The branch, master has been updated
via 631e063 s3-lib: Do not set an empty string in split_domain_user()
via 0c4e132 s3-lib: Parse WORKGROUP\username in
set_cmdline_auth_info_username()
via 5328325 s3-lib: Do not create 'MACHINE$@' usernames
via 7f14776 nsswitch: Use own credential cache for wbinfo tests
via 2dac252 testprogs: Use own credential cache for
test_client_etypes.sh
via 7abda74 testprogs: Use better KRB5CCNAME in
test_password_settings.sh
via 9413e33 s3-script: Use unique krb5ccache name
via 3470dca s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
from c60ea2c glusterfs: Avoid tevent_internal.h
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 631e063f6bb49da426ca7343b6987f7831078d7f
Author: Andreas Schneider <a...@samba.org>
Date: Tue Sep 20 19:51:15 2016 +0200
s3-lib: Do not set an empty string in split_domain_user()
The function should also return if it failed or not.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
Autobuild-User(master): Stefan Metzmacher <me...@samba.org>
Autobuild-Date(master): Sun Sep 25 12:56:17 CEST 2016 on sn-devel-144
commit 0c4e13243826871e0597fcd37bd90b184c296e21
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 15 12:08:24 2016 +0200
s3-lib: Parse WORKGROUP\username in set_cmdline_auth_info_username()
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 5328325f94fc2b49f34cf5f2c699ec7440ef1ec9
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 15 12:54:42 2016 +0200
s3-lib: Do not create 'MACHINE$@' usernames
If there is no realm set we should not add it to the machine account.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 7f14776ba7704bdefcbd6ad71856b6efdeacf052
Author: Andreas Schneider <a...@samba.org>
Date: Mon Sep 19 13:27:30 2016 +0200
nsswitch: Use own credential cache for wbinfo tests
If we do not set it will add the credentials to the system default
credential cache, which is e.g. FILE:/tmp/krb5cc_1000.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 2dac25249749734dfc2f27cb10088e97cecdc6ad
Author: Andreas Schneider <a...@samba.org>
Date: Wed Sep 21 00:01:35 2016 +0200
testprogs: Use own credential cache for test_client_etypes.sh
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 7abda740f5671ff6f1ef326cf80afb8b65a4e5e7
Author: Andreas Schneider <a...@samba.org>
Date: Tue Sep 20 09:46:34 2016 +0200
testprogs: Use better KRB5CCNAME in test_password_settings.sh
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 9413e337cee630d3357b9a3299a67a4160bbc495
Author: Andreas Schneider <a...@samba.org>
Date: Mon Sep 19 12:18:31 2016 +0200
s3-script: Use unique krb5ccache name
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
commit 3470dca36df56aaf08589632462865154c9fa869
Author: Andreas Schneider <a...@samba.org>
Date: Thu Sep 15 15:47:25 2016 +0200
s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
This makes it easier to run only one of them.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/tests/test_wbinfo.sh | 10 +++-
nsswitch/tests/test_wbinfo_simple.sh | 10 +++-
source3/include/proto.h | 2 +-
source3/lib/util.c | 16 +++++-
source3/lib/util_cmdline.c | 61 +++++++++++++++++++++-
source3/libnet/libnet_join.c | 40 ++++++++++----
source3/rpc_server/wkssvc/srv_wkssvc_nt.c | 24 ++++++---
.../script/tests/test_smbclient_netbios_aliases.sh | 5 +-
source3/selftest/tests.py | 2 +-
testprogs/blackbox/test_client_etypes.sh | 8 +++
testprogs/blackbox/test_password_settings.sh | 8 ++-
11 files changed, 156 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 1d14ca3..69cc437 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -51,6 +51,12 @@ knownfail() {
return $status
}
+KRB5CCNAME_PATH="$PREFIX/test_wbinfo_krb5ccache"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
# List users
testit "wbinfo -u against $TARGET" $wbinfo -u || failed=`expr $failed + 1`
# List groups
@@ -244,8 +250,10 @@ testit "wbinfo --getdcname against $TARGET" $wbinfo
--getdcname=$DOMAIN
testit "wbinfo -p against $TARGET" $wbinfo -p || failed=`expr $failed + 1`
-testit "wbinfo -K against $TARGET with domain creds" $wbinfo -K
"$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
+testit "wbinfo -K against $TARGET with domain creds" $wbinfo
--krb5ccname=$KRB5CCNAME --krb5auth="$DOMAIN/$USERNAME"%"$PASSWORD" ||
failed=`expr $failed + 1`
testit "wbinfo --separator against $TARGET" $wbinfo --separator ||
failed=`expr $failed + 1`
+rm -f $KRB5CCNAME_PATH
+
exit $failed
diff --git a/nsswitch/tests/test_wbinfo_simple.sh
b/nsswitch/tests/test_wbinfo_simple.sh
index dc90ddc..35adb6c 100755
--- a/nsswitch/tests/test_wbinfo_simple.sh
+++ b/nsswitch/tests/test_wbinfo_simple.sh
@@ -12,6 +12,14 @@ ADDARGS="$*"
incdir=`dirname $0`/../../testprogs/blackbox
. $incdir/subunit.sh
-testit "wbinfo" $VALGRIND $BINDIR/wbinfo $ADDARGS || failed=`expr $failed + 1`
+KRB5CCNAME_PATH="$PREFIX/test_wbinfo_simple_krb5ccname"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
+testit "wbinfo" $VALGRIND $BINDIR/wbinfo --krb5ccname="$KRB5CCNAME" $ADDARGS
|| failed=`expr $failed + 1`
+
+rm -f $KRB5CCNAME_PATH
testok $0 $failed
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0aa1009..fe4217d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -424,7 +424,7 @@ char *get_safe_ptr(const char *buf_base, size_t buf_len,
char *ptr, size_t off);
char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t
off);
int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off,
int failval);
int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off,
int failval);
-void split_domain_user(TALLOC_CTX *mem_ctx,
+bool split_domain_user(TALLOC_CTX *mem_ctx,
const char *full_name,
char **domain,
char **user);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index ad33624..bab3998 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2103,7 +2103,7 @@ int get_safe_IVAL(const char *buf_base, size_t buf_len,
char *ptr, size_t off, i
call (they take care of winbind separator and other winbind specific
settings).
****************************************************************/
-void split_domain_user(TALLOC_CTX *mem_ctx,
+bool split_domain_user(TALLOC_CTX *mem_ctx,
const char *full_name,
char **domain,
char **user)
@@ -2115,11 +2115,23 @@ void split_domain_user(TALLOC_CTX *mem_ctx,
if (p != NULL) {
*domain = talloc_strndup(mem_ctx, full_name,
PTR_DIFF(p, full_name));
+ if (*domain == NULL) {
+ return false;
+ }
*user = talloc_strdup(mem_ctx, p+1);
+ if (*user == NULL) {
+ TALLOC_FREE(*domain);
+ return false;
+ }
} else {
- *domain = talloc_strdup(mem_ctx, "");
+ *domain = NULL;
*user = talloc_strdup(mem_ctx, full_name);
+ if (*user == NULL) {
+ return false;
+ }
}
+
+ return true;
}
/****************************************************************
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 80c3ecd..3ef1d09 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -54,8 +54,49 @@ const char *get_cmdline_auth_info_username(const struct
user_auth_info *auth_inf
void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
const char *username)
{
+ char *s;
+ char *p;
+ bool contains_domain = false;
+
+ s = talloc_strdup(auth_info, username);
+ if (s == NULL) {
+ exit(ENOMEM);
+ }
+
+ p = strchr_m(s, '\\');
+ if (p != NULL) {
+ contains_domain = true;
+ }
+ if (!contains_domain) {
+ p = strchr_m(s, '/');
+ if (p != NULL) {
+ contains_domain = true;
+ }
+ }
+ if (!contains_domain) {
+ char sep = *lp_winbind_separator();
+
+ if (sep != '\0') {
+ p = strchr_m(s, *lp_winbind_separator());
+ if (p != NULL) {
+ contains_domain = true;
+ }
+ }
+ }
+
+ if (contains_domain) {
+ *p = '\0';
+ username = p + 1;
+
+ /* s is now the workgroup part */
+ set_cmdline_auth_info_domain(auth_info, s);
+ }
+
TALLOC_FREE(auth_info->username);
auth_info->username = talloc_strdup(auth_info, username);
+
+ TALLOC_FREE(s);
+
if (!auth_info->username) {
exit(ENOMEM);
}
@@ -207,6 +248,9 @@ bool set_cmdline_auth_info_machine_account_creds(struct
user_auth_info *auth_inf
{
char *pass = NULL;
char *account = NULL;
+ const char *realm = lp_realm();
+ int rc;
+
if (!get_cmdline_auth_info_use_machine_account(auth_info)) {
return false;
@@ -217,8 +261,21 @@ bool set_cmdline_auth_info_machine_account_creds(struct
user_auth_info *auth_inf
return false;
}
- if (asprintf(&account, "%s$@%s", lp_netbios_name(), lp_realm()) < 0) {
- return false;
+ if (realm != NULL && realm[0] != '\0') {
+ rc = asprintf(&account,
+ "%s$@%s",
+ lp_netbios_name(),
+ realm);
+ if (rc < 0) {
+ return false;
+ }
+ } else {
+ rc = asprintf(&account,
+ "%s$",
+ lp_netbios_name());
+ if (rc < 0) {
+ return false;
+ }
}
pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3d66eaf..bbbd06e 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2131,11 +2131,21 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX
*mem_ctx,
if (!r->in.admin_domain) {
char *admin_domain = NULL;
char *admin_account = NULL;
- split_domain_user(mem_ctx,
- r->in.admin_account,
- &admin_domain,
- &admin_account);
- r->in.admin_domain = admin_domain;
+ bool ok;
+
+ ok = split_domain_user(mem_ctx,
+ r->in.admin_account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOMEM;
+ }
+
+ if (admin_domain != NULL) {
+ r->in.admin_domain = admin_domain;
+ } else {
+ r->in.admin_domain = r->in.domain_name;
+ }
r->in.admin_account = admin_account;
}
@@ -2814,11 +2824,21 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX
*mem_ctx,
if (!r->in.admin_domain) {
char *admin_domain = NULL;
char *admin_account = NULL;
- split_domain_user(mem_ctx,
- r->in.admin_account,
- &admin_domain,
- &admin_account);
- r->in.admin_domain = admin_domain;
+ bool ok;
+
+ ok = split_domain_user(mem_ctx,
+ r->in.admin_account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOMEM;
+ }
+
+ if (admin_domain != NULL) {
+ r->in.admin_domain = admin_domain;
+ } else {
+ r->in.admin_domain = r->in.domain_name;
+ }
r->in.admin_account = admin_account;
}
diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
index 52809a4..25233e5 100644
--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
@@ -825,6 +825,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
struct security_token *token = p->session_info->security_token;
NTSTATUS status;
DATA_BLOB session_key;
+ bool ok;
if (!r->in.domain_name) {
return WERR_INVALID_PARAM;
@@ -863,10 +864,13 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
return werr;
}
- split_domain_user(p->mem_ctx,
- r->in.admin_account,
- &admin_domain,
- &admin_account);
+ ok = split_domain_user(p->mem_ctx,
+ r->in.admin_account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOMEM;
+ }
werr = libnet_init_JoinCtx(p->mem_ctx, &j);
if (!W_ERROR_IS_OK(werr)) {
@@ -913,6 +917,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
struct security_token *token = p->session_info->security_token;
NTSTATUS status;
DATA_BLOB session_key;
+ bool ok;
if (!r->in.account || !r->in.encrypted_password) {
return WERR_INVALID_PARAM;
@@ -942,10 +947,13 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
return werr;
}
- split_domain_user(p->mem_ctx,
- r->in.account,
- &admin_domain,
- &admin_account);
+ ok = split_domain_user(p->mem_ctx,
+ r->in.account,
+ &admin_domain,
+ &admin_account);
+ if (!ok) {
+ return WERR_NOMEM;
+ }
werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
if (!W_ERROR_IS_OK(werr)) {
diff --git a/source3/script/tests/test_smbclient_netbios_aliases.sh
b/source3/script/tests/test_smbclient_netbios_aliases.sh
index cb0d967..610eeda 100755
--- a/source3/script/tests/test_smbclient_netbios_aliases.sh
+++ b/source3/script/tests/test_smbclient_netbios_aliases.sh
@@ -22,10 +22,11 @@ if test -x $BINDIR/samba4kinit; then
samba4kinit=$BINDIR/samba4kinit
fi
-KRB5CCNAME_PATH="$PREFIX/tmpccache"
+KRB5CCNAME_PATH="$PREFIX/test_smbclient_netbios_aliases_krb5ccache"
+rm -rf $KRB5CCNAME_PATH
+
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
-rm -rf $KRB5CCNAME_PATH
incdir=`dirname $0`/../../../testprogs/blackbox
. $incdir/subunit.sh
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c75b7ae..d0f5334 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -152,7 +152,7 @@ t = "WBCLIENT-MULTI-PING"
plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir,
"script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3,
""])
-plantestsuite("samba3.ntlm_auth.krb5(ktest:local) old ccache", "ktest:local",
[os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"),
valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2',
'$SERVER', configuration])
+plantestsuite("samba3.ntlm_auth.krb5 with old ccache(ktest:local)",
"ktest:local", [os.path.join(samba3srcdir,
"script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir,
ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration])
plantestsuite("samba3.ntlm_auth.krb5(ktest:local)", "ktest:local",
[os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"),
valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-3',
'$SERVER', configuration])
diff --git a/testprogs/blackbox/test_client_etypes.sh
b/testprogs/blackbox/test_client_etypes.sh
index 57739c6..98ff73a 100755
--- a/testprogs/blackbox/test_client_etypes.sh
+++ b/testprogs/blackbox/test_client_etypes.sh
@@ -15,6 +15,12 @@ EXPECTED_ETYPES="$6"
# Load test functions
. `dirname $0`/subunit.sh
+KRB5CCNAME_PATH="$PREFIX/test_client_etypes_krb5ccname"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
#requires tshark and sha1sum
if ! which tshark > /dev/null 2>&1 || ! which sha1sum > /dev/null 2>&1 ; then
subunit_start_test "client encryption types"
@@ -71,5 +77,7 @@ actual_types="`tshark -r $pcap_file -nVY "kerberos" | \
testit "verify types" test "x$actual_types" = "x$EXPECTED_ETYPES" ||
failed=`expr $failed + 1`
rm -rf $BASEDIR/$WORKDIR
+rm -f $KRB5CCNAME_PATH
+
exit $failed
diff --git a/testprogs/blackbox/test_password_settings.sh
b/testprogs/blackbox/test_password_settings.sh
index 17f905f..9436e30 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -75,7 +75,10 @@ testit "create user locally" \
### Test normal operation as user
###########################################################
-KRB5CCNAME="$PREFIX/tmpuserccache"
+KRB5CCNAME_PATH="$PREFIX/test_password_settings_krb5ccache"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
testit "kinit with user password" \
@@ -206,6 +209,7 @@ testit "reset password policies" \
testit "delete user $TEST_USERNAME" \
$VALGRIND $samba_tool user delete $TEST_USERNAME
-U"$USERNAME%$PASSWORD" $CONFIG -k no || failed=`expr $failed + 1`
-rm -f $PREFIX/tmpuserpassfile $PREFIX/tmpsmbpasswdscript $PREFIX/tmpuserccache
+rm -f $PREFIX/tmpuserpassfile $PREFIX/tmpsmbpasswdscript
+rm -f $KRB5CCNAME_PATH
exit $failed
--
Samba Shared Repository
