#include "includes.h"
#include "ldb_module.h"
-#include "lib/cmdline/popt_common.h"
+#include "lib/cmdline/cmdline.h"
#include "auth/gensec/gensec.h"
#include "auth/auth.h"
#include "param/param.h"
return i;
}
-static struct poptOption cmdline_extensions[] = {
- POPT_COMMON_SAMBA
- POPT_COMMON_CREDENTIALS
- POPT_COMMON_CONNECTION
- POPT_COMMON_VERSION
- {0}
-};
-
/*
called to register additional command line options
*/
case LDB_MODULE_HOOK_CMDLINE_OPTIONS: {
size_t len1, len2;
struct poptOption **popt_options = ldb_module_popt_options(ldb);
- struct poptOption *new_array;
+ struct poptOption *new_array = NULL;
+ bool ok;
+
+ struct poptOption cmdline_extensions[] = {
+ POPT_COMMON_SAMBA_LDB
+ POPT_COMMON_CONNECTION
+ POPT_COMMON_CREDENTIALS
+ POPT_LEGACY_S4
+ POPT_COMMON_VERSION
+ POPT_TABLEEND
+ };
+
+ ok = samba_cmdline_init(ldb,
+ SAMBA_CMDLINE_CONFIG_CLIENT,
+ false /* require_smbconf */);
+ if (!ok) {
+ return ldb_oom(ldb);
+ }
len1 = calculate_popt_array_length(*popt_options);
len2 = calculate_popt_array_length(cmdline_extensions);
memcpy(new_array, *popt_options, len1*sizeof(struct poptOption));
memcpy(new_array+len1, cmdline_extensions, (1+len2)*sizeof(struct poptOption));
+
+#ifdef DEVELOPER
+ ok = samba_cmdline_sanity_check(new_array);
+ if (!ok) {
+ talloc_free(new_array);
+ return ldb_error(ldb,
+ LDB_ERR_OPERATIONS_ERROR,
+ "Duplicate cmdline options detected!");
+ }
+#endif
+
(*popt_options) = new_array;
return LDB_SUCCESS;
}
case LDB_MODULE_HOOK_CMDLINE_PRECONNECT: {
+ struct loadparm_context *lp_ctx = NULL;
+ struct cli_credentials *creds = NULL;
+
int r = ldb_register_samba_handlers(ldb);
if (r != LDB_SUCCESS) {
return ldb_operr(ldb);
}
gensec_init();
+ lp_ctx = samba_cmdline_get_lp_ctx();
+ creds = samba_cmdline_get_creds();
+
if (ldb_set_opaque(
ldb,
DSDB_SESSION_INFO,
- system_session(cmdline_lp_ctx))) {
+ system_session(lp_ctx))) {
return ldb_operr(ldb);
}
- if (ldb_set_opaque(ldb, "credentials",
- popt_get_cmdline_credentials())) {
+ if (ldb_set_opaque(ldb, "credentials", creds)) {
return ldb_operr(ldb);
}
- if (ldb_set_opaque(ldb, "loadparm", cmdline_lp_ctx)) {
+ if (ldb_set_opaque(ldb, "loadparm", lp_ctx)) {
return ldb_operr(ldb);
}
init_function='ldb_samba_extensions_init',
module_init_name='ldb_init_module',
subsystem='ldb',
- deps='ldb ldbsamba POPT_SAMBA POPT_CREDENTIALS cmdline-credentials gensec',
+ deps='ldb ldbsamba CMDLINE_S4 gensec',
internal_module=False)
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbadd.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbdel.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbedit.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbmodify.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbrename.none.
-samba.tests.usage.samba.tests.usage.ElfHelpTests.test_ldbsearch.none.
samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_autobuild_py.none.
samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_compare_cc_results_py.none.
samba.tests.usage.samba.tests.usage.PythonScriptHelpTests.test_config_base.none.
# Simple tests for LDAP and CLDAP
for auth_type in ['', '-k no', '-k yes']:
- for auth_level in ['--option=clientldapsaslwrapping=plain', '--sign', '--encrypt']:
+ for auth_level in ['--option=clientldapsaslwrapping=plain', '--client-protection=sign', '--client-protection=encrypt']:
creds = '-U"$USERNAME%$PASSWORD"'
options = creds + ' ' + auth_type + ' ' + auth_level
plantestsuite("samba4.ldb.ldap with options %r(ad_dc_default)" % options, "ad_dc_default", "%s/test_ldb.sh ldap $SERVER %s" % (bbdir, options))
auth_options = [
'--option=clientldapsaslwrapping=plain',
- '--sign',
- '--encrypt',
- '-k yes --option=clientldapsaslwrapping=plain',
- '-k yes --sign',
- '-k yes --encrypt',
- '-k no --option=clientldapsaslwrapping=plain',
- '-k no --sign --option=ntlmssp_client:ldap_style_send_seal=no',
- '-k no --sign',
- '-k no --encrypt',
+ '--client-protection=sign',
+ '--client-protection=encrypt',
+ '--use-kerberos=required --option=clientldapsaslwrapping=plain',
+ '--use-kerberos=required --client-protection=sign',
+ '--use-kerberos=required --client-protection=encrypt',
+ '--use-kerberos=disabled --option=clientldapsaslwrapping=plain',
+ '--use-kerberos=disabled --client-protection=sign --option=ntlmssp_client:ldap_style_send_seal=no',
+ '--use-kerberos=disabled --client-protection=sign',
+ '--use-kerberos=disabled --client-protection=encrypt',
]
for auth_option in auth_options: