mirror of
https://github.com/samba-team/samba.git
synced 2025-01-22 22:04:08 +03:00
Fix and test python scripts and kerberos
This fixes up the python credentials interface in a number of areas, with the aim of supporting '-k yes' as a command line option. (This enables the use of kerberos). As such, I've had to change the get_credentials call to take a loadparm context, so that the credentials can be initialised correctly. The test_kinit script has been modified to prove that this continues to work, as well as to provide greater code coverage of the kerberos paths. Andrew Bartlett (This used to be commit 727ef40c2b56910028ef3c1092b8eab1bfa6ce63)
This commit is contained in:
Andrew Bartlett
parent
8f8c56bfbc
commit
142fbfb3c1
@ -39,6 +39,10 @@ typedef struct cli_credentials cli_credentials;
|
||||
$1 = NULL;
|
||||
}
|
||||
|
||||
%constant int AUTO_USE_KERBEROS = CRED_AUTO_USE_KERBEROS;
|
||||
%constant int DONT_USE_KERBEROS = CRED_DONT_USE_KERBEROS;
|
||||
%constant int MUST_USE_KERBEROS = CRED_MUST_USE_KERBEROS;
|
||||
|
||||
%{
|
||||
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
|
||||
%}
|
||||
@ -52,7 +56,7 @@ typedef struct cli_credentials cli_credentials;
|
||||
typedef struct cli_credentials {
|
||||
%extend {
|
||||
cli_credentials(void) {
|
||||
return cli_credentials_init_anon(NULL);
|
||||
return cli_credentials_init(NULL);
|
||||
}
|
||||
/* username */
|
||||
const char *get_username(void);
|
||||
@ -74,13 +78,18 @@ typedef struct cli_credentials {
|
||||
bool set_realm(const char *val,
|
||||
enum credentials_obtained=CRED_SPECIFIED);
|
||||
|
||||
/* Kerberos */
|
||||
void set_kerberos_state(enum credentials_use_kerberos use_kerberos);
|
||||
|
||||
void parse_string(const char *text,
|
||||
enum credentials_obtained=CRED_SPECIFIED);
|
||||
enum credentials_obtained=CRED_SPECIFIED);
|
||||
|
||||
/* bind dn */
|
||||
const char *get_bind_dn(void);
|
||||
bool set_bind_dn(const char *bind_dn);
|
||||
|
||||
void set_anonymous();
|
||||
|
||||
/* workstation name */
|
||||
const char *get_workstation(void);
|
||||
bool set_workstation(const char *workstation,
|
||||
|
||||
@ -58,6 +58,9 @@ def _swig_setattr_nondynamic_method(set):
|
||||
|
||||
|
||||
import param
|
||||
AUTO_USE_KERBEROS = _credentials.AUTO_USE_KERBEROS
|
||||
DONT_USE_KERBEROS = _credentials.DONT_USE_KERBEROS
|
||||
MUST_USE_KERBEROS = _credentials.MUST_USE_KERBEROS
|
||||
class Credentials(object):
|
||||
thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag')
|
||||
__repr__ = _swig_repr
|
||||
@ -72,9 +75,11 @@ Credentials.get_domain = new_instancemethod(_credentials.Credentials_get_domain,
|
||||
Credentials.set_domain = new_instancemethod(_credentials.Credentials_set_domain,None,Credentials)
|
||||
Credentials.get_realm = new_instancemethod(_credentials.Credentials_get_realm,None,Credentials)
|
||||
Credentials.set_realm = new_instancemethod(_credentials.Credentials_set_realm,None,Credentials)
|
||||
Credentials.set_kerberos_state = new_instancemethod(_credentials.Credentials_set_kerberos_state,None,Credentials)
|
||||
Credentials.parse_string = new_instancemethod(_credentials.Credentials_parse_string,None,Credentials)
|
||||
Credentials.get_bind_dn = new_instancemethod(_credentials.Credentials_get_bind_dn,None,Credentials)
|
||||
Credentials.set_bind_dn = new_instancemethod(_credentials.Credentials_set_bind_dn,None,Credentials)
|
||||
Credentials.set_anonymous = new_instancemethod(_credentials.Credentials_set_anonymous,None,Credentials)
|
||||
Credentials.get_workstation = new_instancemethod(_credentials.Credentials_get_workstation,None,Credentials)
|
||||
Credentials.set_workstation = new_instancemethod(_credentials.Credentials_set_workstation,None,Credentials)
|
||||
Credentials.guess = new_instancemethod(_credentials.Credentials_guess,None,Credentials)
|
||||
|
||||
@ -2462,7 +2462,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
|
||||
#define SWIGTYPE_p_int swig_types[3]
|
||||
#define SWIGTYPE_p_loadparm_context swig_types[4]
|
||||
#define SWIGTYPE_p_loadparm_service swig_types[5]
|
||||
#define SWIGTYPE_p_long_long swig_types[6]
|
||||
#define SWIGTYPE_p_long swig_types[6]
|
||||
#define SWIGTYPE_p_param_context swig_types[7]
|
||||
#define SWIGTYPE_p_param_opt swig_types[8]
|
||||
#define SWIGTYPE_p_param_section swig_types[9]
|
||||
@ -2470,7 +2470,7 @@ SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags)
|
||||
#define SWIGTYPE_p_signed_char swig_types[11]
|
||||
#define SWIGTYPE_p_unsigned_char swig_types[12]
|
||||
#define SWIGTYPE_p_unsigned_int swig_types[13]
|
||||
#define SWIGTYPE_p_unsigned_long_long swig_types[14]
|
||||
#define SWIGTYPE_p_unsigned_long swig_types[14]
|
||||
#define SWIGTYPE_p_unsigned_short swig_types[15]
|
||||
static swig_type_info *swig_types[17];
|
||||
static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
|
||||
@ -2525,10 +2525,20 @@ static swig_module_info swig_module = {swig_types, 16, 0, 0, 0, 0};
|
||||
typedef struct cli_credentials cli_credentials;
|
||||
|
||||
|
||||
#define SWIG_From_long PyInt_FromLong
|
||||
|
||||
|
||||
SWIGINTERNINLINE PyObject *
|
||||
SWIG_From_int (int value)
|
||||
{
|
||||
return SWIG_From_long (value);
|
||||
}
|
||||
|
||||
|
||||
#include "librpc/gen_ndr/samr.h" /* for struct samr_Password */
|
||||
|
||||
SWIGINTERN cli_credentials *new_cli_credentials(){
|
||||
return cli_credentials_init_anon(NULL);
|
||||
return cli_credentials_init(NULL);
|
||||
}
|
||||
|
||||
SWIGINTERN swig_type_info*
|
||||
@ -3131,6 +3141,44 @@ fail:
|
||||
}
|
||||
|
||||
|
||||
SWIGINTERN PyObject *_wrap_Credentials_set_kerberos_state(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
|
||||
PyObject *resultobj = 0;
|
||||
cli_credentials *arg1 = (cli_credentials *) 0 ;
|
||||
enum credentials_use_kerberos arg2 ;
|
||||
void *argp1 = 0 ;
|
||||
int res1 = 0 ;
|
||||
int val2 ;
|
||||
int ecode2 = 0 ;
|
||||
PyObject * obj0 = 0 ;
|
||||
PyObject * obj1 = 0 ;
|
||||
char * kwnames[] = {
|
||||
(char *) "self",(char *) "use_kerberos", NULL
|
||||
};
|
||||
|
||||
arg1 = NULL;
|
||||
if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|OO:Credentials_set_kerberos_state",kwnames,&obj0,&obj1)) SWIG_fail;
|
||||
if (obj0) {
|
||||
res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
|
||||
if (!SWIG_IsOK(res1)) {
|
||||
SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_kerberos_state" "', argument " "1"" of type '" "cli_credentials *""'");
|
||||
}
|
||||
arg1 = (cli_credentials *)(argp1);
|
||||
}
|
||||
if (obj1) {
|
||||
ecode2 = SWIG_AsVal_int(obj1, &val2);
|
||||
if (!SWIG_IsOK(ecode2)) {
|
||||
SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "Credentials_set_kerberos_state" "', argument " "2"" of type '" "enum credentials_use_kerberos""'");
|
||||
}
|
||||
arg2 = (enum credentials_use_kerberos)(val2);
|
||||
}
|
||||
cli_credentials_set_kerberos_state(arg1,arg2);
|
||||
resultobj = SWIG_Py_Void();
|
||||
return resultobj;
|
||||
fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
SWIGINTERN PyObject *_wrap_Credentials_parse_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
|
||||
PyObject *resultobj = 0;
|
||||
cli_credentials *arg1 = (cli_credentials *) 0 ;
|
||||
@ -3253,6 +3301,33 @@ fail:
|
||||
}
|
||||
|
||||
|
||||
SWIGINTERN PyObject *_wrap_Credentials_set_anonymous(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
|
||||
PyObject *resultobj = 0;
|
||||
cli_credentials *arg1 = (cli_credentials *) 0 ;
|
||||
void *argp1 = 0 ;
|
||||
int res1 = 0 ;
|
||||
PyObject * obj0 = 0 ;
|
||||
char * kwnames[] = {
|
||||
(char *) "self", NULL
|
||||
};
|
||||
|
||||
arg1 = NULL;
|
||||
if (!PyArg_ParseTupleAndKeywords(args,kwargs,(char *)"|O:Credentials_set_anonymous",kwnames,&obj0)) SWIG_fail;
|
||||
if (obj0) {
|
||||
res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_cli_credentials, 0 | 0 );
|
||||
if (!SWIG_IsOK(res1)) {
|
||||
SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Credentials_set_anonymous" "', argument " "1"" of type '" "cli_credentials *""'");
|
||||
}
|
||||
arg1 = (cli_credentials *)(argp1);
|
||||
}
|
||||
cli_credentials_set_anonymous(arg1);
|
||||
resultobj = SWIG_Py_Void();
|
||||
return resultobj;
|
||||
fail:
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
SWIGINTERN PyObject *_wrap_Credentials_get_workstation(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) {
|
||||
PyObject *resultobj = 0;
|
||||
cli_credentials *arg1 = (cli_credentials *) 0 ;
|
||||
@ -3564,9 +3639,11 @@ static PyMethodDef SwigMethods[] = {
|
||||
{ (char *)"Credentials_set_domain", (PyCFunction) _wrap_Credentials_set_domain, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_get_realm", (PyCFunction) _wrap_Credentials_get_realm, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_set_realm", (PyCFunction) _wrap_Credentials_set_realm, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_set_kerberos_state", (PyCFunction) _wrap_Credentials_set_kerberos_state, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_parse_string", (PyCFunction) _wrap_Credentials_parse_string, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_get_bind_dn", (PyCFunction) _wrap_Credentials_get_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_set_bind_dn", (PyCFunction) _wrap_Credentials_set_bind_dn, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_set_anonymous", (PyCFunction) _wrap_Credentials_set_anonymous, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_get_workstation", (PyCFunction) _wrap_Credentials_get_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_set_workstation", (PyCFunction) _wrap_Credentials_set_workstation, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
{ (char *)"Credentials_guess", (PyCFunction) _wrap_Credentials_guess, METH_VARARGS | METH_KEYWORDS, NULL},
|
||||
@ -3587,18 +3664,18 @@ static PyMethodDef SwigMethods[] = {
|
||||
static swig_type_info _swigt__p_TALLOC_CTX = {"_p_TALLOC_CTX", "TALLOC_CTX *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_cli_credentials = {"_p_cli_credentials", "struct cli_credentials *|cli_credentials *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_int = {"_p_int", "intptr_t *|int *|int_least32_t *|int_fast32_t *|int32_t *|int_fast16_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_int = {"_p_int", "int *|int_least32_t *|int32_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_loadparm_context = {"_p_loadparm_context", "struct loadparm_context *|loadparm_context *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_loadparm_service = {"_p_loadparm_service", "struct loadparm_service *|loadparm_service *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_long_long = {"_p_long_long", "int_least64_t *|int_fast64_t *|int64_t *|long long *|intmax_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_long = {"_p_long", "intptr_t *|int_least64_t *|int_fast32_t *|int_fast64_t *|int64_t *|long *|int_fast16_t *|intmax_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_param_context = {"_p_param_context", "struct param_context *|param *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_param_opt = {"_p_param_opt", "struct param_opt *|param_opt *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_param_section = {"_p_param_section", "struct param_section *|param_section *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_short = {"_p_short", "short *|int_least16_t *|int16_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_signed_char = {"_p_signed_char", "signed char *|int_least8_t *|int_fast8_t *|int8_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_char = {"_p_unsigned_char", "unsigned char *|uint_least8_t *|uint_fast8_t *|uint8_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uintptr_t *|uint_least32_t *|uint_fast32_t *|uint32_t *|unsigned int *|uint_fast16_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_long_long = {"_p_unsigned_long_long", "uint_least64_t *|uint_fast64_t *|uint64_t *|unsigned long long *|uintmax_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "uint_least32_t *|uint32_t *|unsigned int *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_long = {"_p_unsigned_long", "uintptr_t *|uint_least64_t *|uint_fast32_t *|uint_fast64_t *|uint64_t *|unsigned long *|uint_fast16_t *|uintmax_t *", 0, 0, (void*)0, 0};
|
||||
static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "unsigned short *|uint_least16_t *|uint16_t *", 0, 0, (void*)0, 0};
|
||||
|
||||
static swig_type_info *swig_type_initial[] = {
|
||||
@ -3608,7 +3685,7 @@ static swig_type_info *swig_type_initial[] = {
|
||||
&_swigt__p_int,
|
||||
&_swigt__p_loadparm_context,
|
||||
&_swigt__p_loadparm_service,
|
||||
&_swigt__p_long_long,
|
||||
&_swigt__p_long,
|
||||
&_swigt__p_param_context,
|
||||
&_swigt__p_param_opt,
|
||||
&_swigt__p_param_section,
|
||||
@ -3616,7 +3693,7 @@ static swig_type_info *swig_type_initial[] = {
|
||||
&_swigt__p_signed_char,
|
||||
&_swigt__p_unsigned_char,
|
||||
&_swigt__p_unsigned_int,
|
||||
&_swigt__p_unsigned_long_long,
|
||||
&_swigt__p_unsigned_long,
|
||||
&_swigt__p_unsigned_short,
|
||||
};
|
||||
|
||||
@ -3626,7 +3703,7 @@ static swig_cast_info _swigc__p_cli_credentials[] = { {&_swigt__p_cli_credentia
|
||||
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_loadparm_context[] = { {&_swigt__p_loadparm_context, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_loadparm_service[] = { {&_swigt__p_loadparm_service, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_long_long[] = { {&_swigt__p_long_long, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_long[] = { {&_swigt__p_long, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_param_context[] = { {&_swigt__p_param_context, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_param_opt[] = { {&_swigt__p_param_opt, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_param_section[] = { {&_swigt__p_param_section, 0, 0, 0},{0, 0, 0, 0}};
|
||||
@ -3634,7 +3711,7 @@ static swig_cast_info _swigc__p_short[] = { {&_swigt__p_short, 0, 0, 0},{0, 0,
|
||||
static swig_cast_info _swigc__p_signed_char[] = { {&_swigt__p_signed_char, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_unsigned_char[] = { {&_swigt__p_unsigned_char, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_unsigned_long_long[] = { {&_swigt__p_unsigned_long_long, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_unsigned_long[] = { {&_swigt__p_unsigned_long, 0, 0, 0},{0, 0, 0, 0}};
|
||||
static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
|
||||
|
||||
static swig_cast_info *swig_cast_initial[] = {
|
||||
@ -3644,7 +3721,7 @@ static swig_cast_info *swig_cast_initial[] = {
|
||||
_swigc__p_int,
|
||||
_swigc__p_loadparm_context,
|
||||
_swigc__p_loadparm_service,
|
||||
_swigc__p_long_long,
|
||||
_swigc__p_long,
|
||||
_swigc__p_param_context,
|
||||
_swigc__p_param_opt,
|
||||
_swigc__p_param_section,
|
||||
@ -3652,7 +3729,7 @@ static swig_cast_info *swig_cast_initial[] = {
|
||||
_swigc__p_signed_char,
|
||||
_swigc__p_unsigned_char,
|
||||
_swigc__p_unsigned_int,
|
||||
_swigc__p_unsigned_long_long,
|
||||
_swigc__p_unsigned_long,
|
||||
_swigc__p_unsigned_short,
|
||||
};
|
||||
|
||||
@ -4174,5 +4251,8 @@ SWIGEXPORT void SWIG_init(void) {
|
||||
SWIG_InstallConstants(d,swig_const_table);
|
||||
|
||||
|
||||
SWIG_Python_SetConstant(d, "AUTO_USE_KERBEROS",SWIG_From_int((int)(CRED_AUTO_USE_KERBEROS)));
|
||||
SWIG_Python_SetConstant(d, "DONT_USE_KERBEROS",SWIG_From_int((int)(CRED_DONT_USE_KERBEROS)));
|
||||
SWIG_Python_SetConstant(d, "MUST_USE_KERBEROS",SWIG_From_int((int)(CRED_MUST_USE_KERBEROS)));
|
||||
}
|
||||
|
||||
|
||||
@ -67,6 +67,8 @@ class CredentialsTests(unittest.TestCase):
|
||||
self.assertTrue(self.creds.is_anonymous())
|
||||
self.creds.set_username("somebody")
|
||||
self.assertFalse(self.creds.is_anonymous())
|
||||
self.creds.set_anonymous()
|
||||
self.assertTrue(self.creds.is_anonymous())
|
||||
|
||||
def test_workstation(self):
|
||||
# FIXME: This is uninitialised, it should be None
|
||||
|
||||
@ -25,7 +25,6 @@ parser.add_option_group(options.VersionOptions(parser))
|
||||
# use command line creds if available
|
||||
credopts = options.CredentialsOptions(parser)
|
||||
parser.add_option_group(credopts)
|
||||
creds = credopts.get_credentials()
|
||||
opts, args = parser.parse_args()
|
||||
|
||||
if len(args) < 1:
|
||||
@ -35,6 +34,7 @@ if len(args) < 1:
|
||||
host = args[0]
|
||||
|
||||
lp = sambaopts.get_loadparm()
|
||||
creds = credopts.get_credentials(lp)
|
||||
|
||||
class BasicTests(unittest.TestCase):
|
||||
def delete_force(self, ldb, dn):
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
#
|
||||
|
||||
import optparse
|
||||
from credentials import Credentials
|
||||
from credentials import Credentials, AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS
|
||||
|
||||
class SambaOptions(optparse.OptionGroup):
|
||||
def __init__(self, parser):
|
||||
@ -65,6 +65,9 @@ class CredentialsOptions(optparse.OptionGroup):
|
||||
help="Workgroup", callback=self._parse_workgroup)
|
||||
self.add_option("-N", "--no-pass", action="store_true",
|
||||
help="Don't ask for a password")
|
||||
self.add_option("-k", "--kerberos", metavar="KERBEROS",
|
||||
action="callback", type=str,
|
||||
help="Use Kerberos", callback=self._set_kerberos)
|
||||
self.creds = Credentials()
|
||||
|
||||
def _parse_username(self, option, opt_str, arg, parser):
|
||||
@ -76,11 +79,17 @@ class CredentialsOptions(optparse.OptionGroup):
|
||||
def _set_password(self, option, opt_str, arg, parser):
|
||||
self.creds.set_password(arg)
|
||||
|
||||
def _set_kerberos(self, option, opt_str, arg, parser):
|
||||
if bool(arg) or arg.lower() == "yes":
|
||||
self.creds.set_kerberos_state(MUST_USE_KERBEROS)
|
||||
else:
|
||||
self.creds.set_kerberos_state(DONT_USE_KERBEROS)
|
||||
|
||||
def _set_simple_bind_dn(self, option, opt_str, arg, parser):
|
||||
self.creds.set_bind_dn(arg)
|
||||
|
||||
def get_credentials(self):
|
||||
self.creds.guess()
|
||||
def get_credentials(self, lp):
|
||||
self.creds.guess(lp)
|
||||
if not self.no_pass:
|
||||
self.creds.set_cmdline_callbacks()
|
||||
return self.creds
|
||||
|
||||
@ -38,6 +38,7 @@ class SamDBTestCase(TestCaseInTempDir):
|
||||
policyguid = uuid.random()
|
||||
setup_path = lambda x: os.path.join("setup", x)
|
||||
creds = Credentials()
|
||||
creds.set_anonymous()
|
||||
domainsid = security.random_sid()
|
||||
hostguid = uuid.random()
|
||||
path = os.path.join(self.tempdir, "samdb.ldb")
|
||||
|
||||
@ -266,7 +266,7 @@ fi
|
||||
bbdir=$incdir/../../testprogs/blackbox
|
||||
|
||||
plantest "blackbox.smbclient" dc $bbdir/test_smbclient.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN" "$PREFIX"
|
||||
plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX"
|
||||
plantest "blackbox.kinit" dc $bbdir/test_kinit.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$REALM" "\$DOMAIN" "$PREFIX" $CONFIGURATION
|
||||
plantest "blackbox.cifsdd" dc $bbdir/test_cifsdd.sh "\$SERVER" "\$USERNAME" "\$PASSWORD" "\$DOMAIN"
|
||||
plantest "blackbox.nmblookup" dc $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
|
||||
plantest "blackbox.nmblookup" member $samba4srcdir/utils/tests/test_nmblookup.sh "\$NETBIOSNAME" "\$NETBIOSALIAS" "\$SERVER" "\$SERVER_IP"
|
||||
|
||||
@ -42,9 +42,10 @@ username = args[0]
|
||||
if username is None:
|
||||
print "username must be specified"
|
||||
|
||||
creds = credopts.get_credentials()
|
||||
|
||||
lp = sambaopts.get_loadparm()
|
||||
|
||||
creds = credopts.get_credentials(lp)
|
||||
|
||||
if opts.H is not None:
|
||||
url = opts.H
|
||||
else:
|
||||
|
||||
@ -111,7 +111,8 @@ if opts.realm is None or opts.domain is None:
|
||||
parser.print_usage()
|
||||
sys.exit(1)
|
||||
|
||||
smbconf = sambaopts.get_loadparm().configfile()
|
||||
lp = sambaopts.get_loadparm()
|
||||
smbconf = lp.configfile()
|
||||
|
||||
if opts.aci is not None:
|
||||
print "set ACI: %s" % opts.aci
|
||||
@ -123,7 +124,7 @@ elif opts.server_role == "member":
|
||||
else:
|
||||
server_role = opts.server_role
|
||||
|
||||
creds = credopts.get_credentials()
|
||||
creds = credopts.get_credentials(lp)
|
||||
|
||||
setup_dir = opts.setupdir
|
||||
if setup_dir is None:
|
||||
|
||||
@ -57,7 +57,9 @@ setup_dir = opts.setupdir
|
||||
if setup_dir is None:
|
||||
setup_dir = "setup"
|
||||
|
||||
creds = credopts.get_credentials()
|
||||
lp = sambaopts.get_loadparm()
|
||||
smbconf = lp.configfile()
|
||||
creds = credopts.get_credentials(lp)
|
||||
|
||||
upgrade_provision(samba3, setup_dir, message, credentials=creds, session_info=system_session(),
|
||||
smbconf=sambaopts.get_loadparm_path(), targetdir=opts.targetdir)
|
||||
smbconf=smbconf, targetdir=opts.targetdir)
|
||||
|
||||
@ -23,6 +23,7 @@ samba4bindir=`dirname $0`/../../source/bin
|
||||
smbclient=$samba4bindir/smbclient
|
||||
samba4kinit=$samba4bindir/samba4kinit
|
||||
net=$samba4bindir/net
|
||||
enableaccount="$samba4bindir/smbpython `dirname $0`/../../source/setup/enableaccount"
|
||||
|
||||
testit() {
|
||||
name="$1"
|
||||
@ -60,8 +61,10 @@ KRB5CCNAME="$PREFIX/tmpccache"
|
||||
export KRB5CCNAME
|
||||
|
||||
echo $PASSWORD > ./tmppassfile
|
||||
#testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1`
|
||||
testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "kinit with pkinit" $samba4kinit --request-pac --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1`
|
||||
testit "kinit renew ticket" $samba4kinit --request-pac -R
|
||||
|
||||
test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
|
||||
@ -70,18 +73,23 @@ testit "check time with kerberos ccache" $VALGRIND $net time $SERVER $CONFIGURAT
|
||||
|
||||
testit "add user with kerberos ccache" $VALGRIND $net user add nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
USERPASS=testPass@12%
|
||||
echo $USERPASS > ./tmpuserpassfile
|
||||
|
||||
testit "set user password with kerberos ccache" $VALGRIND $net password set $DOMAIN\\nettestuser $USERPASS $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
#KRB5CCNAME=`pwd`/tmpuserccache
|
||||
#export KRB5CCNAME
|
||||
#
|
||||
#testit "kinit with user password" bin/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
#
|
||||
#KRB5CCNAME=`pwd`/tmpccache
|
||||
#export KRB5CCNAME
|
||||
testit "enable user with kerberos cache" $VALGRIND $enableaccount nettestuser -H ldap://$SERVER -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
KRB5CCNAME="$PREFIX/tmpuserccache"
|
||||
export KRB5CCNAME
|
||||
|
||||
rm -f tmpccfile tmppassfile tmpuserccache
|
||||
testit "kinit with user password" $samba4bindir/samba4kinit --password-file=./tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
|
||||
|
||||
test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
|
||||
|
||||
KRB5CCNAME="$PREFIX/tmpccache"
|
||||
export KRB5CCNAME
|
||||
|
||||
testit "del user with kerberos ccache" $VALGRIND $net user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
|
||||
|
||||
rm -f tmpccfile tmppassfile tmpuserpassfile tmpuserccache
|
||||
exit $failed
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user