[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Apr 26 21:09:02 MDT 2011
The branch, master has been updated
via 722ec8b s4-gensec: Use new common 'obtain the PAC' functions.
via cd7112b s3-gse: Don't release the mech OID from gss_accept_security_context
via f0ce322 auth/kerberos Move all the PAC handling functions to auth/kerberos
via 6ec4306 auth/kerberos: Create common helper to get the verified PAC from GSSAPI
via e130dec s3-libsmb Use 'resolv:hosts file' as a DNS emulation when specified.
via 806eef6 s3-libads Don't start a DEBUG with 'time'
via 2a9a945 selftest: Make bindir_path much less complex
via e04bab4 libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/auth
from e81ea8a s3: Make cli_session_setup_lanman2 async
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 722ec8b34743ad7670a747b9db1f47766752878d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Apr 21 12:38:51 2011 +1000
s4-gensec: Use new common 'obtain the PAC' functions.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed Apr 27 05:08:10 CEST 2011 on sn-devel-104
commit cd7112ba84759a677e51111e44b5f531d602c77c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Apr 16 15:39:00 2011 +1000
s3-gse: Don't release the mech OID from gss_accept_security_context
This is constant data according to the man pages I find for this
fucntion, and causes a segfault to free() when linked to Heimdal. I
am advised that while it is constant for gss_mech_krb5, it may not be
for other mechanisms, so an assert will ensure this is dealt with by
the programmer who extends this code in future.
Andrew Bartlett
commit f0ce322c770010f1d0714f4e06ee6d9ad1b9e9e5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 27 09:42:51 2011 +1000
auth/kerberos Move all the PAC handling functions to auth/kerberos
commit 6ec4306f8c3fed7ec5b5bd164c5829b2661589b7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sat Apr 16 15:41:50 2011 +1000
auth/kerberos: Create common helper to get the verified PAC from GSSAPI
This only works for Heimdal and MIT Krb5 1.8, other versions will get
an ACCESS_DEINED error.
We no longer manually verify any details of the PAC in Samba for
GSSAPI logins, as we never had the information to do it properly, and
it is better to have the GSSAPI library handle it.
Andrew Bartlett
commit e130dec97bb4e08b11f39c1c1382f0c8ad36ef67
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 26 12:08:22 2011 +1000
s3-libsmb Use 'resolv:hosts file' as a DNS emulation when specified.
This allows make test to operate without making real DNS calls.
Andrew Bartlett
commit 806eef63ba6ee9681f89accea262a0c2fa3c8038
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Apr 26 17:02:11 2011 +1000
s3-libads Don't start a DEBUG with 'time'
This strange requirement comes from our subunit test harness.
Andrew Bartlett
commit 2a9a9454e8dc27e2da49bd513c1f8b3bad76bd25
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 27 11:19:20 2011 +1000
selftest: Make bindir_path much less complex
There is no need to pass it as a function pointer, just put it in 'Samba.pm'.
Andrew Bartlett
commit e04bab4a19658009e53949b814a58d177966a9cd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 20 17:39:50 2011 +1000
libcli/auth Move Samba4's gssapi_error_string from GENSEC to libcli/auth
This will allow the GSSAPI PAC fetch code to use it.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
auth/kerberos/gssapi_pac.c | 123 +++++++++++++++++++++++++
{libcli/auth => auth/kerberos}/kerberos_pac.c | 0
auth/kerberos/wscript_build | 3 +
lib/replace/system/kerberos.h | 10 ++
libcli/auth/krb5_wrap.c | 39 ++++++++
libcli/auth/krb5_wrap.h | 10 ++-
libcli/auth/wscript_build | 4 +-
selftest/selftest.pl | 19 +---
selftest/target/Samba.pm | 19 +++-
selftest/target/Samba3.pm | 42 ++++----
selftest/target/Samba4.pm | 22 ++--
source3/Makefile.in | 5 +-
source3/configure.in | 2 +
source3/include/smb_krb5.h | 8 --
source3/libads/dns.c | 15 +++
source3/libads/ldap.c | 2 +-
source3/librpc/crypto/gse.c | 82 +++++++---------
source3/librpc/crypto/gse.h | 3 +-
source3/libsmb/namequery.c | 27 ++++++
source3/rpc_server/dcesrv_gssapi.c | 62 ++-----------
source3/wscript | 2 +-
source3/wscript_build | 1 +
source4/auth/gensec/gensec_gssapi.c | 57 +-----------
source4/heimdal_build/wscript_configure | 1 +
wscript_build | 1 +
25 files changed, 339 insertions(+), 220 deletions(-)
create mode 100644 auth/kerberos/gssapi_pac.c
rename {libcli/auth => auth/kerberos}/kerberos_pac.c (100%)
create mode 100644 auth/kerberos/wscript_build
Changeset truncated at 500 lines:
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
new file mode 100644
index 0000000..dd2fb7e
--- /dev/null
+++ b/auth/kerberos/gssapi_pac.c
@@ -0,0 +1,123 @@
+/*
+ Unix SMB/CIFS implementation.
+ kerberos authorization data (PAC) utility library
+ Copyright (C) Andrew Bartlett <abartlet at samba.org> 2011
+ Copyright (C) Simo Sorce 2010.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#ifdef HAVE_KRB5
+
+#include "libcli/auth/krb5_wrap.h"
+
+/* The Heimdal OID for getting the PAC */
+#define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH 8
+/* EXTRACTION OID AUTHZ ID */
+#define EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID "\x2a\x85\x70\x2b\x0d\x03" "\x81\x00"
+
+static gss_OID_desc pac_data_oid = {
+ EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID_LENGTH,
+ (void *)EXTRACT_PAC_AUTHZ_DATA_FROM_SEC_CONTEXT_OID
+};
+
+NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
+ gss_ctx_id_t gssapi_context,
+ gss_name_t gss_client_name,
+ DATA_BLOB *pac_blob)
+{
+ OM_uint32 gss_maj, gss_min;
+ gss_buffer_set_t set = GSS_C_NO_BUFFER_SET;
+ gss_buffer_desc pac_buffer;
+ gss_buffer_desc pac_display_buffer;
+ gss_buffer_desc pac_name = {
+ .value = "urn:mspac:",
+ .length = sizeof("urn:mspac:")-1
+ };
+ NTSTATUS status;
+ int more = -1;
+ int authenticated = false;
+ int complete = false;
+
+#ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
+ gss_maj = gss_get_name_attribute(
+ &gss_min, gss_client_name, &pac_name,
+ &authenticated, &complete,
+ &pac_buffer, &pac_display_buffer, &more);
+
+ if (gss_maj != 0) {
+ DEBUG(0, ("obtaining PAC via GSSAPI gss_get_name_attribute failed: %s\n",
+ gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5)));
+ return NT_STATUS_ACCESS_DENIED;
+ } else if (authenticated && complete) {
+ /* The PAC blob is returned directly */
+ *pac_blob = data_blob_talloc(mem_ctx, pac_buffer.value,
+ pac_buffer.length);
+
+ if (!pac_blob->data) {
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ status = NT_STATUS_OK;
+ }
+
+ gss_maj = gss_release_buffer(&gss_min, &pac_buffer);
+ gss_maj = gss_release_buffer(&gss_min, &pac_display_buffer);
+ return status;
+ } else {
+ DEBUG(0, ("obtaining PAC via GSSAPI failed: authenticated: %s, complete: %s, more: %s\n",
+ authenticated ? "true" : "false",
+ complete ? "true" : "false",
+ more ? "true" : "false"));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+#endif
+ /* If we didn't have the routine to get a verified, validated
+ * PAC (supplied only by MIT at the time of writing), then try
+ * with the Heimdal OID (fetches the PAC directly and always
+ * validates) */
+ gss_maj = gss_inquire_sec_context_by_oid(
+ &gss_min, gssapi_context,
+ &pac_data_oid, &set);
+
+ /* First check for the error MIT gives for an unknown OID */
+ if (gss_maj == GSS_S_UNAVAILABLE) {
+ DEBUG(1, ("unable to obtain a PAC against this GSSAPI library. "
+ "GSSAPI secured connections are available only with Heimdal or MIT Kerberos >= 1.8\n"));
+ } else if (gss_maj != 0) {
+ DEBUG(2, ("obtaining PAC via GSSAPI gss_inqiure_sec_context_by_oid (Heimdal OID) failed: %s\n",
+ gssapi_error_string(mem_ctx, gss_maj, gss_min, gss_mech_krb5)));
+ } else {
+ if (set == GSS_C_NO_BUFFER_SET) {
+ DEBUG(0, ("gss_inquire_sec_context_by_oid returned unknown "
+ "data in results.\n"));
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ /* The PAC blob is returned directly */
+ *pac_blob = data_blob_talloc(mem_ctx, set->elements[0].value,
+ set->elements[0].length);
+ if (!pac_blob->data) {
+ status = NT_STATUS_NO_MEMORY;
+ } else {
+ status = NT_STATUS_OK;
+ }
+
+ gss_maj = gss_release_buffer_set(&gss_min, &set);
+ return status;
+ }
+ return NT_STATUS_ACCESS_DENIED;
+}
+#endif
diff --git a/libcli/auth/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
similarity index 100%
rename from libcli/auth/kerberos_pac.c
rename to auth/kerberos/kerberos_pac.c
diff --git a/auth/kerberos/wscript_build b/auth/kerberos/wscript_build
new file mode 100644
index 0000000..1070770
--- /dev/null
+++ b/auth/kerberos/wscript_build
@@ -0,0 +1,3 @@
+bld.SAMBA_SUBSYSTEM('KRB5_PAC',
+ source='gssapi_pac.c kerberos_pac.c',
+ deps='gssapi_krb5 krb5 ndr-krb5pac')
diff --git a/lib/replace/system/kerberos.h b/lib/replace/system/kerberos.h
index bb1f1b9..10d5f76 100644
--- a/lib/replace/system/kerberos.h
+++ b/lib/replace/system/kerberos.h
@@ -37,5 +37,15 @@
#include <com_err.h>
#endif
+#if HAVE_GSSAPI_GSSAPI_H
+#include <gssapi/gssapi.h>
+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
+#include <gssapi/gssapi_generic.h>
+#elif HAVE_GSSAPI_H
+#include <gssapi.h>
+#endif
+
+#include <gssapi/gssapi_krb5.h>
+
#endif
#endif
diff --git a/libcli/auth/krb5_wrap.c b/libcli/auth/krb5_wrap.c
index c69e394..7725261 100644
--- a/libcli/auth/krb5_wrap.c
+++ b/libcli/auth/krb5_wrap.c
@@ -5,6 +5,7 @@
Copyright (C) Luke Howard 2002-2003
Copyright (C) Andrew Bartlett <abartlet at samba.org> 2005-2011
Copyright (C) Guenther Deschner 2005-2009
+ Copyright (C) Simo Sorce 2010.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -307,6 +308,44 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
return ret;
}
+char *gssapi_error_string(TALLOC_CTX *mem_ctx,
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ const gss_OID mech)
+{
+ OM_uint32 disp_min_stat, disp_maj_stat;
+ gss_buffer_desc maj_error_message;
+ gss_buffer_desc min_error_message;
+ char *maj_error_string, *min_error_string;
+ OM_uint32 msg_ctx = 0;
+
+ char *ret;
+
+ maj_error_message.value = NULL;
+ min_error_message.value = NULL;
+ maj_error_message.length = 0;
+ min_error_message.length = 0;
+
+ disp_maj_stat = gss_display_status(&disp_min_stat, maj_stat, GSS_C_GSS_CODE,
+ mech, &msg_ctx, &maj_error_message);
+ disp_maj_stat = gss_display_status(&disp_min_stat, min_stat, GSS_C_MECH_CODE,
+ mech, &msg_ctx, &min_error_message);
+
+ maj_error_string = talloc_strndup(mem_ctx, (char *)maj_error_message.value, maj_error_message.length);
+
+ min_error_string = talloc_strndup(mem_ctx, (char *)min_error_message.value, min_error_message.length);
+
+ ret = talloc_asprintf(mem_ctx, "%s: %s", maj_error_string, min_error_string);
+
+ talloc_free(maj_error_string);
+ talloc_free(min_error_string);
+
+ gss_release_buffer(&disp_min_stat, &maj_error_message);
+ gss_release_buffer(&disp_min_stat, &min_error_message);
+
+ return ret;
+}
+
+
char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx)
{
char *ret;
diff --git a/libcli/auth/krb5_wrap.h b/libcli/auth/krb5_wrap.h
index 4f333cc..82769ae 100644
--- a/libcli/auth/krb5_wrap.h
+++ b/libcli/auth/krb5_wrap.h
@@ -31,7 +31,6 @@ int create_kerberos_key_from_string_direct(krb5_context context,
krb5_enctype enctype);
void kerberos_free_data_contents(krb5_context context, krb5_data *pdata);
krb5_error_code smb_krb5_kt_free_entry(krb5_context context, krb5_keytab_entry *kt_entry);
-char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
@@ -54,6 +53,10 @@ krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_checksum *cksum,
uint8_t *data,
size_t length);
+char *gssapi_error_string(TALLOC_CTX *mem_ctx,
+ OM_uint32 maj_stat, OM_uint32 min_stat,
+ const gss_OID mech);
+char *smb_get_krb5_error_message(krb5_context context, krb5_error_code code, TALLOC_CTX *mem_ctx);
krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB pac_data,
@@ -69,3 +72,8 @@ NTSTATUS kerberos_decode_pac(TALLOC_CTX *mem_ctx,
krb5_const_principal client_principal,
time_t tgs_authtime,
struct PAC_DATA **pac_data_out);
+
+NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
+ gss_ctx_id_t gssapi_context,
+ gss_name_t gss_client_name,
+ DATA_BLOB *pac_data);
diff --git a/libcli/auth/wscript_build b/libcli/auth/wscript_build
index bdf52d0..ab6ca4f 100644
--- a/libcli/auth/wscript_build
+++ b/libcli/auth/wscript_build
@@ -40,5 +40,5 @@ bld.SAMBA_SUBSYSTEM('SPNEGO_PARSE',
deps='asn1util')
bld.SAMBA_SUBSYSTEM('KRB5_WRAP',
- source='krb5_wrap.c kerberos_pac.c',
- deps='krb5 ndr-krb5pac com_err')
+ source='krb5_wrap.c',
+ deps='gssapi_krb5 krb5 ndr-krb5pac com_err KRB5_PAC')
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 9f937f1..c45ccb3 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -468,19 +468,6 @@ if ($opt_binary_mapping) {
$ENV{BINARY_MAPPING} = $opt_binary_mapping;
-sub bindir_path($$) {
- my ($self, $path) = @_;
-
- if (defined($self->{binary_mapping}->{$path})) {
- $path = $self->{binary_mapping}->{$path};
- }
-
- my $valpath = "$self->{bindir}/$path$self->{exeext}";
-
- return $valpath if (-f $valpath);
- return $path;
-}
-
# After this many seconds, the server will self-terminate. All tests
# must terminate in this time, and testenv will only stay alive this
# long
@@ -496,18 +483,18 @@ if ($opt_target eq "samba") {
}
$testenv_default = "all";
require target::Samba;
- $target = new Samba($bindir, \%binary_mapping, \&bindir_path, $ldap, $srcdir, $exeext, $server_maxtime);
+ $target = new Samba($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime);
} elsif ($opt_target eq "samba4") {
$testenv_default = "all";
require target::Samba4;
- $target = new Samba4($bindir, \%binary_mapping, \&bindir_path, $ldap, $srcdir, $exeext, $server_maxtime);
+ $target = new Samba4($bindir, \%binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime);
} elsif ($opt_target eq "samba3") {
if ($opt_socket_wrapper and `$bindir/smbd -b | grep SOCKET_WRAPPER` eq "") {
die("You must include --enable-socket-wrapper when compiling Samba in order to execute 'make test'. Exiting....");
}
$testenv_default = "member";
require target::Samba3;
- $target = new Samba3($bindir, \%binary_mapping, \&bindir_path, $srcdir_abs, $exeext, $server_maxtime);
+ $target = new Samba3($bindir, \%binary_mapping, $srcdir_abs, $exeext, $server_maxtime);
} elsif ($opt_target eq "win") {
die("Windows tests will not run with socket wrapper enabled.")
if ($opt_socket_wrapper);
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index fc7e68d..ec8ab2b 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -10,11 +10,11 @@ use target::Samba3;
use target::Samba4;
sub new($$$$$) {
- my ($classname, $bindir, $binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime) = @_;
+ my ($classname, $bindir, $binary_mapping,$ldap, $srcdir, $exeext, $server_maxtime) = @_;
my $self = {
- samba3 => new Samba3($bindir,$binary_mapping, $bindir_path, $srcdir, $exeext, $server_maxtime),
- samba4 => new Samba4($bindir,$binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime),
+ samba3 => new Samba3($bindir,$binary_mapping, $srcdir, $exeext, $server_maxtime),
+ samba4 => new Samba4($bindir,$binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime),
};
bless $self;
return $self;
@@ -42,4 +42,17 @@ sub setup_env($$$)
return $env;
}
+sub bindir_path($$) {
+ my ($object, $path) = @_;
+
+ if (defined($object->{binary_mapping}->{$path})) {
+ $path = $object->{binary_mapping}->{$path};
+ }
+
+ my $valpath = "$object->{bindir}/$path$object->{exeext}";
+
+ return $valpath if (-f $valpath);
+ return $path;
+}
+
1;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index a829b09..d9e62f4 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -9,14 +9,14 @@ use strict;
use Cwd qw(abs_path);
use FindBin qw($RealBin);
use POSIX;
+use target::Samba;
sub new($$) {
- my ($classname, $bindir, $binary_mapping, $bindir_path, $srcdir, $exeext, $server_maxtime) = @_;
+ my ($classname, $bindir, $binary_mapping, $srcdir, $exeext, $server_maxtime) = @_;
$exeext = "" unless defined($exeext);
my $self = { vars => {},
bindir => $bindir,
binary_mapping => $binary_mapping,
- bindir_path => $bindir_path,
srcdir => $srcdir,
exeext => $exeext,
server_maxtime => $server_maxtime
@@ -172,7 +172,7 @@ sub setup_member($$$)
$ret or return undef;
- my $net = $self->{bindir_path}->($self, "net");
+ my $net = Samba::bindir_path($self, "net");
my $cmd = "";
$cmd .= "SOCKET_WRAPPER_DEFAULT_IFACE=\"$ret->{SOCKET_WRAPPER_DEFAULT_IFACE}\" ";
$cmd .= "$net join $ret->{CONFIGURATION} $s3dcvars->{DOMAIN} member";
@@ -395,14 +395,14 @@ sub check_or_start($$$$) {
@optargs = split(/ /, $ENV{NMBD_OPTIONS});
}
- $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "nmbd");
+ $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "nmbd");
- my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime});
+ my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
if(defined($ENV{NMBD_VALGRIND})) {
@preargs = split(/ /, $ENV{NMBD_VALGRIND});
}
- exec(@preargs, $self->{bindir_path}->($self, "nmbd"), "-F", "--no-process-group", "-S", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start nmbd: $!");
+ exec(@preargs, Samba::bindir_path($self, "nmbd"), "-F", "--no-process-group", "-S", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start nmbd: $!");
}
write_pid($env_vars, "nmbd", $pid);
print "DONE\n";
@@ -438,14 +438,14 @@ sub check_or_start($$$$) {
@optargs = split(/ /, $ENV{WINBINDD_OPTIONS});
}
- $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "winbindd");
+ $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "winbindd");
- my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime});
+ my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
if(defined($ENV{WINBINDD_VALGRIND})) {
@preargs = split(/ /, $ENV{WINBINDD_VALGRIND});
}
- exec(@preargs, $self->{bindir_path}->($self, "winbindd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start winbindd: $!");
+ exec(@preargs, Samba::bindir_path($self, "winbindd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start winbindd: $!");
}
write_pid($env_vars, "winbindd", $pid);
print "DONE\n";
@@ -476,16 +476,16 @@ sub check_or_start($$$$) {
exit 0;
}
- $ENV{MAKE_TEST_BINARY} = $self->{bindir_path}->($self, "smbd");
+ $ENV{MAKE_TEST_BINARY} = Samba::bindir_path($self, "smbd");
my @optargs = ("-d0");
if (defined($ENV{SMBD_OPTIONS})) {
@optargs = split(/ /, $ENV{SMBD_OPTIONS});
}
- my @preargs = ($self->{bindir_path}->($self, "timelimit"), $self->{server_maxtime});
+ my @preargs = (Samba::bindir_path($self, "timelimit"), $self->{server_maxtime});
if(defined($ENV{SMBD_VALGRIND})) {
@preargs = split(/ /,$ENV{SMBD_VALGRIND});
}
- exec(@preargs, $self->{bindir_path}->($self, "smbd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start smbd: $!");
+ exec(@preargs, Samba::bindir_path($self, "smbd"), "-F", "--no-process-group", "-s", $env_vars->{SERVERCONFFILE}, @optargs) or die("Unable to start smbd: $!");
}
write_pid($env_vars, "smbd", $pid);
print "DONE\n";
@@ -812,7 +812,7 @@ domusers:X:$gid_domusers:
$ENV{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
$ENV{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
- open(PWD, "|".$self->{bindir_path}->($self, "smbpasswd")." -c $conffile -L -s -a $unix_name >/dev/null");
+ open(PWD, "|".Samba::bindir_path($self, "smbpasswd")." -c $conffile -L -s -a $unix_name >/dev/null");
print PWD "$password\n$password\n";
close(PWD) or die("Unable to set password for test account");
@@ -847,7 +847,7 @@ domusers:X:$gid_domusers:
$ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
$ret{NSS_WRAPPER_WINBIND_SO_PATH} = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
if (not defined($ret{NSS_WRAPPER_WINBIND_SO_PATH})) {
- $ret{NSS_WRAPPER_WINBIND_SO_PATH} = $self->{bindir_path}->($self, "default/nsswitch/libnss-winbind.so");
+ $ret{NSS_WRAPPER_WINBIND_SO_PATH} = Samba::bindir_path($self, "default/nsswitch/libnss-winbind.so");
}
$ret{LOCAL_PATH} = "$shrdir";
@@ -862,11 +862,11 @@ sub wait_for_start($$)
print "delaying for nbt name registration\n";
sleep(10);
# This will return quickly when things are up, but be slow if we need to wait for (eg) SSL init
- system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__");
- system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} __SAMBA__");
- system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__");
- system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
- system($self->{bindir_path}->($self, "nmblookup3") ." $envvars->{CONFIGURATION} $envvars->{SERVER}");
+ system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} __SAMBA__");
+ system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} __SAMBA__");
+ system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U 127.255.255.255 __SAMBA__");
+ system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} -U $envvars->{SERVER_IP} $envvars->{SERVER}");
+ system(Samba::bindir_path($self, "nmblookup3") ." $envvars->{CONFIGURATION} $envvars->{SERVER}");
# make sure smbd is also up set
print "wait for smbd\n";
@@ -874,7 +874,7 @@ sub wait_for_start($$)
my $count = 0;
my $ret;
do {
- $ret = system($self->{bindir_path}->($self, "smbclient3") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
+ $ret = system(Samba::bindir_path($self, "smbclient3") ." $envvars->{CONFIGURATION} -L $envvars->{SERVER} -U% -p 139");
if ($ret != 0) {
sleep(2);
}
@@ -886,7 +886,7 @@ sub wait_for_start($$)
return 0;
}
# Ensure we have domain users mapped.
- $ret = system($self->{bindir_path}->($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain");
+ $ret = system(Samba::bindir_path($self, "net") ." $envvars->{CONFIGURATION} groupmap add rid=513 unixgroup=domusers type=domain");
if ($ret != 0) {
return 1;
}
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 69d5c3b..22f38b8 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -10,9 +10,10 @@ use Cwd qw(abs_path);
use FindBin qw($RealBin);
use POSIX;
use SocketWrapper;
+use target::Samba;
sub new($$$$$) {
- my ($classname, $bindir, $binary_mapping, $bindir_path, $ldap, $srcdir, $exeext, $server_maxtime) = @_;
+ my ($classname, $bindir, $binary_mapping, $ldap, $srcdir, $exeext, $server_maxtime) = @_;
$exeext = "" unless defined($exeext);
--
Samba Shared Repository
More information about the samba-cvs
mailing list