[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Sun Sep 25 10:57:03 UTC 2016


The branch, master has been updated
       via  631e063 s3-lib: Do not set an empty string in split_domain_user()
       via  0c4e132 s3-lib: Parse WORKGROUP\username in set_cmdline_auth_info_username()
       via  5328325 s3-lib: Do not create 'MACHINE$@' usernames
       via  7f14776 nsswitch: Use own credential cache for wbinfo tests
       via  2dac252 testprogs: Use own credential cache for test_client_etypes.sh
       via  7abda74 testprogs: Use better KRB5CCNAME in test_password_settings.sh
       via  9413e33 s3-script: Use unique krb5ccache name
       via  3470dca s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
      from  c60ea2c glusterfs: Avoid tevent_internal.h

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 631e063f6bb49da426ca7343b6987f7831078d7f
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Sep 20 19:51:15 2016 +0200

    s3-lib: Do not set an empty string in split_domain_user()
    
    The function should also return if it failed or not.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Sun Sep 25 12:56:17 CEST 2016 on sn-devel-144

commit 0c4e13243826871e0597fcd37bd90b184c296e21
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 15 12:08:24 2016 +0200

    s3-lib: Parse WORKGROUP\username in set_cmdline_auth_info_username()
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 5328325f94fc2b49f34cf5f2c699ec7440ef1ec9
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 15 12:54:42 2016 +0200

    s3-lib: Do not create 'MACHINE$@' usernames
    
    If there is no realm set we should not add it to the machine account.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 7f14776ba7704bdefcbd6ad71856b6efdeacf052
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Sep 19 13:27:30 2016 +0200

    nsswitch: Use own credential cache for wbinfo tests
    
    If we do not set it will add the credentials to the system default
    credential cache, which is e.g. FILE:/tmp/krb5cc_1000.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 2dac25249749734dfc2f27cb10088e97cecdc6ad
Author: Andreas Schneider <asn at samba.org>
Date:   Wed Sep 21 00:01:35 2016 +0200

    testprogs: Use own credential cache for test_client_etypes.sh
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 7abda740f5671ff6f1ef326cf80afb8b65a4e5e7
Author: Andreas Schneider <asn at samba.org>
Date:   Tue Sep 20 09:46:34 2016 +0200

    testprogs: Use better KRB5CCNAME in test_password_settings.sh
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 9413e337cee630d3357b9a3299a67a4160bbc495
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Sep 19 12:18:31 2016 +0200

    s3-script: Use unique krb5ccache name
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

commit 3470dca36df56aaf08589632462865154c9fa869
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Sep 15 15:47:25 2016 +0200

    s3-selftest: Rename samba3.ntlm_auth.krb5 old ccache test
    
    This makes it easier to run only one of them.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 nsswitch/tests/test_wbinfo.sh                      | 10 +++-
 nsswitch/tests/test_wbinfo_simple.sh               | 10 +++-
 source3/include/proto.h                            |  2 +-
 source3/lib/util.c                                 | 16 +++++-
 source3/lib/util_cmdline.c                         | 61 +++++++++++++++++++++-
 source3/libnet/libnet_join.c                       | 40 ++++++++++----
 source3/rpc_server/wkssvc/srv_wkssvc_nt.c          | 24 ++++++---
 .../script/tests/test_smbclient_netbios_aliases.sh |  5 +-
 source3/selftest/tests.py                          |  2 +-
 testprogs/blackbox/test_client_etypes.sh           |  8 +++
 testprogs/blackbox/test_password_settings.sh       |  8 ++-
 11 files changed, 156 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/tests/test_wbinfo.sh b/nsswitch/tests/test_wbinfo.sh
index 1d14ca3..69cc437 100755
--- a/nsswitch/tests/test_wbinfo.sh
+++ b/nsswitch/tests/test_wbinfo.sh
@@ -51,6 +51,12 @@ knownfail() {
         return $status
 }
 
+KRB5CCNAME_PATH="$PREFIX/test_wbinfo_krb5ccache"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
 # List users
 testit "wbinfo -u against $TARGET" $wbinfo -u || failed=`expr $failed + 1`
 # List groups
@@ -244,8 +250,10 @@ testit "wbinfo --getdcname against $TARGET" $wbinfo --getdcname=$DOMAIN
 
 testit "wbinfo -p against $TARGET" $wbinfo -p || failed=`expr $failed + 1`
 
-testit "wbinfo -K against $TARGET with domain creds" $wbinfo -K "$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
+testit "wbinfo -K against $TARGET with domain creds" $wbinfo --krb5ccname=$KRB5CCNAME --krb5auth="$DOMAIN/$USERNAME"%"$PASSWORD" || failed=`expr $failed + 1`
 
 testit "wbinfo --separator against $TARGET" $wbinfo --separator || failed=`expr $failed + 1`
 
+rm -f $KRB5CCNAME_PATH
+
 exit $failed
diff --git a/nsswitch/tests/test_wbinfo_simple.sh b/nsswitch/tests/test_wbinfo_simple.sh
index dc90ddc..35adb6c 100755
--- a/nsswitch/tests/test_wbinfo_simple.sh
+++ b/nsswitch/tests/test_wbinfo_simple.sh
@@ -12,6 +12,14 @@ ADDARGS="$*"
 incdir=`dirname $0`/../../testprogs/blackbox
 . $incdir/subunit.sh
 
-testit "wbinfo" $VALGRIND $BINDIR/wbinfo $ADDARGS || failed=`expr $failed + 1`
+KRB5CCNAME_PATH="$PREFIX/test_wbinfo_simple_krb5ccname"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
+testit "wbinfo" $VALGRIND $BINDIR/wbinfo --krb5ccname="$KRB5CCNAME" $ADDARGS || failed=`expr $failed + 1`
+
+rm -f $KRB5CCNAME_PATH
 
 testok $0 $failed
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0aa1009..fe4217d 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -424,7 +424,7 @@ char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off);
 int get_safe_SVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval);
 int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, int failval);
-void split_domain_user(TALLOC_CTX *mem_ctx,
+bool split_domain_user(TALLOC_CTX *mem_ctx,
 		       const char *full_name,
 		       char **domain,
 		       char **user);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index ad33624..bab3998 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -2103,7 +2103,7 @@ int get_safe_IVAL(const char *buf_base, size_t buf_len, char *ptr, size_t off, i
  call (they take care of winbind separator and other winbind specific settings).
 ****************************************************************/
 
-void split_domain_user(TALLOC_CTX *mem_ctx,
+bool split_domain_user(TALLOC_CTX *mem_ctx,
 		       const char *full_name,
 		       char **domain,
 		       char **user)
@@ -2115,11 +2115,23 @@ void split_domain_user(TALLOC_CTX *mem_ctx,
 	if (p != NULL) {
 		*domain = talloc_strndup(mem_ctx, full_name,
 					 PTR_DIFF(p, full_name));
+		if (*domain == NULL) {
+			return false;
+		}
 		*user = talloc_strdup(mem_ctx, p+1);
+		if (*user == NULL) {
+			TALLOC_FREE(*domain);
+			return false;
+		}
 	} else {
-		*domain = talloc_strdup(mem_ctx, "");
+		*domain = NULL;
 		*user = talloc_strdup(mem_ctx, full_name);
+		if (*user == NULL) {
+			return false;
+		}
 	}
+
+	return true;
 }
 
 /****************************************************************
diff --git a/source3/lib/util_cmdline.c b/source3/lib/util_cmdline.c
index 80c3ecd..3ef1d09 100644
--- a/source3/lib/util_cmdline.c
+++ b/source3/lib/util_cmdline.c
@@ -54,8 +54,49 @@ const char *get_cmdline_auth_info_username(const struct user_auth_info *auth_inf
 void set_cmdline_auth_info_username(struct user_auth_info *auth_info,
 				    const char *username)
 {
+	char *s;
+	char *p;
+	bool contains_domain = false;
+
+	s = talloc_strdup(auth_info, username);
+	if (s == NULL) {
+		exit(ENOMEM);
+	}
+
+	p = strchr_m(s, '\\');
+	if (p != NULL) {
+		contains_domain = true;
+	}
+	if (!contains_domain) {
+		p = strchr_m(s, '/');
+		if (p != NULL) {
+			contains_domain = true;
+		}
+	}
+	if (!contains_domain) {
+		char sep = *lp_winbind_separator();
+
+		if (sep != '\0') {
+			p = strchr_m(s, *lp_winbind_separator());
+			if (p != NULL) {
+				contains_domain = true;
+			}
+		}
+	}
+
+	if (contains_domain) {
+		*p = '\0';
+		username = p + 1;
+
+		/* s is now the workgroup part */
+		set_cmdline_auth_info_domain(auth_info, s);
+	}
+
 	TALLOC_FREE(auth_info->username);
 	auth_info->username = talloc_strdup(auth_info, username);
+
+	TALLOC_FREE(s);
+
 	if (!auth_info->username) {
 		exit(ENOMEM);
 	}
@@ -207,6 +248,9 @@ bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_inf
 {
 	char *pass = NULL;
 	char *account = NULL;
+	const char *realm = lp_realm();
+	int rc;
+
 
 	if (!get_cmdline_auth_info_use_machine_account(auth_info)) {
 		return false;
@@ -217,8 +261,21 @@ bool set_cmdline_auth_info_machine_account_creds(struct user_auth_info *auth_inf
 		return false;
 	}
 
-	if (asprintf(&account, "%s$@%s", lp_netbios_name(), lp_realm()) < 0) {
-		return false;
+	if (realm != NULL && realm[0] != '\0') {
+		rc = asprintf(&account,
+			      "%s$@%s",
+			      lp_netbios_name(),
+			      realm);
+		if (rc < 0) {
+			return false;
+		}
+	} else {
+		rc = asprintf(&account,
+			      "%s$",
+			      lp_netbios_name());
+		if (rc < 0) {
+			return false;
+		}
 	}
 
 	pass = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL);
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3d66eaf..bbbd06e 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2131,11 +2131,21 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx,
 	if (!r->in.admin_domain) {
 		char *admin_domain = NULL;
 		char *admin_account = NULL;
-		split_domain_user(mem_ctx,
-				  r->in.admin_account,
-				  &admin_domain,
-				  &admin_account);
-		r->in.admin_domain = admin_domain;
+		bool ok;
+
+		ok = split_domain_user(mem_ctx,
+				       r->in.admin_account,
+				       &admin_domain,
+				       &admin_account);
+		if (!ok) {
+			return WERR_NOMEM;
+		}
+
+		if (admin_domain != NULL) {
+			r->in.admin_domain = admin_domain;
+		} else {
+			r->in.admin_domain = r->in.domain_name;
+		}
 		r->in.admin_account = admin_account;
 	}
 
@@ -2814,11 +2824,21 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx,
 	if (!r->in.admin_domain) {
 		char *admin_domain = NULL;
 		char *admin_account = NULL;
-		split_domain_user(mem_ctx,
-				  r->in.admin_account,
-				  &admin_domain,
-				  &admin_account);
-		r->in.admin_domain = admin_domain;
+		bool ok;
+
+		ok = split_domain_user(mem_ctx,
+				       r->in.admin_account,
+				       &admin_domain,
+				       &admin_account);
+		if (!ok) {
+			return WERR_NOMEM;
+		}
+
+		if (admin_domain != NULL) {
+			r->in.admin_domain = admin_domain;
+		} else {
+			r->in.admin_domain = r->in.domain_name;
+		}
 		r->in.admin_account = admin_account;
 	}
 
diff --git a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
index 52809a4..25233e5 100644
--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
+++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c
@@ -825,6 +825,7 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
 	struct security_token *token = p->session_info->security_token;
 	NTSTATUS status;
 	DATA_BLOB session_key;
+	bool ok;
 
 	if (!r->in.domain_name) {
 		return WERR_INVALID_PARAM;
@@ -863,10 +864,13 @@ WERROR _wkssvc_NetrJoinDomain2(struct pipes_struct *p,
 		return werr;
 	}
 
-	split_domain_user(p->mem_ctx,
-			  r->in.admin_account,
-			  &admin_domain,
-			  &admin_account);
+	ok = split_domain_user(p->mem_ctx,
+			       r->in.admin_account,
+			       &admin_domain,
+			       &admin_account);
+	if (!ok) {
+		return WERR_NOMEM;
+	}
 
 	werr = libnet_init_JoinCtx(p->mem_ctx, &j);
 	if (!W_ERROR_IS_OK(werr)) {
@@ -913,6 +917,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
 	struct security_token *token = p->session_info->security_token;
 	NTSTATUS status;
 	DATA_BLOB session_key;
+	bool ok;
 
 	if (!r->in.account || !r->in.encrypted_password) {
 		return WERR_INVALID_PARAM;
@@ -942,10 +947,13 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct pipes_struct *p,
 		return werr;
 	}
 
-	split_domain_user(p->mem_ctx,
-			  r->in.account,
-			  &admin_domain,
-			  &admin_account);
+	ok = split_domain_user(p->mem_ctx,
+			       r->in.account,
+			       &admin_domain,
+			       &admin_account);
+	if (!ok) {
+		return WERR_NOMEM;
+	}
 
 	werr = libnet_init_UnjoinCtx(p->mem_ctx, &u);
 	if (!W_ERROR_IS_OK(werr)) {
diff --git a/source3/script/tests/test_smbclient_netbios_aliases.sh b/source3/script/tests/test_smbclient_netbios_aliases.sh
index cb0d967..610eeda 100755
--- a/source3/script/tests/test_smbclient_netbios_aliases.sh
+++ b/source3/script/tests/test_smbclient_netbios_aliases.sh
@@ -22,10 +22,11 @@ if test -x $BINDIR/samba4kinit; then
 	samba4kinit=$BINDIR/samba4kinit
 fi
 
-KRB5CCNAME_PATH="$PREFIX/tmpccache"
+KRB5CCNAME_PATH="$PREFIX/test_smbclient_netbios_aliases_krb5ccache"
+rm -rf $KRB5CCNAME_PATH
+
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
 export KRB5CCNAME
-rm -rf $KRB5CCNAME_PATH
 
 incdir=`dirname $0`/../../../testprogs/blackbox
 . $incdir/subunit.sh
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index c75b7ae..d0f5334 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -152,7 +152,7 @@ t = "WBCLIENT-MULTI-PING"
 plantestsuite("samba3.smbtorture_s3.%s" % t, env, [os.path.join(samba3srcdir, "script/tests/test_smbtorture_s3.sh"), t, '//foo/bar', '""', '""', smbtorture3, ""])
 
 
-plantestsuite("samba3.ntlm_auth.krb5(ktest:local) old ccache", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration])
+plantestsuite("samba3.ntlm_auth.krb5 with old ccache(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-2', '$SERVER', configuration])
 
 plantestsuite("samba3.ntlm_auth.krb5(ktest:local)", "ktest:local", [os.path.join(samba3srcdir, "script/tests/test_ntlm_auth_krb5.sh"), valgrindify(python), samba3srcdir, ntlm_auth3, '$PREFIX/ktest/krb5_ccache-3', '$SERVER', configuration])
 
diff --git a/testprogs/blackbox/test_client_etypes.sh b/testprogs/blackbox/test_client_etypes.sh
index 57739c6..98ff73a 100755
--- a/testprogs/blackbox/test_client_etypes.sh
+++ b/testprogs/blackbox/test_client_etypes.sh
@@ -15,6 +15,12 @@ EXPECTED_ETYPES="$6"
 # Load test functions
 . `dirname $0`/subunit.sh
 
+KRB5CCNAME_PATH="$PREFIX/test_client_etypes_krb5ccname"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+export KRB5CCNAME
+
 #requires tshark and sha1sum
 if ! which tshark > /dev/null 2>&1 || ! which sha1sum > /dev/null 2>&1 ; then
     subunit_start_test "client encryption types"
@@ -71,5 +77,7 @@ actual_types="`tshark -r $pcap_file  -nVY "kerberos" | \
 testit "verify types" test "x$actual_types" = "x$EXPECTED_ETYPES" || failed=`expr $failed + 1`
 
 rm -rf $BASEDIR/$WORKDIR
+rm -f $KRB5CCNAME_PATH
+
 
 exit $failed
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 17f905f..9436e30 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -75,7 +75,10 @@ testit "create user locally" \
 ### Test normal operation as user
 ###########################################################
 
-KRB5CCNAME="$PREFIX/tmpuserccache"
+KRB5CCNAME_PATH="$PREFIX/test_password_settings_krb5ccache"
+rm -f $KRB5CCNAME_PATH
+
+KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
 export KRB5CCNAME
 
 testit "kinit with user password" \
@@ -206,6 +209,7 @@ testit "reset password policies" \
 testit "delete user $TEST_USERNAME" \
 	$VALGRIND $samba_tool user delete $TEST_USERNAME -U"$USERNAME%$PASSWORD" $CONFIG -k no  || failed=`expr $failed + 1`
 
-rm -f $PREFIX/tmpuserpassfile $PREFIX/tmpsmbpasswdscript $PREFIX/tmpuserccache
+rm -f $PREFIX/tmpuserpassfile $PREFIX/tmpsmbpasswdscript
+rm -f $KRB5CCNAME_PATH
 
 exit $failed


-- 
Samba Shared Repository



More information about the samba-cvs mailing list