[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Sun Apr 30 01:30:03 UTC 2017
The branch, master has been updated
via 68d0c29 mit_samba: Fix principal lookup for cross domain referral
via 764e485 mit-samba: Remove obsolete mit_samba_update_pac_data()
via 0668c46 s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()
via 648388a s4-kdc: Implement mit_samba_reget_pac()
via 9c33e96 s4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MIT
via a72eecd mit-samba: Remove unused mit_samba_get_pac_data()
via bff4311 s4-kdc: Use mit_samba_get_pac() in ks_get_pac()
via e240cff s4-kdc: Implement mit_samba_get_pac()
via ecf42ce s4-kdc: Fix logging with the KDB driver
via 2a43c8d s4-torture: Fix reauth tests with smaller clockskew grace time
via 57edd3e waf: Move python build instructions to wscript
via 9b932d6 python: Add provisioning support for MIT KDC in samba-tool
via 18917d2 python: Add py_is_heimdal_built() to pyglue
via 09f84d0 selftest: Add a variable to indicate that selftest is running
via fecbc81 waf: Create kerberos_implementation.py for provisioning
via 41f0349 selftest: Skip s4u2proxy tests, no support yet
via c511313 testprogs: Add MIT Kerberos specific kpasswd blackbox test
via dce438e s4-kdc: Start the kpasswd service with MIT KDC
via ec7cdcc waf: Search for MIT kadm-server library
via a1d9e88 s4-kdc: Add MIT Kerberos specific kpasswd code
via 088f171 s4-torture: Add AES and RC4 enctype checks
via 3b0f1c2 s4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW test
via 3022307 s4-torture: Add TORTURE_KRB5_TEST_BREAK_PW test
via 5d51e4b s4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST test
via 7ad7fca s4-torture: Add KDC test harness and first test
via 6ffef6f waf: Only build KRB5 KDC tests when AD_DC build is enabled
via 8fd03be testprogs: Add test with exported keytab from samba-tool
via 1521ec4 testprogs: Add a kinit trust test for MIT KDC
via 3924426 testprogs: Add test_kinit_mit.sh test
via c761f9f s4-torture: Fix kinit of samba4.blackbox.locktest
via 8de3fd5 testprogs: Fix usage printout of bogus blackbox test
via bec3a18 testprogs: Fix test_chgdcpass blackbox test with MIT
via 612714d s4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.
via ac5427c selftest: Set clockskew grace time to 5 seconds
via c85f9b2 selftest: Setup configs for MIT KDC
via b40c920 selftest: Disable RODC tests with MIT KDC
via 687da88 selftest: Start MIT KDC if Kerberos is from MIT
via 6d19a66 waf: Do not disable the ntvfs fileserver when we have MIT DC build
via eaaf5ce param: Add 'mit kdc config' option to smb.conf
via 6eb1ff9 s4-kdc: Register the MIT irpc PAC validation service
via 6b67a39 s4-kdc: Add MIT KRB5 based irpc service for PAC validation
via 32e772b s4-kdc: Add a MIT Kerberos KDC service
via 7556c20 param: Add 'mit kdc command' to change the default.
via b5a67b9 waf: Check for MIT KDC binary
via 990cca3 mit-kdb: Update KDB vtable for DAL version 6
via a0464e3 waf: Require MIT Kerberos 1.15.1 for Samba AD
via b161e5c mit-kdb: Zero the db principal when we allocate it
via 0e84e83 samba_dnsupdate: Do not rewrite krb5.conf in selftest
via 9fee64d s3-tests: Use common functions in test_smbclient_netbios_aliases.sh
via 31491f8 testprogs: Add common kinit function
via f0e8d98 s4:torture: Fix the remote_pac test
via 89903a3 s4:selftest: Only run auth_log tests with Heimdal
from 277eac1 lsa4_srv: Factor out dcesrc_lsa_valid_AccountRight()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 68d0c295fbe0e8795bdd26589bd564542afd5a56
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jan 27 12:11:33 2017 +0100
mit_samba: Fix principal lookup for cross domain referral
Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sun Apr 30 03:29:35 CEST 2017 on sn-devel-144
commit 764e485450698844ad99ba2a661b83d3c918767e
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 26 17:07:14 2017 +0100
mit-samba: Remove obsolete mit_samba_update_pac_data()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0668c460b406622e963345badcc63a285303a7a3
Author: Andreas Schneider <asn at samba.org>
Date: Fri Sep 30 07:43:47 2016 +0200
s4-kdc: Use mit_samba_reget_pac() in ks_verify_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 648388ad001b38c766e5712eaa825b6e6d089178
Author: Andreas Schneider <asn at samba.org>
Date: Fri Sep 30 07:43:31 2016 +0200
s4-kdc: Implement mit_samba_reget_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9c33e9635e0ed3f02900c95240182cf5fb33b279
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 29 08:38:58 2016 +0200
s4-pac-glue: Do not add an empty PAC_TYPE_LOGON_NAME with MIT
MIT Kerberos will insert an empty PAC_TYPE_LOGON_NAME during
krb5_pac_sign().
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a72eecd5bf4f001b22cf46ee70752ca3be37245d
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 26 17:04:19 2017 +0100
mit-samba: Remove unused mit_samba_get_pac_data()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bff4311ec4c4a8bcc9cfbee7cbf7cf6138f0c306
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 29 02:04:00 2016 +0200
s4-kdc: Use mit_samba_get_pac() in ks_get_pac()
This adds UPN_DNS_INFO to the PAC.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e240cff59137ee3f9234f5eb0da30d70a61cc85d
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 29 02:03:35 2016 +0200
s4-kdc: Implement mit_samba_get_pac()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ecf42cef395034f8e4af704d1b064c041a023b8b
Author: Andreas Schneider <asn at samba.org>
Date: Fri Sep 30 07:41:09 2016 +0200
s4-kdc: Fix logging with the KDB driver
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2a43c8d6c732e242860051ffceecb1773ee5ad51
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 27 18:53:44 2016 +0200
s4-torture: Fix reauth tests with smaller clockskew grace time
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 57edd3e7810ffaa555004943bea31c89e043d8a2
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 23 15:08:54 2015 +0100
waf: Move python build instructions to wscript
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9b932d6a1974379f6db11159b03e2b3814bd4189
Author: Andreas Schneider <asn at samba.org>
Date: Fri Oct 9 15:06:52 2015 +0200
python: Add provisioning support for MIT KDC in samba-tool
Signed-off-by: Andreas Schneider <asn at cryptomilk.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 18917d28a90a6a15216ca05dab94553fa7faa448
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 4 08:10:52 2017 +0200
python: Add py_is_heimdal_built() to pyglue
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 09f84d0fe5ff48b53b70a1d984d9ad4b0c5b661f
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 12 21:52:23 2016 +0200
selftest: Add a variable to indicate that selftest is running
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit fecbc81c600bb5d6796a06e3f2d98229e748b387
Author: Andreas Schneider <asn at samba.org>
Date: Mon Nov 23 11:44:26 2015 +0100
waf: Create kerberos_implementation.py for provisioning
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 41f03493ec6377bd7b6430c36d7b5d01b924e48b
Author: Andreas Schneider <asn at samba.org>
Date: Mon Apr 13 15:58:14 2015 +0200
selftest: Skip s4u2proxy tests, no support yet
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c5113138a9593f801589d085f9f60a1602e32852
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 5 18:01:57 2016 +0200
testprogs: Add MIT Kerberos specific kpasswd blackbox test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dce438e18eca340c64426dcab8aab2fed724dbf5
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 8 09:58:44 2016 +0200
s4-kdc: Start the kpasswd service with MIT KDC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ec7cdcc5da27c800c83969215168bc9220a414ab
Author: Andreas Schneider <asn at samba.org>
Date: Wed Sep 7 12:29:18 2016 +0200
waf: Search for MIT kadm-server library
This is needed for plugin registration in the KDC.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a1d9e8814ad07251fcb787a330989dc788c076c2
Author: Andreas Schneider <asn at samba.org>
Date: Wed Sep 7 12:32:50 2016 +0200
s4-kdc: Add MIT Kerberos specific kpasswd code
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 088f171e935e2fda8308528527fe46a198bed0d5
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jul 1 12:33:45 2016 +0200
s4-torture: Add AES and RC4 enctype checks
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3b0f1c2712ba579f8cdb661485166e9371f5bb11
Author: Andreas Schneider <asn at samba.org>
Date: Tue Jul 5 16:16:17 2016 +0200
s4-torture: Add TORTURE_KRB5_TEST_CLOCK_SKEW test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3022307a6308bd59e66610a092c35a074a106a7e
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 4 16:37:08 2016 +0200
s4-torture: Add TORTURE_KRB5_TEST_BREAK_PW test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5d51e4b39b40b4806dd7734c69e7085514d92de1
Author: Andreas Schneider <asn at samba.org>
Date: Mon Jul 4 11:35:19 2016 +0200
s4-torture: Add TORTURE_KRB5_TEST_PAC_REQUEST test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7ad7fca68361617a43d8a7b5129430531fa5ca7f
Author: Andreas Schneider <asn at samba.org>
Date: Fri May 13 09:36:34 2016 +0200
s4-torture: Add KDC test harness and first test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6ffef6f5ae90e9c060494c338b0ec0eff4a68146
Author: Andreas Schneider <asn at samba.org>
Date: Tue Apr 25 08:32:01 2017 +0200
waf: Only build KRB5 KDC tests when AD_DC build is enabled
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8fd03be2760c9904595a1b1ead5a770589fdd8b1
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 10 14:35:23 2016 +0100
testprogs: Add test with exported keytab from samba-tool
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1521ec4083dcb5f86b7b5609b89c3957cb4b8298
Author: Andreas Schneider <asn at samba.org>
Date: Mon Feb 15 08:22:58 2016 +0100
testprogs: Add a kinit trust test for MIT KDC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3924426785743404a98731f6c636326d7c4a8f32
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 14 16:41:36 2016 +0100
testprogs: Add test_kinit_mit.sh test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c761f9f7d27156f18b3c87103393f49cc5fb2735
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 22 12:00:21 2015 +0200
s4-torture: Fix kinit of samba4.blackbox.locktest
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8de3fd59e049c704eef36351568d1cba8f50c7a8
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 22 15:39:45 2015 +0200
testprogs: Fix usage printout of bogus blackbox test
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bec3a18999535fa58aafdce76539859c473b309e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 22 15:19:10 2015 +0200
testprogs: Fix test_chgdcpass blackbox test with MIT
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 612714d109e25df597b7ef8ad2b8c4b9ef00ed71
Author: Günther Deschner <gd at samba.org>
Date: Sat Feb 7 12:48:54 2015 +0100
s4-torture: disable s4u2self/proxy remote pac tests for MIT build for now.
Guenther
Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ac5427c6eba09134411f76a5e6f7e2643fa74eed
Author: Andreas Schneider <asn at samba.org>
Date: Mon Sep 26 18:51:33 2016 +0200
selftest: Set clockskew grace time to 5 seconds
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c85f9b24ce94427f2e5dc70efc91848a57ceff66
Author: Andreas Schneider <asn at samba.org>
Date: Wed Apr 30 09:32:49 2014 +0200
selftest: Setup configs for MIT KDC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b40c92016f56cf3cdba09a7f3ea6b4a68f781d4d
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 20 12:43:38 2016 +0200
selftest: Disable RODC tests with MIT KDC
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 687da88590559403993e3d58bcea22ecb1ba7aa7
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 5 13:27:58 2014 +0200
selftest: Start MIT KDC if Kerberos is from MIT
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6d19a66cf866197f17f9abe27387ae045daf0517
Author: Andreas Schneider <asn at samba.org>
Date: Fri Dec 4 08:12:03 2015 +0100
waf: Do not disable the ntvfs fileserver when we have MIT DC build
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit eaaf5ce66e32d05b0a649619986d67ab6176a27a
Author: Andreas Schneider <asn at samba.org>
Date: Wed Oct 7 14:36:57 2015 +0200
param: Add 'mit kdc config' option to smb.conf
This points to the kdc config file created by Samba by default.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6eb1ff9b47c7041b0bdc9833bb6046f77d7ca6e4
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 8 09:56:37 2016 +0200
s4-kdc: Register the MIT irpc PAC validation service
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6b67a39f9f190058362d9d49b6a021bb9d012005
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 8 09:55:41 2016 +0200
s4-kdc: Add MIT KRB5 based irpc service for PAC validation
Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 32e772b4b9bb8874c64819ce3f36884ce5242339
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 8 09:46:52 2016 +0200
s4-kdc: Add a MIT Kerberos KDC service
This starts the krb5kdc binary shipped with MIT Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7556c20d4bf90bfcc288ba1c82008105eaf8f261
Author: Andreas Schneider <asn at samba.org>
Date: Mon Apr 28 15:22:34 2014 +0200
param: Add 'mit kdc command' to change the default.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b5a67b9d24ceb84cf00721770d31c82196dafa56
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jul 23 13:49:09 2015 +0200
waf: Check for MIT KDC binary
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 990cca36b132e830a6b471c7c67f44f411da2e23
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 26 16:52:15 2017 +0100
mit-kdb: Update KDB vtable for DAL version 6
This changed between 1.14 and 1.15. Also the 1.15 change removed the
ability that the KDB module can free memory. This caused issues of
serveral projects. It got fixed with 1.15.1.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a0464e3f8765f702891491c33da9d420f65728c0
Author: Andreas Schneider <asn at samba.org>
Date: Fri Jan 20 09:14:03 2017 +0100
waf: Require MIT Kerberos 1.15.1 for Samba AD
Are build without AD DC still only requried MIT Kerberos 1.9.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b161e5c923047168a854bcb911b38c9b48c6707f
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jan 26 16:54:30 2017 +0100
mit-kdb: Zero the db principal when we allocate it
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0e84e8325219a2408ab0c58af56f228b02ae31d4
Author: Andreas Schneider <asn at samba.org>
Date: Thu Jul 30 17:38:34 2015 +0200
samba_dnsupdate: Do not rewrite krb5.conf in selftest
The samba_dnsupdate script is responsible to provision the DNS entries.
The private krb5.conf uses dns lookups to find the KDC to acquire a
Kerberos ticket. Obviously this will fail because currently we are are
in the process of adding the DNS entries for the KDC.
If we are inside of selftest we need to use the krb5.conf created by
selftest itself.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9fee64d0e658ad3690c539fa68de4e29081b6840
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 13 08:24:41 2016 +0200
s3-tests: Use common functions in test_smbclient_netbios_aliases.sh
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 31491f8bb407ebe5dd976b6d1cad3d7d31080bd4
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 13 08:24:06 2016 +0200
testprogs: Add common kinit function
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit f0e8d98b79bf50a21bbdd2cf3ec5f993495ee9b0
Author: Andreas Schneider <asn at samba.org>
Date: Wed Dec 21 19:08:58 2016 +0100
s4:torture: Fix the remote_pac test
All the Kerberos implementation do not expect an order of the pac
buffer. The buffers are not processed in the oder they are sent but when
required just located.
I confirmed this with MS at the IO Lab.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 89903a38dc786a499b22c2b42352dfa740177f8a
Author: Andreas Schneider <asn at samba.org>
Date: Fri Apr 28 09:50:11 2017 +0200
s4:selftest: Only run auth_log tests with Heimdal
They have only been created against Samba AD with Heimdal Kerberos.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 3 +
docs-xml/smbdotconf/generate-file-list.sh | 1 +
docs-xml/smbdotconf/security/mitkdccommand.xml | 16 +
docs-xml/smbdotconf/security/mitkdcconfig.xml | 14 +
docs-xml/wscript_build | 9 +
lib/param/loadparm.c | 5 +
python/pyglue.c | 11 +
python/samba/__init__.py | 1 +
python/samba/netcmd/domain.py | 15 +-
python/samba/provision/__init__.py | 18 +-
python/samba/provision/kerberos.py | 101 +++
python/samba/tests/docs.py | 3 +-
python/wscript | 89 +++
python/wscript_build | 36 -
selftest/selftest.pl | 8 +
selftest/skip_mit_kdc | 5 +
selftest/target/Samba.pm | 56 ++
selftest/target/Samba4.pm | 8 +
selftest/wscript | 3 +
source3/param/loadparm.c | 4 +
.../script/tests/test_smbclient_netbios_aliases.sh | 20 +-
source4/kdc/kdc-service-mit.c | 356 ++++++++++
.../ndr_krb5pac.h => source4/kdc/kdc-service-mit.h | 11 +-
...swd-service-heimdal.c => kpasswd-service-mit.c} | 116 ++--
source4/kdc/mit-kdb/kdb_samba.c | 92 ++-
source4/kdc/mit-kdb/kdb_samba.h | 6 -
source4/kdc/mit-kdb/kdb_samba_common.c | 48 --
source4/kdc/mit-kdb/kdb_samba_policies.c | 80 +--
source4/kdc/mit-kdb/kdb_samba_principals.c | 33 +-
source4/kdc/mit_kdc_irpc.c | 200 ++++++
.../close_low_fd.h => source4/kdc/mit_kdc_irpc.h | 14 +-
source4/kdc/mit_samba.c | 535 +++++++++++++--
source4/kdc/mit_samba.h | 28 +-
source4/kdc/pac-glue.c | 13 +-
source4/kdc/sdb_to_kdb.c | 16 +-
source4/kdc/wscript_build | 75 ++-
source4/scripting/bin/samba_dnsupdate | 11 +-
source4/selftest/tests.py | 11 +-
source4/torture/krb5/kdc-mit.c | 746 ++++++++++++++++++++-
source4/torture/krb5/wscript_build | 34 +-
source4/torture/raw/session.c | 8 +-
source4/torture/rpc/remote_pac.c | 78 ++-
source4/torture/smb2/session.c | 4 +-
source4/torture/tests/test_locktest.sh | 2 +-
testprogs/blackbox/bogus.sh | 2 +-
testprogs/blackbox/common_test_fns.inc | 16 +
testprogs/blackbox/test_chgdcpass.sh | 16 +-
testprogs/blackbox/test_export_keytab_mit.sh | 127 ++++
testprogs/blackbox/test_kinit_mit.sh | 310 +++++++++
testprogs/blackbox/test_kinit_trusts_mit.sh | 139 ++++
...test_kpasswd_heimdal.sh => test_kpasswd_mit.sh} | 118 ++--
wscript | 16 +-
wscript_configure_system_mitkrb5 | 47 +-
53 files changed, 3204 insertions(+), 530 deletions(-)
create mode 100644 docs-xml/smbdotconf/security/mitkdccommand.xml
create mode 100644 docs-xml/smbdotconf/security/mitkdcconfig.xml
create mode 100644 python/samba/provision/kerberos.py
create mode 100644 python/wscript
delete mode 100644 python/wscript_build
create mode 100644 selftest/skip_mit_kdc
create mode 100644 source4/kdc/kdc-service-mit.c
copy librpc/ndr/ndr_krb5pac.h => source4/kdc/kdc-service-mit.h (74%)
copy source4/kdc/{kpasswd-service-heimdal.c => kpasswd-service-mit.c} (77%)
create mode 100644 source4/kdc/mit_kdc_irpc.c
copy lib/util/close_low_fd.h => source4/kdc/mit_kdc_irpc.h (78%)
create mode 100755 testprogs/blackbox/test_export_keytab_mit.sh
create mode 100755 testprogs/blackbox/test_kinit_mit.sh
create mode 100755 testprogs/blackbox/test_kinit_trusts_mit.sh
copy testprogs/blackbox/{test_kpasswd_heimdal.sh => test_kpasswd_mit.sh} (65%)
Changeset truncated at 500 lines:
diff --git a/.gitignore b/.gitignore
index 1a43d43..f8d4eab 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,3 +65,6 @@ semantic.cache
/.emacs.desktop*
/.gdb_history
.clang-format
+
+# generated by configure
+python/samba/provision/kerberos_implementation.py
diff --git a/docs-xml/smbdotconf/generate-file-list.sh b/docs-xml/smbdotconf/generate-file-list.sh
index 9cfcd42..4a25f1e 100755
--- a/docs-xml/smbdotconf/generate-file-list.sh
+++ b/docs-xml/smbdotconf/generate-file-list.sh
@@ -15,6 +15,7 @@ echo "<!DOCTYPE section [
<!ENTITY pathconfig.WINBINDD_SOCKET_DIR '\${prefix}/var/run/winbindd'>
<!ENTITY pathconfig.CACHEDIR '\${prefix}/var/cache'>
<!ENTITY pathconfig.NTP_SIGND_SOCKET_DIR '\${prefix}/var/lib/ntp_signd'>
+<!ENTITY pathconfig.MITKDCPATH '\${prefix}/sbin/krb5kdc'>
]>"
DIR=.
diff --git a/docs-xml/smbdotconf/security/mitkdccommand.xml b/docs-xml/smbdotconf/security/mitkdccommand.xml
new file mode 100644
index 0000000..c8272de
--- /dev/null
+++ b/docs-xml/smbdotconf/security/mitkdccommand.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="mit kdc command"
+ context="G"
+ type="list"
+ advanced="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This option specifies the path to the MIT kdc binary.</para>
+
+ <para>If the KDC is not installed in the default location and wasn't
+ correctly detected during build then you should modify this variable and
+ point it to the correct binary.</para>
+</description>
+
+<value type="default">&pathconfig.MITKDCPATH;</value>
+<value type="example">/opt/mit/sbin/krb5kdc</value>
+</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/mitkdcconfig.xml b/docs-xml/smbdotconf/security/mitkdcconfig.xml
new file mode 100644
index 0000000..4dd9f9b
--- /dev/null
+++ b/docs-xml/smbdotconf/security/mitkdcconfig.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="mit kdc config"
+ context="G"
+ type="string"
+ advanced="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ This option allows to use a different MIT KDC config file than using
+ the system default.
+ </para>
+</description>
+
+<value type="example">/etc/samba/kdc.conf</value>
+</samba:parameter>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 0b690a8..cbc09a5 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -111,6 +111,15 @@ def smbdotconf_generate_parameter_list(task):
for entity in entities:
t += "%s\n" % entity
+ # We need this if we build with Heimdal
+ mit_kdc_path = '"/usr/sbin/krb5kdc"'
+
+ # The MIT krb5kdc path is set if we build with MIT Kerberos
+ if bld.CONFIG_SET('MIT_KDC_PATH'):
+ mit_kdc_path = bld.CONFIG_GET('MIT_KDC_PATH')
+
+ t += "<!ENTITY pathconfig.MITKDCPATH %s>\n" % mit_kdc_path
+
t += "]>\n"
t += "<section>\n"
for article in articles:
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index c8a8b6d..860f3e2 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2732,6 +2732,11 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
lpcfg_do_global_parameter_var(lp_ctx, "spn update command", "%s/samba_spnupdate", dyn_SCRIPTSBINDIR);
lpcfg_do_global_parameter_var(lp_ctx, "samba kcc command",
"%s/samba_kcc", dyn_SCRIPTSBINDIR);
+#ifdef MIT_KDC_PATH
+ lpcfg_do_global_parameter_var(lp_ctx,
+ "mit kdc command",
+ MIT_KDC_PATH);
+#endif
lpcfg_do_global_parameter(lp_ctx, "template shell", "/bin/false");
lpcfg_do_global_parameter(lp_ctx, "template homedir", "/home/%D/%U");
diff --git a/python/pyglue.c b/python/pyglue.c
index 2bb6247..07cde49 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -152,6 +152,15 @@ static PyObject *py_is_ntvfs_fileserver_built(PyObject *self)
#endif
}
+static PyObject *py_is_heimdal_built(PyObject *self)
+{
+#ifdef SAMBA4_USES_HEIMDAL
+ Py_RETURN_TRUE;
+#else
+ Py_RETURN_FALSE;
+#endif
+}
+
/*
return the list of interface IPs we have configured
takes an loadparm context, returns a list of IPs in string form
@@ -307,6 +316,8 @@ static PyMethodDef py_misc_methods[] = {
"(for testing) find one string in another with Samba's strstr_m()"},
{ "is_ntvfs_fileserver_built", (PyCFunction)py_is_ntvfs_fileserver_built, METH_NOARGS,
"is the NTVFS file server built in this installation?" },
+ { "is_heimdal_built", (PyCFunction)py_is_heimdal_built, METH_NOARGS,
+ "is Samba built with Heimdal Kerberbos?" },
{ NULL }
};
diff --git a/python/samba/__init__.py b/python/samba/__init__.py
index 67aa823..6f79b3c 100644
--- a/python/samba/__init__.py
+++ b/python/samba/__init__.py
@@ -391,6 +391,7 @@ generate_random_machine_password = _glue.generate_random_machine_password
strcasecmp_m = _glue.strcasecmp_m
strstr_m = _glue.strstr_m
is_ntvfs_fileserver_built = _glue.is_ntvfs_fileserver_built
+is_heimdal_built = _glue.is_heimdal_built
NTSTATUSError = _glue.NTSTATUSError
HRESULTError = _glue.HRESULTError
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 4bd99ba..bfc4772 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -87,6 +87,9 @@ from samba.provision import (
ProvisioningError
)
+from samba.provision.kerberos_implementation import (
+ kdc_default_config_dir)
+
from samba.provision.common import (
FILL_FULL,
FILL_NT4SYNC,
@@ -263,12 +266,20 @@ class cmd_domain_provision(Command):
default="auto")
]
+ kdc_options = [
+ Option("--kdc-config-dir", type="string", metavar="KDC-CONFIG-DIR",
+ help="Set the MIT KDC config directory (default='%s')" % kdc_default_config_dir),
+ ]
+
if os.getenv('TEST_LDAP', "no") == "yes":
takes_options.extend(openldap_options)
if samba.is_ntvfs_fileserver_built():
takes_options.extend(ntvfs_options)
+ if not samba.is_heimdal_built():
+ takes_options.extend(kdc_options)
+
takes_args = []
def run(self, sambaopts=None, versionopts=None,
@@ -304,6 +315,7 @@ class cmd_domain_provision(Command):
use_xattrs="auto",
slapd_path=None,
use_ntvfs=False,
+ kdc_config_dir=None,
use_rfc2307=None,
ldap_backend_nosync=None,
ldap_backend_extra_port=None,
@@ -471,7 +483,8 @@ class cmd_domain_provision(Command):
use_rfc2307=use_rfc2307, skip_sysvolacl=False,
ldap_backend_extra_port=ldap_backend_extra_port,
ldap_backend_forced_uri=ldap_backend_forced_uri,
- nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
+ nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode,
+ kdcconfdir=kdc_config_dir)
except ProvisioningError, e:
raise CommandError("Provision failed", e)
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index f8e4696..b001c54 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -118,7 +118,7 @@ import samba.registry
from samba.schema import Schema
from samba.samdb import SamDB
from samba.dbchecker import dbcheck
-
+from samba.provision.kerberos import make_kdcconf
DEFAULT_POLICY_GUID = "31B2F340-016D-11D2-945F-00C04FB984F9"
DEFAULT_DC_POLICY_GUID = "6AC1786C-016F-11D2-945F-00C04FB984F9"
@@ -668,10 +668,9 @@ def guess_names(lp=None, hostname=None, domain=None, dnsdomain=None,
return names
-
def make_smbconf(smbconf, hostname, domain, realm, targetdir,
serverrole=None, eadb=False, use_ntvfs=False, lp=None,
- global_param=None):
+ global_param=None, kdcconfdir=None):
"""Create a new smb.conf file based on a couple of basic settings.
"""
assert smbconf is not None
@@ -732,6 +731,11 @@ def make_smbconf(smbconf, hostname, domain, realm, targetdir,
statedir = lp.get("state directory")
lp.set("xattr_tdb:file", os.path.abspath(os.path.join(statedir, "xattr.tdb")))
+ make_kdcconf(realm, domain, kdcconfdir, os.path.dirname(lp.get("log file")))
+ if kdcconfdir is not None:
+ kdcconf = "%s/kdc.conf" % kdcconfdir
+ lp.set("mit kdc config", kdcconf)
+
shares = {}
if serverrole == "active directory domain controller":
shares["sysvol"] = os.path.join(lp.get("state directory"), "sysvol")
@@ -1925,7 +1929,7 @@ def provision_fake_ypserver(logger, samdb, domaindn, netbiosname, nisdomain,
samdb.transaction_commit()
-def provision(logger, session_info, smbconf=None,
+def provision(logger, session_info, smbconf=None, kdcconfdir=None,
targetdir=None, samdb_fill=FILL_FULL, realm=None, rootdn=None,
domaindn=None, schemadn=None, configdn=None, serverdn=None,
domain=None, hostname=None, hostip=None, hostip6=None, domainsid=None,
@@ -2009,11 +2013,13 @@ def provision(logger, session_info, smbconf=None,
make_smbconf(smbconf, hostname, domain, realm,
targetdir, serverrole=serverrole,
eadb=useeadb, use_ntvfs=use_ntvfs,
- lp=lp, global_param=global_param)
+ lp=lp, global_param=global_param,
+ kdcconfdir=kdcconfdir)
else:
make_smbconf(smbconf, hostname, domain, realm, targetdir,
serverrole=serverrole,
- eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param)
+ eadb=useeadb, use_ntvfs=use_ntvfs, lp=lp, global_param=global_param,
+ kdcconfdir=kdcconfdir)
if lp is None:
lp = samba.param.LoadParm()
diff --git a/python/samba/provision/kerberos.py b/python/samba/provision/kerberos.py
new file mode 100644
index 0000000..f874ff6
--- /dev/null
+++ b/python/samba/provision/kerberos.py
@@ -0,0 +1,101 @@
+# Unix SMB/CIFS implementation
+#
+# Backend code for provisioning a Samba AD server
+#
+# Copyright (c) 2015 Andreas Schneider <asn at samba.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+from samba.provision.kerberos_implementation import (
+ kdb_modules_dir,
+ kdc_default_config_dir)
+from samba import _glue
+import os
+
+def make_kdcconf(realm, domain, kdcconfdir, logdir):
+
+ if _glue.is_heimdal_built:
+ return
+
+ # Do nothing if kdc.conf has been set
+ if 'KRB5_KDC_PROFILE' in os.environ:
+ return
+
+ # We are in selftest
+ if 'SAMBA_SELFTEST' in os.environ and 'MITKRB5' in os.environ:
+ return
+
+ # If not specified use the default
+ if kdcconfdir is None:
+ kdcconfdir = kdc_default_config_dir
+
+ kdcconf = "%s/kdc.conf" % kdcconfdir
+
+ assert domain is not None
+ domain = domain.upper()
+
+ assert realm is not None
+ realm = realm.upper()
+
+ f = open(kdcconf, 'w')
+ try:
+ f.write("[kdcdefaults]\n")
+
+ f.write("\tkdc_ports = 88\n")
+ f.write("\tkdc_tcp_ports = 88\n")
+ f.write("\tkadmind_port = 464\n")
+ f.write("\n")
+
+ f.write("[realms]\n")
+
+ f.write("\t%s = {\n" % realm)
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("\t%s = {\n" % realm.lower())
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("\t%s = {\n" % domain)
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("[dbmodules]\n")
+
+ f.write("\tdb_modules_dir = %s\n" % kdb_modules_dir)
+ f.write("\n")
+
+ f.write("\t%s = {\n" % realm)
+ f.write("\t\tdb_library = samba\n")
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("\t%s = {\n" % realm.lower())
+ f.write("\t\tdb_library = samba\n")
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("\t%s = {\n" % domain)
+ f.write("\t\tdb_library = samba\n")
+ f.write("\t}\n")
+ f.write("\n")
+
+ f.write("[logging]\n")
+
+ f.write("\tkdc = FILE:%s/mit_kdc.log\n" % logdir)
+ f.write("\tadmin_server = FILE:%s/mit_kadmin.log\n" % logdir)
+ f.write("\n")
+ finally:
+ f.close()
diff --git a/python/samba/tests/docs.py b/python/samba/tests/docs.py
index 202619a..521efe5 100644
--- a/python/samba/tests/docs.py
+++ b/python/samba/tests/docs.py
@@ -108,7 +108,8 @@ class SmbDotConfTests(TestCase):
'lprm command', 'lpq command', 'print command', 'template homedir',
'spoolss: os_major', 'spoolss: os_minor', 'spoolss: os_build',
'max open files', 'fss: prune stale', 'fss: sequence timeout',
- 'include system krb5 conf', 'rpc server dynamic port range'])
+ 'include system krb5 conf', 'rpc server dynamic port range',
+ 'mit kdc command'])
def setUp(self):
super(SmbDotConfTests, self).setUp()
diff --git a/python/wscript b/python/wscript
new file mode 100644
index 0000000..687a268
--- /dev/null
+++ b/python/wscript
@@ -0,0 +1,89 @@
+#!/usr/bin/env python
+
+import os
+
+def configure(conf):
+ kerberos_py = conf.srcdir + "/python/samba/provision/kerberos_implementation.py"
+
+ f = open(kerberos_py, 'w')
+ try:
+ header = """#
+# Copyright (c) 2016 Andreas Schneider <asn at samba.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+"""
+ f.write(header)
+
+ data = """kdb_modules_dir = "{0}"
+kdc_default_config_dir = "{1}"
+"""
+
+ if conf.env.HEIMDAL_KRB5_CONFIG:
+ f.write(data.format("", ""))
+ else:
+ modulesdir = "%s/krb5/plugins/kdb" % conf.env.LIBDIR
+ paths = [ "/var/kerberos/krb5kdc", "/var/lib/kerberos/krb5kdc" ]
+ kdc_path = None
+ for p in paths:
+ if os.path.exists(p):
+ kdc_path = p
+
+ f.write(data.format(modulesdir, kdc_path))
+ finally:
+ f.close()
+
+def build(bld):
+ bld.SAMBA_LIBRARY('samba_python',
+ source=[],
+ deps='''
+ LIBPYTHON
+ pytalloc-util
+ pyrpc_util
+ ''',
+ grouping_library=True,
+ private_library=True,
+ pyembed=True,
+ enabled=bld.PYTHON_BUILD_IS_ENABLED())
+
+ bld.SAMBA_SUBSYSTEM('LIBPYTHON',
+ source='modules.c',
+ public_deps='',
+ init_function_sentinel='{NULL,NULL}',
+ deps='talloc',
+ pyext=True,
+ enabled=bld.PYTHON_BUILD_IS_ENABLED())
+
+ for env in bld.gen_python_environments():
+ pytalloc_util = bld.pyembed_libname('pytalloc-util')
+ pyparam_util = bld.pyembed_libname('pyparam_util')
+
+ bld.SAMBA_PYTHON('python_glue',
+ source='pyglue.c',
+ deps='''
+ %s
+ samba-util
+ netif
+ %s
+ ''' % (pyparam_util, pytalloc_util),
+ realname='samba/_glue.so')
+
+ if bld.PYTHON_BUILD_IS_ENABLED():
+ for env in bld.gen_python_environments():
+ # install out various python scripts for use by make test
+ bld.SAMBA_SCRIPT('samba_python_files',
+ pattern='samba/**/*.py',
+ installdir='python')
+
+ bld.INSTALL_WILDCARD('${PYTHONARCHDIR}', 'samba/**/*.py', flat=False)
diff --git a/python/wscript_build b/python/wscript_build
deleted file mode 100644
index 87da26f..0000000
--- a/python/wscript_build
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/usr/bin/env python
-
-bld.SAMBA_LIBRARY('samba_python',
- source=[],
- deps='LIBPYTHON pytalloc-util pyrpc_util',
- grouping_library=True,
- private_library=True,
- pyembed=True,
- enabled=bld.PYTHON_BUILD_IS_ENABLED())
-
-bld.SAMBA_SUBSYSTEM('LIBPYTHON',
- source='modules.c',
- public_deps='',
- init_function_sentinel='{NULL,NULL}',
- deps='talloc',
- pyext=True,
- enabled=bld.PYTHON_BUILD_IS_ENABLED())
-
-for env in bld.gen_python_environments():
- pytalloc_util = bld.pyembed_libname('pytalloc-util')
- pyparam_util = bld.pyembed_libname('pyparam_util')
--
Samba Shared Repository
More information about the samba-cvs
mailing list