[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Feb 11 10:04:02 UTC 2019
The branch, master has been updated
via 2e8daeb2bb3 docs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
via cef1d2ab8c4 s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
via c4131b610cd selftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh
via 9f6ade21f56 s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
via 77bddbb761f tests/user_check_password_script: add a test do disallow the username as password
via 39c1aa2857a selftest: make check password script more portable
via 193bb824e2c s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src
via d21fc7d8b86 s3:util: Move static file_pload() function to lib/util
via 65ea3f2a461 s3:util: Move popen wrappers to lib/util
via 724c07fe131 build: Don't generate kerberos_implementation.py if building without python
via b50f8390eba build: Fixed usage of non-default path to WAFLOCK
via 835e1564943 dnsserver: Return access denied to the caller if the user was not a DNS admin
via 244e2a02796 buildtools/wafsamba: Avoid decode when using python2
from 584dfc15fd3 libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2e8daeb2bb30f57284f80cac51eb005f775e155f
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 4 15:40:16 2019 +0100
docs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 11 11:03:58 CET 2019 on sn-devel-144
commit cef1d2ab8c46dda741ca901f71eccb8a8abeba1d
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Feb 2 13:19:31 2019 +0100
s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
This is keep compatibility with the AD DC usage.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c4131b610cd1fe2767e0d34c078d62f2d481f2e8
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 5 16:15:15 2019 +0100
selftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f6ade21f56765d162695646dfd9792d0b0843d4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 22 11:33:23 2019 +0100
s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script
This allows the check password script to reject the username and other
things.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 77bddbb761fd792b51b16e06bad06293f780c383
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 22 10:31:52 2019 +0100
tests/user_check_password_script: add a test do disallow the username as password
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 39c1aa2857ae5dd4395ddbcf6a0aeff17f8e3250
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 5 15:30:36 2019 +0100
selftest: make check password script more portable
We should not rely on Linux specific sed options.
grep -q also works on FreeBSD (tested on FreeBSD 12).
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 193bb824e2c4d40a88ce226814162357765c0c52
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date: Mon Jan 28 03:17:07 2019 -0500
s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src
If the Samba build directory is outside its source directory, generation
of nfs41acl_xdr.c by rpcgen leads to improper include paths to nfs41acl.h.
This happens because rpcgen is designed to produce its generated file in the
same directory as the input template. If the build directory is not located
under the source directory, this relative path will be invalid and the header
will not be found.
Example:
src dir is ~/samba-src
bld dir is ~/samba-bld
rpcgen will use path ../../samba-src/source3/modules/nfs41acl.x
running from ~/samba-bld/default and nfs41acl_xdr.c will contain:
#include "../../samba-src/source3/modules/nfs41acl.h"
This behaviour is fixed through an intermediate copy of the input file to
the build directory so that rpcgen receives the path as if located in src.
Also now we avoid generation of nfs41acl_xdr.c when HAVE_RPC_XDR_H is
not defined because it will not be used as part of the vfs_nfs4acl_xattr
module.
Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d21fc7d8b86b0cddc619ffe528d9cd93eeedbb0b
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date: Thu Dec 27 04:25:47 2018 -0500
s3:util: Move static file_pload() function to lib/util
file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.
Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 65ea3f2a461c0eeca7d14c4258eea52e19f0ed06
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date: Thu Dec 27 04:18:28 2018 -0500
s3:util: Move popen wrappers to lib/util
When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.
This patch moves them into common samba-util library.
Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 724c07fe131d4c0d1a2c11e5a93e8f12b8dc3bd8
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date: Wed Jan 23 04:55:58 2019 -0500
build: Don't generate kerberos_implementation.py if building without python
It is unnecessary to generate kerberos_implementation.py when python is
disabled.
Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b50f8390eba23b2ec310c495cf67a96b47ba9966
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date: Thu Dec 27 04:51:41 2018 -0500
build: Fixed usage of non-default path to WAFLOCK
If WAFLOCK environment variable is set, use it to override path
to WAF lock file in Samba build scripts.
Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 835e1564943b3a8a0c8cbdc55db5f0d070ba8f17
Author: Garming Sam <garming at catalyst.net.nz>
Date: Fri Feb 1 14:11:18 2019 +1300
dnsserver: Return access denied to the caller if the user was not a DNS admin
This is not a proper fix to match Windows, but at the very least, it
should be more obvious to users (using samba-tool for instance), that
the user needs to be given more access or that they should use the
administrator.
Windows seems to deny access altogether by returning a fault after they
have bound to the pipe and actually sent an operation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13771
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 244e2a02796b2ee85b9db01cbea7043a7448a110
Author: Noel Power <noel.power at suse.com>
Date: Wed Feb 6 15:27:41 2019 +0000
buildtools/wafsamba: Avoid decode when using python2
To avoid problematic type checking for 'str' types which fail
when result from str.decode is used.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_abi.py | 2 +-
buildtools/wafsamba/samba_conftests.py | 6 +--
buildtools/wafsamba/samba_cross.py | 3 +-
buildtools/wafsamba/samba_dist.py | 4 +-
buildtools/wafsamba/samba_perl.py | 4 +-
buildtools/wafsamba/samba_utils.py | 34 ++++++++++++++-
buildtools/wafsamba/samba_version.py | 2 +-
.../smbdotconf/security/checkpasswordscript.xml | 17 ++++++++
lib/util/samba_util.h | 5 +++
{source3/lib => lib/util}/sys_popen.c | 2 +-
{source3/lib => lib/util}/sys_popen.h | 0
lib/util/util_file.c | 48 +++++++++++++++++++++
lib/util/wscript_build | 4 +-
.../tests/samba_tool/user_check_password_script.py | 34 +++++++++++----
python/wscript | 3 ++
selftest/checkpassword_arg1.sh | 21 ++++++++++
selftest/target/Samba4.pm | 2 +-
source3/lib/util_file.c | 49 +---------------------
source3/modules/wscript_build | 24 +++++++----
source3/rpc_server/samr/srv_samr_chgpasswd.c | 23 +++++++++-
source3/rpc_server/samr/srv_samr_nt.c | 2 +
source3/rpc_server/samr/srv_samr_util.h | 1 +
source3/wscript_build | 1 -
source4/dsdb/common/util.c | 34 +++++++++++++++
source4/dsdb/samdb/ldb_modules/password_hash.c | 7 ++++
source4/rpc_server/dnsserver/dnsdb.c | 32 ++++++++++----
source4/rpc_server/samr/dcesrv_samr.c | 9 ++++
27 files changed, 285 insertions(+), 88 deletions(-)
rename {source3/lib => lib/util}/sys_popen.c (99%)
rename {source3/lib => lib/util}/sys_popen.h (100%)
create mode 100755 selftest/checkpassword_arg1.sh
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index 80db7f87be5..5e7686da3d6 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -85,7 +85,7 @@ def abi_check_task(self):
libpath = self.inputs[0].abspath(self.env)
libname = os.path.basename(libpath)
- sigs = Utils.cmd_output([abi_gen, libpath]).decode('utf8')
+ sigs = samba_utils.get_string(Utils.cmd_output([abi_gen, libpath]))
parsed_sigs = parse_sigs(sigs, self.ABI_MATCH)
sig_file = self.ABI_FILE
diff --git a/buildtools/wafsamba/samba_conftests.py b/buildtools/wafsamba/samba_conftests.py
index c0b9ae49296..7d9b5316902 100644
--- a/buildtools/wafsamba/samba_conftests.py
+++ b/buildtools/wafsamba/samba_conftests.py
@@ -4,7 +4,7 @@
import os, shutil, re
from waflib import Build, Configure, Utils, Options, Logs, Errors
from waflib.Configure import conf
-from samba_utils import TO_LIST, ADD_LD_LIBRARY_PATH
+from samba_utils import TO_LIST, ADD_LD_LIBRARY_PATH, get_string
def add_option(self, *k, **kw):
@@ -418,7 +418,7 @@ def CHECK_COMMAND(conf, cmd, msg=None, define=None, on_target=True, boolean=Fals
if on_target:
cmd.extend(conf.SAMBA_CROSS_ARGS(msg=msg))
try:
- ret = Utils.cmd_output(cmd).decode('utf8')
+ ret = get_string(Utils.cmd_output(cmd))
except:
conf.COMPOUND_END(False)
return False
@@ -508,7 +508,7 @@ def CHECK_STANDARD_LIBPATH(conf):
# at least gcc and clang support this:
try:
cmd = conf.env.CC + ['-print-search-dirs']
- out = Utils.cmd_output(cmd).decode('utf8').split('\n')
+ out = get_string(Utils.cmd_output(cmd)).split('\n')
except ValueError:
# option not supported by compiler - use a standard list of directories
dirlist = [ '/usr/lib', '/usr/lib64' ]
diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
index f9c4b10e82b..8863c2c53e7 100644
--- a/buildtools/wafsamba/samba_cross.py
+++ b/buildtools/wafsamba/samba_cross.py
@@ -3,6 +3,7 @@
import os, sys, re, shlex
from waflib import Utils, Logs, Options, Errors, Context
from waflib.Configure import conf
+from wafsamba import samba_utils
real_Popen = None
@@ -121,7 +122,7 @@ class cross_Popen(Utils.subprocess.Popen):
stdout=Utils.subprocess.PIPE,
stderr=Utils.subprocess.PIPE)
ce_out, ce_err = p.communicate()
- ans = (p.returncode, ce_out.decode('utf8'))
+ ans = (p.returncode, samba_utils.get_string(ce_out))
add_answer(ca_file, msg, ans)
else:
args = newargs
diff --git a/buildtools/wafsamba/samba_dist.py b/buildtools/wafsamba/samba_dist.py
index c3144e9adf7..6af7bb4eaff 100644
--- a/buildtools/wafsamba/samba_dist.py
+++ b/buildtools/wafsamba/samba_dist.py
@@ -4,7 +4,7 @@
import os, sys, tarfile
from waflib import Utils, Scripting, Logs, Options
from waflib.Configure import conf
-from samba_utils import os_path_relpath
+from samba_utils import os_path_relpath, get_string
from waflib import Context
dist_dirs = None
@@ -119,7 +119,7 @@ def vcs_dir_contents(path):
repo = os.path.dirname(repo)
if repo == "/":
raise Exception("unsupported or no vcs for %s" % path)
- return Utils.cmd_output(ls_files_cmd, cwd=cwd, env=env).decode('utf8').split('\n')
+ return get_string(Utils.cmd_output(ls_files_cmd, cwd=cwd, env=env)).split('\n')
def dist(appname='', version=''):
diff --git a/buildtools/wafsamba/samba_perl.py b/buildtools/wafsamba/samba_perl.py
index 3d4fe29027f..e019acb0fa1 100644
--- a/buildtools/wafsamba/samba_perl.py
+++ b/buildtools/wafsamba/samba_perl.py
@@ -1,6 +1,6 @@
from waflib import Utils
from waflib.Configure import conf
-
+from samba_utils import get_string
done = {}
@conf
@@ -17,7 +17,7 @@ def SAMBA_CHECK_PERL(conf, mandatory=True, version=(5,0,0)):
def read_perl_config_var(cmd):
output = Utils.cmd_output([conf.env.get_flat('PERL'), '-MConfig', '-e', cmd])
if not isinstance(output, str):
- output = output.decode('utf8')
+ output = get_string(output)
return Utils.to_list(output)
def check_perl_config_var(var):
diff --git a/buildtools/wafsamba/samba_utils.py b/buildtools/wafsamba/samba_utils.py
index 2a7f62f03bd..93ce317f114 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -15,6 +15,38 @@ from waflib.Build import CACHE_SUFFIX
LIB_PATH="shared"
+PY3 = sys.version_info[0] == 3
+
+if PY3:
+
+ # helper function to get a string from a variable that maybe 'str' or
+ # 'bytes' if 'bytes' then it is decoded using 'utf8'. If 'str' is passed
+ # it is returned unchanged
+ # Using this function is PY2/PY3 code should ensure in most cases
+ # the PY2 code runs unchanged in PY2 whereas the code in PY3 possibly
+ # decodes the variable (see PY2 implementation of this function below)
+ def get_string(bytesorstring):
+ tmp = bytesorstring
+ if isinstance(bytesorstring, bytes):
+ tmp = bytesorstring.decode('utf8')
+ elif not isinstance(bytesorstring, str):
+ raise ValueError('Expected byte of string for %s:%s' % (type(bytesorstring), bytesorstring))
+ return tmp
+
+else:
+
+ # Helper function to return string.
+ # if 'str' or 'unicode' passed in they are returned unchanged
+ # otherwise an exception is generated
+ # Using this function is PY2/PY3 code should ensure in most cases
+ # the PY2 code runs unchanged in PY2 whereas the code in PY3 possibly
+ # decodes the variable (see PY3 implementation of this function above)
+ def get_string(bytesorstring):
+ tmp = bytesorstring
+ if not(isinstance(bytesorstring, str) or isinstance(bytesorstring, unicode)):
+ raise ValueError('Expected str or unicode for %s:%s' % (type(bytesorstring), bytesorstring))
+ return tmp
+
# sigh, python octal constants are a mess
MODE_644 = int('644', 8)
MODE_744 = int('744', 8)
@@ -558,7 +590,7 @@ def load_file(filename):
def reconfigure(ctx):
'''rerun configure if necessary'''
- if not os.path.exists(".lock-wscript"):
+ if not os.path.exists(os.environ.get('WAFLOCK', '.lock-wscript')):
raise Errors.WafError('configure has not been run')
import samba_wildcard
bld = samba_wildcard.fake_build_environment()
diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py
index 670001e753a..f0e7b4d0caf 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -14,7 +14,7 @@ def git_version_summary(path, env=None):
environ = dict(os.environ)
environ["GIT_DIR"] = '%s/.git' % path
environ["GIT_WORK_TREE"] = path
- git = Utils.cmd_output(env.GIT + ' show --pretty=format:"%h%n%ct%n%H%n%cd" --stat HEAD', silent=True, env=environ).decode('utf8')
+ git = samba_utils.get_string(Utils.cmd_output(env.GIT + ' show --pretty=format:"%h%n%ct%n%H%n%cd" --stat HEAD', silent=True, env=environ))
lines = git.splitlines()
if not lines or len(lines) < 4:
diff --git a/docs-xml/smbdotconf/security/checkpasswordscript.xml b/docs-xml/smbdotconf/security/checkpasswordscript.xml
index 54f1096802b..1e9031fda42 100644
--- a/docs-xml/smbdotconf/security/checkpasswordscript.xml
+++ b/docs-xml/smbdotconf/security/checkpasswordscript.xml
@@ -15,6 +15,23 @@
<citerefentry><refentrytitle>samba</refentrytitle> <manvolnum>8</manvolnum>
</citerefentry> without any substitutions.</para>
+ <para>Note that starting with Samba 4.11 the following environment variables are exported to the script:</para>
+
+ <itemizedlist>
+ <listitem><para>
+ SAMBA_CPS_ACCOUNT_NAME is always present and contains the sAMAccountName of user,
+ the is the same as the %u substitutions in the none AD DC case.
+ </para></listitem>
+
+ <listitem><para>
+ SAMBA_CPS_USER_PRINCIPAL_NAME is optional in the AD DC case if the userPrincipalName is present.
+ </para></listitem>
+
+ <listitem><para>
+ SAMBA_CPS_FULL_NAME is optional if the displayName is present.
+ </para></listitem>
+ </itemizedlist>
+
<para>Note: In the example directory is a sample program called <command moreinfo="none">crackcheck</command>
that uses cracklib to check the password quality.</para>
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 1cd1235f8f1..8c21c30ebc9 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -394,6 +394,11 @@ _PUBLIC_ int fdprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
*/
bool file_compare(const char *path1, const char *path2);
+/*
+ load from a pipe into memory.
+ */
+char *file_pload(const char *syscmd, size_t *size);
+
/* The following definitions come from lib/util/util.c */
diff --git a/source3/lib/sys_popen.c b/lib/util/sys_popen.c
similarity index 99%
rename from source3/lib/sys_popen.c
rename to lib/util/sys_popen.c
index 607e599cf3f..709f1822f33 100644
--- a/source3/lib/sys_popen.c
+++ b/lib/util/sys_popen.c
@@ -21,7 +21,7 @@
#include "system/wait.h"
#include "system/filesys.h"
#include <talloc.h>
-#include "lib/sys_popen.h"
+#include "lib/util/sys_popen.h"
#include "lib/util/debug.h"
/**************************************************************************
diff --git a/source3/lib/sys_popen.h b/lib/util/sys_popen.h
similarity index 100%
rename from source3/lib/sys_popen.h
rename to lib/util/sys_popen.h
diff --git a/lib/util/util_file.c b/lib/util/util_file.c
index 926eda240f6..90d39f7cdd3 100644
--- a/lib/util/util_file.c
+++ b/lib/util/util_file.c
@@ -24,6 +24,8 @@
#include "system/filesys.h"
#include <talloc.h>
#include "lib/util/samba_util.h"
+#include "lib/util/sys_popen.h"
+#include "lib/util/sys_rw.h"
#include "lib/util/debug.h"
/**
@@ -362,3 +364,49 @@ bool file_compare(const char *path1, const char *path2)
talloc_free(mem_ctx);
return true;
}
+
+
+/**
+ Load from a pipe into memory.
+**/
+char *file_pload(const char *syscmd, size_t *size)
+{
+ int fd, n;
+ char *p;
+ char buf[1024];
+ size_t total;
+
+ fd = sys_popen(syscmd);
+ if (fd == -1) {
+ return NULL;
+ }
+
+ p = NULL;
+ total = 0;
+
+ while ((n = sys_read(fd, buf, sizeof(buf))) > 0) {
+ p = talloc_realloc(NULL, p, char, total + n + 1);
+ if (!p) {
+ DEBUG(0,("file_pload: failed to expand buffer!\n"));
+ close(fd);
+ return NULL;
+ }
+ memcpy(p+total, buf, n);
+ total += n;
+ }
+
+ if (p) {
+ p[total] = 0;
+ }
+
+ /* FIXME: Perhaps ought to check that the command completed
+ * successfully (returned 0); if not the data may be
+ * truncated. */
+ sys_pclose(fd);
+
+ if (size) {
+ *size = total;
+ }
+
+ return p;
+}
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 883c1dd5b29..64778b3e4c3 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -68,14 +68,14 @@ bld.SAMBA_LIBRARY('talloc_report',
)
bld.SAMBA_SUBSYSTEM('samba-util-core',
- source='''data_blob.c util_file.c time.c
+ source='''data_blob.c util_file.c sys_popen.c time.c
signal.c util.c idtree.c fault.c
substitute.c util_process.c util_strlist.c
strv_util.c bitmap.c select.c pidfile.c
become_daemon.c mkdir_p.c''',
deps='''time-basic samba-debug socket-blocking talloc
tevent execinfo pthread strv tini''',
- public_deps='systemd systemd-daemon',
+ public_deps='systemd systemd-daemon sys_rw',
local_include=False)
bld.SAMBA_LIBRARY('iov_buf',
diff --git a/python/samba/tests/samba_tool/user_check_password_script.py b/python/samba/tests/samba_tool/user_check_password_script.py
index aaf791aff9e..06afbade6bd 100644
--- a/python/samba/tests/samba_tool/user_check_password_script.py
+++ b/python/samba/tests/samba_tool/user_check_password_script.py
@@ -42,20 +42,16 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
super(UserCheckPwdTestCase, self).tearDown()
self.samdb.set_minPwdAge(self.old_min_pwd_age)
- def test_checkpassword(self):
- # Add
- user = self._randomUser()
- bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
- good_password = bad_password[:-1]
+ def _test_checkpassword(self, user, bad_password, good_password, desc):
(result, out, err) = self.runsubcmd("user", "add", user["name"], bad_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.assertCmdFail(result, "Should fail adding a user with bad password.")
+ self.assertCmdFail(result, "Should fail adding a user with %s password." % desc)
(result, out, err) = self.runsubcmd("user", "delete", user["name"],
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.assertCmdSuccess(result, out, err, "Should delete user with bad password.")
+ self.assertCmdSuccess(result, out, err, "Should delete user with %s password." % desc)
(result, out, err) = self.runsubcmd("user", "add", user["name"], good_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"],
@@ -67,7 +63,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"--newpassword=%s" % bad_password,
"-H", "ldap://%s" % os.environ["DC_SERVER"],
"-U%s%%%s" % (os.environ["DC_USERNAME"], os.environ["DC_PASSWORD"]))
- self.assertCmdFail(result, "Should fail setting a user's password to a bad one.")
+ self.assertCmdFail(result, "Should fail setting a user's password to a %s password." % desc)
(result, out, err) = self.runsubcmd("user", "setpassword", user["name"],
"--newpassword=%s" % good_password,
@@ -81,7 +77,7 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"--newpassword=%s" % bad_password,
"--ipaddress", os.environ["DC_SERVER_IP"],
"-U%s%%%s" % (user["name"], good_password))
- self.assertCmdFail(result, "A user setting their own password to a bad one should fail.")
+ self.assertCmdFail(result, "A user setting their own password to a %s password should fail." % desc)
(result, out, err) = self.runsubcmd("user", "password",
"--newpassword=%s" % good_password + 'XYZ',
@@ -89,6 +85,26 @@ class UserCheckPwdTestCase(SambaToolCmdTest):
"-U%s%%%s" % (user["name"], good_password))
self.assertCmdSuccess(result, out, err, "A user setting their own password to a good one should succeed.")
+ def test_checkpassword_unacceptable(self):
+ # Add
+ user = self._randomUser()
+ bad_password = os.environ["UNACCEPTABLE_PASSWORD"]
+ good_password = bad_password[:-1]
+ return self._test_checkpassword(user,
+ bad_password,
+ good_password,
+ "unacceptable")
+
+ def test_checkpassword_username(self):
+ # Add
+ user = self._randomUser()
+ bad_password = user["name"]
+ good_password = bad_password[:-1]
+ return self._test_checkpassword(user,
+ bad_password,
+ good_password,
+ "username")
+
def _randomUser(self, base={}):
"""create a user with random attribute values, you can specify base attributes"""
user = {
diff --git a/python/wscript b/python/wscript
index f0993dfa97a..9012b5077a0 100644
--- a/python/wscript
+++ b/python/wscript
@@ -3,6 +3,9 @@
import os
def configure(conf):
+ if conf.env.disable_python:
+ return
+
kerberos_py = conf.srcnode.abspath() + "/python/samba/provision/kerberos_implementation.py"
f = open(kerberos_py, 'w')
diff --git a/selftest/checkpassword_arg1.sh b/selftest/checkpassword_arg1.sh
new file mode 100755
index 00000000000..42e1b5e7df5
--- /dev/null
+++ b/selftest/checkpassword_arg1.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+
+set -e
+set -u
+
+ACCOUNT_NAME="${SAMBA_CPS_ACCOUNT_NAME}"
+INVALIDPW="$1"
+NEWPW=`cat -`
+
+echo -n "${NEWPW}" | grep -q "^${INVALIDPW}\$" && {
+ echo "Found invalid password" >&1
+ exit 1
+}
+
+echo -n "${NEWPW}" | grep -q "^${ACCOUNT_NAME}\$" && {
+ echo "Password includes ACCOUNT_NAME" >&1
+ exit 1
+}
+
+exit 0
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 33c66848c56..d8e066f6f44 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -2173,7 +2173,7 @@ sub provision_chgdcpass($$)
# (and also removes the default AD complexity checks)
my $unacceptable_password = "widk3Dsle32jxdBdskldsk55klASKQ";
my $extra_smb_conf = "
- check password script = sed -e '/$unacceptable_password/{;q1}; /$unacceptable_password/!{q0}'
+ check password script = $self->{srcdir}/selftest/checkpassword_arg1.sh ${unacceptable_password}
allow dcerpc auth level connect:lsarpc = yes
dcesrv:max auth states = 8
";
diff --git a/source3/lib/util_file.c b/source3/lib/util_file.c
index d3139e55b57..cfbcf278caa 100644
--- a/source3/lib/util_file.c
+++ b/source3/lib/util_file.c
@@ -22,7 +22,7 @@
#include "lib/util/debug.h"
#include "lib/util/samba_util.h"
#include "lib/util/sys_rw.h"
-#include "lib/sys_popen.h"
+#include "lib/util/sys_popen.h"
#include "lib/async_req/async_sock.h"
#include "lib/util/tevent_unix.h"
@@ -151,53 +151,6 @@ int file_pload_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
return 0;
}
-/**
- Load from a pipe into memory.
-**/
-
-static char *file_pload(const char *syscmd, size_t *size)
-{
- int fd, n;
- char *p;
- char buf[1024];
- size_t total;
-
- fd = sys_popen(syscmd);
- if (fd == -1) {
- return NULL;
- }
-
- p = NULL;
- total = 0;
-
- while ((n = sys_read(fd, buf, sizeof(buf))) > 0) {
- p = talloc_realloc(NULL, p, char, total + n + 1);
- if (!p) {
- DEBUG(0,("file_pload: failed to expand buffer!\n"));
- close(fd);
- return NULL;
- }
- memcpy(p+total, buf, n);
- total += n;
- }
-
- if (p) {
- p[total] = 0;
- }
-
- /* FIXME: Perhaps ought to check that the command completed
--
Samba Shared Repository
More information about the samba-cvs
mailing list