[SCM] Samba Shared Repository - branch master updated

David Disseldorp Wed, 16 Sep 2020 17:07:21 -0700

The branch, master has been updated
       via  ed625d66943 tests: Disable kerberos for weak crypto test
       via  63b0d2dc760 selftest: set pid directory in client's smb.conf
       via  ebada816ded selftest: Create client directories in a loop
      from  67498ffd787 s3: libsmb: Cleanup - in internal_resolve_name() only 
write the out parameters on success.


https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ed625d669437bb940a98a0e51c67a85d947dc2d5
Author: Samuel Cabrero <scabr...@suse.de>
Date:   Tue Sep 15 12:32:44 2020 +0200

    tests: Disable kerberos for weak crypto test
    
    Otherwise the test fails because the client is authenticated using
    spnego and gse_krb5, not triggering the weak crypto restrictions.
    
    Signed-off-by: Samuel Cabrero <scabr...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>
    
    Autobuild-User(master): David Disseldorp <dd...@samba.org>
    Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184

commit 63b0d2dc7608ba30b1269a1937da1ac3ba3e40d3
Author: Samuel Cabrero <scabr...@suse.de>
Date:   Tue Sep 15 13:32:00 2020 +0200

    selftest: set pid directory in client's smb.conf
    
    Set a pid file directory to avoid the following testparm error:
    
    ERROR: pid directory /usr/local/samba/var/run does not exist
    
    Signed-off-by: Samuel Cabrero <scabr...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>

commit ebada816dedf5ea86fdb17b78998890114344b6d
Author: Samuel Cabrero <scabr...@samba.org>
Date:   Wed Sep 16 13:00:33 2020 +0200

    selftest: Create client directories in a loop
    
    Signed-off-by: Samuel Cabrero <scabr...@samba.org>
    Reviewed-by: David Disseldorp <dd...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/selftest.pl                   | 74 +++++++++++-----------------------
 testprogs/blackbox/test_weak_crypto.sh | 12 +++++-
 2 files changed, 35 insertions(+), 51 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index d14df92a11c..6ea21fa6bfe 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -22,6 +22,7 @@ use warnings;
 use FindBin qw($RealBin $Script);
 use File::Spec;
 use File::Temp qw(tempfile);
+use File::Path qw(remove_tree);
 use Getopt::Long;
 use POSIX;
 use Cwd qw(abs_path);
@@ -501,67 +502,39 @@ sub write_clientconf($$$)
 
        mkdir("$clientdir", 0777) unless -d "$clientdir";
 
-       if ( -d "$clientdir/private" ) {
-               unlink <$clientdir/private/*>;
-       } else {
-               mkdir("$clientdir/private", 0777);
-       }
-
-       if ( -d "$clientdir/bind-dns" ) {
-               unlink <$clientdir/bind-dns/*>;
-       } else {
-               mkdir("$clientdir/bind-dns", 0777);
-       }
-
-       if ( -d "$clientdir/lockdir" ) {
-               unlink <$clientdir/lockdir/*>;
-       } else {
-               mkdir("$clientdir/lockdir", 0777);
-       }
-
-       if ( -d "$clientdir/statedir" ) {
-               unlink <$clientdir/statedir/*>;
-       } else {
-               mkdir("$clientdir/statedir", 0777);
-       }
-
-       if ( -d "$clientdir/cachedir" ) {
-               unlink <$clientdir/cachedir/*>;
-       } else {
-               mkdir("$clientdir/cachedir", 0777);
+       my @subdirs = (
+               { name => "private", mask => 0777 },
+               { name => "bind-dns", mask => 0777 },
+               { name => "lockdir", mask => 0777 },
+               { name => "statedir", mask => 0777 },
+               { name => "cachedir", mask => 0777 },
+               { name => "pkinit", mask => 0700 },
+               { name => "pid", mask => 0777 },
+               # the ncalrpcdir needs exactly 0755 otherwise tests fail.
+               { name => "ncalrpcdir", mask => 0755, umask => 0022 },
+       );
+
+       foreach my $sub (@subdirs) {
+               my $dir = "$clientdir/$sub->{name}";
+               remove_tree($dir);
+               my $mask = umask;
+               if (defined($sub->{umask})) {
+                       umask $sub->{umask};
+               }
+               mkdir($dir, $sub->{mask});
+               umask $mask;
        }
 
-       # this is ugly, but the ncalrpcdir needs exactly 0755
-       # otherwise tests fail.
-       my $mask = umask;
-       umask 0022;
-       if ( -d "$clientdir/ncalrpcdir/np" ) {
-               unlink <$clientdir/ncalrpcdir/np/*>;
-               rmdir "$clientdir/ncalrpcdir/np";
-       }
-       if ( -d "$clientdir/ncalrpcdir" ) {
-               unlink <$clientdir/ncalrpcdir/*>;
-               rmdir "$clientdir/ncalrpcdir";
-       }
-       mkdir("$clientdir/ncalrpcdir", 0755);
-       umask $mask;
-
        my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
        my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
        my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
        my $ca_users_dir = "$cadir/Users";
 
-       if ( -d "$clientdir/pkinit" ) {
-               unlink <$clientdir/pkinit/*>;
-       } else {
-               mkdir("$clientdir/pkinit", 0700);
-       }
-
        # each user has a USER-${USER_PRINCIPAL_NAME}-cert.pem and
        # USER-${USER_PRINCIPAL_NAME}-private-key.pem symlink
        # We make a copy here and make the certificated easily
        # accessable in the client environment.
-       $mask = umask;
+       my $mask = umask;
        umask 0077;
        opendir USERS, "${ca_users_dir}" or die "Could not open dir 
'${ca_users_dir}': $!";
        for my $d (readdir USERS) {
@@ -601,6 +574,7 @@ sub write_clientconf($$$)
        state directory = $clientdir/statedir
        cache directory = $clientdir/cachedir
        ncalrpc dir = $clientdir/ncalrpcdir
+       pid directory = $clientdir/pid
        panic action = $RealBin/gdb_backtrace \%d
        max xmit = 32K
        notify:inotify = false
diff --git a/testprogs/blackbox/test_weak_crypto.sh 
b/testprogs/blackbox/test_weak_crypto.sh
index fe927e8c3a9..50a67aef110 100755
--- a/testprogs/blackbox/test_weak_crypto.sh
+++ b/testprogs/blackbox/test_weak_crypto.sh
@@ -27,6 +27,16 @@ samba_bindir="$BINDIR"
 samba_testparm="$BINDIR/testparm"
 samba_rpcclient="$samba_bindir/rpcclient"
 
+opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
+
+unset GNUTLS_FORCE_FIPS_MODE
+
+# Checks that testparm reports: Weak crypto is allowed
+testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s 
$SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
+
+# We should be allowed to use NTLM for connecting
+testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" 
|| failed=`expr $failed + 1`
+
 GNUTLS_FORCE_FIPS_MODE=1
 export GNUTLS_FORCE_FIPS_MODE
 
@@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE
 testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s 
$SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
 
 # We should not be allowed to use NTLM for connecting
-testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER 
-U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
+testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt 
-c "getusername" || failed=`expr $failed + 1`
 
 unset GNUTLS_FORCE_FIPS_MODE
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

Reply via email to