[SCM] Samba Shared Repository - branch v4-0-test updated -
release-4-0-0alpha3-1695-g761e667
Andrew Bartlett
abartlet at samba.org
Thu May 22 03:25:55 GMT 2008
The branch, v4-0-test has been updated
via 761e667e45475d3a7d5a41558b400ba4c94c4650 (commit)
via 4ca8f32a37196c81547679b2ee8d00cb77a01269 (commit)
via ebf130e9e57b640129cf0d05dbd7d210b71ea371 (commit)
via 617d4b666514f997510a942c6f8aba6a4ae5e40e (commit)
via c0234d13192c1871971b45121249395ef15c5ae5 (commit)
from 96501be38da947f02ad57217e0bc23f7a66d36f9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v4-0-test
- Log -----------------------------------------------------------------
commit 761e667e45475d3a7d5a41558b400ba4c94c4650
Author: Andrew Kroeger <andrew at sprocks.gotdns.com>
Date: Wed May 21 21:14:06 2008 -0500
GPO: Do not provision Default Domain Policy as initially enforced. (bz #5480)
This only solves part of bz #5480. The settings for Enforced & Link Enabled
now match the default settings of a Windows DC, but they are still "locked"
and cannot be changed via the GUI.
commit 4ca8f32a37196c81547679b2ee8d00cb77a01269
Author: Andrew Kroeger <andrew at sprocks.gotdns.com>
Date: Wed May 21 18:54:15 2008 -0500
enableaccount: Use correct command name in usage output.
commit ebf130e9e57b640129cf0d05dbd7d210b71ea371
Author: Andrew Kroeger <andrew at sprocks.gotdns.com>
Date: Wed May 21 18:12:36 2008 -0500
provision: Generate krb5.conf template separate from named.conf template.
commit 617d4b666514f997510a942c6f8aba6a4ae5e40e
Author: Andrew Kroeger <andrew at sprocks.gotdns.com>
Date: Wed May 21 02:18:23 2008 -0500
gitignore: Ignore some output files from make test.
commit c0234d13192c1871971b45121249395ef15c5ae5
Author: Andrew Kroeger <andrew at sprocks.gotdns.com>
Date: Wed May 21 02:07:45 2008 -0500
subunit.sh: Properly capture and pass on the command output.
Previously, the output from $cmdline was never captured. In case of a
failure, there was no output being passed to the subunit_fail_test() function,
but that function contains a call to "cat -". This caused the script to hang
indefinitely waiting for input.
We now capture $cmdline output (including mapping stderr to stdout) using
backticks, and then pipe that output to the subunit_fail_test() if there is
a failure.
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 4 ++
source/scripting/python/samba/provision.py | 74 +++++++++++++++++++--------
source/setup/enableaccount | 2 +-
source/setup/krb5.conf | 17 ++++++
source/setup/named.conf | 14 -----
source/setup/provision_basedn_modify.ldif | 2 +-
testprogs/blackbox/subunit.sh | 4 +-
7 files changed, 77 insertions(+), 40 deletions(-)
create mode 100644 source/setup/krb5.conf
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 75949c6..1e574f0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -196,3 +196,7 @@ source/data.mk
source/librpc/idl-deps
source/libcli/netlogon_proto.h
source/libcli/ndr_netlogon_proto.h
+source/foo.tdb
+source/gentest_seeds.dat
+source/templates.ldb
+source/torture.tdb
diff --git a/source/scripting/python/samba/provision.py b/source/scripting/python/samba/provision.py
index 4818a79..69c7e88 100644
--- a/source/scripting/python/samba/provision.py
+++ b/source/scripting/python/samba/provision.py
@@ -237,6 +237,7 @@ def provision_paths_from_lp(lp, dnsdomain):
paths.templates = os.path.join(paths.private_dir, "templates.ldb")
paths.dns = os.path.join(paths.private_dir, dnsdomain + ".zone")
paths.namedconf = os.path.join(paths.private_dir, "named.conf")
+ paths.krb5conf = os.path.join(paths.private_dir, "krb5.conf")
paths.winsdb = os.path.join(paths.private_dir, "wins.ldb")
paths.s4_ldapi_path = os.path.join(paths.private_dir, "ldapi")
paths.phpldapadminconfig = os.path.join(paths.private_dir,
@@ -1059,16 +1060,23 @@ def provision(setup_dir, message, session_info,
expression="(&(objectClass=computer)(cn=%s))" % names.hostname,
scope=SCOPE_SUBTREE)
assert isinstance(hostguid, str)
-
- create_zone_file(paths.dns, paths.namedconf, setup_path, samdb,
- hostname=names.hostname, hostip=hostip,
- hostip6=hostip6, dnsdomain=names.dnsdomain,
- domaindn=names.domaindn, dnspass=dnspass, realm=names.realm,
- domainguid=domainguid, hostguid=hostguid,
- private_dir=paths.private_dir, keytab_name=paths.dns_keytab)
+
+ create_zone_file(paths.dns, setup_path, dnsdomain=names.dnsdomain,
+ domaindn=names.domaindn, hostip=hostip,
+ hostip6=hostip6, hostname=names.hostname,
+ dnspass=dnspass, realm=names.realm,
+ domainguid=domainguid, hostguid=hostguid)
message("Please install the zone located in %s into your DNS server" % paths.dns)
- message("See %s if you want to use secure GSS-TSIG updates" % paths.namedconf)
-
+
+ create_named_conf(paths.namedconf, setup_path, realm=names.realm,
+ dnsdomain=names.dnsdomain, private_dir=paths.private_dir,
+ keytab_name=paths.dns_keytab)
+ message("See %s for example configuration statements for secure GSS-TSIG updates" % paths.namedconf)
+
+ create_krb5_conf(paths.krb5conf, setup_path, dnsdomain=names.dnsdomain,
+ hostname=names.hostname, realm=names.realm)
+ message("A Kerberos configuration suitable for Samba 4 has been generated at %s" % paths.krb5conf)
+
create_phpldapadmin_config(paths.phpldapadminconfig, setup_path,
ldapi_url)
@@ -1284,19 +1292,12 @@ def create_phpldapadmin_config(path, setup_path, ldapi_uri):
{"S4_LDAPI_URI": ldapi_uri})
-def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaindn,
- hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid,
- private_dir, keytab_name):
+def create_zone_file(path, setup_path, dnsdomain, domaindn,
+ hostip, hostip6, hostname, dnspass, realm, domainguid, hostguid):
"""Write out a DNS zone file, from the info in the current database.
- Also writes a file with stubs appropriate for a DNS configuration file
- (including GSS-TSIG configuration), and details as to some of the other
- configuration changes that may be necessary.
-
- :param path_zone: Path of the new zone file.
- :param path_conf: Path of the config stubs file.
+ :param path: Path of the new zone file.
:param setup_path: Setup path function.
- :param samdb: SamDB object
:param dnsdomain: DNS Domain name
:param domaindn: DN of the Domain
:param hostip: Local IPv4 IP
@@ -1316,7 +1317,7 @@ def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaind
hostip6_base_line = " IN AAAA " + hostip6
hostip6_host_line = hostname + " IN AAAA " + hostip6
- setup_file(setup_path("provision.zone"), path_zone, {
+ setup_file(setup_path("provision.zone"), path, {
"DNSPASS_B64": b64encode(dnspass),
"HOSTNAME": hostname,
"DNSDOMAIN": dnsdomain,
@@ -1330,15 +1331,44 @@ def create_zone_file(path_zone, path_conf, setup_path, samdb, dnsdomain, domaind
"HOSTIP6_HOST_LINE": hostip6_host_line,
})
- setup_file(setup_path("named.conf"), path_conf, {
+def create_named_conf(path, setup_path, realm, dnsdomain,
+ private_dir, keytab_name):
+ """Write out a file containing zone statements suitable for inclusion in a
+ named.conf file (including GSS-TSIG configuration).
+
+ :param path: Path of the new named.conf file.
+ :param setup_path: Setup path function.
+ :param realm: Realm name
+ :param dnsdomain: DNS Domain name
+ :param private_dir: Path to private directory
+ :param keytab_name: File name of DNS keytab file
+ """
+
+ setup_file(setup_path("named.conf"), path, {
"DNSDOMAIN": dnsdomain,
"REALM": realm,
"REALM_WC": "*." + ".".join(realm.split(".")[1:]),
- "HOSTNAME": hostname,
"DNS_KEYTAB": keytab_name,
"DNS_KEYTAB_ABS": os.path.join(private_dir, keytab_name),
})
+def create_krb5_conf(path, setup_path, dnsdomain, hostname, realm):
+ """Write out a file containing zone statements suitable for inclusion in a
+ named.conf file (including GSS-TSIG configuration).
+
+ :param path: Path of the new named.conf file.
+ :param setup_path: Setup path function.
+ :param dnsdomain: DNS Domain name
+ :param hostname: Local hostname
+ :param realm: Realm name
+ """
+
+ setup_file(setup_path("krb5.conf"), path, {
+ "DNSDOMAIN": dnsdomain,
+ "HOSTNAME": hostname,
+ "REALM": realm,
+ })
+
def load_schema(setup_path, samdb, schemadn, netbiosname, configdn, sitename):
"""Load schema for the SamDB.
diff --git a/source/setup/enableaccount b/source/setup/enableaccount
index c232160..061997b 100755
--- a/source/setup/enableaccount
+++ b/source/setup/enableaccount
@@ -17,7 +17,7 @@ import ldb
from samba.auth import system_session
from samba.samdb import SamDB
-parser = optparse.OptionParser("setpassword [username] [options]")
+parser = optparse.OptionParser("enableaccount [username] [options]")
sambaopts = options.SambaOptions(parser)
parser.add_option_group(sambaopts)
parser.add_option_group(options.VersionOptions(parser))
diff --git a/source/setup/krb5.conf b/source/setup/krb5.conf
new file mode 100644
index 0000000..7dad63d
--- /dev/null
+++ b/source/setup/krb5.conf
@@ -0,0 +1,17 @@
+[libdefaults]
+ default_realm = ${REALM}
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ forwardable = yes
+
+[realms]
+ ${REALM} = {
+ kdc = ${HOSTNAME}.${DNSDOMAIN}:88
+ admin_server = ${HOSTNAME}.${DNSDOMAIN}:749
+ default_domain = ${DNSDOMAIN}
+ }
+
+[domain_realm]
+ .${DNSDOMAIN} = ${REALM}
+ ${DNSDOMAIN} = ${REALM}
diff --git a/source/setup/named.conf b/source/setup/named.conf
index 9cf0b48..4f98bbd 100644
--- a/source/setup/named.conf
+++ b/source/setup/named.conf
@@ -66,20 +66,6 @@ zone "123.168.192.in-addr.arpa" in {
tkey-gssapi-credential "DNS/${DNSDOMAIN}";
tkey-domain "${REALM}";
-# - Add settings for the ${REALM} realm to the Kerberos configuration on the DNS
-# server. The easiest way is to add the following blocks to the appropriate
-# sections in /etc/krb5.conf:
-[realms]
- ${REALM} = {
- kdc = ${HOSTNAME}.${DNSDOMAIN}:88
- admin_server = ${HOSTNAME}.${DNSDOMAIN}:749
- default_domain = ${DNSDOMAIN}
- }
-
-[domain_realm]
- .${DNSDOMAIN} = ${REALM}
- ${DNSDOMAIN} = ${REALM}
-
# - Modify BIND init scripts to pass the location of the generated keytab file.
# Fedora 8 & later provide a variable named KEYTAB_FILE in /etc/sysconfig/named
# for this purpose:
diff --git a/source/setup/provision_basedn_modify.ldif b/source/setup/provision_basedn_modify.ldif
index f5e1bb5..63332e9 100644
--- a/source/setup/provision_basedn_modify.ldif
+++ b/source/setup/provision_basedn_modify.ldif
@@ -75,6 +75,6 @@ subRefs: ${CONFIGDN}
subRefs: ${SCHEMADN}
-
replace: gPLink
-gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};2]
+gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0]
-
${DOMAINGUID_MOD}
diff --git a/testprogs/blackbox/subunit.sh b/testprogs/blackbox/subunit.sh
index 7a6b21e..100dfd1 100755
--- a/testprogs/blackbox/subunit.sh
+++ b/testprogs/blackbox/subunit.sh
@@ -56,12 +56,12 @@ testit () {
shift
cmdline="$*"
subunit_start_test "$name"
- $cmdline
+ output=`$cmdline 2>&1`
status=$?
if [ x$status = x0 ]; then
subunit_pass_test "$name"
else
- subunit_fail_test "$name"
+ echo $output | subunit_fail_test "$name"
fi
return $status
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list