s4:setup Add an option to 'setpassword' to force password change at next login

diff --git a/source4/scripting/python/samba/samdb.py b/source4/scripting/python/samba/samdb.py
index 454a9d144cf922e72edf2078537edbecdc1e5bba..8ca4f65d6e66f4cf609df5b2cee3522633c0d9ba 100644 (file)
--- a/source4/scripting/python/samba/samdb.py
+++ b/source4/scripting/python/samba/samdb.py
@@ -152,7 +152,7 @@ userAccountControl: %u
             raise
         self.transaction_commit()
 
-    def setpassword(self, filter, password):
+    def setpassword(self, filter, password, must_change_at_next_login=False):
         """Set a password on a user record
         
         :param filter: LDAP filter to find the user (eg samccountname=name)
@@ -184,6 +184,15 @@ userPassword:: %s
 
             self.modify_ldif(setpw)
 
+            if must_change_at_next_login:
+                mod = """
+dn: %s
+changetype: modify
+replace: pwdLastSet
+pwdLastSet: 0
+""" % (user_dn)
+                self.modify_ldif(mod)
+
             #  modify the userAccountControl to remove the disabled bit
             self.enable_account(user_dn)
         except:
@@ -212,7 +221,7 @@ userPassword:: %s
         glue.dsdb_set_ntds_invocation_id(self, invocation_id)
 
     def setexpiry(self, user, expiry_seconds, noexpiry):
-        """Set the password expiry for a user
+        """Set the account expiry for a user
         
         :param expiry_seconds: expiry time from now in seconds
         :param noexpiry: if set, then don't expire password
@@ -246,3 +255,4 @@ accountExpires: %u
             self.transaction_cancel()
             raise
         self.transaction_commit();
+

diff --git a/source4/setup/setpassword b/source4/setup/setpassword
index 90a217fb6f714b709b9e1b59277b1b85ea63748d..d44f143e636b3077fc23958aef87c0d9c162da1e 100755 (executable)
--- a/source4/setup/setpassword
+++ b/source4/setup/setpassword
@@ -41,6 +41,7 @@ credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
 parser.add_option("--filter", help="LDAP Filter to set password on", type=str)
 parser.add_option("--newpassword", help="Set password", type=str)
+parser.add_option("--must-change-at-next-login", help="Force password to be changed on next login", action="store_true")
 
 opts, args = parser.parse_args()
 
@@ -74,4 +75,5 @@ creds = credopts.get_credentials(lp)
 
 samdb = SamDB(url=lp.get("sam database"), session_info=system_session(), 
               credentials=creds, lp=lp)
-samdb.setpassword(filter, password)
+samdb.setpassword(filter, password, must_change_at_next_login=opts.must_change_at_next_login)
+

diff --git a/source4/setup/tests/blackbox_setpassword.sh b/source4/setup/tests/blackbox_setpassword.sh
index 89f1aa585820fb80d4b63dd6e9a2ec2fe2b17871..70061f6ae7b15ad5c88c852b300241a84d797252 100755 (executable)
--- a/source4/setup/tests/blackbox_setpassword.sh
+++ b/source4/setup/tests/blackbox_setpassword.sh
@@ -18,4 +18,6 @@ testit "newuser" $PYTHON ./setup/newuser --configfile=$PREFIX/simple-dc/etc/smb.
 
 testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass
 
+testit "setpassword" $PYTHON ./setup/setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testpass --must-change-at-next-login
+
 exit $failed