#!/bin/sh
exec smbscript "$0" ${1+"$@"}
/*
	set a user's password on a Samba4 server
	Copyright Andrew Tridgell 2005
	Copyright Andrew Bartlett 2006
	Released under the GNU GPL v2 or later
*/

options = GetOptions(ARGV,
		"POPT_AUTOHELP",
		'username=s',
		'filter=s',
		'newpassword=s',
		"POPT_COMMON_SAMBA",
		"POPT_COMMON_VERSION",
		"POPT_COMMON_CREDENTIALS",
		'quiet');

if (options == undefined) {
   println("Failed to parse options");
   return -1;
}

libinclude("base.js");
libinclude("provision.js");

/*
  print a message if quiet is not set
*/
function message() 
{
	if (options["quiet"] == undefined) {
		print(vsprintf(arguments));
	}
}

/*
 show some help
*/
function ShowHelp()
{
	print("
Samba4 newuser

newuser [options]
  --username     USERNAME     username
  --filter       LDAPFILTER   LDAP Filter to set password on
  --newpassword  PASSWORD     set password

You must provide either a filter or a username, as well as password
");
	exit(1);
}

if (options['username'] == undefined && options['filter'] == undefined) {
	ShowHelp();
}

if (options['newpassword'] == undefined) {
	ShowHelp();
}

	var lp = loadparm_init();
	var samdb = lp.get("sam database");
	var ldb = ldb_init();
	random_init(local);
	ldb.session_info = system_session();
	ldb.credentials = options.get_credentials();

	/* connect to the sam */
	var ok = ldb.connect(samdb);
	assert(ok);

	ldb.transaction_start();

/* find the DNs for the domain and the domain users group */
var attrs = new Array("defaultNamingContext");
var attrs2 = new Array("cn");
res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
assert(res.error == 0);
assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
var domain_dn = res.msgs[0].defaultNamingContext;
assert(domain_dn != undefined);

if (options['filter'] != undefined) {
    var res = ldb.search(options['filter'],
	domain_dn, ldb.SCOPE_SUBTREE, attrs2);
    if (res.error != 0 || res.msgs.length != 1) {
	message("Failed to find record for filter %s\n", options['filter']);
	exit(1);
    }
} else {
    var res = ldb.search(sprintf("samAccountName=%s", options['username']), 
    domain_dn, ldb.SCOPE_SUBTREE, attrs2);
    if (res.error != 0 || res.msgs.length != 1) {
	message("Failed to find record for user %s\n", options['username']);
	exit(1);
    }
}

var mod = sprintf("
dn: %s
changetype: modify
replace: sambaPassword
sambaPassword: %s
",
    res[0].dn, options['newpassword']);
var ok = ldb.modify(mod);
if (ok.error != 0) {
	message("set password for %s failed - %s\n",
	    res[0].dn, ok.errstr);
	ldb.transaction_cancel();
	exit(1);
} else {
	message("set password for %s (%s) succeded\n",
	    res[0].dn, res[0].cn);
	
	ldb.transaction_commit();
}


return 0;