Merge branch 'v4-0-local' of git://git.id10ts.net/samba into 4-0-local
authorAndrew Bartlett <abartlet@samba.org>
Sat, 29 Mar 2008 06:19:20 +0000 (17:19 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Sat, 29 Mar 2008 06:19:20 +0000 (17:19 +1100)
(This used to be commit ee6539e4cab8882faafff17f458df91cba352f8e)

22 files changed:
howto.txt
source4/Makefile
source4/auth/credentials/credentials.i
source4/auth/credentials/credentials.py
source4/auth/credentials/credentials_wrap.c
source4/auth/credentials/tests/bindings.py
source4/dsdb/samdb/ldb_modules/linked_attributes.c
source4/dsdb/samdb/ldb_modules/subtree_delete.c
source4/dsdb/samdb/ldb_modules/subtree_rename.c
source4/ldap_server/ldap_backend.c
source4/ldap_server/ldap_server.c
source4/lib/ldb/tests/python/ldap.py
source4/samba4-skip
source4/script/mkrelease.sh
source4/scripting/python/samba/getopt.py
source4/scripting/python/samba/provision.py
source4/scripting/python/samba/tests/samdb.py
source4/selftest/samba4_tests.sh
source4/setup/enableaccount
source4/setup/provision
source4/setup/upgrade.py
testprogs/blackbox/test_kinit.sh

index 78bed1316aa0916ed8014568026d7ac56f35ec4b..d128baa5bd47ca483ab3262b2ad1a2ce573cc259 100644 (file)
--- a/howto.txt
+++ b/howto.txt
@@ -16,6 +16,13 @@ aimed at production use of Samba4.
 Step 1: download Samba4
 -----------------------
 
+If you have downloaded the Samba4 code via a tarball released from the
+samba.org website, Step 1 has already been completed for you.  For testing
+with the version released in the tarball, you may continue on to Step 2.  Note
+that the references below to the top-level directory named "samba4" will
+instead be based on the name of the tarball downloaded (e.g.
+"samba-4.0.0alpha3" for the tarball samba-4.0.0alpha3.tar.gz).
+
 There are 2 methods of doing this:
 
   method 1:  "rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ samba4"
@@ -50,10 +57,7 @@ Run this::
 
   $ cd samba4/source
   $ ./configure
-  $ make proto all
-
-If you have gcc 3.4 or newer, then substitute "pch" for "proto" to
-greatly speed up the compile process (about 5x faster).
+  $ make
 
 Step 3: install Samba4
 ----------------------
@@ -120,14 +124,10 @@ in your $PATH. Make sure you run the right version!
 Step 7: testing Samba4
 ----------------------
 
-try these commands::
+try this command::
 
   $ smbclient //localhost/test -Uadministrator%SOMEPASSWORD
 
-or::
-
-  $ ./script/tests/test_posix.sh //localhost/test administrator SOMEPASSWORD
-
 
 NOTE about filesystem support
 -----------------------------
index 4b70597aa5efd6188df1d7b221ecb427ad5ef6ef..ab3ef47fed62f767a3c7762dcdb9c936fcf36d07 100644 (file)
@@ -60,8 +60,8 @@ libraries:: $(STATIC_LIBS) $(SHARED_LIBS)
 modules:: $(PLUGINS)
 headers:: $(PUBLIC_HEADERS) $(DEFAULT_HEADERS)
 manpages:: $(MANPAGES)
-all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods
-everything:: all libraries headers
+all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods libraries headers
+everything:: all
 
 LD_LIBPATH_OVERRIDE = $(LIB_PATH_VAR)=$(builddir)/bin/shared
 
index 41ec67580e713365b6a97e3650a28374ac923083..0a604cf0020364c2108e4c8444d24a37bd9cb6dd 100644 (file)
@@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
     $1 = NULL;
 }
 
+%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
+%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
+%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
+
 %{
 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
 %}
@@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
 typedef struct cli_credentials {
     %extend {
         cli_credentials(void) {
-            return cli_credentials_init_anon(NULL);
+            return cli_credentials_init(NULL);
         }
         /* username */
         const char *get_username(void);
@@ -74,13 +78,18 @@ typedef struct cli_credentials {
         bool set_realm(const char *val, 
                        enum credentials_obtained=CRED_SPECIFIED);
 
+       /* Kerberos */
+        void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+
         void parse_string(const char *text,
-                       enum credentials_obtained=CRED_SPECIFIED);
+                         enum credentials_obtained=CRED_SPECIFIED);
 
         /* bind dn */
         const char *get_bind_dn(void);
         bool set_bind_dn(const char *bind_dn);
 
+       void set_anonymous();
+
         /* workstation name */
         const char *get_workstation(void);
         bool set_workstation(const char *workstation, 
index 14526af9100274c20024e226b724dfdbbffd8528..2b40fbeeadfd074fbdbab8535115ae058013864d 100644 (file)
@@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
 
 
 import param
+AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
+DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
+MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
 class Credentials(object):
     thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
     __repr__ = _swig_repr
@@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
 Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
 Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
 Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
 Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
 Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
 Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
 Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
 Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
 Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
index b1b904c8a3a68e6c0142931602b59a3d98704abd..909233aaff9e41c5caa9a1afb0f8aa782bb2de75 100644 (file)
@@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
 #define SWIGTYPE_p_int swig_types[3]
 #define SWIGTYPE_p_loadparm_context swig_types[4]
 #define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_long swig_types[6]
 #define SWIGTYPE_p_param_context swig_types[7]
 #define SWIGTYPE_p_param_opt swig_types[8]
 #define SWIGTYPE_p_param_section swig_types[9]
@@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
 #define SWIGTYPE_p_signed_char swig_types[11]
 #define SWIGTYPE_p_unsigned_char swig_types[12]
 #define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long_long swig_types[14]
+#define SWIGTYPE_p_unsigned_long swig_types[14]
 #define SWIGTYPE_p_unsigned_short swig_types[15]
 static swig_type_info *swig_types[17];
 static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
@@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
 typedef struct cli_credentials cli_credentials;
 
 
+  #define SWIG_From_long   PyInt_FromLong 
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int  (int value)
+{    
+  return SWIG_From_long  (value);
+}
+
+
 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
 
 SWIGINTERN cli_credentials *new_cli_credentials(){
-            return cli_credentials_init_anon(NULL);
+            return cli_credentials_init(NULL);
         }
 
 SWIGINTERN swig_type_info*
@@ -3131,6 +3141,44 @@ fail:
 }
 
 
+SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+  PyObject *resultobj = 0;
+  cli_credentials *arg1 = (cli_credentials *) 0 ;
+  enum credentials_use_kerberos arg2 ;
+  void *argp1 = 0 ;
+  int res1 = 0 ;
+  int val2 ;
+  int ecode2 = 0 ;
+  PyObject * obj0 = 0 ;
+  PyObject * obj1 = 0 ;
+  char *  kwnames[] = {
+    (char *) "self",(char *) "use_kerberos", NULL 
+  };
+  
+  arg1 = NULL;
+  if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
+  if (obj0) {
+    res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 |  0 );
+    if (!SWIG_IsOK(res1)) {
+      SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'"); 
+    }
+    arg1 = (cli_credentials *)(argp1);
+  }
+  if (obj1) {
+    ecode2 = SWIG_AsVal_int(obj1, &val2);
+    if (!SWIG_IsOK(ecode2)) {
+      SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
+    } 
+    arg2 = (enum credentials_use_kerberos)(val2);
+  }
+  cli_credentials_set_kerberos_state(arg1,arg2);
+  resultobj = SWIG_Py_Void();
+  return resultobj;
+fail:
+  return NULL;
+}
+
+
 SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
   PyObject *resultobj = 0;
   cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3253,6 +3301,33 @@ fail:
 }
 
 
+SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+  PyObject *resultobj = 0;
+  cli_credentials *arg1 = (cli_credentials *) 0 ;
+  void *argp1 = 0 ;
+  int res1 = 0 ;
+  PyObject * obj0 = 0 ;
+  char *  kwnames[] = {
+    (char *) "self", NULL 
+  };
+  
+  arg1 = NULL;
+  if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
+  if (obj0) {
+    res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 |  0 );
+    if (!SWIG_IsOK(res1)) {
+      SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'"); 
+    }
+    arg1 = (cli_credentials *)(argp1);
+  }
+  cli_credentials_set_anonymous(arg1);
+  resultobj = SWIG_Py_Void();
+  return resultobj;
+fail:
+  return NULL;
+}
+
+
 SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
   PyObject *resultobj = 0;
   cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
         { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+        { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
+        { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
 static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
 
 static swig_type_info *swig_type_initial[] = {
@@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
   &_swigt__p_int,
   &_swigt__p_loadparm_context,
   &_swigt__p_loadparm_service,
-  &_swigt__p_long_long,
+  &_swigt__p_long,
   &_swigt__p_param_context,
   &_swigt__p_param_opt,
   &_swigt__p_param_section,
@@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
   &_swigt__p_signed_char,
   &_swigt__p_unsigned_char,
   &_swigt__p_unsigned_int,
-  &_swigt__p_unsigned_long_long,
+  &_swigt__p_unsigned_long,
   &_swigt__p_unsigned_short,
 };
 
@@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = {  {&_swigt__p_cli_credentia
 static swig_cast_info _swigc__p_int[] = {  {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_context[] = {  {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_service[] = {  {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = {  {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = {  {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_context[] = {  {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_opt[] = {  {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_section[] = {  {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = {  {&_swigt__p_short, 0, 0, 0},{0, 0,
 static swig_cast_info _swigc__p_signed_char[] = {  {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_char[] = {  {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_int[] = {  {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = {  {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = {  {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_short[] = {  {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
 
 static swig_cast_info *swig_cast_initial[] = {
@@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
   _swigc__p_int,
   _swigc__p_loadparm_context,
   _swigc__p_loadparm_service,
-  _swigc__p_long_long,
+  _swigc__p_long,
   _swigc__p_param_context,
   _swigc__p_param_opt,
   _swigc__p_param_section,
@@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
   _swigc__p_signed_char,
   _swigc__p_unsigned_char,
   _swigc__p_unsigned_int,
-  _swigc__p_unsigned_long_long,
+  _swigc__p_unsigned_long,
   _swigc__p_unsigned_short,
 };
 
@@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
   SWIG_InstallConstants(d,swig_const_table);
   
   
+  SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
+  SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
+  SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
 }
 
index d2ca68d11578276b4b75df0375e5b4b0859c596a..d0a99502c17d94de43b990cbf7970928d150202b 100644 (file)
@@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
         self.assertTrue(self.creds.is_anonymous())
         self.creds.set_username("somebody")
         self.assertFalse(self.creds.is_anonymous())
+        self.creds.set_anonymous()
+        self.assertTrue(self.creds.is_anonymous())
 
     def test_workstation(self):
         # FIXME: This is uninitialised, it should be None
index 8685c722aad2b8b7b23b6d6e64d0a74c4325d5ef..04b9987071df30aba5e783a8b34ef5c63ffee72c 100644 (file)
@@ -520,6 +520,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
                        
                        talloc_steal(new_req, attrs);
                        
+                       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+                       
+                       if (ret != LDB_SUCCESS) {
+                               return ret;
+                       }
+
                        /* Create a spot in the list for the requests */
                        ac->down_req = talloc_realloc(ac, ac->down_req, 
                                                      struct ldb_request *, ac->num_requests + 1);
@@ -568,6 +574,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
                        
                        talloc_steal(new_req, attrs);
                        
+                       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+                       
+                       if (ret != LDB_SUCCESS) {
+                               return ret;
+                       }
+
                        /* Create a spot in the list for the requests */
                        ac->down_req = talloc_realloc(ac, ac->down_req, 
                                                      struct ldb_request *, ac->num_requests + 1);
@@ -629,7 +641,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
                        
                        talloc_steal(new_req, new_msg);
                        
-                       ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+                       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+                       
+                       if (ret != LDB_SUCCESS) {
+                               return ret;
+                       }
                        
                        /* Now add it to the list */
                        ac->down_req = talloc_realloc(ac, ac->down_req, 
@@ -752,6 +768,12 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques
 
        talloc_steal(new_req, attrs);
 
+       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        ac->search_req = new_req;
        ac->step = LA_SEARCH;
        return ldb_next_request(module, new_req);
@@ -805,6 +827,12 @@ static int linked_attributes_delete(struct ldb_module *module, struct ldb_reques
 
        talloc_steal(new_req, attrs);
 
+       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        ac->search_req = new_req;
        ac->step = LA_SEARCH;
        return ldb_next_request(module, new_req);
index 56ae7b239a2feef296815df152f03b5da6940a56..9c332d2969077eecc786c73880973bae206666d4 100644 (file)
@@ -160,6 +160,12 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
                return ret;
        }
 
+       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        ac->search_req = new_req;
        if (req == NULL) {
                ldb_oom(ac->module->ldb);
index bf8124e253acf51f5eda11e22566fbbc5dc2d8b8..fd1388d4164bdb4369894fc8501fd7fc6431d473 100644 (file)
@@ -117,7 +117,15 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context
                                           NULL,
                                           NULL);
                
-               if (ret != LDB_SUCCESS) return ret;
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
+
+               ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req);
+               
+               if (ret != LDB_SUCCESS) {
+                       return ret;
+               }
 
                talloc_steal(req, newdn);
 
@@ -186,6 +194,12 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
                return ret;
        }
 
+       ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+       
+       if (ret != LDB_SUCCESS) {
+               return ret;
+       }
+
        ac->down_req = talloc_realloc(ac, ac->down_req, 
                                        struct ldb_request *, ac->num_requests + 1);
        if (!ac->down_req) {
index 346aacaa99c03d6c9c5b7ffbe046113e5ad3d78e..9b43d7bd742ca757cc76089d1ab5c214b2bb60fe 100644 (file)
@@ -216,9 +216,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
        lreq = talloc(local_ctx, struct ldb_request);
        NT_STATUS_HAVE_NO_MEMORY(lreq);
 
-       res = talloc_zero(local_ctx, struct ldb_result);
-       NT_STATUS_HAVE_NO_MEMORY(res);
-       
        lreq->operation = LDB_SEARCH;
        lreq->op.search.base = basedn;
        lreq->op.search.scope = scope;
@@ -242,6 +239,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                }
        }
 
+       res = talloc_zero(lreq, struct ldb_result);
+       NT_STATUS_HAVE_NO_MEMORY(res);
+       
        lreq->context = res;
        lreq->callback = ldb_search_default_callback;
 
@@ -261,6 +261,11 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
                        ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
                        NT_STATUS_HAVE_NO_MEMORY(ent_r);
 
+                       /* Better to have the whole message kept here,
+                        * than to find someone further up didn't put
+                        * a value in the right spot in the talloc tree */
+                       talloc_steal(ent_r, res->msgs[i]);
+                       
                        ent = &ent_r->msg->r.SearchResultEntry;
                        ent->dn = ldb_dn_alloc_linearized(ent_r, res->msgs[i]->dn);
                        ent->num_attributes = 0;
index 5b2519c035a7845d9d152c3bccdea1da867562c4..ce80941e03fc8be5dfffca3d3e40ca2efe3adfed 100644 (file)
@@ -155,8 +155,10 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob)
        }
 
        data_blob_free(&blob);
-       ldapsrv_process_message(conn, msg);
+       talloc_steal(conn, msg);
        asn1_free(asn1);
+
+       ldapsrv_process_message(conn, msg);
        return NT_STATUS_OK;
 }
 
index f75bb8124d95fd0e81f745665eb3cf9fc703191c..ead5796b7b6ca9839606f4a857ea24d4da7f3c73 100755 (executable)
@@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser))
 # use command line creds if available
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
-creds = credopts.get_credentials()
 opts, args = parser.parse_args()
 
 if len(args) < 1:
@@ -35,6 +34,7 @@ if len(args) < 1:
 host = args[0]
 
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
 
 class BasicTests(unittest.TestCase):
     def delete_force(self, ldb, dn):
index 4d2da6ed646434e1a31b22c17c481d8593f8372c..19ff924794d3c92969f1c66f418573f24398955d 100644 (file)
@@ -46,3 +46,4 @@ nss.test                                              # Fails
 samba4.samba3sam.python                # Conversion from EJS not yet finished
 samba4.samdb.python                    # Not finished yet
 raw.offline                    # Samba 4 doesn't have much offline support yet
+winreg*  #Does not authenticate against the target server
index a6e7c8493bec9876b65146e51341a069371fcb8e..0af738deb52e3a647c4ad634f99e339ef42c8511 100755 (executable)
@@ -1,10 +1,15 @@
 #!/bin/sh
 
-TMPDIR=`mktemp samba-XXXXX`
-rm $TMPDIR || exit 1
-svn export . $TMPDIR || exit 1
+if [ ! -d ".git" -o `dirname $0` != "./source/script" ]; then
+       echo "Run this script from the top-level directory in the"
+       echo "repository as: ./source/script/mkrelease.sh"
+       exit 1
+fi
 
-( cd $TMPDIR/source
+TMPDIR=`mktemp -d samba-XXXXX`
+(git archive --format=tar HEAD | (cd $TMPDIR/ && tar xf -))
+
+( cd $TMPDIR/source || exit 1
  ./autogen.sh || exit 1
  ./configure || exit 1
  make dist  || exit 1
@@ -12,7 +17,8 @@ svn export . $TMPDIR || exit 1
 
 VERSION=`sed -n 's/^SAMBA_VERSION_STRING=//p' $TMPDIR/source/version.h`
 mv $TMPDIR samba-$VERSION || exit 1
-tar -cf samba-$VERSION.tar samba-$VERSION || exit 1
+tar -cf samba-$VERSION.tar samba-$VERSION || (rm -rf samba-$VERSION; exit 1)
+rm -rf samba-$VERSION || exit 1
 echo "Now run: "
 echo "gpg --detach-sign --armor samba-$VERSION.tar"
 echo "gzip samba-$VERSION.tar" 
index 088a5acf6fc84f5fe48c58880499a4b2eb083169..82cb004b621eebd263a17f944a075d92b866d113 100644 (file)
@@ -18,7 +18,7 @@
 #
 
 import optparse
-from credentials import Credentials
+from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS
 
 class SambaOptions(optparse.OptionGroup):
     def __init__(self, parser):
@@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup):
                         help="Workgroup", callback=self._parse_workgroup)
         self.add_option("-N", "--no-pass", action="store_true",
                         help="Don't ask for a password")
+        self.add_option("-k", "--kerberos", metavar="KERBEROS", 
+                        action="callback", type=str,
+                        help="Use Kerberos", callback=self._set_kerberos)
         self.creds = Credentials()
 
     def _parse_username(self, option, opt_str, arg, parser):
@@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup):
     def _set_password(self, option, opt_str, arg, parser):
         self.creds.set_password(arg)
 
+    def _set_kerberos(self, option, opt_str, arg, parser):
+        if bool(arg) or arg.lower() == "yes":
+            self.creds.set_kerberos_state(MUST_USE_KERBEROS)
+        else:
+            self.creds.set_kerberos_state(DONT_USE_KERBEROS)
+
     def _set_simple_bind_dn(self, option, opt_str, arg, parser):
         self.creds.set_bind_dn(arg)
 
-    def get_credentials(self):
-        self.creds.guess()
+    def get_credentials(self, lp):
+        self.creds.guess(lp)
         if not self.no_pass:
             self.creds.set_cmdline_callbacks()
         return self.creds
index d5e66d842c154cbb1094f5dd49bb59bd04fd6333..b03457e57bbd3b97e12663f56bcad9861ee0a560 100644 (file)
@@ -974,10 +974,6 @@ def provision(setup_dir, message, session_info,
             # provision-backend will set this path suggested slapd command line / fedorads.inf
             ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
              
-    message("set DOMAIN SID: %s" % str(domainsid))
-    message("Provisioning for %s in realm %s" % (names.domain, realm))
-    message("Using administrator password: %s" % adminpass)
-
     # only install a new shares config db if there is none
     if not os.path.exists(paths.shareconf):
         message("Setting up share.ldb")
@@ -1036,7 +1032,7 @@ def provision(setup_dir, message, session_info,
                             nobody=nobody, nogroup=nogroup, wheel=wheel, 
                             users=users, backup=backup)
    
-        message("Setting up sam.ldb rootDSE marking as synchronized")
+        message("Compleating sam.ldb setup by marking as synchronized")
         setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
 
         # Only make a zone file on the first DC, it should be replicated with DNS replication
@@ -1051,19 +1047,25 @@ def provision(setup_dir, message, session_info,
                                        scope=SCOPE_SUBTREE)
             assert isinstance(hostguid, str)
             
-            message("Setting up DNS zone: %s" % names.dnsdomain)
             create_zone_file(paths.dns, setup_path, samdb, 
                              hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain,
                              domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, 
                              domainguid=domainguid, hostguid=hostguid)
             message("Please install the zone located in %s into your DNS server" % paths.dns)
             
-    message("Setting up phpLDAPadmin configuration")
     create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, 
                                ldapi_url)
 
     message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
 
+    message("Once the above files are installed, your server will be ready to use")
+    message("Server Type:    %s" % serverrole)
+    message("Hostname:       %s" % names.hostname)
+    message("NetBIOS Domain: %s" % names.domain)
+    message("DNS Domain:     %s" % names.dnsdomain)
+    message("DOMAIN SID:     %s" % str(domainsid))
+    message("Admin password: %s" % adminpass)
+
     result = ProvisionResult()
     result.domaindn = domaindn
     result.paths = paths
index 40e56bebb54db993e0e47e9ccaee28fce59c3a2e..3745dba6fc27474312f265ae199b02e3cf8f8745 100644 (file)
@@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir):
         policyguid = uuid.random()
         setup_path = lambda x: os.path.join("setup", x)
         creds = Credentials()
+        creds.set_anonymous()
         domainsid = security.random_sid()
         hostguid = uuid.random()
         path = os.path.join(self.tempdir, "samdb.ldb")
index 8102095958c4b554146b27ed5ef43572284b95db..64b2c7b56484fb5e23c7fac4a7004f994119abc4 100755 (executable)
@@ -266,7 +266,7 @@ fi
 bbdir=$incdir/../../testprogs/blackbox
 
 plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX" 
-plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" 
+plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION 
 plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" 
 plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" 
 plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
index 144b6c6494e04949c795c9dd30e5ea11fad95fcf..849b515675a7dd857d07602ce5d8795f4d93106e 100644 (file)
@@ -42,9 +42,10 @@ username = args[0]
 if username is None:
        print "username must be specified"
 
-creds = credopts.get_credentials()
-
 lp = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp)
+
 if opts.H is not None:
        url = opts.H
 else:
index b0363d8a8f2a24a15284e082d465e5eba6e5dd3b..e354f4d0bbcc5ea360566319c8cd522991eb1443 100755 (executable)
@@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None:
        parser.print_usage()
        sys.exit(1)
 
-smbconf = sambaopts.get_loadparm().configfile()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
 
 if opts.aci is not None:
        print "set ACI: %s" % opts.aci
@@ -123,7 +124,7 @@ elif opts.server_role == "member":
 else:
         server_role = opts.server_role
 
-creds = credopts.get_credentials()
+creds = credopts.get_credentials(lp)
 
 setup_dir = opts.setupdir
 if setup_dir is None:
@@ -148,12 +149,3 @@ provision(setup_dir, message,
           aci=opts.aci, serverrole=server_role, 
           ldap_backend=opts.ldap_backend, 
           ldap_backend_type=opts.ldap_backend_type)
-
-message("To reproduce this provision, run with:")
-def shell_escape(arg):
-    if " " in arg:
-        return '"%s"' % arg
-    return arg
-message(" ".join([shell_escape(arg) for arg in sys.argv]))
-
-message("All OK")
index 569b1795442f0ef3386f51269011351c864e6cdc..3bcc57ab64770169ca7d13b7fd2ee5a8259d1cf4 100755 (executable)
@@ -57,7 +57,9 @@ setup_dir = opts.setupdir
 if setup_dir is None:
        setup_dir = "setup"
 
-creds = credopts.get_credentials()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
+creds = credopts.get_credentials(lp)
 
 upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), 
-                  smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir)
+                  smbconf=smbconf, targetdir=opts.targetdir)
index d4eff07c8de56f63c164576bf476866ffeabbec7..dbcdcf11126d193d74e602b04aa0ea1792a818ab 100755 (executable)
@@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin
 smbclient=$samba4bindir/smbclient
 samba4kinit=$samba4bindir/samba4kinit
 net=$samba4bindir/net
+enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount"
 
 testit() {
        name="$1"
@@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache"
 export KRB5CCNAME
 
 echo $PASSWORD > ./tmppassfile
+#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM   || failed=`expr $failed + 1`
 testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit renew ticket" $samba4kinit --request-pac -R
 
 test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
 
@@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT
 
 testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
 USERPASS=testPass@12%
+echo $USERPASS > ./tmpuserpassfile
 
 testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
 
-#KRB5CCNAME=`pwd`/tmpuserccache
-#export KRB5CCNAME
-#
-#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
-#
-#KRB5CCNAME=`pwd`/tmpccache
-#export KRB5CCNAME
+testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
 
-testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
+KRB5CCNAME="$PREFIX/tmpuserccache"
+export KRB5CCNAME
+
+testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpccache"
+export KRB5CCNAME
+
+testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
-rm -f tmpccfile tmppassfile tmpuserccache
+rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache
 exit $failed