): + """Set a password on a user record + + :param filter: LDAP filter to find the user (eg samccountname=name) + :param password: Password for the user + """ + # connect to the sam + self.transaction_start() + + # find the DNs for the domain + res = self.search("", scope=ldb.SCOPE_BASE, + expression="(defaultNamingContext=*)", + attrs=["defaultNamingContext"]) + assert(len(res) == 1 and res[0]["defaultNamingContext"] is not None) + domain_dn = res[0]["defaultNamingContext"][0] + assert(domain_dn is not None) + + res = self.search(domain_dn, scope=ldb.SCOPE_SUBTREE, + expression=filter, + attrs=[]) + assert(len(res) == 1) + user_dn = res[0].dn + + setpw = """ dn: %s changetype: modify -add: member -member: %s -""" % (dom_users, user_dn) - +replace: sambaPassword +sambaPassword: %s +""" % (user_dn, password) - self.modify(modgroup) + self.modify_ldif(setpw) # modify the userAccountControl to remove the disabled bit - enable_account(self, user_dn) + self.enable_account(user_dn) self.transaction_commit() def set_domain_sid(self, sid): diff --git a/source/setup/newuser b/source/setup/newuser index 03ae4e5..5f53aad 100755 --- a/source/setup/newuser +++ b/source/setup/newuser @@ -10,7 +10,7 @@ import samba.getopt as options import optparse import pwd import sys - +from getpass import getpass from auth import system_session from samba.samdb import SamDB @@ -40,9 +40,7 @@ username = args[0] if len(args) > 1: password = args[1] else: - random_init(local) - options.password = randpass(12) - print "chose random password %s\n" % password + password = getpass("New Password: ") if opts.unixname is None: opts.unixname = username diff --git a/source/setup/setpassword b/source/setup/setpassword index 618e304..1c87f4b 100644 --- a/source/setup/setpassword +++ b/source/setup/setpassword @@ -1,123 +1,58 @@ -#!/bin/sh -exec smbscript "$0" ${1+"$@"} -/* - set a user's password on a Samba4 server - Copyright Andrew Tridgell 2005 - Copyright Andrew Bartlett 2006 - Released under the GNU GPL v2 or later -*/ - -options = GetOptions(ARGV, - "POPT_AUTOHELP", - 'username=s', - 'filter=s', - 'newpassword=s', - "POPT_COMMON_SAMBA", - "POPT_COMMON_VERSION", - "POPT_COMMON_CREDENTIALS", - 'quiet'); - -if (options == undefined) { - println("Failed to parse options"); - return -1; -} - -libinclude("base.js"); -libinclude("provision.js"); - -/* - print a message if quiet is not set -*/ -function message() -{ - if (options["quiet"] == undefined) { - print(vsprintf(arguments)); - } -} - -/* - show some help -*/ -function ShowHelp() -{ - print(" -Samba4 newuser - -newuser [options] - --username USERNAME username - --filter LDAPFILTER LDAP Filter to set password on - --newpassword PASSWORD set password - -You must provide either a filter or a username, as well as password -"); - exit(1); -} - -if (options['username'] == undefined && options['filter'] == undefined) { - ShowHelp(); -} - -if (options['newpassword'] == undefined) { - ShowHelp(); -} - - var lp = loadparm_init(); - var samdb = lp.get("sam database"); - var ldb = ldb_init(); - random_init(local); - ldb.session_info = system_session(); - ldb.credentials = options.get_credentials(); - - /* connect to the sam */ - var ok = ldb.connect(samdb); - assert(ok); - - ldb.transaction_start(); - -/* find the DNs for the domain and the domain users group */ -var attrs = new Array("defaultNamingContext"); -var attrs2 = new Array("cn"); -res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs); -assert(res.error == 0); -assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined); -var domain_dn = res.msgs[0].defaultNamingContext; -assert(domain_dn != undefined); - -if (options['filter'] != undefined) { - var res = ldb.search(options['filter'], - domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.error != 0 || res.msgs.length != 1) { - message("Failed to find record for filter %s\n", options['filter']); - exit(1); - } -} else { - var res = ldb.search(sprintf("samAccountName=%s", options['username']), - domain_dn, ldb.SCOPE_SUBTREE, attrs2); - if (res.error != 0 || res.msgs.length != 1) { - message("Failed to find record for user %s\n", options['username']); - exit(1); - } -} - -var mod = sprintf(" -dn: %s -changetype: modify -replace: sambaPassword -sambaPassword: %s -", - res[0].dn, options['newpassword']); -var ok = ldb.modify(mod); -if (ok.error != 0) { - message("set password for %s failed - %s\n", - res[0].dn, ok.errstr); - ldb.transaction_cancel(); - exit(1); -} else { - message("set password for %s (%s) succeded\n", - res[0].dn, res[0].cn); - - ldb.transaction_commit(); -} - - -return 0; +#!/usr/bin/python +# +# add a new user to a Samba4 server +# Copyright Andrew Tridgell 2005 +# Copyright Jelmer Vernooij 2008 +# Released under the GNU GPL v2 or later +# + +import samba.getopt as options +import optparse +import pwd +import sys +from getpass import getpass +from auth import system_session +from samba.samdb import SamDB + +parser = optparse.OptionParser("setpassword [username] [options]") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +parser.add_option_group(options.VersionOptions(parser)) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option("--filter", help="LDAP Filter to set password on", type=str) +parser.add_option("--newpassword", help="Set password", type=str) + +opts, args = parser.parse_args() + +# +# print a message if quiet is not set +# +def message(text): + if not opts.quiet: + print text + +if len(args) == 0: + parser.print_usage() + sys.exit(1) + +password = opts.password; +if password is None: + password = getpass("New Password: ") + +filter = opts.filter + +if filter is None: + username = args[0] + if username is None: + print "Either username or --filter must be specified" + + filter = "(&(objectclass=user)(samAccountName=" + username + "))" + + +creds = credopts.get_credentials() + +lp = sambaopts.get_loadparm() +samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), + credentials=creds, lp=lp) +samdb.setpassword(filter, password) -- Samba Shared Repository