summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/auth/credentials/credentials.i13
-rw-r--r--source4/auth/credentials/credentials.py5
-rw-r--r--source4/auth/credentials/credentials_wrap.c106
-rw-r--r--source4/auth/credentials/tests/bindings.py2
-rwxr-xr-xsource4/lib/ldb/tests/python/ldap.py2
-rw-r--r--source4/scripting/python/samba/getopt.py15
-rw-r--r--source4/scripting/python/samba/tests/samdb.py1
-rwxr-xr-xsource4/selftest/samba4_tests.sh2
-rw-r--r--source4/setup/enableaccount5
-rwxr-xr-xsource4/setup/provision5
-rwxr-xr-xsource4/setup/upgrade.py6
-rwxr-xr-xtestprogs/blackbox/test_kinit.sh28
12 files changed, 154 insertions, 36 deletions
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 41ec67580e..0a604cf002 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
$1 = NULL;
}
+%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
+%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
+%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
+
%{
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
%}
@@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
typedef struct cli_credentials {
%extend {
cli_credentials(void) {
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
/* username */
const char *get_username(void);
@@ -74,13 +78,18 @@ typedef struct cli_credentials {
bool set_realm(const char *val,
enum credentials_obtained=CRED_SPECIFIED);
+ /* Kerberos */
+ void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+
void parse_string(const char *text,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained=CRED_SPECIFIED);
/* bind dn */
const char *get_bind_dn(void);
bool set_bind_dn(const char *bind_dn);
+ void set_anonymous();
+
/* workstation name */
const char *get_workstation(void);
bool set_workstation(const char *workstation,
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 14526af910..2b40fbeead 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
import param
+AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
+DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
+MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
class Credentials(object):
thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
__repr__ = _swig_repr
@@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index b1b904c8a3..909233aaff 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_int swig_types[3]
#define SWIGTYPE_p_loadparm_context swig_types[4]
#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_long swig_types[6]
#define SWIGTYPE_p_param_context swig_types[7]
#define SWIGTYPE_p_param_opt swig_types[8]
#define SWIGTYPE_p_param_section swig_types[9]
@@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_signed_char swig_types[11]
#define SWIGTYPE_p_unsigned_char swig_types[12]
#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long_long swig_types[14]
+#define SWIGTYPE_p_unsigned_long swig_types[14]
#define SWIGTYPE_p_unsigned_short swig_types[15]
static swig_type_info *swig_types[17];
static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
@@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
typedef struct cli_credentials cli_credentials;
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
SWIGINTERN cli_credentials *new_cli_credentials(){
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
SWIGINTERN swig_type_info*
@@ -3131,6 +3141,44 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ enum credentials_use_kerberos arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "self",(char *) "use_kerberos", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ if (obj1) {
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
+ }
+ arg2 = (enum credentials_use_kerberos)(val2);
+ }
+ cli_credentials_set_kerberos_state(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3253,6 +3301,33 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ char * kwnames[] = {
+ (char *) "self", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ cli_credentials_set_anonymous(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
@@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long_long,
+ &_swigt__p_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long_long,
+ &_swigt__p_unsigned_long,
&_swigt__p_unsigned_short,
};
@@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
@@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long_long,
+ _swigc__p_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long_long,
+ _swigc__p_unsigned_long,
_swigc__p_unsigned_short,
};
@@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
SWIG_InstallConstants(d,swig_const_table);
+ SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
}
diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py
index d2ca68d115..d0a99502c1 100644
--- a/source4/auth/credentials/tests/bindings.py
+++ b/source4/auth/credentials/tests/bindings.py
@@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
self.assertTrue(self.creds.is_anonymous())
self.creds.set_username("somebody")
self.assertFalse(self.creds.is_anonymous())
+ self.creds.set_anonymous()
+ self.assertTrue(self.creds.is_anonymous())
def test_workstation(self):
# FIXME: This is uninitialised, it should be None
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index f75bb8124d..ead5796b7b 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser))
# use command line creds if available
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-creds = credopts.get_credentials()
opts, args = parser.parse_args()
if len(args) < 1:
@@ -35,6 +34,7 @@ if len(args) < 1:
host = args[0]
lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
class BasicTests(unittest.TestCase):
def delete_force(self, ldb, dn):
diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py
index 088a5acf6f..82cb004b62 100644
--- a/source4/scripting/python/samba/getopt.py
+++ b/source4/scripting/python/samba/getopt.py
@@ -18,7 +18,7 @@
#
import optparse
-from credentials import Credentials
+from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS
class SambaOptions(optparse.OptionGroup):
def __init__(self, parser):
@@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup):
help="Workgroup", callback=self._parse_workgroup)
self.add_option("-N", "--no-pass", action="store_true",
help="Don't ask for a password")
+ self.add_option("-k", "--kerberos", metavar="KERBEROS",
+ action="callback", type=str,
+ help="Use Kerberos", callback=self._set_kerberos)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
@@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup):
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
+ def _set_kerberos(self, option, opt_str, arg, parser):
+ if bool(arg) or arg.lower() == "yes":
+ self.creds.set_kerberos_state(MUST_USE_KERBEROS)
+ else:
+ self.creds.set_kerberos_state(DONT_USE_KERBEROS)
+
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
- def get_credentials(self):
- self.creds.guess()
+ def get_credentials(self, lp):
+ self.creds.guess(lp)
if not self.no_pass:
self.creds.set_cmdline_callbacks()
return self.creds
diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py
index 40e56bebb5..3745dba6fc 100644
--- a/source4/scripting/python/samba/tests/samdb.py
+++ b/source4/scripting/python/samba/tests/samdb.py
@@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir):
policyguid = uuid.random()
setup_path = lambda x: os.path.join("setup", x)
creds = Credentials()
+ creds.set_anonymous()
domainsid = security.random_sid()
hostguid = uuid.random()
path = os.path.join(self.tempdir, "samdb.ldb")
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index 8102095958..64b2c7b564 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -266,7 +266,7 @@ fi
bbdir=$incdir/../../testprogs/blackbox
plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX"
-plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX"
+plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION
plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN"
plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount
index 144b6c6494..849b515675 100644
--- a/source4/setup/enableaccount
+++ b/source4/setup/enableaccount
@@ -42,9 +42,10 @@ username = args[0]
if username is None:
print "username must be specified"
-creds = credopts.get_credentials()
-
lp = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp)
+
if opts.H is not None:
url = opts.H
else:
diff --git a/source4/setup/provision b/source4/setup/provision
index b0363d8a8f..cf08036f90 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None:
parser.print_usage()
sys.exit(1)
-smbconf = sambaopts.get_loadparm().configfile()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
if opts.aci is not None:
print "set ACI: %s" % opts.aci
@@ -123,7 +124,7 @@ elif opts.server_role == "member":
else:
server_role = opts.server_role
-creds = credopts.get_credentials()
+creds = credopts.get_credentials(lp)
setup_dir = opts.setupdir
if setup_dir is None:
diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py
index 569b179544..3bcc57ab64 100755
--- a/source4/setup/upgrade.py
+++ b/source4/setup/upgrade.py
@@ -57,7 +57,9 @@ setup_dir = opts.setupdir
if setup_dir is None:
setup_dir = "setup"
-creds = credopts.get_credentials()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
+creds = credopts.get_credentials(lp)
upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(),
- smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir)
+ smbconf=smbconf, targetdir=opts.targetdir)
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh
index d4eff07c8d..dbcdcf1112 100755
--- a/testprogs/blackbox/test_kinit.sh
+++ b/testprogs/blackbox/test_kinit.sh
@@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin
smbclient=$samba4bindir/smbclient
samba4kinit=$samba4bindir/samba4kinit
net=$samba4bindir/net
+enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount"
testit() {
name="$1"
@@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache"
export KRB5CCNAME
echo $PASSWORD > ./tmppassfile
+#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1`
testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
-testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit renew ticket" $samba4kinit --request-pac -R
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
@@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT
testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
USERPASS=testPass@12%
+echo $USERPASS > ./tmpuserpassfile
testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
-#KRB5CCNAME=`pwd`/tmpuserccache
-#export KRB5CCNAME
-#
-#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
-#
-#KRB5CCNAME=`pwd`/tmpccache
-#export KRB5CCNAME
+testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
-testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
+KRB5CCNAME="$PREFIX/tmpuserccache"
+export KRB5CCNAME
+
+testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpccache"
+export KRB5CCNAME
+
+testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
-rm -f tmpccfile tmppassfile tmpuserccache
+rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache
exit $failed