[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Nov 5 00:18:03 UTC 2020
The branch, master has been updated
via 8aebd48698e bootstrap: Add Fedora 33
via 005435dc4d7 tests python krb5: Add python kerberos canonicalization tests
via 41c8aa4b991 tests python krb5: Add canonicalize flag to ASN1
via b14dca7c1c0 tests python krb5: Make PrincipalName_create a class method
via 04248f5e868 selftest: add mit kdc specific known fail
from a51cda69ec6 s3-vfs_glusterfs: always disable write-behind translator
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8aebd48698e3d41f3d27a5c4710729387760c6d4
Author: Andreas Schneider <asn at samba.org>
Date: Wed Nov 4 16:15:16 2020 +0100
bootstrap: Add Fedora 33
This removes Fedora 31 support.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Nov 5 00:17:55 UTC 2020 on sn-devel-184
commit 005435dc4d7de9d442c7513edec8c782fe20fda3
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Oct 27 09:32:21 2020 +1300
tests python krb5: Add python kerberos canonicalization tests
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 41c8aa4b991aad306d731b08d068c480eb5c7fed
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Oct 27 09:31:24 2020 +1300
tests python krb5: Add canonicalize flag to ASN1
Add the canonicalize flag to KerberosFlags, so that it can be used in
python based canonicalization tests.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b14dca7c1c063e069517ff01b33c63a000d398c3
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Oct 27 09:29:56 2020 +1300
tests python krb5: Make PrincipalName_create a class method
Make PrincipalName_create a class method, so it can be used in helper
classes.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 04248f5e868d38498bdc8f9705c9a60fcfe79c09
Author: Gary Lockyer <gary at catalyst.net.nz>
Date: Tue Nov 3 09:25:48 2020 +1300
selftest: add mit kdc specific known fail
Add a MIT kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci.yml | 16 +-
bootstrap/.gitlab-ci.yml | 4 +-
bootstrap/config.py | 18 +-
bootstrap/generated-dists/Vagrantfile | 14 +-
.../{fedora31 => fedora33}/Dockerfile | 2 +-
.../{fedora31 => fedora33}/bootstrap.sh | 1 +
.../{fedora31 => fedora33}/locale.sh | 0
.../{fedora31 => fedora33}/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
.../samba/tests/krb5/as_canonicalization_tests.py | 499 +++++++++++++++++++++
python/samba/tests/krb5/raw_testcase.py | 1 +
python/samba/tests/krb5/rfc4120.asn1 | 8 +-
python/samba/tests/krb5/rfc4120_pyasn1.py | 4 +-
python/samba/tests/usage.py | 1 +
selftest/knownfail_mit_kdc | 144 ++++++
selftest/wscript | 2 +
source4/selftest/tests.py | 1 +
17 files changed, 687 insertions(+), 31 deletions(-)
rename bootstrap/generated-dists/{fedora31 => fedora33}/Dockerfile (92%)
rename bootstrap/generated-dists/{fedora31 => fedora33}/bootstrap.sh (98%)
rename bootstrap/generated-dists/{fedora31 => fedora33}/locale.sh (100%)
rename bootstrap/generated-dists/{fedora31 => fedora33}/packages.yml (98%)
create mode 100755 python/samba/tests/krb5/as_canonicalization_tests.py
create mode 100644 selftest/knownfail_mit_kdc
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8fad80033b4..77c57135b86 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -32,7 +32,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: 86279163d150fb95742f4b34fce0dfc1a639f5de
+ SAMBA_CI_CONTAINER_TAG: 446341a5c66a0cd04cac694991e4522385389e0f
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
@@ -50,8 +50,8 @@ variables:
SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG}
- SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_fedora32: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora32:${SAMBA_CI_CONTAINER_TAG}
+ SAMBA_CI_CONTAINER_IMAGE_fedora33: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora33:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG}
SAMBA_CI_CONTAINER_IMAGE_centos8: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos8:${SAMBA_CI_CONTAINER_TAG}
@@ -193,7 +193,7 @@ samba-ad-dc-4-mitkrb5:
samba-fips:
stage: build_first
extends: .shared_template
- image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
+ image: $SAMBA_CI_CONTAINER_IMAGE_fedora33
.private_template:
extends: .shared_template
@@ -274,7 +274,7 @@ pages:
# Coverity Scan
coverity:
stage: build
- image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
+ image: $SAMBA_CI_CONTAINER_IMAGE_fedora33
tags:
- docker
- shared
@@ -351,14 +351,14 @@ centos8-samba-o3:
extends: .samba-o3-template
image: $SAMBA_CI_CONTAINER_IMAGE_centos8
-fedora31-samba-o3:
- extends: .samba-o3-template
- image: $SAMBA_CI_CONTAINER_IMAGE_fedora31
-
fedora32-samba-o3:
extends: .samba-o3-template
image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
+fedora33-samba-o3:
+ extends: .samba-o3-template
+ image: $SAMBA_CI_CONTAINER_IMAGE_fedora33
+
#
# Keep the samba-o3 sections at the end ...
#
diff --git a/bootstrap/.gitlab-ci.yml b/bootstrap/.gitlab-ci.yml
index d6cf02109fd..e9249f151a6 100644
--- a/bootstrap/.gitlab-ci.yml
+++ b/bootstrap/.gitlab-ci.yml
@@ -99,10 +99,10 @@ ubuntu2004:
debian10:
extends: .build_image_template
-fedora31:
+fedora32:
extends: .build_image_template
-fedora32:
+fedora33:
extends: .build_image_template
centos8:
diff --git a/bootstrap/config.py b/bootstrap/config.py
index 43f89cf9efc..fa313728f55 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -150,6 +150,7 @@ PKGS = [
('libjson-perl', 'perl-JSON'),
('', 'perl-JSON-Parse'),
('perl-modules', ''),
+ ('', 'perl-FindBin'),
('', 'perl-Archive-Tar'),
('', 'perl-ExtUtils-MakeMaker'),
('', 'perl-Test-Base'),
@@ -443,6 +444,7 @@ RPM_DISTS = {
# update perl core modules on centos
# fix: Can't locate Archive/Tar.pm in @INC
'perl': 'perl-core',
+ 'perl-FindBin': '',
'rpcsvc-proto-devel': '',
'glusterfs-api-devel': '',
'glusterfs-devel': '',
@@ -462,23 +464,25 @@ RPM_DISTS = {
'lcov': '', # does not exist
'perl-JSON-Parse': '', # does not exist?
'perl-Test-Base': 'perl-Test-Simple',
+ 'perl-FindBin': '',
'policycoreutils-python': 'python3-policycoreutils',
'liburing-devel': '', # not available yet, Add me back, once available!
}
},
- 'fedora31': {
- 'docker_image': 'fedora:31',
- 'vagrant_box': 'fedora/31-cloud-base',
+ 'fedora32': {
+ 'docker_image': 'fedora:32',
+ 'vagrant_box': 'fedora/32-cloud-base',
'bootstrap': DNF_BOOTSTRAP,
'replace': {
'lsb-release': 'redhat-lsb',
'libsemanage-python': 'python3-libsemanage',
'policycoreutils-python': 'python3-policycoreutils',
+ 'perl-FindBin': '',
}
},
- 'fedora32': {
- 'docker_image': 'fedora:32',
- 'vagrant_box': 'fedora/32-cloud-base',
+ 'fedora33': {
+ 'docker_image': 'fedora:33',
+ 'vagrant_box': 'fedora/33-cloud-base',
'bootstrap': DNF_BOOTSTRAP,
'replace': {
'lsb-release': 'redhat-lsb',
@@ -507,6 +511,7 @@ RPM_DISTS = {
'perl-JSON-Parse': 'perl-JSON-XS',
'perl-generators': '',
'perl-interpreter': '',
+ 'perl-FindBin': '',
'procps-ng': 'procps',
'python3-dns': 'python3-dnspython',
'python3-markdown': 'python3-Markdown',
@@ -538,6 +543,7 @@ RPM_DISTS = {
'perl-JSON-Parse': 'perl-JSON-XS',
'perl-generators': '',
'perl-interpreter': '',
+ 'perl-FindBin': '',
'procps-ng': 'procps',
'python3-dns': 'python3-dnspython',
'python3-markdown': 'python3-Markdown',
diff --git a/bootstrap/generated-dists/Vagrantfile b/bootstrap/generated-dists/Vagrantfile
index e01c20bc161..c6f59667f50 100644
--- a/bootstrap/generated-dists/Vagrantfile
+++ b/bootstrap/generated-dists/Vagrantfile
@@ -31,13 +31,6 @@ Vagrant.configure("2") do |config|
v.vm.provision :shell, path: "debian10/locale.sh"
end
- config.vm.define "fedora31" do |v|
- v.vm.box = "fedora/31-cloud-base"
- v.vm.hostname = "fedora31"
- v.vm.provision :shell, path: "fedora31/bootstrap.sh"
- v.vm.provision :shell, path: "fedora31/locale.sh"
- end
-
config.vm.define "fedora32" do |v|
v.vm.box = "fedora/32-cloud-base"
v.vm.hostname = "fedora32"
@@ -45,6 +38,13 @@ Vagrant.configure("2") do |config|
v.vm.provision :shell, path: "fedora32/locale.sh"
end
+ config.vm.define "fedora33" do |v|
+ v.vm.box = "fedora/33-cloud-base"
+ v.vm.hostname = "fedora33"
+ v.vm.provision :shell, path: "fedora33/bootstrap.sh"
+ v.vm.provision :shell, path: "fedora33/locale.sh"
+ end
+
config.vm.define "opensuse150" do |v|
v.vm.box = "opensuse/openSUSE-15.0-x86_64"
v.vm.hostname = "opensuse150"
diff --git a/bootstrap/generated-dists/fedora31/Dockerfile b/bootstrap/generated-dists/fedora33/Dockerfile
similarity index 92%
rename from bootstrap/generated-dists/fedora31/Dockerfile
rename to bootstrap/generated-dists/fedora33/Dockerfile
index ff8d0b435c8..c4632344a09 100644
--- a/bootstrap/generated-dists/fedora31/Dockerfile
+++ b/bootstrap/generated-dists/fedora33/Dockerfile
@@ -3,7 +3,7 @@
# See also bootstrap/config.py
#
-FROM fedora:31
+FROM fedora:33
# pass in with --build-arg while build
ARG SHA1SUM
diff --git a/bootstrap/generated-dists/fedora31/bootstrap.sh b/bootstrap/generated-dists/fedora33/bootstrap.sh
similarity index 98%
rename from bootstrap/generated-dists/fedora31/bootstrap.sh
rename to bootstrap/generated-dists/fedora33/bootstrap.sh
index 18fbfefedbc..d7e77eab255 100755
--- a/bootstrap/generated-dists/fedora31/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora33/bootstrap.sh
@@ -74,6 +74,7 @@ dnf install -y \
perl \
perl-Archive-Tar \
perl-ExtUtils-MakeMaker \
+ perl-FindBin \
perl-JSON \
perl-JSON-Parse \
perl-Parse-Yapp \
diff --git a/bootstrap/generated-dists/fedora31/locale.sh b/bootstrap/generated-dists/fedora33/locale.sh
similarity index 100%
rename from bootstrap/generated-dists/fedora31/locale.sh
rename to bootstrap/generated-dists/fedora33/locale.sh
diff --git a/bootstrap/generated-dists/fedora31/packages.yml b/bootstrap/generated-dists/fedora33/packages.yml
similarity index 98%
rename from bootstrap/generated-dists/fedora31/packages.yml
rename to bootstrap/generated-dists/fedora33/packages.yml
index 6cb2ce3841f..98c362181d9 100644
--- a/bootstrap/generated-dists/fedora31/packages.yml
+++ b/bootstrap/generated-dists/fedora33/packages.yml
@@ -63,6 +63,7 @@ packages:
- perl
- perl-Archive-Tar
- perl-ExtUtils-MakeMaker
+ - perl-FindBin
- perl-JSON
- perl-JSON-Parse
- perl-Parse-Yapp
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index 7d4891b02e7..72d059015c4 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-86279163d150fb95742f4b34fce0dfc1a639f5de
+446341a5c66a0cd04cac694991e4522385389e0f
diff --git a/python/samba/tests/krb5/as_canonicalization_tests.py b/python/samba/tests/krb5/as_canonicalization_tests.py
new file mode 100755
index 00000000000..7b599ad6e44
--- /dev/null
+++ b/python/samba/tests/krb5/as_canonicalization_tests.py
@@ -0,0 +1,499 @@
+#!/usr/bin/env python3
+# Unix SMB/CIFS implementation.
+#
+# Copyright (C) Catalyst IT Ltd. 2020
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import sys
+import os
+from enum import Enum, unique
+import pyasn1
+
+sys.path.insert(0, "bin/python")
+os.environ["PYTHONUNBUFFERED"] = "1"
+
+from samba.tests.krb5.raw_testcase import RawKerberosTest
+import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1
+import samba
+from samba.auth import system_session
+from samba.credentials import (
+ Credentials,
+ CLI_CRED_NTLMv2_AUTH,
+ CLI_CRED_NTLM_AUTH,
+ DONT_USE_KERBEROS)
+from samba.dcerpc.misc import SEC_CHAN_WKSTA
+from samba.dsdb import (
+ UF_WORKSTATION_TRUST_ACCOUNT,
+ UF_PASSWD_NOTREQD,
+ UF_NORMAL_ACCOUNT)
+from samba.samdb import SamDB
+from samba.tests import delete_force, DynamicTestCase
+
+global_asn1_print = False
+global_hexdump = False
+
+
+ at unique
+class TestOptions(Enum):
+ Canonicalize = 1
+ Enterprise = 2
+ UpperRealm = 4
+ UpperUserName = 8
+ NetbiosRealm = 16
+ UPN = 32
+ RemoveDollar = 64
+ Last = 128
+
+ def is_set(self, x):
+ return self.value & x
+
+
+ at unique
+class CredentialsType(Enum):
+ User = 1
+ Machine = 2
+
+ def is_set(self, x):
+ return self.value & x
+
+
+class TestData:
+
+ def __init__(self, options, creds):
+ self.options = options
+ self.user_creds = creds
+ self.user_name = self.get_username(options, creds)
+ self.realm = self.get_realm(options, creds)
+ self.cname = RawKerberosTest.PrincipalName_create(
+ name_type=1, names=[self.user_name])
+ self.sname = RawKerberosTest.PrincipalName_create(
+ name_type=2, names=["krbtgt", self.realm])
+ self.canonicalize = TestOptions.Canonicalize.is_set(options)
+
+ def get_realm(self, options, creds):
+ realm = creds.get_realm()
+ if TestOptions.NetbiosRealm.is_set(options):
+ realm = creds.get_domain()
+ if TestOptions.UpperRealm.is_set(options):
+ realm = realm.upper()
+ else:
+ realm = realm.lower()
+ return realm
+
+ def get_username(self, options, creds):
+ name = creds.get_username()
+ if TestOptions.RemoveDollar.is_set(options) and name.endswith("$"):
+ name = name[:-1]
+ if TestOptions.Enterprise.is_set(options):
+ realm = creds.get_realm()
+ name = "{0}@{1}".format(name, realm)
+ if TestOptions.UpperUserName.is_set(options):
+ name = name.upper()
+ return name
+
+ def __repr__(self):
+ rep = "Test Data: "
+ rep += "options = '" + "{:08b}".format(self.options) + "'"
+ rep += "user name = '" + self.user_name + "'"
+ rep += ", realm = '" + self.realm + "'"
+ rep += ", cname = '" + str(self.cname) + "'"
+ rep += ", sname = '" + str(self.sname) + "'"
+ return rep
+
+
+MACHINE_NAME = "tstkrb5cnnusr"
+USER_NAME = "tstkrb5cnnmch"
+
+# Encryption types
+AES256_CTS_HMAC_SHA1_96 = int(
+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96'))
+AES128_CTS_HMAC_SHA1_96 = int(
+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96'))
+ARCFOUR_HMAC_MD5 = int(
+ krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5'))
+
+# Message types
+KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error'))
+KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep'))
+
+# PAData types
+PADATA_ENC_TIMESTAMP = int(
+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP'))
+PADATA_ETYPE_INFO2 = int(
+ krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2'))
+
+# Error codes
+KDC_ERR_C_PRINCIPAL_UNKNOWN = 6
+KDC_ERR_PREAUTH_REQUIRED = 25
+
+# Name types
+NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN'))
+NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL'))
+NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST'))
+
+
+ at DynamicTestCase
+class KerberosASCanonicalizationTests(RawKerberosTest):
+
+ @classmethod
+ def setUpDynamicTestCases(cls):
+
+ def skip(ct, options):
+ ''' Filter out any mutually exclusive test options '''
+ if ct != CredentialsType.Machine and\
+ TestOptions.RemoveDollar.is_set(options):
+ return True
+ return False
+
+ def build_test_name(ct, options):
+ name = "%sCredentials" % ct.name
+ for opt in TestOptions:
+ if opt.is_set(options):
+ name += ("_%s" % opt.name)
+ return name
+
+ for ct in CredentialsType:
+ for x in range(TestOptions.Last.value):
+ if skip(ct, x):
+ continue
+ name = build_test_name(ct, x)
+ cls.generate_dynamic_test("test", name, x, ct)
+
+ @classmethod
+ def setUpClass(cls):
+ cls.lp = cls.get_loadparm(cls)
+ cls.username = os.environ["USERNAME"]
+ cls.password = os.environ["PASSWORD"]
+ cls.domain = os.environ["DOMAIN"]
+ cls.realm = os.environ["REALM"]
+ cls.host = os.environ["SERVER"]
+
+ c = Credentials()
+ c.set_username(cls.username)
+ c.set_password(cls.password)
+ c.set_domain(cls.domain)
+ c.set_realm(cls.realm)
+ cls.credentials = c
+
+ cls.session = system_session()
+ cls.ldb = SamDB(url="ldap://%s" % cls.host,
+ session_info=cls.session,
+ credentials=cls.credentials,
+ lp=cls.lp)
+ cls.create_machine_account()
+ cls.create_user_account()
+
+ @classmethod
+ def tearDownClass(cls):
+ super(KerberosASCanonicalizationTests, cls).tearDownClass()
+ delete_force(cls.ldb, cls.machine_dn)
+ delete_force(cls.ldb, cls.user_dn)
+
+ def setUp(self):
+ super(KerberosASCanonicalizationTests, self).setUp()
+ self.do_asn1_print = global_asn1_print
+ self.do_hexdump = global_hexdump
+
+ #
+ # Create a test user account
+ @classmethod
+ def create_user_account(cls):
+ cls.user_pass = samba.generate_random_password(32, 32)
+ cls.user_name = USER_NAME
+ cls.user_dn = "cn=%s,%s" % (cls.user_name, cls.ldb.domain_dn())
+
+ # remove the account if it exists, this will happen if a previous test
+ # run failed
+ delete_force(cls.ldb, cls.user_dn)
+
+ utf16pw = ('"%s"' % cls.user_pass).encode('utf-16-le')
+ cls.ldb.add({
+ "dn": cls.user_dn,
+ "objectclass": "user",
+ "sAMAccountName": "%s" % cls.user_name,
+ "userAccountControl": str(UF_NORMAL_ACCOUNT),
+ "unicodePwd": utf16pw})
+
+ cls.user_creds = Credentials()
+ cls.user_creds.guess(cls.lp)
+ cls.user_creds.set_password(cls.user_pass)
+ cls.user_creds.set_username(cls.user_name)
+ cls.user_creds.set_workstation(cls.machine_name)
+
+ #
+ # Create the machine account
+ @classmethod
+ def create_machine_account(cls):
+ cls.machine_pass = samba.generate_random_password(32, 32)
+ cls.machine_name = MACHINE_NAME
+ cls.machine_dn = "cn=%s,%s" % (cls.machine_name, cls.ldb.domain_dn())
+
+ # remove the account if it exists, this will happen if a previous test
+ # run failed
+ delete_force(cls.ldb, cls.machine_dn)
+
+ utf16pw = ('"%s"' % cls.machine_pass).encode('utf-16-le')
+ cls.ldb.add({
+ "dn": cls.machine_dn,
+ "objectclass": "computer",
+ "sAMAccountName": "%s$" % cls.machine_name,
+ "userAccountControl":
+ str(UF_WORKSTATION_TRUST_ACCOUNT | UF_PASSWD_NOTREQD),
+ "unicodePwd": utf16pw})
+
+ cls.machine_creds = Credentials()
+ cls.machine_creds.guess(cls.lp)
+ cls.machine_creds.set_secure_channel_type(SEC_CHAN_WKSTA)
+ cls.machine_creds.set_kerberos_state(DONT_USE_KERBEROS)
--
Samba Shared Repository
More information about the samba-cvs
mailing list