The branch, master has been updated
via 84b9f58616e s3:tests: Add smbclient kerberos tests for ad_dc and
ad_dc_fips
via 42e3fda5be5 autobuild: Exclude fips envs from samba and
samba-mitkrb5
via e0fa3e359f1 bootstrap: Install krb5-workstation on Fedora based
distros
from 0ac71061044 s3:smbd: really support AES-256* in the server
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 84b9f58616e0a4c5b36b1c2d4fee7928fbf9edc4
Author: Andreas Schneider <a...@samba.org>
Date: Tue Jul 20 14:58:09 2021 +0200
s3:tests: Add smbclient kerberos tests for ad_dc and ad_dc_fips
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Wed Jul 21 07:19:00 UTC 2021 on sn-devel-184
commit 42e3fda5be56cb96139093ca98e4dfb6817aea39
Author: Andreas Schneider <a...@samba.org>
Date: Tue Jul 20 19:06:28 2021 +0200
autobuild: Exclude fips envs from samba and samba-mitkrb5
The FIPS envs only work on Fedora. Ubuntu doesn't have FIPS support!
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
commit e0fa3e359f16b26122d49ad79372e3923f5ded77
Author: Andreas Schneider <a...@samba.org>
Date: Tue Jul 20 15:55:53 2021 +0200
bootstrap: Install krb5-workstation on Fedora based distros
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Alexander Bokovoy <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 2 +-
bootstrap/config.py | 2 +-
bootstrap/generated-dists/centos7/bootstrap.sh | 1 +
bootstrap/generated-dists/centos7/packages.yml | 1 +
bootstrap/generated-dists/centos8/bootstrap.sh | 1 +
bootstrap/generated-dists/centos8/packages.yml | 1 +
bootstrap/generated-dists/fedora33/bootstrap.sh | 1 +
bootstrap/generated-dists/fedora33/packages.yml | 1 +
bootstrap/generated-dists/fedora34/bootstrap.sh | 1 +
bootstrap/generated-dists/fedora34/packages.yml | 1 +
bootstrap/generated-dists/opensuse151/bootstrap.sh | 1 +
bootstrap/generated-dists/opensuse151/packages.yml | 1 +
bootstrap/generated-dists/opensuse152/bootstrap.sh | 1 +
bootstrap/generated-dists/opensuse152/packages.yml | 1 +
bootstrap/sha1sum.txt | 2 +-
script/autobuild.py | 4 ++
source3/script/tests/test_smbclient_kerberos.sh | 84 ++++++++++++++++++++++
source3/selftest/tests.py | 11 +++
18 files changed, 114 insertions(+), 3 deletions(-)
create mode 100755 source3/script/tests/test_smbclient_kerberos.sh
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 1aee591b068..84cb9f0ba4e 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -42,7 +42,7 @@ variables:
# Set this to the contents of bootstrap/sha1sum.txt
# which is generated by bootstrap/template.py --render
#
- SAMBA_CI_CONTAINER_TAG: fa3eeb92fb5447524a057a4c377e6960dff626ce
+ SAMBA_CI_CONTAINER_TAG: 11d550c08430787a5b0eb8dc847977ffffe12bbe
#
# We use the ubuntu1804 image as default as
# it matches what we have on sn-devel-184.
diff --git a/bootstrap/config.py b/bootstrap/config.py
index b5d04d4e371..b02ce4cf566 100644
--- a/bootstrap/config.py
+++ b/bootstrap/config.py
@@ -116,7 +116,7 @@ PKGS = [
('bind9utils', 'bind-utils'),
('dnsutils', ''),
('xsltproc', 'libxslt'),
- ('krb5-user', ''),
+ ('krb5-user', 'krb5-workstation'),
('krb5-config', ''),
('krb5-kdc', 'krb5-server'),
('apt-utils', 'yum-utils'),
diff --git a/bootstrap/generated-dists/centos7/bootstrap.sh
b/bootstrap/generated-dists/centos7/bootstrap.sh
index 00dd22b891f..36913f40b44 100755
--- a/bootstrap/generated-dists/centos7/bootstrap.sh
+++ b/bootstrap/generated-dists/centos7/bootstrap.sh
@@ -45,6 +45,7 @@ yum install -y \
keyutils-libs-devel \
krb5-devel \
krb5-server \
+ krb5-workstation \
lcov \
libacl-devel \
libarchive-devel \
diff --git a/bootstrap/generated-dists/centos7/packages.yml
b/bootstrap/generated-dists/centos7/packages.yml
index 3f5e8331b40..4da3d61441f 100644
--- a/bootstrap/generated-dists/centos7/packages.yml
+++ b/bootstrap/generated-dists/centos7/packages.yml
@@ -31,6 +31,7 @@ packages:
- keyutils-libs-devel
- krb5-devel
- krb5-server
+ - krb5-workstation
- lcov
- libacl-devel
- libarchive-devel
diff --git a/bootstrap/generated-dists/centos8/bootstrap.sh
b/bootstrap/generated-dists/centos8/bootstrap.sh
index a3079982dda..60cf3937cf7 100755
--- a/bootstrap/generated-dists/centos8/bootstrap.sh
+++ b/bootstrap/generated-dists/centos8/bootstrap.sh
@@ -54,6 +54,7 @@ yum install -y \
keyutils-libs-devel \
krb5-devel \
krb5-server \
+ krb5-workstation \
libacl-devel \
libarchive-devel \
libattr-devel \
diff --git a/bootstrap/generated-dists/centos8/packages.yml
b/bootstrap/generated-dists/centos8/packages.yml
index 2994e81640a..f5d0ac5ffe6 100644
--- a/bootstrap/generated-dists/centos8/packages.yml
+++ b/bootstrap/generated-dists/centos8/packages.yml
@@ -34,6 +34,7 @@ packages:
- keyutils-libs-devel
- krb5-devel
- krb5-server
+ - krb5-workstation
- libacl-devel
- libarchive-devel
- libattr-devel
diff --git a/bootstrap/generated-dists/fedora33/bootstrap.sh
b/bootstrap/generated-dists/fedora33/bootstrap.sh
index 106bd09ede8..22b968e9ae2 100755
--- a/bootstrap/generated-dists/fedora33/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora33/bootstrap.sh
@@ -45,6 +45,7 @@ dnf install -y \
keyutils-libs-devel \
krb5-devel \
krb5-server \
+ krb5-workstation \
lcov \
libacl-devel \
libarchive-devel \
diff --git a/bootstrap/generated-dists/fedora33/packages.yml
b/bootstrap/generated-dists/fedora33/packages.yml
index 9fa48ad4502..7c61da3c53a 100644
--- a/bootstrap/generated-dists/fedora33/packages.yml
+++ b/bootstrap/generated-dists/fedora33/packages.yml
@@ -34,6 +34,7 @@ packages:
- keyutils-libs-devel
- krb5-devel
- krb5-server
+ - krb5-workstation
- lcov
- libacl-devel
- libarchive-devel
diff --git a/bootstrap/generated-dists/fedora34/bootstrap.sh
b/bootstrap/generated-dists/fedora34/bootstrap.sh
index 6686ab19250..d5fea5c008a 100755
--- a/bootstrap/generated-dists/fedora34/bootstrap.sh
+++ b/bootstrap/generated-dists/fedora34/bootstrap.sh
@@ -45,6 +45,7 @@ dnf install -y \
keyutils-libs-devel \
krb5-devel \
krb5-server \
+ krb5-workstation \
lcov \
libacl-devel \
libarchive-devel \
diff --git a/bootstrap/generated-dists/fedora34/packages.yml
b/bootstrap/generated-dists/fedora34/packages.yml
index 1e488823dda..db12fdb5486 100644
--- a/bootstrap/generated-dists/fedora34/packages.yml
+++ b/bootstrap/generated-dists/fedora34/packages.yml
@@ -34,6 +34,7 @@ packages:
- keyutils-libs-devel
- krb5-devel
- krb5-server
+ - krb5-workstation
- lcov
- libacl-devel
- libarchive-devel
diff --git a/bootstrap/generated-dists/opensuse151/bootstrap.sh
b/bootstrap/generated-dists/opensuse151/bootstrap.sh
index 2271e2ea8b2..e4771284f4d 100755
--- a/bootstrap/generated-dists/opensuse151/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse151/bootstrap.sh
@@ -40,6 +40,7 @@ zypper --non-interactive install \
hostname \
htop \
keyutils-devel \
+ krb5-client \
krb5-devel \
krb5-server \
lcov \
diff --git a/bootstrap/generated-dists/opensuse151/packages.yml
b/bootstrap/generated-dists/opensuse151/packages.yml
index 5710c60bd8b..d465252e26b 100644
--- a/bootstrap/generated-dists/opensuse151/packages.yml
+++ b/bootstrap/generated-dists/opensuse151/packages.yml
@@ -28,6 +28,7 @@ packages:
- hostname
- htop
- keyutils-devel
+ - krb5-client
- krb5-devel
- krb5-server
- lcov
diff --git a/bootstrap/generated-dists/opensuse152/bootstrap.sh
b/bootstrap/generated-dists/opensuse152/bootstrap.sh
index ae766095a4d..bdfb121b345 100755
--- a/bootstrap/generated-dists/opensuse152/bootstrap.sh
+++ b/bootstrap/generated-dists/opensuse152/bootstrap.sh
@@ -40,6 +40,7 @@ zypper --non-interactive install \
hostname \
htop \
keyutils-devel \
+ krb5-client \
krb5-devel \
krb5-server \
lcov \
diff --git a/bootstrap/generated-dists/opensuse152/packages.yml
b/bootstrap/generated-dists/opensuse152/packages.yml
index 6bc1a137ca7..75a37074791 100644
--- a/bootstrap/generated-dists/opensuse152/packages.yml
+++ b/bootstrap/generated-dists/opensuse152/packages.yml
@@ -28,6 +28,7 @@ packages:
- hostname
- htop
- keyutils-devel
+ - krb5-client
- krb5-devel
- krb5-server
- lcov
diff --git a/bootstrap/sha1sum.txt b/bootstrap/sha1sum.txt
index e198e6b80ae..0e70f1937b9 100644
--- a/bootstrap/sha1sum.txt
+++ b/bootstrap/sha1sum.txt
@@ -1 +1 @@
-fa3eeb92fb5447524a057a4c377e6960dff626ce
+11d550c08430787a5b0eb8dc847977ffffe12bbe
diff --git a/script/autobuild.py b/script/autobuild.py
index 85dff88a773..7ec3073f67e 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -326,6 +326,8 @@ tasks = {
"schema_pair_dc",
"schema_dc",
"clusteredmember",
+ "ad_dc_fips",
+ "ad_member_fips",
])),
("test-slow-none", make_test(cmd='make test',
TESTS="--include=selftest/slow-none", include_envs=["none"])),
("lcov", LCOV_CMD),
@@ -392,6 +394,8 @@ tasks = {
"schema_pair_dc",
"schema_dc",
"clusteredmember",
+ "ad_dc_fips",
+ "ad_member_fips",
])),
("lcov", LCOV_CMD),
("install", "make install"),
diff --git a/source3/script/tests/test_smbclient_kerberos.sh
b/source3/script/tests/test_smbclient_kerberos.sh
new file mode 100755
index 00000000000..cbc7934484d
--- /dev/null
+++ b/source3/script/tests/test_smbclient_kerberos.sh
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+if [ $# -lt 6 ]; then
+cat <<EOF
+Usage: test_smbclient_kerberos.sh USERNAME REALM PASSWORD SERVER SMBCLIENT
TARGET
+EOF
+exit 1
+fi
+
+USERNAME="$1"
+REALM=$2
+PASSWORD="$3"
+SERVER="$4"
+smbclient="$5"
+TARGET="$6"
+shift 6
+
+incdir=$(dirname $0)/../../../testprogs/blackbox
+. ${incdir}/subunit.sh
+. ${incdir}/common_test_fns.inc
+
+failed=0
+
+samba_kinit=kinit
+if test -x ${BINDIR}/samba4kinit; then
+ samba_kinit=${BINDIR}/samba4kinit
+fi
+
+samba_kdestroy=kdestroy
+if test -x ${BINDIR}/samba4kdestroy; then
+ samba_kinit=${BINDIR}/samba4kdestroy
+fi
+
+KRB5CCNAME_PATH="${PREFIX}/ccache_smbclient_kerberos"
+KRB5CCNAME="FILE:${KRB5CCNAME_PATH}"
+export KRB5CCNAME
+
+# For ad_dc_fips this should succeed as Kerberos is set to required by default
+test_smbclient "smbclient.smb3.kerberos[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+
+
+test_smbclient "smbclient.smb3.kerberos.required[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=required -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+
+test_smbclient "smbclient.smb3.kerberos.desired[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=desired -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+
+if [ "$TARGET" = "ad_dc_fips" ] || [ "$TARGET" = "ad_member_fips" ]; then
+ test_smbclient_expect_failure
"smbclient.smb3.kerberos.off[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=off -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+else
+ test_smbclient "smbclient.smb3.kerberos.off[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=off -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+fi
+
+kerberos_kinit $samba_kinit ${USERNAME}@${REALM} ${PASSWORD}
+test_smbclient "smbclient.smb3.kerberos.ccache[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-krb5-ccache=${KRB5CCNAME} -mSMB3 || \
+ failed=$(expr $failed + 1)
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=desired -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+test_smbclient "smbclient.smb3.kerberos.desired[//${SERVER}/tmp]" \
+ "ls; quit" //${SERVER}/tmp \
+ --use-kerberos=desired -U${USERNAME}%${PASSWORD} -mSMB3 || \
+ failed=$(expr $failed + 1)
+
+
+$samba_kdestroy
+
+
+rm -rf $KRB5CCNAME_PATH
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index cf745907219..a9745740118 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -1157,6 +1157,17 @@ for env in ['fileserver', 'simpleserver']:
"$USERNAME", "$PASSWORD", "$SERVER",
smbclient3, env])
+for env in ['ad_dc', 'ad_dc_fips', 'ad_member_fips']:
+ plantestsuite("samba3.blackbox.smbclient.kerberos", env,
+ [os.path.join(samba3srcdir,
+ "script/tests/test_smbclient_kerberos.sh"),
+ "alice",
+ "$REALM",
+ "Secret007",
+ "$SERVER",
+ smbclient3,
+ env])
+
plantestsuite("samba3.blackbox.rpcclient_netsessenum", "ad_member",
[os.path.join(samba3srcdir,
"script/tests/test_rpcclient_netsessenum.sh"),
--
Samba Shared Repository
