Fix newuser and setpassword scripts, and port to idmap.

The new idmap world does not use the unixUser any more, so we need to
set up the entry (if wanted) in the idmap database.  Users without a
backing unix user will get an allocated uid by idmap later.

Andrew Bartlett
(This used to be commit 8bd8bc1475ddf22d4702dcd17028a9043a5e629f)

diff --git a/source4/scripting/python/samba/idmap.py b/source4/scripting/python/samba/idmap.py
index 355565968a3247675bd49dcc80d08faeec57be77..16efcd04709db45de02446b5ee8ca571611ce4bd 100644 (file)
--- a/source4/scripting/python/samba/idmap.py
+++ b/source4/scripting/python/samba/idmap.py
@@ -21,6 +21,7 @@
 """Convenience functions for using the idmap database."""
 
 import samba
+import misc
 import ldb
 
 class IDmapDB(samba.Ldb):
@@ -37,11 +38,17 @@ class IDmapDB(samba.Ldb):
 
         :param url: URL of the database.
         """
+        self.lp = lp
+
         super(IDmapDB, self).__init__(session_info=session_info, credentials=credentials,
                                     modules_dir=modules_dir, lp=lp)
         if url:
             self.connect(url)
+        else:
+            self.connect(lp.get("idmap database"))
 
+    def connect(self, url):
+        super(IDmapDB, self).connect(misc.private_path(self.lp, url))
 
     def setup_name_mapping(self, sid, type, unixid):
         """Setup a mapping between a sam name and a unix name.

diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index bc3eef7879c50c04566709ef7fd7186d18cdf729..198d1e9f5cb8c12a0858344754241e6088b45593 100644 (file)
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -25,20 +25,29 @@
 import samba
 import misc
 import ldb
+from samba.idmap import IDmapDB
+import pwd
 
 class SamDB(samba.Ldb):
     """The SAM database."""
+
     def __init__(self, url=None, session_info=None, credentials=None, 
                  modules_dir=None, lp=None):
         """Open the Sam Database.
 
         :param url: URL of the database.
         """
+        self.lp = lp
         super(SamDB, self).__init__(session_info=session_info, credentials=credentials,
                                     modules_dir=modules_dir, lp=lp)
         assert misc.dsdb_set_global_schema(self) == 0
         if url:
             self.connect(url)
+        else:
+            self.connect(lp.get("sam database"))
+
+    def connect(self, url):
+        super(SamDB, self).connect(misc.private_path(self.lp, url))
 
     def add_foreign(self, domaindn, sid, desc):
         """Add a foreign security principle."""
@@ -101,10 +110,27 @@ userAccountControl: %u
         #  now the real work
         self.add({"dn": user_dn, 
             "sAMAccountName": username,
-            "unixName": unixname,
             "sambaPassword": password,
             "objectClass": "user"})
 
+        res = self.search(user_dn, scope=ldb.SCOPE_BASE,
+                          expression="objectclass=*",
+                          attrs=["objectSid"])
+        assert(len(res) == 1)
+        user_sid = self.schema_format_value("objectSid", res[0]["objectSid"][0])
+        
+        
+        try:
+            idmap = IDmapDB(lp=self.lp)
+
+            user = pwd.getpwnam(unixname)
+            # setup ID mapping for this UID
+            
+            idmap.setup_name_mapping(user_sid, idmap.TYPE_UID, user[2])
+
+        except KeyError:
+            pass
+
         #  modify the userAccountControl to remove the disabled bit
         self.enable_account(user_dn)
         self.transaction_commit()

diff --git a/source4/setup/newuser b/source4/setup/newuser
index f622058a5d0858ecae21c7ce293f10663242fef3..04a5440ee1a205650f7cb3d6f1fd0f0391a25c30 100755 (executable)
--- a/source4/setup/newuser
+++ b/source4/setup/newuser
@@ -45,15 +45,9 @@ else:
 if opts.unixname is None:
        opts.unixname = username
 
-try:
-       pwd.getpwnam(opts.unixname)
-except KeyError:
-       print "ERROR: Unix user '%s' does not exist" % opts.unixname
-       sys.exit(1)
-
-creds = credopts.get_credentials()
-
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
 samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), 
               credentials=creds, lp=lp)
 samdb.newuser(username, opts.unixname, password)

diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 31b2f73a256b6078cf3c2efb5de7476f43c1d7c8..977a6a5ee89011c0f540378d3193812ddcbe0188 100644 (file)
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -36,7 +36,7 @@ if len(args) == 0:
        parser.print_usage()
        sys.exit(1)
 
-password = opts.password;
+password = opts.newpassword;
 if password is None:
        password = getpass("New Password: ")
 
@@ -47,12 +47,12 @@ if filter is None:
        if username is None:
                print "Either username or --filter must be specified"
 
-       filter = "(&(objectclass=user)(samAccountName=" + username + "))"
+       filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
 
 
-creds = credopts.get_credentials()
-
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
 samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), 
               credentials=creds, lp=lp)
 samdb.setpassword(filter, password)

diff --git a/source4/setup/tests/blackbox_provision.sh b/source4/setup/tests/blackbox_provision.sh
index 4db226778c4e84c66ac772ef6f5c926189bb75ef..19f37cef2df062a026914b199604bc08dd36de45 100755 (executable)
--- a/source4/setup/tests/blackbox_provision.sh
+++ b/source4/setup/tests/blackbox_provision.sh
@@ -31,8 +31,11 @@ testit "simple-default" $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --
 testit "simple-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc
 testit "simple-member" $PYTHON ./setup/provision $CONFIGURATION --server-role="member" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-member
 testit "simple-standalone" $PYTHON ./setup/provision $CONFIGURATION --server-role="standalone" --domain=FOO --realm=foo.example.com --targetdir=$PREFIX/simple-standalone
-testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --blank
-testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/simple-dc --partitions-only
+testit "blank-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/blank-dc --blank
+testit "partitions-only-dc" $PYTHON ./setup/provision $CONFIGURATION --server-role="dc" --domain=FOO --realm=foo.example.com --domain-sid=S-1-5-21-4177067393-1453636373-93818738 --targetdir=$PREFIX/partitions-only-dc --partitions-only
+
+testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.conf testuser testpass
+testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass
 
 reprovision() {
        $PYTHON ./setup/provision $CONFIGURATION --domain=FOO --realm=foo.example.com --targetdir="$PREFIX/reprovision"