[SCM] Samba Shared Repository - branch master updated
Noel Power
npower at samba.org
Thu May 17 12:29:01 UTC 2018
The branch, master has been updated
via 83bde8a FIXUP: Improve memory handling on py_net_change_password
via e7144f2 python/samba/netcmd: net.change_password should be passed string
via 75e1019 s4/libnet: Allow passwords containing non ascii characters to be passed
via a8d8c6e testprogs/blackbox: Add test to set and use password with non-ascii
via 7102732 python/samba: Fix incorrect encode of password
via b28b6a4 s4/setup/tests: Add test for non ascii password setting samba-tool
from 8109857 winbindd: Remove an unused function prototype
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 83bde8a49cf3015c71302fbd209f95006e7535b2
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu May 17 06:37:28 2018 +1200
FIXUP: Improve memory handling on py_net_change_password
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu May 17 14:28:19 CEST 2018 on sn-devel-144
commit e7144f2e115f7d446de880a5680c2f2f02dd9467
Author: Noel Power <noel.power at suse.com>
Date: Wed May 16 16:51:34 2018 +0100
python/samba/netcmd: net.change_password should be passed string
password param which in python2 (is str) is incorrectly encoded
before passing to net.change_password.
python2 - password is either unicode or str, if str we should
decode to get unicode (and then pass to net.change_password).
python3 - password is either str or bytes, if bytes then decode
(and pass as 'str' to net.change_password).
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 75e1019f6162814eae3edb050d41784179cfa8ab
Author: Noel Power <noel.power at suse.com>
Date: Wed May 16 16:46:41 2018 +0100
s4/libnet: Allow passwords containing non ascii characters to be passed
Although we can pass unicode to py_net_change_password unfortunately in
Python2 unicode strings are encoded with the default encoding (e.g. ascii)
when extracting the unicode string to buffer.
In Python3 the default encoding for "s" format is utf8. Use the "es"
format instead of "s" so we can specify the encoding so behaviour is
correct in py2/py3.
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a8d8c6ec439fb64ce33dc2406bb38792050ca3a1
Author: Noel Power <noel.power at suse.com>
Date: Tue May 15 18:27:23 2018 +0100
testprogs/blackbox: Add test to set and use password with non-ascii
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7102732b25dfcd5e6815159e3043eed240e918d3
Author: Noel Power <noel.power at suse.com>
Date: Mon May 14 13:38:20 2018 +0100
python/samba: Fix incorrect encode of password
In python2 you can encode a 'str' type which doesn't really make sense
since it is already bytes (as such). In python3 this isn't possible you
can't encode bytes or decode strings. Also because you can call encode
on 'str' in python2 it tries to to what you wanted and it implicity
calls decode('ascii') before performing the encode. This is why we get
mention of ascii codec in the error. This patch should future proof for
python3 also.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b28b6a4565870ac402b3678b4eecfe8e30fb0a73
Author: Noel Power <noel.power at suse.com>
Date: Mon May 14 13:48:18 2018 +0100
s4/setup/tests: Add test for non ascii password setting samba-tool
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13435
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/user.py | 6 ++++--
python/samba/samdb.py | 6 +++++-
source4/libnet/py_net.c | 26 ++++++++++++++++++--------
source4/setup/tests/blackbox_setpassword.sh | 2 ++
testprogs/blackbox/test_password_settings.sh | 17 +++++++++++++++++
5 files changed, 46 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/user.py b/python/samba/netcmd/user.py
index 4009d63..f211b51 100644
--- a/python/samba/netcmd/user.py
+++ b/python/samba/netcmd/user.py
@@ -54,7 +54,7 @@ from samba.netcmd import (
SuperCommand,
Option,
)
-
+from samba.compat import text_type
try:
import io
@@ -713,7 +713,9 @@ class cmd_user_password(Command):
self.outf.write("Sorry, passwords do not match.\n")
try:
- net.change_password(password.encode('utf-8'))
+ if not isinstance(password, text_type):
+ password = password.decode('utf8')
+ net.change_password(password)
except Exception as msg:
# FIXME: catch more specific exception
raise CommandError("Failed to change password : %s" % msg)
diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 424a648..abe434c 100644
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -589,7 +589,11 @@ member: %s
if len(res) > 1:
raise Exception('Matched %u multiple users with filter "%s"' % (len(res), search_filter))
user_dn = res[0].dn
- pw = text_type(b'"' + password.encode('utf-8') + b'"', 'utf-8').encode('utf-16-le')
+ if not isinstance(password, text_type):
+ pw = password.decode('utf-8')
+ else:
+ pw = password
+ pw = ('"' + pw + '"').encode('utf-16-le')
setpw = """
dn: %s
changetype: modify
diff --git a/source4/libnet/py_net.c b/source4/libnet/py_net.c
index 0567dbd..65060d5 100644
--- a/source4/libnet/py_net.c
+++ b/source4/libnet/py_net.c
@@ -155,21 +155,26 @@ static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyO
{
union libnet_ChangePassword r;
NTSTATUS status;
- TALLOC_CTX *mem_ctx;
- struct tevent_context *ev;
+ TALLOC_CTX *mem_ctx = NULL;
+ struct tevent_context *ev = NULL;
const char *kwnames[] = { "newpassword", "oldpassword", "domain", "username", NULL };
-
+ const char *newpass = NULL;
+ const char *oldpass = NULL;
ZERO_STRUCT(r);
-
- if (!PyArg_ParseTupleAndKeywords(args, kwargs, "s|sss:change_password",
+ if (!PyArg_ParseTupleAndKeywords(args, kwargs, "es|esss:change_password",
discard_const_p(char *, kwnames),
- &r.generic.in.newpassword,
- &r.generic.in.oldpassword,
+ "utf8",
+ &newpass,
+ "utf8",
+ &oldpass,
&r.generic.in.domain_name,
&r.generic.in.account_name)) {
return NULL;
}
+ r.generic.in.newpassword = newpass;
+ r.generic.in.oldpassword = oldpass;
+
r.generic.level = LIBNET_CHANGE_PASSWORD_GENERIC;
if (r.generic.in.account_name == NULL) {
r.generic.in.account_name
@@ -190,11 +195,17 @@ static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyO
mem_ctx = talloc_new(ev);
if (mem_ctx == NULL) {
+ PyMem_Free(discard_const_p(char, newpass));
+ PyMem_Free(discard_const_p(char, oldpass));
PyErr_NoMemory();
return NULL;
}
status = libnet_ChangePassword(self->libnet_ctx, mem_ctx, &r);
+
+ PyMem_Free(discard_const_p(char, newpass));
+ PyMem_Free(discard_const_p(char, oldpass));
+
if (NT_STATUS_IS_ERR(status)) {
PyErr_SetNTSTATUS_and_string(status,
r.generic.out.error_string
@@ -205,7 +216,6 @@ static PyObject *py_net_change_password(py_net_Object *self, PyObject *args, PyO
}
talloc_free(mem_ctx);
-
Py_RETURN_NONE;
}
diff --git a/source4/setup/tests/blackbox_setpassword.sh b/source4/setup/tests/blackbox_setpassword.sh
index 8055740..ccc94c3 100755
--- a/source4/setup/tests/blackbox_setpassword.sh
+++ b/source4/setup/tests/blackbox_setpassword.sh
@@ -25,6 +25,8 @@ testit "setpassword" $samba_tool user setpassword --configfile=$PREFIX/simple-dc
testit "setpassword" $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=testp at ssw0Rd --must-change-at-next-login
+testit "setpassword" $samba_tool user setpassword --configfile=$PREFIX/simple-dc/etc/smb.conf testuser --newpassword=Täst123 --must-change-at-next-login
+
testit "passwordsettings" $samba_tool domain passwordsettings set --quiet --configfile=$PREFIX/simple-dc/etc/smb.conf --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default --store-plaintext=on
exit $failed
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 49d5126..1edf2bf 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -64,6 +64,7 @@ testit "reset password policies beside of minimum password age of 0 days" \
TEST_USERNAME="$(mktemp -u alice-XXXXXX)"
TEST_PASSWORD="testPaSS at 00%"
TEST_PASSWORD_NEW="testPaSS at 01%"
+TEST_PASSWORD_NON_ASCII="Täst123"
TEST_PASSWORD_SHORT="secret"
TEST_PASSWORD_WEAK="Supersecret"
TEST_PRINCIPAL="$TEST_USERNAME@$REALM"
@@ -106,6 +107,22 @@ testit "kinit with user password" \
test_smbclient "Test login with user kerberos ccache" \
"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+###########################################################
+### Change the users password
+###########################################################
+
+testit "change user (non-ascii) password with 'samba-tool user password' (unforced)" \
+ $VALGRIND $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NON_ASCII || failed=`expr $failed + 1`
+
+TEST_PASSWORD_OLD=$TEST_PASSWORD_NEW
+TEST_PASSWORD=$TEST_PASSWORD_NON_ASCII
+
+testit "kinit with user password" \
+ do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache" \
+ "ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+
#
# These tests demonstrate that a credential cache in the environment does not
# override a username/password, even an incorrect one, on the command line
--
Samba Shared Repository
More information about the samba-cvs
mailing list