diff options
22 files changed, 247 insertions, 74 deletions
@@ -16,6 +16,13 @@ aimed at production use of Samba4. Step 1: download Samba4 ----------------------- +If you have downloaded the Samba4 code via a tarball released from the +samba.org website, Step 1 has already been completed for you. For testing +with the version released in the tarball, you may continue on to Step 2. Note +that the references below to the top-level directory named "samba4" will +instead be based on the name of the tarball downloaded (e.g. +"samba-4.0.0alpha3" for the tarball samba-4.0.0alpha3.tar.gz). + There are 2 methods of doing this: method 1: "rsync -avz samba.org::ftp/unpacked/samba_4_0_test/ samba4" @@ -50,10 +57,7 @@ Run this:: $ cd samba4/source $ ./configure - $ make proto all - -If you have gcc 3.4 or newer, then substitute "pch" for "proto" to -greatly speed up the compile process (about 5x faster). + $ make Step 3: install Samba4 ---------------------- @@ -120,14 +124,10 @@ in your $PATH. Make sure you run the right version! Step 7: testing Samba4 ---------------------- -try these commands:: +try this command:: $ smbclient //localhost/test -Uadministrator%SOMEPASSWORD -or:: - - $ ./script/tests/test_posix.sh //localhost/test administrator SOMEPASSWORD - NOTE about filesystem support ----------------------------- diff --git a/source4/Makefile b/source4/Makefile index 4b70597aa5..ab3ef47fed 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -60,8 +60,8 @@ libraries:: $(STATIC_LIBS) $(SHARED_LIBS) modules:: $(PLUGINS) headers:: $(PUBLIC_HEADERS) $(DEFAULT_HEADERS) manpages:: $(MANPAGES) -all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods -everything:: all libraries headers +all:: showflags $(ALL_PREDEP) bin/asn1_compile bin/compile_et binaries modules pythonmods libraries headers +everything:: all LD_LIBPATH_OVERRIDE = $(LIB_PATH_VAR)=$(builddir)/bin/shared diff --git a/source4/auth/credentials/credentials.i b/source4/auth/credentials/credentials.i index 41ec67580e..0a604cf002 100644 --- a/source4/auth/credentials/credentials.i +++ b/source4/auth/credentials/credentials.i @@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials; $1 = NULL; } +%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS; +%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS; +%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS; + %{ #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ %} @@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials; typedef struct cli_credentials { %extend { cli_credentials(void) { - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } /* username */ const char *get_username(void); @@ -74,13 +78,18 @@ typedef struct cli_credentials { bool set_realm(const char *val, enum credentials_obtained=CRED_SPECIFIED); + /* Kerberos */ + void set_kerberos_state(enum credentials_use_kerberos use_kerberos); + void parse_string(const char *text, - enum credentials_obtained=CRED_SPECIFIED); + enum credentials_obtained=CRED_SPECIFIED); /* bind dn */ const char *get_bind_dn(void); bool set_bind_dn(const char *bind_dn); + void set_anonymous(); + /* workstation name */ const char *get_workstation(void); bool set_workstation(const char *workstation, diff --git a/source4/auth/credentials/credentials.py b/source4/auth/credentials/credentials.py index 14526af910..2b40fbeead 100644 --- a/source4/auth/credentials/credentials.py +++ b/source4/auth/credentials/credentials.py @@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set): import param +AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS +DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS +MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS class Credentials(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') __repr__ = _swig_repr @@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain, Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials) Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials) Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials) +Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials) Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials) Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials) Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials) +Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials) Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials) Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials) Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials) diff --git a/source4/auth/credentials/credentials_wrap.c b/source4/auth/credentials/credentials_wrap.c index b1b904c8a3..909233aaff 100644 --- a/source4/auth/credentials/credentials_wrap.c +++ b/source4/auth/credentials/credentials_wrap.c @@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_int swig_types[3] #define SWIGTYPE_p_loadparm_context swig_types[4] #define SWIGTYPE_p_loadparm_service swig_types[5] -#define SWIGTYPE_p_long_long swig_types[6] +#define SWIGTYPE_p_long swig_types[6] #define SWIGTYPE_p_param_context swig_types[7] #define SWIGTYPE_p_param_opt swig_types[8] #define SWIGTYPE_p_param_section swig_types[9] @@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) #define SWIGTYPE_p_signed_char swig_types[11] #define SWIGTYPE_p_unsigned_char swig_types[12] #define SWIGTYPE_p_unsigned_int swig_types[13] -#define SWIGTYPE_p_unsigned_long_long swig_types[14] +#define SWIGTYPE_p_unsigned_long swig_types[14] #define SWIGTYPE_p_unsigned_short swig_types[15] static swig_type_info *swig_types[17]; static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; @@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0}; typedef struct cli_credentials cli_credentials; + #define SWIG_From_long PyInt_FromLong + + +SWIGINTERNINLINE PyObject * +SWIG_From_int (int value) +{ + return SWIG_From_long (value); +} + + #include "librpc/gen_ndr/samr.h" /* for struct samr_Password */ SWIGINTERN cli_credentials *new_cli_credentials(){ - return cli_credentials_init_anon(NULL); + return cli_credentials_init(NULL); } SWIGINTERN swig_type_info* @@ -3131,6 +3141,44 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + enum credentials_use_kerberos arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + char * kwnames[] = { + (char *) "self",(char *) "use_kerberos", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + if (obj1) { + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'"); + } + arg2 = (enum credentials_use_kerberos)(val2); + } + cli_credentials_set_kerberos_state(arg1,arg2); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3253,6 +3301,33 @@ fail: } +SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { + PyObject *resultobj = 0; + cli_credentials *arg1 = (cli_credentials *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + char * kwnames[] = { + (char *) "self", NULL + }; + + arg1 = NULL; + if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail; + if (obj0) { + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'"); + } + arg1 = (cli_credentials *)(argp1); + } + cli_credentials_set_anonymous(arg1); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; cli_credentials *arg1 = (cli_credentials *) 0 ; @@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = { { (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL}, + { (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL}, @@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = { static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0}; -static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0}; static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0}; static swig_type_info *swig_type_initial[] = { @@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_int, &_swigt__p_loadparm_context, &_swigt__p_loadparm_service, - &_swigt__p_long_long, + &_swigt__p_long, &_swigt__p_param_context, &_swigt__p_param_opt, &_swigt__p_param_section, @@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = { &_swigt__p_signed_char, &_swigt__p_unsigned_char, &_swigt__p_unsigned_int, - &_swigt__p_unsigned_long_long, + &_swigt__p_unsigned_long, &_swigt__p_unsigned_short, }; @@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}}; @@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0, static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; -static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; static swig_cast_info *swig_cast_initial[] = { @@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_int, _swigc__p_loadparm_context, _swigc__p_loadparm_service, - _swigc__p_long_long, + _swigc__p_long, _swigc__p_param_context, _swigc__p_param_opt, _swigc__p_param_section, @@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = { _swigc__p_signed_char, _swigc__p_unsigned_char, _swigc__p_unsigned_int, - _swigc__p_unsigned_long_long, + _swigc__p_unsigned_long, _swigc__p_unsigned_short, }; @@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) { SWIG_InstallConstants(d,swig_const_table); + SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS))); + SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS))); } diff --git a/source4/auth/credentials/tests/bindings.py b/source4/auth/credentials/tests/bindings.py index d2ca68d115..d0a99502c1 100644 --- a/source4/auth/credentials/tests/bindings.py +++ b/source4/auth/credentials/tests/bindings.py @@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase): self.assertTrue(self.creds.is_anonymous()) self.creds.set_username("somebody") self.assertFalse(self.creds.is_anonymous()) + self.creds.set_anonymous() + self.assertTrue(self.creds.is_anonymous()) def test_workstation(self): # FIXME: This is uninitialised, it should be None diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 8685c722aa..04b9987071 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -520,6 +520,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + /* Create a spot in the list for the requests */ ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); @@ -568,6 +574,12 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + /* Create a spot in the list for the requests */ ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); @@ -629,7 +641,11 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, new_msg); - ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } /* Now add it to the list */ ac->down_req = talloc_realloc(ac, ac->down_req, @@ -752,6 +768,12 @@ static int linked_attributes_rename(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; ac->step = LA_SEARCH; return ldb_next_request(module, new_req); @@ -805,6 +827,12 @@ static int linked_attributes_delete(struct ldb_module *module, struct ldb_reques talloc_steal(new_req, attrs); + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; ac->step = LA_SEARCH; return ldb_next_request(module, new_req); diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index 56ae7b239a..9c332d2969 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -160,6 +160,12 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) return ret; } + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->search_req = new_req; if (req == NULL) { ldb_oom(ac->module->ldb); diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index bf8124e253..fd1388d416 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -117,7 +117,15 @@ static int subtree_rename_search_callback(struct ldb_context *ldb, void *context NULL, NULL); - if (ret != LDB_SUCCESS) return ret; + if (ret != LDB_SUCCESS) { + return ret; + } + + ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req); + + if (ret != LDB_SUCCESS) { + return ret; + } talloc_steal(req, newdn); @@ -186,6 +194,12 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) return ret; } + ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); + + if (ret != LDB_SUCCESS) { + return ret; + } + ac->down_req = talloc_realloc(ac, ac->down_req, struct ldb_request *, ac->num_requests + 1); if (!ac->down_req) { diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index 346aacaa99..9b43d7bd74 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -216,9 +216,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) lreq = talloc(local_ctx, struct ldb_request); NT_STATUS_HAVE_NO_MEMORY(lreq); - res = talloc_zero(local_ctx, struct ldb_result); - NT_STATUS_HAVE_NO_MEMORY(res); - lreq->operation = LDB_SEARCH; lreq->op.search.base = basedn; lreq->op.search.scope = scope; @@ -242,6 +239,9 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) } } + res = talloc_zero(lreq, struct ldb_result); + NT_STATUS_HAVE_NO_MEMORY(res); + lreq->context = res; lreq->callback = ldb_search_default_callback; @@ -261,6 +261,11 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) ent_r = ldapsrv_init_reply(call, LDAP_TAG_SearchResultEntry); NT_STATUS_HAVE_NO_MEMORY(ent_r); + /* Better to have the whole message kept here, + * than to find someone further up didn't put + * a value in the right spot in the talloc tree */ + talloc_steal(ent_r, res->msgs[i]); + ent = &ent_r->msg->r.SearchResultEntry; ent->dn = ldb_dn_alloc_linearized(ent_r, res->msgs[i]->dn); ent->num_attributes = 0; diff --git a/source4/ldap_server/ldap_server.c b/source4/ldap_server/ldap_server.c index 5b2519c035..ce80941e03 100644 --- a/source4/ldap_server/ldap_server.c +++ b/source4/ldap_server/ldap_server.c @@ -155,8 +155,10 @@ static NTSTATUS ldapsrv_decode(void *private, DATA_BLOB blob) } data_blob_free(&blob); - ldapsrv_process_message(conn, msg); + talloc_steal(conn, msg); asn1_free(asn1); + + ldapsrv_process_message(conn, msg); return NT_STATUS_OK; } diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index f75bb8124d..ead5796b7b 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser)) # use command line creds if available credopts = options.CredentialsOptions(parser) parser.add_option_group(credopts) -creds = credopts.get_credentials() opts, args = parser.parse_args() if len(args) < 1: @@ -35,6 +34,7 @@ if len(args) < 1: host = args[0] lp = sambaopts.get_loadparm() +creds = credopts.get_credentials(lp) class BasicTests(unittest.TestCase): def delete_force(self, ldb, dn): diff --git a/source4/samba4-skip b/source4/samba4-skip index 4d2da6ed64..19ff924794 100644 --- a/source4/samba4-skip +++ b/source4/samba4-skip @@ -46,3 +46,4 @@ nss.test # Fails samba4.samba3sam.python # Conversion from EJS not yet finished samba4.samdb.python # Not finished yet raw.offline # Samba 4 doesn't have much offline support yet +winreg* #Does not authenticate against the target server diff --git a/source4/script/mkrelease.sh b/source4/script/mkrelease.sh index a6e7c8493b..0af738deb5 100755 --- a/source4/script/mkrelease.sh +++ b/source4/script/mkrelease.sh @@ -1,10 +1,15 @@ #!/bin/sh -TMPDIR=`mktemp samba-XXXXX` -rm $TMPDIR || exit 1 -svn export . $TMPDIR || exit 1 +if [ ! -d ".git" -o `dirname $0` != "./source/script" ]; then + echo "Run this script from the top-level directory in the" + echo "repository as: ./source/script/mkrelease.sh" + exit 1 +fi -( cd $TMPDIR/source +TMPDIR=`mktemp -d samba-XXXXX` +(git archive --format=tar HEAD | (cd $TMPDIR/ && tar xf -)) + +( cd $TMPDIR/source || exit 1 ./autogen.sh || exit 1 ./configure || exit 1 make dist || exit 1 @@ -12,7 +17,8 @@ svn export . $TMPDIR || exit 1 VERSION=`sed -n 's/^SAMBA_VERSION_STRING=//p' $TMPDIR/source/version.h` mv $TMPDIR samba-$VERSION || exit 1 -tar -cf samba-$VERSION.tar samba-$VERSION || exit 1 +tar -cf samba-$VERSION.tar samba-$VERSION || (rm -rf samba-$VERSION; exit 1) +rm -rf samba-$VERSION || exit 1 echo "Now run: " echo "gpg --detach-sign --armor samba-$VERSION.tar" echo "gzip samba-$VERSION.tar" diff --git a/source4/scripting/python/samba/getopt.py b/source4/scripting/python/samba/getopt.py index 088a5acf6f..82cb004b62 100644 --- a/source4/scripting/python/samba/getopt.py +++ b/source4/scripting/python/samba/getopt.py @@ -18,7 +18,7 @@ # import optparse -from credentials import Credentials +from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS class SambaOptions(optparse.OptionGroup): def __init__(self, parser): @@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup): help="Workgroup", callback=self._parse_workgroup) self.add_option("-N", "--no-pass", action="store_true", help="Don't ask for a password") + self.add_option("-k", "--kerberos", metavar="KERBEROS", + action="callback", type=str, + help="Use Kerberos", callback=self._set_kerberos) self.creds = Credentials() def _parse_username(self, option, opt_str, arg, parser): @@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup): def _set_password(self, option, opt_str, arg, parser): self.creds.set_password(arg) + def _set_kerberos(self, option, opt_str, arg, parser): + if bool(arg) or arg.lower() == "yes": + self.creds.set_kerberos_state(MUST_USE_KERBEROS) + else: + self.creds.set_kerberos_state(DONT_USE_KERBEROS) + def _set_simple_bind_dn(self, option, opt_str, arg, parser): self.creds.set_bind_dn(arg) - def get_credentials(self): - self.creds.guess() + def get_credentials(self, lp): + self.creds.guess(lp) if not self.no_pass: self.creds.set_cmdline_callbacks() return self.creds diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index d5e66d842c..b03457e57b 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -974,10 +974,6 @@ def provision(setup_dir, message, session_info, # provision-backend will set this path suggested slapd command line / fedorads.inf ldap_backend = "ldapi://" % urllib.quote(os.path.join(paths.private_dir, "ldap", "ldapi"), safe="") - message("set DOMAIN SID: %s" % str(domainsid)) - message("Provisioning for %s in realm %s" % (names.domain, realm)) - message("Using administrator password: %s" % adminpass) - # only install a new shares config db if there is none if not os.path.exists(paths.shareconf): message("Setting up share.ldb") @@ -1036,7 +1032,7 @@ def provision(setup_dir, message, session_info, nobody=nobody, nogroup=nogroup, wheel=wheel, users=users, backup=backup) - message("Setting up sam.ldb rootDSE marking as synchronized") + message("Compleating sam.ldb setup by marking as synchronized") setup_modify_ldif(samdb, setup_path("provision_rootdse_modify.ldif")) # Only make a zone file on the first DC, it should be replicated with DNS replication @@ -1051,19 +1047,25 @@ def provision(setup_dir, message, session_info, scope=SCOPE_SUBTREE) assert isinstance(hostguid, str) - message("Setting up DNS zone: %s" % names.dnsdomain) create_zone_file(paths.dns, setup_path, samdb, hostname=names.hostname, hostip=hostip, dnsdomain=names.dnsdomain, domaindn=names.domaindn, dnspass=dnspass, realm=names.realm, domainguid=domainguid, hostguid=hostguid) message("Please install the zone located in %s into your DNS server" % paths.dns) - message("Setting up phpLDAPadmin configuration") create_phpldapadmin_config(paths.phpldapadminconfig, setup_path, ldapi_url) message("Please install the phpLDAPadmin configuration located at %s into /etc/phpldapadmin/config.php" % paths.phpldapadminconfig) + message("Once the above files are installed, your server will be ready to use") + message("Server Type: %s" % serverrole) + message("Hostname: %s" % names.hostname) + message("NetBIOS Domain: %s" % names.domain) + message("DNS Domain: %s" % names.dnsdomain) + message("DOMAIN SID: %s" % str(domainsid)) + message("Admin password: %s" % adminpass) + result = ProvisionResult() result.domaindn = domaindn result.paths = paths diff --git a/source4/scripting/python/samba/tests/samdb.py b/source4/scripting/python/samba/tests/samdb.py index 40e56bebb5..3745dba6fc 100644 --- a/source4/scripting/python/samba/tests/samdb.py +++ b/source4/scripting/python/samba/tests/samdb.py @@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir): policyguid = uuid.random() setup_path = lambda x: os.path.join("setup", x) creds = Credentials() + creds.set_anonymous() domainsid = security.random_sid() hostguid = uuid.random() path = os.path.join(self.tempdir, "samdb.ldb") diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 8102095958..64b2c7b564 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -266,7 +266,7 @@ fi bbdir=$incdir/../../testprogs/blackbox plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX" -plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" +plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP" diff --git a/source4/setup/enableaccount b/source4/setup/enableaccount index 144b6c6494..849b515675 100644 --- a/source4/setup/enableaccount +++ b/source4/setup/enableaccount @@ -42,9 +42,10 @@ username = args[0] if username is None: print "username must be specified" -creds = credopts.get_credentials() - lp = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp) + if opts.H is not None: url = opts.H else: diff --git a/source4/setup/provision b/source4/setup/provision index b0363d8a8f..e354f4d0bb 100755 --- a/source4/setup/provision +++ b/source4/setup/provision @@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None: parser.print_usage() sys.exit(1) -smbconf = sambaopts.get_loadparm().configfile() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() if opts.aci is not None: print "set ACI: %s" % opts.aci @@ -123,7 +124,7 @@ elif opts.server_role == "member": else: server_role = opts.server_role -creds = credopts.get_credentials() +creds = credopts.get_credentials(lp) setup_dir = opts.setupdir if setup_dir is None: @@ -148,12 +149,3 @@ provision(setup_dir, message, aci=opts.aci, serverrole=server_role, ldap_backend=opts.ldap_backend, ldap_backend_type=opts.ldap_backend_type) - -message("To reproduce this provision, run with:") -def shell_escape(arg): - if " " in arg: - return '"%s"' % arg - return arg -message(" ".join([shell_escape(arg) for arg in sys.argv])) - -message("All OK") diff --git a/source4/setup/upgrade.py b/source4/setup/upgrade.py index 569b179544..3bcc57ab64 100755 --- a/source4/setup/upgrade.py +++ b/source4/setup/upgrade.py @@ -57,7 +57,9 @@ setup_dir = opts.setupdir if setup_dir is None: setup_dir = "setup" -creds = credopts.get_credentials() +lp = sambaopts.get_loadparm() +smbconf = lp.configfile() +creds = credopts.get_credentials(lp) upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(), - smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir) + smbconf=smbconf, targetdir=opts.targetdir) diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh index d4eff07c8d..dbcdcf1112 100755 --- a/testprogs/blackbox/test_kinit.sh +++ b/testprogs/blackbox/test_kinit.sh @@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin smbclient=$samba4bindir/smbclient samba4kinit=$samba4bindir/samba4kinit net=$samba4bindir/net +enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount" testit() { name="$1" @@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache" export KRB5CCNAME echo $PASSWORD > ./tmppassfile +#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` -testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit renew ticket" $samba4kinit --request-pac -R test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` @@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` USERPASS=testPass@12% +echo $USERPASS > ./tmpuserpassfile testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -#KRB5CCNAME=`pwd`/tmpuserccache -#export KRB5CCNAME -# -#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` -# -#KRB5CCNAME=`pwd`/tmpccache -#export KRB5CCNAME +testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1` -testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` +KRB5CCNAME="$PREFIX/tmpuserccache" +export KRB5CCNAME + +testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` + +test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1` + +KRB5CCNAME="$PREFIX/tmpccache" +export KRB5CCNAME + +testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1` -rm -f tmpccfile tmppassfile tmpuserccache +rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache exit $failed |