From: Andreas Schneider Date: Wed, 7 Apr 2021 12:16:52 +0000 (+0200) Subject: python: Streamline option parser of python tools X-Git-Tag: tevent-0.11.0~270 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=36bb6686cb23971844585f29ae5eb6bbe4b5a12b;p=thirdparty%2Fsamba.git python: Streamline option parser of python tools The python tools, especially samba-tool should have the same option set as the rest of the client utils. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- diff --git a/python/samba/getopt.py b/python/samba/getopt.py index f693cde7b31..7b8d2ef46c5 100644 --- a/python/samba/getopt.py +++ b/python/samba/getopt.py @@ -107,7 +107,7 @@ class VersionOptions(optparse.OptionGroup): sys.exit(0) -def parse_kerberos_arg(arg, opt_str): +def parse_kerberos_arg_legacy(arg, opt_str): if arg.lower() in ["yes", 'true', '1']: return MUST_USE_KERBEROS elif arg.lower() in ["no", 'false', '0']: @@ -119,6 +119,18 @@ def parse_kerberos_arg(arg, opt_str): (opt_str, arg)) +def parse_kerberos_arg(arg, opt_str): + if arg.lower() == 'required': + return MUST_USE_KERBEROS + elif arg.lower() == 'desired': + return AUTO_USE_KERBEROS + elif arg.lower() == 'off': + return DONT_USE_KERBEROS + else: + raise optparse.OptionValueError("invalid %s option value: %s" % + (opt_str, arg)) + + class CredentialsOptions(optparse.OptionGroup): """Command line options for specifying credentials.""" @@ -147,9 +159,6 @@ class CredentialsOptions(optparse.OptionGroup): self._add_option("-N", "--no-pass", action="callback", help="Don't ask for a password", callback=self._set_no_password) - self._add_option("-k", "--kerberos", metavar="KERBEROS", - action="callback", type=str, - help="Use Kerberos", callback=self._set_kerberos) self._add_option("", "--ipaddress", metavar="IPADDRESS", action="callback", type=str, help="IP address of server", @@ -158,10 +167,18 @@ class CredentialsOptions(optparse.OptionGroup): action="callback", help="Use stored machine account password", callback=self._set_machine_pass) - self._add_option("--krb5-ccache", metavar="KRB5CCNAME", + self._add_option("--use-kerberos", metavar="desired|required|off", + action="callback", type=str, + help="Use Kerberos authentication", callback=self._set_kerberos) + self._add_option("--use-krb5-ccache", metavar="KRB5CCNAME", action="callback", type=str, help="Kerberos Credentials cache", callback=self._set_krb5_ccache) + + # LEGACY + self._add_option("-k", "--kerberos", metavar="KERBEROS", + action="callback", type=str, + help="DEPRECATED: Migrate to --use-kerberos", callback=self._set_kerberos_legacy) self.creds = Credentials() def _ensure_secure_proctitle(self, opt_str, secret_data, data_type="password"): @@ -244,6 +261,10 @@ class CredentialsOptions(optparse.OptionGroup): def _set_ipaddress(self, option, opt_str, arg, parser): self.ipaddress = arg + def _set_kerberos_legacy(self, option, opt_str, arg, parser): + print('WARNING: The option -k|--kerberos is deprecated!') + self.creds.set_kerberos_state(parse_kerberos_arg_legacy(arg, opt_str)) + def _set_kerberos(self, option, opt_str, arg, parser): self.creds.set_kerberos_state(parse_kerberos_arg(arg, opt_str)) @@ -251,6 +272,7 @@ class CredentialsOptions(optparse.OptionGroup): self.creds.set_bind_dn(arg) def _set_krb5_ccache(self, option, opt_str, arg, parser): + self.creds.set_kerberos_state(MUST_USE_KERBEROS) self.creds.set_named_ccache(arg) def get_credentials(self, lp, fallback_machine=False): @@ -298,9 +320,14 @@ class CredentialsOptionsDouble(CredentialsOptions): callback=self._parse_workgroup2) self.add_option("--no-pass2", action="store_true", help="Don't ask for a password for the second server") + self.add_option("--use-kerberos2", metavar="desired|required|off", + action="callback", type=str, + help="Use Kerberos authentication", callback=self._set_kerberos2) + + # LEGACY self.add_option("--kerberos2", metavar="KERBEROS2", action="callback", type=str, - help="Use Kerberos", callback=self._set_kerberos2) + help="Use Kerberos", callback=self._set_kerberos2_legacy) self.creds2 = Credentials() def _parse_username2(self, option, opt_str, arg, parser): @@ -313,6 +340,9 @@ class CredentialsOptionsDouble(CredentialsOptions): self.creds2.set_password(arg) self.no_pass2 = False + def _set_kerberos2_legacy(self, option, opt_str, arg, parser): + self.creds2.set_kerberos_state(parse_kerberos_arg(arg, opt_str)) + def _set_kerberos2(self, option, opt_str, arg, parser): self.creds2.set_kerberos_state(parse_kerberos_arg(arg, opt_str)) diff --git a/python/samba/tests/get_opt.py b/python/samba/tests/get_opt.py index 2aad954830b..60caf523a0f 100644 --- a/python/samba/tests/get_opt.py +++ b/python/samba/tests/get_opt.py @@ -24,6 +24,7 @@ from samba.getopt import ( AUTO_USE_KERBEROS, DONT_USE_KERBEROS, MUST_USE_KERBEROS, + parse_kerberos_arg_legacy, parse_kerberos_arg, ) import samba.tests @@ -31,26 +32,38 @@ import samba.tests class KerberosOptionTests(samba.tests.TestCase): - def test_parse_true(self): + def test_legacy_parse_true(self): self.assertEqual( - MUST_USE_KERBEROS, parse_kerberos_arg("yes", "--kerberos")) + MUST_USE_KERBEROS, parse_kerberos_arg_legacy("yes", "--kerberos")) self.assertEqual( - MUST_USE_KERBEROS, parse_kerberos_arg("true", "--kerberos")) + MUST_USE_KERBEROS, parse_kerberos_arg_legacy("true", "--kerberos")) self.assertEqual( - MUST_USE_KERBEROS, parse_kerberos_arg("1", "--kerberos")) + MUST_USE_KERBEROS, parse_kerberos_arg_legacy("1", "--kerberos")) - def test_parse_false(self): + def test_legacy_parse_false(self): self.assertEqual( - DONT_USE_KERBEROS, parse_kerberos_arg("no", "--kerberos")) + DONT_USE_KERBEROS, parse_kerberos_arg_legacy("no", "--kerberos")) self.assertEqual( - DONT_USE_KERBEROS, parse_kerberos_arg("false", "--kerberos")) + DONT_USE_KERBEROS, parse_kerberos_arg_legacy("false", "--kerberos")) self.assertEqual( - DONT_USE_KERBEROS, parse_kerberos_arg("0", "--kerberos")) + DONT_USE_KERBEROS, parse_kerberos_arg_legacy("0", "--kerberos")) - def test_parse_auto(self): + def test_legacy_parse_auto(self): self.assertEqual( - AUTO_USE_KERBEROS, parse_kerberos_arg("auto", "--kerberos")) + AUTO_USE_KERBEROS, parse_kerberos_arg_legacy("auto", "--kerberos")) + + def test_legacy_parse_invalid(self): + self.assertRaises(optparse.OptionValueError, + parse_kerberos_arg_legacy, "blah?", "--kerberos") + + def test_parse_valid(self): + self.assertEqual( + MUST_USE_KERBEROS, parse_kerberos_arg("required", "--use-kerberos")) + self.assertEqual( + AUTO_USE_KERBEROS, parse_kerberos_arg("desired", "--use-kerberos")) + self.assertEqual( + DONT_USE_KERBEROS, parse_kerberos_arg("off", "--use-kerberos")) def test_parse_invalid(self): self.assertRaises(optparse.OptionValueError, - parse_kerberos_arg, "blah?", "--kerberos") + parse_kerberos_arg, "wurst", "--use-kerberos") diff --git a/source4/torture/drs/python/drs_base.py b/source4/torture/drs/python/drs_base.py index eea5a7ef907..c5f7682d563 100644 --- a/source4/torture/drs/python/drs_base.py +++ b/source4/torture/drs/python/drs_base.py @@ -121,7 +121,7 @@ class DrsBaseTestCase(SambaToolCmdTest): # Tunnel the command line credentials down to the # subcommand to avoid a new kinit - cmdline_auth = "--krb5-ccache=%s" % ccache_name + cmdline_auth = "--use-krb5-ccache=%s" % ccache_name # bin/samba-tool drs return ["drs", drs_command, cmdline_auth] diff --git a/source4/torture/drs/python/fsmo.py b/source4/torture/drs/python/fsmo.py index 3562b4522f7..6021ce4ad70 100644 --- a/source4/torture/drs/python/fsmo.py +++ b/source4/torture/drs/python/fsmo.py @@ -62,7 +62,7 @@ class DrsFsmoTestCase(drs_base.DrsBaseTestCase): def _net_fsmo_role_transfer(self, DC, role, noop=False): # make command line credentials string ccache_name = self.get_creds_ccache_name() - cmd_line_auth = "--krb5-ccache=%s" % ccache_name + cmd_line_auth = "--use-krb5-ccache=%s" % ccache_name (result, out, err) = self.runsubcmd("fsmo", "transfer", "--role=%s" % role, "-H", "ldap://%s:389" % DC, diff --git a/source4/torture/drs/python/replica_sync.py b/source4/torture/drs/python/replica_sync.py index b078e90cb3e..3b0df99b295 100644 --- a/source4/torture/drs/python/replica_sync.py +++ b/source4/torture/drs/python/replica_sync.py @@ -94,7 +94,7 @@ class DrsReplicaSyncTestCase(drs_base.DrsBaseTestCase): # Tunnel the command line credentials down to the # subcommand to avoid a new kinit - cmdline_auth = "--krb5-ccache=%s" % ccache_name + cmdline_auth = "--use-krb5-ccache=%s" % ccache_name # bin/samba-tool drs cmd_list = ["drs", "replicate", cmdline_auth]