summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--howto.txt18
-rw-r--r--source4/Makefile4
-rw-r--r--source4/auth/credentials/credentials.i13
-rw-r--r--source4/auth/credentials/credentials.py5
-rw-r--r--source4/auth/credentials/credentials_wrap.c106
-rw-r--r--source4/auth/credentials/tests/bindings.py2
-rw-r--r--source4/dsdb/samdb/ldb_modules/linked_attributes.c30
-rw-r--r--source4/dsdb/samdb/ldb_modules/subtree_delete.c6
-rw-r--r--source4/dsdb/samdb/ldb_modules/subtree_rename.c16
-rw-r--r--source4/ldap_server/ldap_backend.c11
-rw-r--r--source4/ldap_server/ldap_server.c4
-rwxr-xr-xsource4/lib/ldb/tests/python/ldap.py2
-rw-r--r--source4/samba4-skip1
-rwxr-xr-xsource4/script/mkrelease.sh16
-rw-r--r--source4/scripting/python/samba/getopt.py15
-rw-r--r--source4/scripting/python/samba/provision.py16
-rw-r--r--source4/scripting/python/samba/tests/samdb.py1
-rwxr-xr-xsource4/selftest/samba4_tests.sh2
-rw-r--r--source4/setup/enableaccount5
-rwxr-xr-xsource4/setup/provision14
-rwxr-xr-xsource4/setup/upgrade.py6
-rwxr-xr-xtestprogs/blackbox/test_kinit.sh28
22 files changed, 247 insertions, 74 deletions
diff --git a/howto.txt b/howto.txt
index 78bed1316a..d128baa5bd 100644
--- a/howto.txt
+++ b/howto.txt
@@ -16,6 +16,13 @@ aimed at production use of Samba4.
Step 1: download Samba4
-----------------------
+If you have downloaded the Samba4 code via a tarball released from the
+samba.org website, Step 1 has already been completed for you. For testing
+with the version released in the tarball, you may continue on to Step 2. Note
+that the references below to the top-level directory named "samba4" will
+instead be based on the name of the tarball downloaded (e.g.
+"samba-4.0.0alpha3" for the tarball samba-4.0.0alpha3.tar.gz).
+
There are 2 methods of doing this:
method 1: "rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ samba4"
@@ -50,10 +57,7 @@ Run this::
$ cd samba4/source
$ ./configure
- $ make proto all
-
-If you have gcc 3.4 or newer, then substitute "pch" for "proto" to
-greatly speed up the compile process (about 5x faster).
+ $ make
Step 3: install Samba4
----------------------
@@ -120,14 +124,10 @@ in your $PATH. Make sure you run the right version!
Step 7: testing Samba4
----------------------
-try these commands::
+try this command::
$ smbclient //localhost/test -Uadministrator%SOMEPASSWORD
-or::
-
- $ ./script/tests/test_posix.sh //localhost/test administrator SOMEPASSWORD
-
NOTE about filesystem support
-----------------------------
diff --git a/source4/Makefile b/source4/Makefile
index 4b70597aa5..ab3ef47fed 100644
--- a/source4/Makefile
+++ b/source4/Makefile
@@ -60,8 +60,8 @@ libraries:: $(STATIC_LIBS) $(SHARED_LIBS)
modules:: $(PLUGINS)
headers:: $(PUBLIC_HEADERS) $(DEFAULT_HEADERS)
manpages:: $(MANPAGES)
-all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods
-everything:: all libraries headers
+all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods libraries headers
+everything:: all
LD_LIBPATH_OVERRIDE = $(LIB_PATH_VAR)=$(builddir)/bin/shared
diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i
index 41ec67580e..0a604cf002 100644
--- a/source4/auth/credentials/credentials.i
+++ b/source4/auth/credentials/credentials.i
@@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
$1 = NULL;
}
+%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
+%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
+%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
+
%{
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
%}
@@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
typedef struct cli_credentials {
%extend {
cli_credentials(void) {
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
/* username */
const char *get_username(void);
@@ -74,13 +78,18 @@ typedef struct cli_credentials {
bool set_realm(const char *val,
enum credentials_obtained=CRED_SPECIFIED);
+ /* Kerberos */
+ void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
+
void parse_string(const char *text,
- enum credentials_obtained=CRED_SPECIFIED);
+ enum credentials_obtained=CRED_SPECIFIED);
/* bind dn */
const char *get_bind_dn(void);
bool set_bind_dn(const char *bind_dn);
+ void set_anonymous();
+
/* workstation name */
const char *get_workstation(void);
bool set_workstation(const char *workstation,
diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py
index 14526af910..2b40fbeead 100644
--- a/source4/auth/credentials/credentials.py
+++ b/source4/auth/credentials/credentials.py
@@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
import param
+AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
+DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
+MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
class Credentials(object):
thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
__repr__ = _swig_repr
@@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
+Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
+Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c
index b1b904c8a3..909233aaff 100644
--- a/source4/auth/credentials/credentials_wrap.c
+++ b/source4/auth/credentials/credentials_wrap.c
@@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_int swig_types[3]
#define SWIGTYPE_p_loadparm_context swig_types[4]
#define SWIGTYPE_p_loadparm_service swig_types[5]
-#define SWIGTYPE_p_long_long swig_types[6]
+#define SWIGTYPE_p_long swig_types[6]
#define SWIGTYPE_p_param_context swig_types[7]
#define SWIGTYPE_p_param_opt swig_types[8]
#define SWIGTYPE_p_param_section swig_types[9]
@@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
#define SWIGTYPE_p_signed_char swig_types[11]
#define SWIGTYPE_p_unsigned_char swig_types[12]
#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_long_long swig_types[14]
+#define SWIGTYPE_p_unsigned_long swig_types[14]
#define SWIGTYPE_p_unsigned_short swig_types[15]
static swig_type_info *swig_types[17];
static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
@@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
typedef struct cli_credentials cli_credentials;
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
SWIGINTERN cli_credentials *new_cli_credentials(){
- return cli_credentials_init_anon(NULL);
+ return cli_credentials_init(NULL);
}
SWIGINTERN swig_type_info*
@@ -3131,6 +3141,44 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ enum credentials_use_kerberos arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ char * kwnames[] = {
+ (char *) "self",(char *) "use_kerberos", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ if (obj1) {
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
+ }
+ arg2 = (enum credentials_use_kerberos)(val2);
+ }
+ cli_credentials_set_kerberos_state(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3253,6 +3301,33 @@ fail:
}
+SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
+ PyObject *resultobj = 0;
+ cli_credentials *arg1 = (cli_credentials *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ char * kwnames[] = {
+ (char *) "self", NULL
+ };
+
+ arg1 = NULL;
+ if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
+ if (obj0) {
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'");
+ }
+ arg1 = (cli_credentials *)(argp1);
+ }
+ cli_credentials_set_anonymous(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
PyObject *resultobj = 0;
cli_credentials *arg1 = (cli_credentials *) 0 ;
@@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
{ (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
+ { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
@@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
-static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
static swig_type_info *swig_type_initial[] = {
@@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_int,
&_swigt__p_loadparm_context,
&_swigt__p_loadparm_service,
- &_swigt__p_long_long,
+ &_swigt__p_long,
&_swigt__p_param_context,
&_swigt__p_param_opt,
&_swigt__p_param_section,
@@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
&_swigt__p_signed_char,
&_swigt__p_unsigned_char,
&_swigt__p_unsigned_int,
- &_swigt__p_unsigned_long_long,
+ &_swigt__p_unsigned_long,
&_swigt__p_unsigned_short,
};
@@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
@@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
-static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info *swig_cast_initial[] = {
@@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_int,
_swigc__p_loadparm_context,
_swigc__p_loadparm_service,
- _swigc__p_long_long,
+ _swigc__p_long,
_swigc__p_param_context,
_swigc__p_param_opt,
_swigc__p_param_section,
@@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
_swigc__p_signed_char,
_swigc__p_unsigned_char,
_swigc__p_unsigned_int,
- _swigc__p_unsigned_long_long,
+ _swigc__p_unsigned_long,
_swigc__p_unsigned_short,
};
@@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
SWIG_InstallConstants(d,swig_const_table);
+ SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
+ SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
}
diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py
index d2ca68d115..d0a99502c1 100644
--- a/source4/auth/credentials/tests/bindings.py
+++ b/source4/auth/credentials/tests/bindings.py
@@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
self.assertTrue(self.creds.is_anonymous())
self.creds.set_username("somebody")
self.assertFalse(self.creds.is_anonymous())
+ self.creds.set_anonymous()
+ self.assertTrue(self.creds.is_anonymous())
def test_workstation(self):
# FIXME: This is uninitialised, it should be None
diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
index 8685c722aa..04b9987071 100644
--- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c
+++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c
@@ -520,6 +520,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
talloc_steal(new_req, attrs);
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
/* Create a spot in the list for the requests */
ac->down_req = talloc_realloc(ac, ac->down_req,
struct ldb_request *, ac->num_requests + 1);
@@ -568,6 +574,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
talloc_steal(new_req, attrs);
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
/* Create a spot in the list for the requests */
ac->down_req = talloc_realloc(ac, ac->down_req,
struct ldb_request *, ac->num_requests + 1);
@@ -629,7 +641,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques
talloc_steal(new_req, new_msg);
- ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
/* Now add it to the list */
ac->down_req = talloc_realloc(ac, ac->down_req,
@@ -752,6 +768,12 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques
talloc_steal(new_req, attrs);
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
ac->search_req = new_req;
ac->step = LA_SEARCH;
return ldb_next_request(module, new_req);
@@ -805,6 +827,12 @@ static int linked_attributes_delete(struct ldb_module *module, struct ldb_reques
talloc_steal(new_req, attrs);
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
ac->search_req = new_req;
ac->step = LA_SEARCH;
return ldb_next_request(module, new_req);
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
index 56ae7b239a..9c332d2969 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c
@@ -160,6 +160,12 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req)
return ret;
}
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
ac->search_req = new_req;
if (req == NULL) {
ldb_oom(ac->module->ldb);
diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
index bf8124e253..fd1388d416 100644
--- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c
+++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c
@@ -117,7 +117,15 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context
NULL,
NULL);
- if (ret != LDB_SUCCESS) return ret;
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
talloc_steal(req, newdn);
@@ -186,6 +194,12 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req)
return ret;
}
+ ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req);
+
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
ac->down_req = talloc_realloc(ac, ac->down_req,
struct ldb_request *, ac->num_requests + 1);
if (!ac->down_req) {
diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c
index 346aacaa99..9b43d7bd74 100644
--- a/source4/ldap_server/ldap_backend.c
+++ b/source4/ldap_server/ldap_backend.c
@@ -216,9 +216,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
lreq = talloc(local_ctx, struct ldb_request);
NT_STATUS_HAVE_NO_MEMORY(lreq);
- res = talloc_zero(local_ctx, struct ldb_result);
- NT_STATUS_HAVE_NO_MEMORY(res);
-
lreq->operation = LDB_SEARCH;
lreq->op.search.base = basedn;
lreq->op.search.scope = scope;
@@ -242,6 +239,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
}
}
+ res = talloc_zero(lreq, struct ldb_result);
+ NT_STATUS_HAVE_NO_MEMORY(res);
+
lreq->context = res;
lreq->callback = ldb_search_default_callback;
@@ -261,6 +261,11 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call)
ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry);
NT_STATUS_HAVE_NO_MEMORY(ent_r);
+ /* Better to have the whole message kept here,
+ * than to find someone further up didn't put
+ * a value in the right spot in the talloc tree */
+ talloc_steal(ent_r, res->msgs[i]);
+
ent = &ent_r->msg->r.SearchResultEntry;
ent->dn = ldb_dn_alloc_linearized(ent_r, res->msgs[i]->dn);
ent->num_attributes = 0;
diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c
index 5b2519c035..ce80941e03 100644
--- a/source4/ldap_server/ldap_server.c
+++ b/source4/ldap_server/ldap_server.c
@@ -155,8 +155,10 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob)
}
data_blob_free(&blob);
- ldapsrv_process_message(conn, msg);
+ talloc_steal(conn, msg);
asn1_free(asn1);
+
+ ldapsrv_process_message(conn, msg);
return NT_STATUS_OK;
}
diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py
index f75bb8124d..ead5796b7b 100755
--- a/source4/lib/ldb/tests/python/ldap.py
+++ b/source4/lib/ldb/tests/python/ldap.py
@@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser))
# use command line creds if available
credopts = options.CredentialsOptions(parser)
parser.add_option_group(credopts)
-creds = credopts.get_credentials()
opts, args = parser.parse_args()
if len(args) < 1:
@@ -35,6 +34,7 @@ if len(args) < 1:
host = args[0]
lp = sambaopts.get_loadparm()
+creds = credopts.get_credentials(lp)
class BasicTests(unittest.TestCase):
def delete_force(self, ldb, dn):
diff --git a/source4/samba4-skip b/source4/samba4-skip
index 4d2da6ed64..19ff924794 100644
--- a/source4/samba4-skip
+++ b/source4/samba4-skip
@@ -46,3 +46,4 @@ nss.test # Fails
samba4.samba3sam.python # Conversion from EJS not yet finished
samba4.samdb.python # Not finished yet
raw.offline # Samba 4 doesn't have much offline support yet
+winreg* #Does not authenticate against the target server
diff --git a/source4/script/mkrelease.sh b/source4/script/mkrelease.sh
index a6e7c8493b..0af738deb5 100755
--- a/source4/script/mkrelease.sh
+++ b/source4/script/mkrelease.sh
@@ -1,10 +1,15 @@
#!/bin/sh
-TMPDIR=`mktemp samba-XXXXX`
-rm $TMPDIR || exit 1
-svn export . $TMPDIR || exit 1
+if [ ! -d ".git" -o `dirname $0` != "./source/script" ]; then
+ echo "Run this script from the top-level directory in the"
+ echo "repository as: ./source/script/mkrelease.sh"
+ exit 1
+fi
-( cd $TMPDIR/source
+TMPDIR=`mktemp -d samba-XXXXX`
+(git archive --format=tar HEAD | (cd $TMPDIR/ && tar xf -))
+
+( cd $TMPDIR/source || exit 1
./autogen.sh || exit 1
./configure || exit 1
make dist || exit 1
@@ -12,7 +17,8 @@ svn export . $TMPDIR || exit 1
VERSION=`sed -n 's/^SAMBA_VERSION_STRING=//p' $TMPDIR/source/version.h`
mv $TMPDIR samba-$VERSION || exit 1
-tar -cf samba-$VERSION.tar samba-$VERSION || exit 1
+tar -cf samba-$VERSION.tar samba-$VERSION || (rm -rf samba-$VERSION; exit 1)
+rm -rf samba-$VERSION || exit 1
echo "Now run: "
echo "gpg --detach-sign --armor samba-$VERSION.tar"
echo "gzip samba-$VERSION.tar"
diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py
index 088a5acf6f..82cb004b62 100644
--- a/source4/scripting/python/samba/getopt.py
+++ b/source4/scripting/python/samba/getopt.py
@@ -18,7 +18,7 @@
#
import optparse
-from credentials import Credentials
+from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS
class SambaOptions(optparse.OptionGroup):
def __init__(self, parser):
@@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup):
help="Workgroup", callback=self._parse_workgroup)
self.add_option("-N", "--no-pass", action="store_true",
help="Don't ask for a password")
+ self.add_option("-k", "--kerberos", metavar="KERBEROS",
+ action="callback", type=str,
+ help="Use Kerberos", callback=self._set_kerberos)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
@@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup):
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
+ def _set_kerberos(self, option, opt_str, arg, parser):
+ if bool(arg) or arg.lower() == "yes":
+ self.creds.set_kerberos_state(MUST_USE_KERBEROS)
+ else:
+ self.creds.set_kerberos_state(DONT_USE_KERBEROS)
+
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
self.creds.set_bind_dn(arg)
- def get_credentials(self):
- self.creds.guess()
+ def get_credentials(self, lp):
+ self.creds.guess(lp)
if not self.no_pass:
self.creds.set_cmdline_callbacks()
return self.creds
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d5e66d842c..b03457e57b 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -974,10 +974,6 @@ def provision(setup_dir, message, session_info,
# provision-backend will set this path suggested slapd command line / fedorads.inf
ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="")
- message("set DOMAIN SID: %s" % str(domainsid))
- message("Provisioning for %s in realm %s" % (names.domain, realm))
- message("Using administrator password: %s" % adminpass)
-
# only install a new shares config db if there is none
if not os.path.exists(paths.shareconf):
message("Setting up share.ldb")
@@ -1036,7 +1032,7 @@ def provision(setup_dir, message, session_info,
nobody=nobody, nogroup=nogroup, wheel=wheel,
users=users, backup=backup)
- message("Setting up sam.ldb rootDSE marking as synchronized")
+ message("Compleating sam.ldb setup by marking as synchronized")
setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif"))
# Only make a zone file on the first DC, it should be replicated with DNS replication
@@ -1051,19 +1047,25 @@ def provision(setup_dir, message, session_info,
scope=SCOPE_SUBTREE)
assert isinstance(hostguid, str)
- message("Setting up DNS zone: %s" % names.dnsdomain)
create_zone_file(paths.dns, setup_path, samdb,
hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain,
domaindn=names.domaindn, dnspass=dnspass, realm=names.realm,
domainguid=domainguid, hostguid=hostguid)
message("Please install the zone located in %s into your DNS server" % paths.dns)
- message("Setting up phpLDAPadmin configuration")
create_phpldapadmin_config(paths.phpldapadminconfig, setup_path,
ldapi_url)
message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig)
+ message("Once the above files are installed, your server will be ready to use")
+ message("Server Type: %s" % serverrole)
+ message("Hostname: %s" % names.hostname)
+ message("NetBIOS Domain: %s" % names.domain)
+ message("DNS Domain: %s" % names.dnsdomain)
+ message("DOMAIN SID: %s" % str(domainsid))
+ message("Admin password: %s" % adminpass)
+
result = ProvisionResult()
result.domaindn = domaindn
result.paths = paths
diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py
index 40e56bebb5..3745dba6fc 100644
--- a/source4/scripting/python/samba/tests/samdb.py
+++ b/source4/scripting/python/samba/tests/samdb.py
@@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir):
policyguid = uuid.random()
setup_path = lambda x: os.path.join("setup", x)
creds = Credentials()
+ creds.set_anonymous()
domainsid = security.random_sid()
hostguid = uuid.random()
path = os.path.join(self.tempdir, "samdb.ldb")
diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh
index 8102095958..64b2c7b564 100755
--- a/source4/selftest/samba4_tests.sh
+++ b/source4/selftest/samba4_tests.sh
@@ -266,7 +266,7 @@ fi
bbdir=$incdir/../../testprogs/blackbox
plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX"
-plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX"
+plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION
plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN"
plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount
index 144b6c6494..849b515675 100644
--- a/source4/setup/enableaccount
+++ b/source4/setup/enableaccount
@@ -42,9 +42,10 @@ username = args[0]
if username is None:
print "username must be specified"
-creds = credopts.get_credentials()
-
lp = sambaopts.get_loadparm()
+
+creds = credopts.get_credentials(lp)
+
if opts.H is not None:
url = opts.H
else:
diff --git a/source4/setup/provision b/source4/setup/provision
index b0363d8a8f..e354f4d0bb 100755
--- a/source4/setup/provision
+++ b/source4/setup/provision
@@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None:
parser.print_usage()
sys.exit(1)
-smbconf = sambaopts.get_loadparm().configfile()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
if opts.aci is not None:
print "set ACI: %s" % opts.aci
@@ -123,7 +124,7 @@ elif opts.server_role == "member":
else:
server_role = opts.server_role
-creds = credopts.get_credentials()
+creds = credopts.get_credentials(lp)
setup_dir = opts.setupdir
if setup_dir is None:
@@ -148,12 +149,3 @@ provision(setup_dir, message,
aci=opts.aci, serverrole=server_role,
ldap_backend=opts.ldap_backend,
ldap_backend_type=opts.ldap_backend_type)
-
-message("To reproduce this provision, run with:")
-def shell_escape(arg):
- if " " in arg:
- return '"%s"' % arg
- return arg
-message(" ".join([shell_escape(arg) for arg in sys.argv]))
-
-message("All OK")
diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py
index 569b179544..3bcc57ab64 100755
--- a/source4/setup/upgrade.py
+++ b/source4/setup/upgrade.py
@@ -57,7 +57,9 @@ setup_dir = opts.setupdir
if setup_dir is None:
setup_dir = "setup"
-creds = credopts.get_credentials()
+lp = sambaopts.get_loadparm()
+smbconf = lp.configfile()
+creds = credopts.get_credentials(lp)
upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(),
- smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir)
+ smbconf=smbconf, targetdir=opts.targetdir)
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh
index d4eff07c8d..dbcdcf1112 100755
--- a/testprogs/blackbox/test_kinit.sh
+++ b/testprogs/blackbox/test_kinit.sh
@@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin
smbclient=$samba4bindir/smbclient
samba4kinit=$samba4bindir/samba4kinit
net=$samba4bindir/net
+enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount"
testit() {
name="$1"
@@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache"
export KRB5CCNAME
echo $PASSWORD > ./tmppassfile
+#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1`
testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
-testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit renew ticket" $samba4kinit --request-pac -R
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
@@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT
testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
USERPASS=testPass@12%
+echo $USERPASS > ./tmpuserpassfile
testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
-#KRB5CCNAME=`pwd`/tmpuserccache
-#export KRB5CCNAME
-#
-#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
-#
-#KRB5CCNAME=`pwd`/tmpccache
-#export KRB5CCNAME
+testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
-testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
+KRB5CCNAME="$PREFIX/tmpuserccache"
+export KRB5CCNAME
+
+testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+
+KRB5CCNAME="$PREFIX/tmpccache"
+export KRB5CCNAME
+
+testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
-rm -f tmpccfile tmppassfile tmpuserccache
+rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache
exit $failed