-#!/bin/sh
-exec smbscript "$0" ${1+"$@"}
-/*
- set a user's password on a Samba4 server
- Copyright Andrew Tridgell 2005
- Copyright Andrew Bartlett 2006
- Released under the GNU GPL v2 or later
-*/
+#!/usr/bin/python
+#
+# Sets a user password on a Samba4 server
+# Copyright Jelmer Vernooij 2008
+#
+# Based on the original in EJS:
+# Copyright Andrew Tridgell 2005
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os, sys
+
+# Find right directory when running from source tree
+sys.path.insert(0, "bin/python")
+
+import samba.getopt as options
+import optparse
+import pwd
+import sys
+from getpass import getpass
+from samba.auth import system_session
+from samba.samdb import SamDB
+
+parser = optparse.OptionParser("setpassword [username] [options]")
+sambaopts = options.SambaOptions(parser)
+parser.add_option_group(sambaopts)
+parser.add_option_group(options.VersionOptions(parser))
+credopts = options.CredentialsOptions(parser)
+parser.add_option_group(credopts)
+parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
+parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
+
+opts, args = parser.parse_args()
+
+#
+# print a message if quiet is not set
+#
+def message(text):
+ if not opts.quiet:
+ print text
+
+filter = opts.filter
+
+if (len(args) == 0) and (filter is None):
+ print "Either the username or '--filter' must be specified!"
+ parser.print_usage()
+ sys.exit(1)
+
+password = opts.newpassword;
+if password is None:
+ password = getpass("New Password: ")
+
+if filter is None:
+ username = args[0]
+ filter = "(&(objectclass=user)(samAccountName=%s))" % (username)
+
+lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
+
+samdb = SamDB(url=lp.get("sam database"), session_info=system_session(),
+ credentials=creds, lp=lp)
+samdb.setpassword(filter, password, force_password_change_at_next_login=opts.must_change_at_next_login)
-options = GetOptions(ARGV,
- "POPT_AUTOHELP",
- 'username=s',
- 'filter=s',
- 'newpassword=s',
- "POPT_COMMON_SAMBA",
- "POPT_COMMON_VERSION",
- "POPT_COMMON_CREDENTIALS",
- 'quiet');
-
-if (options == undefined) {
- println("Failed to parse options");
- return -1;
-}
-
-libinclude("base.js");
-libinclude("provision.js");
-
-/*
- print a message if quiet is not set
-*/
-function message()
-{
- if (options["quiet"] == undefined) {
- print(vsprintf(arguments));
- }
-}
-
-/*
- show some help
-*/
-function ShowHelp()
-{
- print("
-Samba4 newuser
-
-newuser [options]
- --username USERNAME username
- --filter LDAPFILTER LDAP Filter to set password on
- --newpassword PASSWORD set password
-
-You must provide either a filter or a username, as well as password
-");
- exit(1);
-}
-
-if (options['username'] == undefined && options['filter'] == undefined) {
- ShowHelp();
-}
-
-if (options['newpassword'] == undefined) {
- ShowHelp();
-}
-
- var lp = loadparm_init();
- var samdb = lp.get("sam database");
- var ldb = ldb_init();
- random_init(local);
- ldb.session_info = system_session();
- ldb.credentials = options.get_credentials();
-
- /* connect to the sam */
- var ok = ldb.connect(samdb);
- assert(ok);
-
- ldb.transaction_start();
-
-/* find the DNs for the domain and the domain users group */
-var attrs = new Array("defaultNamingContext");
-var attrs2 = new Array("cn");
-res = ldb.search("defaultNamingContext=*", "", ldb.SCOPE_BASE, attrs);
-assert(res.error == 0);
-assert(res.msgs.length == 1 && res.msgs[0].defaultNamingContext != undefined);
-var domain_dn = res.msgs[0].defaultNamingContext;
-assert(domain_dn != undefined);
-
-if (options['filter'] != undefined) {
- var res = ldb.search(options['filter'],
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for filter %s\n", options['filter']);
- exit(1);
- }
-} else {
- var res = ldb.search(sprintf("samAccountName=%s", options['username']),
- domain_dn, ldb.SCOPE_SUBTREE, attrs2);
- if (res.error != 0 || res.msgs.length != 1) {
- message("Failed to find record for user %s\n", options['username']);
- exit(1);
- }
-}
-
-var mod = sprintf("
-dn: %s
-changetype: modify
-replace: sambaPassword
-sambaPassword: %s
-",
- res[0].dn, options['newpassword']);
-var ok = ldb.modify(mod);
-if (ok.error != 0) {
- message("set password for %s failed - %s\n",
- res[0].dn, ok.errstr);
- ldb.transaction_cancel();
- exit(1);
-} else {
- message("set password for %s (%s) succeded\n",
- res[0].dn, res[0].cn);
-
- ldb.transaction_commit();
-}
-
-
-return 0;