The branch, master has been updated via 5b3c71c provision: Give a more helpful message when find_provision_key_parameters() fails via 6fe8cd2 selftest: Improve renamedcs test via 477fce1 s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -k via 63dbf43 samba-tool: Add -P to options.CredentialsOptions from 90d03a6 heimdal: Fix CID 1273430 Double free
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 5b3c71cd9c4d20a04f7505ad904f95d0ecf5ac2e Author: Andrew Bartlett <abart...@samba.org> Date: Mon Mar 2 13:22:37 2015 +1300 provision: Give a more helpful message when find_provision_key_parameters() fails Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Fri Mar 6 20:11:52 CET 2015 on sn-devel-104 commit 6fe8cd2fdfa770ceaa4ad87002db9cdc029dd532 Author: Andrew Bartlett <abart...@samba.org> Date: Fri Feb 27 15:56:22 2015 +1300 selftest: Improve renamedcs test Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 477fce1f395917616cd2eb144da8571e994382e7 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 26 12:24:21 2015 +1300 s4-lib/cmdline: Fix help for -P / --machine-pass: this no longer implies -k Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 63dbf4388a53016a110bd02a31c46e0210eda463 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Feb 26 12:23:55 2015 +1300 samba-tool: Add -P to options.CredentialsOptions This matches our other binaries, and allows samba-tool commands to run with the machine account. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> ----------------------------------------------------------------------- Summary of changes: python/samba/getopt.py | 26 +++++++++++++++++++++----- python/samba/provision/__init__.py | 7 +++++-- source4/lib/cmdline/popt_credentials.c | 2 +- testprogs/blackbox/renamedc.sh | 10 ++++++++++ 4 files changed, 37 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/getopt.py b/python/samba/getopt.py index c3c0800..0f97658 100644 --- a/python/samba/getopt.py +++ b/python/samba/getopt.py @@ -126,8 +126,9 @@ class CredentialsOptions(optparse.OptionGroup): """Command line options for specifying credentials.""" def __init__(self, parser): - self.no_pass = True + self.ask_for_password = True self.ipaddress = None + self.machine_pass = False optparse.OptionGroup.__init__(self, parser, "Credentials Options") self.add_option("--simple-bind-dn", metavar="DN", action="callback", callback=self._set_simple_bind_dn, type=str, @@ -140,8 +141,9 @@ class CredentialsOptions(optparse.OptionGroup): self.add_option("-W", "--workgroup", metavar="WORKGROUP", action="callback", type=str, help="Workgroup", callback=self._parse_workgroup) - self.add_option("-N", "--no-pass", action="store_true", - help="Don't ask for a password") + self.add_option("-N", "--no-pass", action="callback", + help="Don't ask for a password", + callback=self._set_no_password) self.add_option("-k", "--kerberos", metavar="KERBEROS", action="callback", type=str, help="Use Kerberos", callback=self._set_kerberos) @@ -149,17 +151,29 @@ class CredentialsOptions(optparse.OptionGroup): action="callback", type=str, help="IP address of server", callback=self._set_ipaddress) + self.add_option("-P", "--machine-pass", + action="callback", + help="Use stored machine account password", + callback=self._set_machine_pass) self.creds = Credentials() def _parse_username(self, option, opt_str, arg, parser): self.creds.parse_string(arg) + self.machine_pass = False def _parse_workgroup(self, option, opt_str, arg, parser): self.creds.set_domain(arg) def _set_password(self, option, opt_str, arg, parser): self.creds.set_password(arg) - self.no_pass = False + self.ask_for_password = False + self.machine_pass = False + + def _set_no_password(self, option, opt_str, arg, parser): + self.ask_for_password = False + + def _set_machine_pass(self, option, opt_str, arg, parser): + self.machine_pass = True def _set_ipaddress(self, option, opt_str, arg, parser): self.ipaddress = arg @@ -177,7 +191,9 @@ class CredentialsOptions(optparse.OptionGroup): :return: Credentials object """ self.creds.guess(lp) - if self.no_pass: + if self.machine_pass: + self.creds.set_machine_account(lp) + elif self.ask_for_password: self.creds.set_cmdline_callbacks() # possibly fallback to using the machine account, if we have diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py index 1603321..953bd0f 100644 --- a/python/samba/provision/__init__.py +++ b/python/samba/provision/__init__.py @@ -243,8 +243,11 @@ def find_provision_key_parameters(samdb, secretsdb, idmapdb, paths, smbconf, # dns hostname and server dn res4 = samdb.search(expression="(CN=%s)" % names.netbiosname, - base="OU=Domain Controllers,%s" % basedn, - scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"]) + base="OU=Domain Controllers,%s" % basedn, + scope=ldb.SCOPE_ONELEVEL, attrs=["dNSHostName"]) + if len(res4) == 0: + raise ProvisioningError("Unable to find DC called CN=%s under OU=Domain Controllers,%s" % (names.netbiosname, basedn)) + names.hostname = str(res4[0]["dNSHostName"]).replace("." + names.dnsdomain, "") server_res = samdb.search(expression="serverReference=%s" % res4[0].dn, diff --git a/source4/lib/cmdline/popt_credentials.c b/source4/lib/cmdline/popt_credentials.c index ea08f8b..59a724c 100644 --- a/source4/lib/cmdline/popt_credentials.c +++ b/source4/lib/cmdline/popt_credentials.c @@ -166,7 +166,7 @@ struct poptOption popt_common_credentials4[] = { { "no-pass", 'N', POPT_ARG_NONE, &dont_ask, 'N', "Don't ask for a password" }, { "password", 0, POPT_ARG_STRING, NULL, OPT_PASSWORD, "Password" }, { "authentication-file", 'A', POPT_ARG_STRING, NULL, 'A', "Get the credentials from a file", "FILE" }, - { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password (implies -k)" }, + { "machine-pass", 'P', POPT_ARG_NONE, NULL, 'P', "Use stored machine account password" }, { "simple-bind-dn", 0, POPT_ARG_STRING, NULL, OPT_SIMPLE_BIND_DN, "DN to use for a simple bind" }, { "kerberos", 'k', POPT_ARG_STRING, NULL, OPT_KERBEROS, "Use Kerberos, -k [yes|no]" }, { "krb5-ccache", 0, POPT_ARG_STRING, NULL, OPT_KRB5_CCACHE, "Credentials cache location for Kerberos" }, diff --git a/testprogs/blackbox/renamedc.sh b/testprogs/blackbox/renamedc.sh index 8741867..4f187a4 100755 --- a/testprogs/blackbox/renamedc.sh +++ b/testprogs/blackbox/renamedc.sh @@ -49,6 +49,14 @@ confirmrenamedc_dNSHostName() { $ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb -s base -b 'cn=RAYMONBAR,ou=domain controllers,dc=foo,dc=example,dc=com' dNSHostName | grep 'dNSHostName: RAYMONBAR.foo.example.com' } +confirmrenamedc_rootdse_dnsHostName() { + $ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb -s base -b '' dNSHostName | grep 'dnsHostName: RAYMONBAR.foo.example.com' +} + +confirmrenamedc_rootdse_dsServiceName() { + $ldbsearch -H $PREFIX/renamedc_test/private/sam.ldb --show-binary -s base -b '' dsServiceName | grep 'dsServiceName: CN=NTDS Settings,CN=RAYMONBAR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=example,DC=com' +} + testrenamedc2() { $PYTHON $SRCDIR/source4/scripting/bin/renamedc \ --oldname="RAYMONBAR" \ @@ -67,6 +75,8 @@ testit "confirmrenamedc" confirmrenamedc || failed=`expr $failed + 1` testit "confirmrenamedc_server" confirmrenamedc_server || failed=`expr $failed + 1` testit "confirmrenamedc_sAMAccountName" confirmrenamedc_sAMAccountName || failed=`expr $failed + 1` testit "confirmrenamedc_dNSHostName" confirmrenamedc_dNSHostName || failed=`expr $failed + 1` +testit "confirmrenamedc_rootdse_dnsHostName" confirmrenamedc_rootdse_dnsHostName || failed=`expr $failed + 1` +testit "confirmrenamedc_rootdse_dsServiceName" confirmrenamedc_rootdse_dsServiceName || failed=`expr $failed + 1` testit "dbcheck" dbcheck || failed=`expr $failed + 1` testit "renamedc2" testrenamedc2 || failed=`expr $failed + 1` -- Samba Shared Repository