From: Andrew Bartlett Date: Fri, 28 Mar 2008 10:57:15 +0000 (+1100) Subject: Fix and test python scripts and kerberos X-Git-Tag: samba-4.0.0alpha6~801^3~302^2~125 X-Git-Url: http://git.samba.org/samba.git/?p=ab%2Fsamba.git%2F.git;a=commitdiff_plain;h=142fbfb3c1f9f8cda7f0edaa801f8345f23d805f;hp=8f8c56bfbcbfe8f80afb09eb1d481a108b252bee Fix and test python scripts and kerberos This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63) --- diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i index 41ec67580e7..0a604cf0020 100644 --- a/source4/auth/credentials/credentials.i +++ b/source4/auth/credentials/credentials.i @@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials; $1 = NULL; } +%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS; +%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS; +%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS; + %{ #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ %} @@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials; typedef struct cli_credentials { %extend { cli_credentials(void) { - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } /* username */ const char *get_username(void); @@ -74,13 +78,18 @@ typedef struct cli_credentials { bool set_realm(const char *val, enum credentials_obtained=CRED_SPECIFIED); + /* Kerberos */ + void set_kerberos_state(enum credentials_use_kerberos use_kerberos); + void parse_string(const char *text, - enum credentials_obtained=CRED_SPECIFIED); + enum credentials_obtained=CRED_SPECIFIED); /* bind dn */ const char *get_bind_dn(void); bool set_bind_dn(const char *bind_dn); + void set_anonymous(); + /* workstation name */ const char *get_workstation(void); bool set_workstation(const char *workstation, diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py index 14526af9100..2b40fbeeadf 100644 --- a/source4/auth/credentials/credentials.py +++ b/source4/auth/credentials/credentials.py @@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set): import param +AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS +DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS +MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS class Credentials(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') __repr__ = _swig_repr @@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain, Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials) Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials) Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials) +Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials) Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials) Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials) Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials) +Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials) Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials) Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials) Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials) diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c index b1b904c8a3a..909233aaff9 100644 --- a/source4/auth/credentials/credentials_wrap.c +++ b/source4/auth/credentials/credentials_wrap.c @@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[3] #define SWIGTYPE_p_loadparm_context swig_types[4] #define SWIGTYPE_p_loadparm_service swig_types[5] -#define SWIGTYPE_p_long_long swig_types[6] +#define SWIGTYPE_p_long swig_types[6] #define SWIGTYPE_p_param_context swig_types[7] #define SWIGTYPE_p_param_opt swig_types[8] #define SWIGTYPE_p_param_section swig_types[9] @@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[11] #define SWIGTYPE_p_unsigned_char swig_types[12] #define SWIGTYPE_p_unsigned_int swig_types[13] -#define SWIGTYPE_p_unsigned_long_long swig_types[14] +#define SWIGTYPE_p_unsigned_long swig_types[14] #define SWIGTYPE_p_unsigned_short swig_types[15] static swig_type_info *swig_types[17]; static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; @@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; typedef struct cli_credentials cli_credentials; + #define SWIG_From_long PyInt_FromLong + + +SWIGINTERNINLINE PyObject * +SWIG_From_int (int value) +{ + return SWIG_From_long (value); +} + + #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ SWIGINTERN cli_credentials *new_cli_credentials(){ - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } SWIGINTERN swig_type_info* @@ -3131,6 +3141,44 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + enum credentials_use_kerberos arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + char * kwnames[] = { + (char *) "self",(char *) "use_kerberos", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + if (obj1) { + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'"); + } + arg2 = (enum credentials_use_kerberos)(val2); + } + cli_credentials_set_kerberos_state(arg1,arg2); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3253,6 +3301,33 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + char * kwnames[] = { + (char *) "self", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + cli_credentials_set_anonymous(arg1); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = { { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL}, @@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; @@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) { SWIG_InstallConstants(d,swig_const_table); + SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS))); } diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py index d2ca68d1157..d0a99502c17 100644 --- a/source4/auth/credentials/tests/bindings.py +++ b/source4/auth/credentials/tests/bindings.py @@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase): self.assertTrue(self.creds.is_anonymous()) self.creds.set_username("somebody") self.assertFalse(self.creds.is_anonymous()) + self.creds.set_anonymous() + self.assertTrue(self.creds.is_anonymous()) def test_workstation(self): # FIXME: This is uninitialised, it should be None diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index f75bb8124d9..ead5796b7b6 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser)) # use command line creds if available credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) -creds = credopts.get_credentials() opts, args = parser.parse_args() if len(args) < 1: @@ -35,6 +34,7 @@ if len(args) < 1: host = args[0] lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) class BasicTests(unittest.TestCase): def delete_force(self, ldb, dn): diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index 088a5acf6fc..82cb004b621 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -18,7 +18,7 @@ # import optparse -from credentials import Credentials +from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS class SambaOptions(optparse.OptionGroup): def __init__(self, parser): @@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup): help="Workgroup", callback=self._parse_workgroup) self.add_option("-N", "--no-pass", action="store_true", help="Don't ask for a password") + self.add_option("-k", "--kerberos", metavar="KERBEROS", + action="callback", type=str, + help="Use Kerberos", callback=self._set_kerberos) self.creds = Credentials() def _parse_username(self, option, opt_str, arg, parser): @@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup): def _set_password(self, option, opt_str, arg, parser): self.creds.set_password(arg) + def _set_kerberos(self, option, opt_str, arg, parser): + if bool(arg) or arg.lower() == "yes": + self.creds.set_kerberos_state(MUST_USE_KERBEROS) + else: + self.creds.set_kerberos_state(DONT_USE_KERBEROS) + def _set_simple_bind_dn(self, option, opt_str, arg, parser): self.creds.set_bind_dn(arg) - def get_credentials(self): - self.creds.guess() + def get_credentials(self, lp): + self.creds.guess(lp) if not self.no_pass: self.creds.set_cmdline_callbacks() return self.creds diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py index 40e56bebb54..3745dba6fc2 100644 --- a/source4/scripting/python/samba/tests/samdb.py +++ b/source4/scripting/python/samba/tests/samdb.py @@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir): policyguid = uuid.random() setup_path = lambda x: os.path.join("setup", x) creds = Credentials() + creds.set_anonymous() domainsid = security.random_sid() hostguid = uuid.random() path = os.path.join(self.tempdir, "samdb.ldb") diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 8102095958c..64b2c7b5648 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -266,7 +266,7 @@ fi bbdir=$incdir/../../testprogs/blackbox plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX" -plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" +plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index 144b6c6494e..849b515675a 100644 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -42,9 +42,10 @@ username = args[0] if username is None: print "username must be specified" -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp) + if opts.H is not None: url = opts.H else: diff --git a/source4/setup/provision b/source4/setup/provision index b0363d8a8f2..cf08036f902 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) -smbconf = sambaopts.get_loadparm().configfile() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() if opts.aci is not None: print "set ACI: %s" % opts.aci @@ -123,7 +124,7 @@ elif opts.server_role == "member": else: server_role = opts.server_role -creds = credopts.get_credentials() +creds = credopts.get_credentials(lp) setup_dir = opts.setupdir if setup_dir is None: diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 569b1795442..3bcc57ab647 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -57,7 +57,9 @@ setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -creds = credopts.get_credentials() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() +creds = credopts.get_credentials(lp) upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), - smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir) + smbconf=smbconf, targetdir=opts.targetdir) diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh index d4eff07c8de..dbcdcf11126 100755 --- a/testprogs/blackbox/test_kinit.sh +++ b/testprogs/blackbox/test_kinit.sh @@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin smbclient=$samba4bindir/smbclient samba4kinit=$samba4bindir/samba4kinit net=$samba4bindir/net +enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount" testit() { name="$1" @@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache" export KRB5CCNAME echo $PASSWORD > ./tmppassfile +#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` -testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit renew ticket" $samba4kinit --request-pac -R test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` @@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` USERPASS=testPass@12% +echo $USERPASS > ./tmpuserpassfile testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -#KRB5CCNAME=`pwd`/tmpuserccache -#export KRB5CCNAME -# -#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` -# -#KRB5CCNAME=`pwd`/tmpccache -#export KRB5CCNAME +testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1` -testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` +KRB5CCNAME="$PREFIX/tmpuserccache" +export KRB5CCNAME + +testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` + +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmpccache" +export KRB5CCNAME + +testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -rm -f tmpccfile tmppassfile tmpuserccache +rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache exit $failed