Fix and test python scripts and kerberos
authorAndrew Bartlett <abartlet@samba.org>
Fri, 28 Mar 2008 10:57:15 +0000 (21:57 +1100)
committerAndrew Bartlett <abartlet@samba.org>
Fri, 28 Mar 2008 10:57:15 +0000 (21:57 +1100)
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option.  (This
enables the use of kerberos).

As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.

The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.

Andrew Bartlett

12 files changed:
source/auth/credentials/credentials.i
source/auth/credentials/credentials.py
source/auth/credentials/credentials_wrap.c
source/auth/credentials/tests/bindings.py
source/lib/ldb/tests/python/ldap.py
source/scripting/python/samba/getopt.py
source/scripting/python/samba/tests/samdb.py
source/selftest/samba4_tests.sh
source/setup/enableaccount
source/setup/provision
source/setup/upgrade.py
testprogs/blackbox/test_kinit.sh

index 41ec675..0a604cf 100644 (file)
@@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
     $1 = NULL;
 }
 
+%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
+%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
+%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
+
 %{
 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
 %}
@@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
 typedef struct cli_credentials {
     %extend {
         cli_credentials(void) {
-            return cli_credentials_init_anon(NULL);
+            return cli_credentials_init(NULL);
         }
         /* username */
         const char *get_username(void);
@@ -74,13 +78,18 @@ typedef struct cli_credentials {
         bool set_realm(const char *val, 
                        enum credentials_obtained=CRED_SPECIFIED);
 
+       /* Kerberos */
+        void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+
         void parse_string(const char *text,
-                       enum credentials_obtained=CRED_SPECIFIED);
+                         enum credentials_obtained=CRED_SPECIFIED);
 
         /* bind dn */
         const char *get_bind_dn(void);
         bool set_bind_dn(const char *bind_dn);
 
+       void set_anonymous();
+
         /* workstation name */
         const char *get_workstation(void);
         bool set_workstation(const char *workstation, 
index 14526af..2b40fbe 100644 (file)
@@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
 
 
 import param
+AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
+DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
+MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
 class Credentials(object):
     thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
     __repr__ = _swig_repr
@@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
 Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
 Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
 Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
 Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
 Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
 Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
 Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
 Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
 Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
index b1b904c..909233a 100644 (file)
@@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
 #define SWIGTYPE_p_int swig_types[3]
 #define SWIGTYPE_p_loadparm_context swig_types[4]
 #define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_long swig_types[6]
 #define SWIGTYPE_p_param_context swig_types[7]
 #define SWIGTYPE_p_param_opt swig_types[8]
 #define SWIGTYPE_p_param_section swig_types[9]
@@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
 #define SWIGTYPE_p_signed_char swig_types[11]
 #define SWIGTYPE_p_unsigned_char swig_types[12]
 #define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long_long swig_types[14]
+#define SWIGTYPE_p_unsigned_long swig_types[14]
 #define SWIGTYPE_p_unsigned_short swig_types[15]
 static swig_type_info *swig_types[17];
 static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
@@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
 typedef struct cli_credentials cli_credentials;
 
 
+  #define SWIG_From_long   PyInt_FromLong 
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int  (int value)
+{    
+  return SWIG_From_long  (value);
+}
+
+
 #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
 
 SWIGINTERN cli_credentials *new_cli_credentials(){
-            return cli_credentials_init_anon(NULL);
+            return cli_credentials_init(NULL);
         }
 
 SWIGINTERN swig_type_info*
@@ -3131,6 +3141,44 @@ fail:
 }
 
 
+SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+  PyObject *resultobj = 0;
+  cli_credentials *arg1 = (cli_credentials *) 0 ;
+  enum credentials_use_kerberos arg2 ;
+  void *argp1 = 0 ;
+  int res1 = 0 ;
+  int val2 ;
+  int ecode2 = 0 ;
+  PyObject * obj0 = 0 ;
+  PyObject * obj1 = 0 ;
+  char *  kwnames[] = {
+    (char *) "self",(char *) "use_kerberos", NULL 
+  };
+  
+  arg1 = NULL;
+  if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
+  if (obj0) {
+    res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 |  0 );
+    if (!SWIG_IsOK(res1)) {
+      SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'"); 
+    }
+    arg1 = (cli_credentials *)(argp1);
+  }
+  if (obj1) {
+    ecode2 = SWIG_AsVal_int(obj1, &val2);
+    if (!SWIG_IsOK(ecode2)) {
+      SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
+    } 
+    arg2 = (enum credentials_use_kerberos)(val2);
+  }
+  cli_credentials_set_kerberos_state(arg1,arg2);
+  resultobj = SWIG_Py_Void();
+  return resultobj;
+fail:
+  return NULL;
+}
+
+
 SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
   PyObject *resultobj = 0;
   cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3253,6 +3301,33 @@ fail:
 }
 
 
+SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+  PyObject *resultobj = 0;
+  cli_credentials *arg1 = (cli_credentials *) 0 ;
+  void *argp1 = 0 ;
+  int res1 = 0 ;
+  PyObject * obj0 = 0 ;
+  char *  kwnames[] = {
+    (char *) "self", NULL 
+  };
+  
+  arg1 = NULL;
+  if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
+  if (obj0) {
+    res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 |  0 );
+    if (!SWIG_IsOK(res1)) {
+      SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'"); 
+    }
+    arg1 = (cli_credentials *)(argp1);
+  }
+  cli_credentials_set_anonymous(arg1);
+  resultobj = SWIG_Py_Void();
+  return resultobj;
+fail:
+  return NULL;
+}
+
+
 SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
   PyObject *resultobj = 0;
   cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
         { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+        { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
+        { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
         { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
 static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
 static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
 
 static swig_type_info *swig_type_initial[] = {
@@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
   &_swigt__p_int,
   &_swigt__p_loadparm_context,
   &_swigt__p_loadparm_service,
-  &_swigt__p_long_long,
+  &_swigt__p_long,
   &_swigt__p_param_context,
   &_swigt__p_param_opt,
   &_swigt__p_param_section,
@@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
   &_swigt__p_signed_char,
   &_swigt__p_unsigned_char,
   &_swigt__p_unsigned_int,
-  &_swigt__p_unsigned_long_long,
+  &_swigt__p_unsigned_long,
   &_swigt__p_unsigned_short,
 };
 
@@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = {  {&_swigt__p_cli_credentia
 static swig_cast_info _swigc__p_int[] = {  {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_context[] = {  {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_loadparm_service[] = {  {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = {  {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = {  {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_context[] = {  {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_opt[] = {  {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_param_section[] = {  {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = {  {&_swigt__p_short, 0, 0, 0},{0, 0,
 static swig_cast_info _swigc__p_signed_char[] = {  {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_char[] = {  {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_int[] = {  {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = {  {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = {  {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
 static swig_cast_info _swigc__p_unsigned_short[] = {  {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
 
 static swig_cast_info *swig_cast_initial[] = {
@@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
   _swigc__p_int,
   _swigc__p_loadparm_context,
   _swigc__p_loadparm_service,
-  _swigc__p_long_long,
+  _swigc__p_long,
   _swigc__p_param_context,
   _swigc__p_param_opt,
   _swigc__p_param_section,
@@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
   _swigc__p_signed_char,
   _swigc__p_unsigned_char,
   _swigc__p_unsigned_int,
-  _swigc__p_unsigned_long_long,
+  _swigc__p_unsigned_long,
   _swigc__p_unsigned_short,
 };
 
@@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
   SWIG_InstallConstants(d,swig_const_table);
   
   
+  SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
+  SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
+  SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
 }
 
index d2ca68d..d0a9950 100644 (file)
@@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
         self.assertTrue(self.creds.is_anonymous())
         self.creds.set_username("somebody")
         self.assertFalse(self.creds.is_anonymous())
+        self.creds.set_anonymous()
+        self.assertTrue(self.creds.is_anonymous())
 
     def test_workstation(self):
         # FIXME: This is uninitialised, it should be None
index f75bb81..ead5796 100755 (executable)
@@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser))
 # use command line creds if available
 credopts = options.CredentialsOptions(parser)
 parser.add_option_group(credopts)
-creds = credopts.get_credentials()
 opts, args = parser.parse_args()
 
 if len(args) < 1:
@@ -35,6 +34,7 @@ if len(args) < 1:
 host = args[0]
 
 lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
 
 class BasicTests(unittest.TestCase):
     def delete_force(self, ldb, dn):
index 088a5ac..82cb004 100644 (file)
@@ -18,7 +18,7 @@
 #
 
 import optparse
-from credentials import Credentials
+from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS
 
 class SambaOptions(optparse.OptionGroup):
     def __init__(self, parser):
@@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup):
                         help="Workgroup", callback=self._parse_workgroup)
         self.add_option("-N", "--no-pass", action="store_true",
                         help="Don't ask for a password")
+        self.add_option("-k", "--kerberos", metavar="KERBEROS", 
+                        action="callback", type=str,
+                        help="Use Kerberos", callback=self._set_kerberos)
         self.creds = Credentials()
 
     def _parse_username(self, option, opt_str, arg, parser):
@@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup):
     def _set_password(self, option, opt_str, arg, parser):
         self.creds.set_password(arg)
 
+    def _set_kerberos(self, option, opt_str, arg, parser):
+        if bool(arg) or arg.lower() == "yes":
+            self.creds.set_kerberos_state(MUST_USE_KERBEROS)
+        else:
+            self.creds.set_kerberos_state(DONT_USE_KERBEROS)
+
     def _set_simple_bind_dn(self, option, opt_str, arg, parser):
         self.creds.set_bind_dn(arg)
 
-    def get_credentials(self):
-        self.creds.guess()
+    def get_credentials(self, lp):
+        self.creds.guess(lp)
         if not self.no_pass:
             self.creds.set_cmdline_callbacks()
         return self.creds
index 40e56be..3745dba 100644 (file)
@@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir):
         policyguid = uuid.random()
         setup_path = lambda x: os.path.join("setup", x)
         creds = Credentials()
+        creds.set_anonymous()
         domainsid = security.random_sid()
         hostguid = uuid.random()
         path = os.path.join(self.tempdir, "samdb.ldb")
index 8102095..64b2c7b 100755 (executable)
@@ -266,7 +266,7 @@ fi
 bbdir=$incdir/../../testprogs/blackbox
 
 plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX" 
-plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" 
+plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION 
 plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" 
 plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" 
 plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
index 144b6c6..849b515 100644 (file)
@@ -42,9 +42,10 @@ username = args[0]
 if username is None:
        print "username must be specified"
 
-creds = credopts.get_credentials()
-
 lp = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp)
+
 if opts.H is not None:
        url = opts.H
 else:
index b0363d8..cf08036 100755 (executable)
@@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None:
        parser.print_usage()
        sys.exit(1)
 
-smbconf = sambaopts.get_loadparm().configfile()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
 
 if opts.aci is not None:
        print "set ACI: %s" % opts.aci
@@ -123,7 +124,7 @@ elif opts.server_role == "member":
 else:
         server_role = opts.server_role
 
-creds = credopts.get_credentials()
+creds = credopts.get_credentials(lp)
 
 setup_dir = opts.setupdir
 if setup_dir is None:
index 569b179..3bcc57a 100755 (executable)
@@ -57,7 +57,9 @@ setup_dir = opts.setupdir
 if setup_dir is None:
        setup_dir = "setup"
 
-creds = credopts.get_credentials()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
+creds = credopts.get_credentials(lp)
 
 upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), 
-                  smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir)
+                  smbconf=smbconf, targetdir=opts.targetdir)
index d4eff07..dbcdcf1 100755 (executable)
@@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin
 smbclient=$samba4bindir/smbclient
 samba4kinit=$samba4bindir/samba4kinit
 net=$samba4bindir/net
+enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount"
 
 testit() {
        name="$1"
@@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache"
 export KRB5CCNAME
 
 echo $PASSWORD > ./tmppassfile
+#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM   || failed=`expr $failed + 1`
 testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit renew ticket" $samba4kinit --request-pac -R
 
 test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
 
@@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT
 
 testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
 USERPASS=testPass@12%
+echo $USERPASS > ./tmpuserpassfile
 
 testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
 
-#KRB5CCNAME=`pwd`/tmpuserccache
-#export KRB5CCNAME
-#
-#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
-#
-#KRB5CCNAME=`pwd`/tmpccache
-#export KRB5CCNAME
+testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
 
-testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION  -k yes $@ || failed=`expr $failed + 1`
+KRB5CCNAME="$PREFIX/tmpuserccache"
+export KRB5CCNAME
+
+testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpccache"
+export KRB5CCNAME
+
+testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
-rm -f tmpccfile tmppassfile tmpuserccache
+rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache
 exit $failed