[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Apr 5 21:25:02 MDT 2011
The branch, master has been updated
via d84a8d5 s3-selftest Add tests to show kerberos works across a password change
via 0415a57 s3-librpc Fix creation of in-memory keytab for previous password
via 747ebc1 s3-selftest names into DNS hosts file to avoid NBT lookups
via 457c665 libcli/nbt Cope with blank lines in DNS hosts file
from 82e0ba2 docs: fix the missing parameter description section in the smb.conf manpage
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d84a8d534374072fc96fd5da34e0021c81005f1a
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 6 09:12:15 2011 +1000
s3-selftest Add tests to show kerberos works across a password change
It is important that a machine account password change does not
invalidate existing tickets.
This is only for the default kerberos method with a password in
secrets.tdb. The keytab based methods are still not tested.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet at samba.org>
Autobuild-Date: Wed Apr 6 05:24:48 CEST 2011 on sn-devel-104
commit 0415a5736e7e68f076fcf63dc16a7d33da4e569d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 6 09:10:13 2011 +1000
s3-librpc Fix creation of in-memory keytab for previous password
We set the current password twice, rather than the current and old
password.
Andrew Bartlett
commit 747ebc118a5cff75e71341e1f39b8127e96e41cd
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 6 12:10:03 2011 +1000
s3-selftest names into DNS hosts file to avoid NBT lookups
NBT lookups cause trouble and variablity in 'make test', so it's much
better if we just use the fake DNS code. This code is only used by
smbtorture4 at this time, but the other client tools are generally
told to contact by IP address.
We need to contact by name to test Kerberos, and this should make the
kerberos tests much more reliable.
Andrew Bartlett
commit 457c665be2777513ff8aed1de53d8ea4eb462adc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Apr 6 12:09:41 2011 +1000
libcli/nbt Cope with blank lines in DNS hosts file
-----------------------------------------------------------------------
Summary of changes:
libcli/nbt/dns_hosts_file.c | 6 ++--
selftest/target/Samba3.pm | 23 ++++++++++++++++---
source3/librpc/crypto/gse_krb5.c | 2 +-
.../{ktest-krb5_ccache => ktest-krb5_ccache-2} | Bin 11966 -> 11966 bytes
source3/selftest/ktest-krb5_ccache-3 | Bin 0 -> 6031 bytes
source3/selftest/ktest-secrets.tdb | Bin 45056 -> 45056 bytes
source3/selftest/tests.py | 5 +++-
7 files changed, 27 insertions(+), 9 deletions(-)
rename source3/selftest/{ktest-krb5_ccache => ktest-krb5_ccache-2} (100%)
create mode 100644 source3/selftest/ktest-krb5_ccache-3
Changeset truncated at 500 lines:
diff --git a/libcli/nbt/dns_hosts_file.c b/libcli/nbt/dns_hosts_file.c
index c6491a9..8013936 100644
--- a/libcli/nbt/dns_hosts_file.c
+++ b/libcli/nbt/dns_hosts_file.c
@@ -85,15 +85,15 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha
++count;
if (next_token_talloc(ctx, &ptr, &name, NULL))
++count;
- if (strcasecmp(name_type, "A") == 0) {
+ if (name_type && strcasecmp(name_type, "A") == 0) {
if (next_token_talloc(ctx, &ptr, &ip, NULL))
++count;
- } else if (strcasecmp(name_type, "SRV") == 0) {
+ } else if (name_type && strcasecmp(name_type, "SRV") == 0) {
if (next_token_talloc(ctx, &ptr, &next_name, NULL))
++count;
if (next_token_talloc(ctx, &ptr, &port, NULL))
++count;
- } else if (strcasecmp(name_type, "CNAME") == 0) {
+ } else if (name_type && strcasecmp(name_type, "CNAME") == 0) {
if (next_token_talloc(ctx, &ptr, &next_name, NULL))
++count;
}
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index de3fffb..b6c851a 100644
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -298,19 +298,29 @@ $ret->{USERNAME} = KTEST\\Administrator
# ticket_lifetime = 799718400
# renew_lifetime = 799718400
#
-# The commands run were:
+# The commands for the -2 keytab where were:
# kinit administrator at KTEST.SAMBA.EXAMPLE.COM
# kvno host/localktest6 at KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/localktest6 at KTEST.SAMBA.EXAMPLE.COM
# kvno host/LOCALKTEST6 at KTEST.SAMBA.EXAMPLE.COM
# kvno cifs/LOCALKTEST6 at KTEST.SAMBA.EXAMPLE.COM
#
-# This creates a credential cache with a very long lifetime (2036 at at 2011-04)
+# and then for the -3 keytab, I did
+#
+# net changetrustpw; kdestroy and the same again.
+#
+# This creates a credential cache with a very long lifetime (2036 at
+# at 2011-04), and shows that running 'net changetrustpw' does not
+# break existing logins (for the secrets.tdb method at least).
+#
$ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache";
- system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache");
- chmod 0600, "$prefix/krb5_ccache";
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2");
+ chmod 0600, "$prefix/krb5_ccache-2";
+
+ system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3");
+ chmod 0600, "$prefix/krb5_ccache-3";
$self->check_or_start($ret,
($ENV{SMBD_MAXTIME} or 2700),
@@ -802,6 +812,11 @@ domusers:X:$gid_domusers:
print "DONE\n";
+ open(HOSTS, ">>$ENV{SELFTEST_PREFIX}/dns_host_file") or die("Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file");
+ print HOSTS "A $server $server_ip
+";
+ close(HOSTS);
+
$ret{SERVER_IP} = $server_ip;
$ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log";
$ret{NMBD_TEST_LOG_POS} = 0;
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c
index 735dff0..830d517 100644
--- a/source3/librpc/crypto/gse_krb5.c
+++ b/source3/librpc/crypto/gse_krb5.c
@@ -280,7 +280,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx,
goto out;
}
- pwd_old = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
+ pwd_old = secrets_fetch_prev_machine_password(lp_workgroup());
if (!pwd_old) {
DEBUG(10, (__location__ ": no prev machine password\n"));
} else {
diff --git a/source3/selftest/ktest-krb5_ccache-3 b/source3/selftest/ktest-krb5_ccache-3
new file mode 100644
index 0000000..a056beb
Binary files /dev/null and b/source3/selftest/ktest-krb5_ccache-3 differ
diff --git a/source3/selftest/ktest-secrets.tdb b/source3/selftest/ktest-secrets.tdb
index c09c315..cf5c3d0 100644
Binary files a/source3/selftest/ktest-secrets.tdb and b/source3/selftest/ktest-secrets.tdb differ
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 826b84f..3fd44c5 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -219,7 +219,10 @@ if sub.returncode == 0:
e = ""
a = ""
binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e)
- options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache"
+ options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
+ plansmbtorturetestsuite(test, "ktest", options, 'over kerberos with old ccache ncacn_np with [%s%s%s%s] ' % (a, s, z, e))
+
+ options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
plansmbtorturetestsuite(test, "ktest", options, 'over kerberos ncacn_np with [%s%s%s%s] ' % (a, s, z, e))
--
Samba Shared Repository
More information about the samba-cvs
mailing list