Merge branch 'master' of ssh://git.samba.org/data/git/samba

5 files changed, 128 insertions, 10 deletions

diff --git a/source4/scripting/bin/ktpass.sh b/source4/scripting/bin/ktpass.sh
new file mode 100755
index 0000000000..92b1976932
--- /dev/null
+++ b/source4/scripting/bin/ktpass.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+# vim: expandtab
+#
+# Copyright (C) Matthieu Patou <mat@matws.net>  2010
+#
+#
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+name="ktpass.sh"
+TEMP=`getopt -o h --long princ:,pass:,out:,host:,ptype:,enc:,path-to-ldbsearch: \
+     -n "$name" -- "$@"`
+eval set -- "$TEMP"
+
+function usage {
+  echo -ne "$name --out <keytabfile> --princ <principal> --pass <password>|*\n"
+  echo -ne "      [--host hostname] [--enc <encryption>]\n"
+  echo -ne "      [--ptype <type>] [--path-to-ldbsearch <path>]\n"
+  echo -ne "\nEncoding should be one of:\n"
+  echo -ne " * des-cbc-crc\n"
+  echo -ne " * des-cbc-md5\n"
+  echo -ne " * rc4-hmac (default)\n"
+  echo -ne " * aes128-cts\n"
+  echo -ne " * aes256-cts\n"
+  exit 0
+}
+while true ; do
+  case "$1" in
+    --out) outfile=$2 ; shift 2 ;;
+    --princ) princ=$2 ; shift 2 ;;
+    --pass) pass=$2 ; shift 2 ;;
+    --host) host=$2 ; shift 2 ;;
+    --ptype) shift 2 ;;
+    --enc) enc=$2; shift 2;;
+    --path-to-ldbsearch) path="$2/"; shift 2;;
+    -h) usage;;
+    --) shift ; break ;;
+    *) echo "Internal error!" ; exit 1 ;;
+  esac
+done
+#RC4-HMAC-NT|AES256-SHA1|AES128-SHA
+if [ -z "$enc" ]; then
+    enc="rc4-hmac"
+fi
+if [ -z "$path" ]; then
+  path=`dirname $0`/../bin/
+fi
+if [ -z "$outfile" -o -z "$princ" -o -z "$pass" ]; then
+  echo "At least one mandatory parameter (--out, --princ, --pass) was not specified"
+  usage
+fi
+if [ -z $host ]; then
+  host=`hostname`
+fi
+kvno=`${path}ldbsearch -H ldap://$host "(|(samaccountname=$princ)(serviceprincipalname=$princ))" msds-keyversionnumber  -k 1 -N 2>/dev/null| grep -i msds-keyversionnumber`
+if [ "$kvno" == "" ]; then
+  echo -ne "Unable to find kvno for principal $princ\n"
+  echo -ne " check that you are authentified with kerberos\n"
+  exit 1
+else
+  kvno=`echo $kvno | sed 's/^.*: //'`
+fi
+
+if [ "$pass" == "*" ]; then
+  echo -n "Enter password for $princ: "
+  stty -echo
+  read pass
+  stty echo
+  echo ""
+fi
+
+ktutil >/dev/null <<EOF
+add_entry -password -p $princ -k $kvno -e $enc
+$pass
+wkt $outfile
+EOF
+
+if [ $? -eq 0 ]; then
+   echo "Keytab file $outfile created with success"
+else
+  echo "Error while creating the keytab file $outfile"
+fi
diff --git a/source4/selftest/tests.sh b/source4/selftest/tests.sh
index 52d1d3963e..1dd507eaed 100755
--- a/source4/selftest/tests.sh
+++ b/source4/selftest/tests.sh
@@ -368,6 +368,7 @@ plantestsuite "blackbox.pkinit" dc:local $bbdir/test_pkinit.sh "\$SERVER" "\$USE
 plantestsuite "blackbox.kinit" dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION
 plantestsuite "blackbox.kinit" fl2000dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" arcfour-hmac-md5 $CONFIGURATION
 plantestsuite "blackbox.kinit" fl2008r2dc:local $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" aes256-cts-hmac-sha1-96 $CONFIGURATION
+plantestsuite "blackbox.ktpass" dc $bbdir/test_ktpass.sh $PREFIX
 plantestsuite "blackbox.passwords" dc:local $bbdir/test_passwords.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX"
 plantestsuite "blackbox.export.keytab" dc:local $bbdir/test_export_keytab.sh "\$SERVER" "\$USERNAME" "\$REALM" "\$DOMAIN" "$PREFIX"
 plantestsuite "blackbox.cifsdd" dc $samba4srcdir/client/tests/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" 
diff --git a/source4/torture/rpc/bind.c b/source4/torture/rpc/bind.c
index b36e54cac0..f6470595e3 100644
--- a/source4/torture/rpc/bind.c
+++ b/source4/torture/rpc/bind.c
@@ -52,6 +52,7 @@ static bool test_bind(struct torture_context *tctx,
 		torture_rpc_binding(tctx, &binding),
 		"failed to parse binding string");
 
+	binding->flags &= ~DCERPC_AUTH_OPTIONS;
 	binding->flags |= *flags;
 
 	torture_assert_ntstatus_ok(tctx,
@@ -86,11 +87,32 @@ static void test_bind_op(struct torture_suite *suite,
 struct torture_suite *torture_rpc_bind(TALLOC_CTX *mem_ctx)
 {
 	struct torture_suite *suite = torture_suite_create(mem_ctx, "BIND");
-
-	test_bind_op(suite, "ntlm,sign", DCERPC_AUTH_NTLM | DCERPC_SIGN);
-	test_bind_op(suite, "ntlm,sign,seal", DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL);
-	test_bind_op(suite, "spnego,sign", DCERPC_AUTH_SPNEGO | DCERPC_SIGN);
-	test_bind_op(suite, "spnego,sign,seal", DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL);
+	struct {
+		const char *test_name;
+		uint32_t flags;
+	} tests[] = {
+		{
+			.test_name	= "ntlm,sign",
+			.flags		= DCERPC_AUTH_NTLM | DCERPC_SIGN
+		},{
+			.test_name	= "ntlm,sign,seal",
+			.flags		= DCERPC_AUTH_NTLM | DCERPC_SIGN | DCERPC_SEAL
+		},{
+			.test_name	= "spnego,sign",
+			.flags		= DCERPC_AUTH_SPNEGO | DCERPC_SIGN
+		},{
+			.test_name	= "spnego,sign,seal",
+			.flags		= DCERPC_AUTH_SPNEGO | DCERPC_SIGN | DCERPC_SEAL
+		}
+	};
+	int i;
+
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		test_bind_op(suite, tests[i].test_name, tests[i].flags);
+	}
+	for (i=0; i < ARRAY_SIZE(tests); i++) {
+		test_bind_op(suite, talloc_asprintf(suite, "bigendian,%s", tests[i].test_name), tests[i].flags | DCERPC_PUSH_BIGENDIAN);
+	}
 
 	return suite;
 }
diff --git a/source4/torture/shell.c b/source4/torture/shell.c
index 7c313af178..03c670a902 100644
--- a/source4/torture/shell.c
+++ b/source4/torture/shell.c
@@ -175,8 +175,6 @@ static void shell_help(const struct shell_command * command,
 static void shell_set(const struct shell_command *command,
 	struct torture_context *tctx, int argc, const char **argv)
 {
-	char * name;
-
 	switch (argc) {
 	case 0:
 	    lpcfg_dump(tctx->lp_ctx, stdout,
@@ -185,9 +183,12 @@ static void shell_set(const struct shell_command *command,
 	    break;
 
 	case 2:
-	    name = talloc_asprintf(NULL, "torture:%s", argv[0]);
-	    lpcfg_set_cmdline(tctx->lp_ctx, name, argv[1]);
-	    talloc_free(name);
+	    /* We want to allow users to set any config option. Top level
+	     * options will get checked against their static definition, but
+	     * parametric options can't be checked and will just get stashed
+	     * as they are provided.
+	     */
+	    lpcfg_set_cmdline(tctx->lp_ctx, argv[0], argv[1]);
 	    break;
 
 	default:
diff --git a/source4/wscript_build b/source4/wscript_build
index 6c1eac6905..090c914ae7 100644
--- a/source4/wscript_build
+++ b/source4/wscript_build
@@ -56,6 +56,7 @@ bld.RECURSE('cluster')
 bld.RECURSE('smbd')
 bld.RECURSE('libnet')
 bld.RECURSE('auth')
+bld.RECURSE('../lib/iniparser/src')
 bld.RECURSE('../nsswitch')
 bld.RECURSE('../nsswitch/libwbclient')
 bld.RECURSE('lib/samba3')