[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Fri Mar 6 12:12:03 MST 2015
The branch, master has been updated
via 5b3c71c provision: Give a more helpful message when find_provision_key_parameters() fails
via 6fe8cd2 selftest: Improve renamedcs test
via 477fce1 s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -k
via 63dbf43 samba-tool: Add -P to options.CredentialsOptions
from 90d03a6 heimdal: Fix CID 1273430 Double free
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b3c71cd9c4d20a04f7505ad904f95d0ecf5ac2e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 2 13:22:37 2015 +1300
provision: Give a more helpful message when find_provision_key_parameters() fails
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Mar 6 20:11:52 CET 2015 on sn-devel-104
commit 6fe8cd2fdfa770ceaa4ad87002db9cdc029dd532
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Feb 27 15:56:22 2015 +1300
selftest: Improve renamedcs test
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 477fce1f395917616cd2eb144da8571e994382e7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 26 12:24:21 2015 +1300
s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -k
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 63dbf4388a53016a110bd02a31c46e0210eda463
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Feb 26 12:23:55 2015 +1300
samba-tool: Add -P to options.CredentialsOptions
This matches our other binaries, and allows samba-tool commands to run with the machine account.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/getopt.py | 26 +++++++++++++++++++++-----
python/samba/provision/__init__.py | 7 +++++--
source4/lib/cmdline/popt_credentials.c | 2 +-
testprogs/blackbox/renamedc.sh | 10 ++++++++++
4 files changed, 37 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/getopt.py b/python/samba/getopt.py
index c3c0800..0f97658 100644
--- a/python/samba/getopt.py
+++ b/python/samba/getopt.py
@@ -126,8 +126,9 @@ class CredentialsOptions(optparse.OptionGroup):
"""Command line options for specifying credentials."""
def __init__(self, parser):
- self.no_pass = True
+ self.ask_for_password = True
self.ipaddress = None
+ self.machine_pass = False
optparse.OptionGroup.__init__(self, parser, "Credentials Options")
self.add_option("--simple-bind-dn", metavar="DN", action="callback",
callback=self._set_simple_bind_dn, type=str,
@@ -140,8 +141,9 @@ class CredentialsOptions(optparse.OptionGroup):
self.add_option("-W", "--workgroup", metavar="WORKGROUP",
action="callback", type=str,
help="Workgroup", callback=self._parse_workgroup)
- self.add_option("-N", "--no-pass", action="store_true",
- help="Don't ask for a password")
+ self.add_option("-N", "--no-pass", action="callback",
+ help="Don't ask for a password",
+ callback=self._set_no_password)
self.add_option("-k", "--kerberos", metavar="KERBEROS",
action="callback", type=str,
help="Use Kerberos", callback=self._set_kerberos)
@@ -149,17 +151,29 @@ class CredentialsOptions(optparse.OptionGroup):
action="callback", type=str,
help="IP address of server",
callback=self._set_ipaddress)
+ self.add_option("-P", "--machine-pass",
+ action="callback",
+ help="Use stored machine account password",
+ callback=self._set_machine_pass)
self.creds = Credentials()
def _parse_username(self, option, opt_str, arg, parser):
self.creds.parse_string(arg)
+ self.machine_pass = False
def _parse_workgroup(self, option, opt_str, arg, parser):
self.creds.set_domain(arg)
def _set_password(self, option, opt_str, arg, parser):
self.creds.set_password(arg)
- self.no_pass = False
+ self.ask_for_password = False
+ self.machine_pass = False
+
+ def _set_no_password(self, option, opt_str, arg, parser):
+ self.ask_for_password = False
+
+ def _set_machine_pass(self, option, opt_str, arg, parser):
+ self.machine_pass = True
def _set_ipaddress(self, option, opt_str, arg, parser):
self.ipaddress = arg
@@ -177,7 +191,9 @@ class CredentialsOptions(optparse.OptionGroup):
:return: Credentials object
"""
self.creds.guess(lp)
- if self.no_pass:
+ if self.machine_pass:
+ self.creds.set_machine_account(lp)
+ elif self.ask_for_password:
self.creds.set_cmdline_callbacks()
# possibly fallback to using the machine account, if we have
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 1603321..953bd0f 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -243,8 +243,11 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf,
# dns hostname and server dn
res4 = samdb.search(expression="(CN=%s)" % names.netbiosname,
- base="OU=Domain Controllers,%s" % basedn,
- scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"])
+ base="OU=Domain Controllers,%s" % basedn,
+ scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"])
+ if len(res4) == 0:
+ raise ProvisioningError("Unable to find DC called CN=%s under OU=Domain Controllers,%s" % (names.netbiosname, basedn))
+
names.hostname = str(res4[0]["dNSHostName"]).replace("." + names.dnsdomain, "")
server_res = samdb.search(expression="serverReference=%s" % res4[0].dn,
diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c
index ea08f8b..59a724c 100644
--- a/source4/lib/cmdline/popt_credentials.c
+++ b/source4/lib/cmdline/popt_credentials.c
@@ -166,7 +166,7 @@ struct poptOption popt_common_credentials4[] = {
{ "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" },
{ "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" },
{ "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" },
- { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" },
+ { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" },
{ "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" },
{ "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos, -k [yes|no]" },
{ "krb5-ccache", 0, POPT_ARG_STRING, NULL, OPT_KRB5_CCACHE, "Credentials cache location for Kerberos" },
diff --git a/testprogs/blackbox/renamedc.sh b/testprogs/blackbox/renamedc.sh
index 8741867..4f187a4 100755
--- a/testprogs/blackbox/renamedc.sh
+++ b/testprogs/blackbox/renamedc.sh
@@ -49,6 +49,14 @@ confirmrenamedc_dNSHostName() {
$ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb -s base -b 'cn=RAYMONBAR,ou=domain controllers,dc=foo,dc=example,dc=com' dNSHostName | grep 'dNSHostName: RAYMONBAR.foo.example.com'
}
+confirmrenamedc_rootdse_dnsHostName() {
+ $ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb -s base -b '' dNSHostName | grep 'dnsHostName: RAYMONBAR.foo.example.com'
+}
+
+confirmrenamedc_rootdse_dsServiceName() {
+ $ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb --show-binary -s base -b '' dsServiceName | grep 'dsServiceName: CN=NTDS Settings,CN=RAYMONBAR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=example,DC=com'
+}
+
testrenamedc2() {
$PYTHON $SRCDIR/source4/scripting/bin/renamedc \
--oldname="RAYMONBAR" \
@@ -67,6 +75,8 @@ testit "confirmrenamedc" confirmrenamedc || failed=`expr $failed + 1`
testit "confirmrenamedc_server" confirmrenamedc_server || failed=`expr $failed + 1`
testit "confirmrenamedc_sAMAccountName" confirmrenamedc_sAMAccountName || failed=`expr $failed + 1`
testit "confirmrenamedc_dNSHostName" confirmrenamedc_dNSHostName || failed=`expr $failed + 1`
+testit "confirmrenamedc_rootdse_dnsHostName" confirmrenamedc_rootdse_dnsHostName || failed=`expr $failed + 1`
+testit "confirmrenamedc_rootdse_dsServiceName" confirmrenamedc_rootdse_dsServiceName || failed=`expr $failed + 1`
testit "dbcheck" dbcheck || failed=`expr $failed + 1`
testit "renamedc2" testrenamedc2 || failed=`expr $failed + 1`
--
Samba Shared Repository
More information about the samba-cvs
mailing list