[SCM] Samba Shared Repository - branch v4-12-stable updated
Karolin Seeger
kseeger at samba.org
Thu Aug 13 06:36:39 UTC 2020
The branch, v4-12-stable has been updated
via 8d9dd75abca VERSION: Disable GIT_SNAPSHOT for the 4.12.6 release.
via adfa3d161cb WHATSNEW: Add release notes for Samba 4.12.6.
via 09298e198bd srvsvc: Move brl_get_locks() out of enum_file_fn()
via 492dbc45c2f test: Show that netfileenum is broken
via 92a0c1174bd rpcclient: Make netfileenum cmd print the path names
via b2b72b3e795 rpcclient: Use struct initializers in cmd_srvsvc_net_file_enum()
via 94328842997 srvsvc: Collect file ids in enum_file_fn()
via 961d3e8baa5 srvsvc: Use a struct initializer in net_enum_files()
via 05e0dfbb804 srvsvc: Directly use "ctr3->count" instead of "i"
via 247d43c93cc srvsvc: Use a struct assignment in enum_file_fn()
via f60ada1c9af srvsvc: Introduce ctx3 helper var in enum_file_fn()
via 8c5d057d2d7 dbcheck: Allow a dangling forward link outside our known NCs
via 25afe3463d9 ctdb-tests: Stop cat command failure from causing test failure
via ecaa24765cd ctdb-scripts: Use nfsconf as a last resort get nfsd thread count
via 6dcbb00fdfa ctdb-scripts: Use nfsconf as a last resort to set NFS_HOSTNAME
via 8a3dcc8834a s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() fails
via 87bec8a4707 s3:leases: log errors with level 0 in leases_db_do_locked_fn()
via 227d4784db2 smbd: check for stale pid in get_lease_type()
via 423f8d7006f smbd: let get_lease_type() take a non-const share_mode_entry
via 52bd010ac2d smbd: inverse if/else logic in get_lease_type()
via b5a613b32be s3/leases: log NDR decoding failure with level 0 in leases_db_get_fn()
via f27bc9aa6dd smbd: increase loglevel when leases_db_del() with anything then NT_STATUS_NOT_FOUND
via 625769555ca docs: Fix documentation for require_membership_of of pam_winbind.conf
via 81c240e8198 docs: Fix documentation for require_membership_of of pam_winbind
via 4f6356a5bf8 kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
via 9055634ddff Add a test with old msDS-SupportedEncryptionTypes
via b0d00ee45c1 s3:smbd: make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD
via 33a160124a1 s3:smbd: reformat if statement for caching in vfs_ChDir()
via a909b50c0ca s4:torture/smb2: add smb2.delete-on-close-perms.BUG14427
via 2eb07a97d2f s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal
via e21b6f0ce2b lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL
via b88952b3d67 lib/debug: assert file backend
via b53b7fc274e selftest: Run test of how userPassword / crypt() style passwords are stored in quicktest
via 3b9e5cae07b selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
via 6eb3fba83cd dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7
via 25f198a12b9 util: fix build on AIX by fixing the order of replace.h include
via 8cffe254eda util: Reallocate larger buffer if getpwuid_r() returns ERANGE
via 6e263432eef util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
via 42ad8c2c480 util: Simplify input validation
via 79f5d88663b s3: libsmb: Fix SMB2 client rename bug to a Windows server.
via c160cfa9922 VERSION: Bump version up to 4.12.6...
from 217bc17f1d2 VERSION: Disable GIT_SNAPSHOT for the 4.12.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 78 +++++-
ctdb/config/nfs-linux-kernel-callout | 3 +
ctdb/config/statd-callout | 21 +-
ctdb/tests/UNIT/eventscripts/stubs/nfsconf | 5 +
ctdb/tests/scripts/integration.bash | 2 +-
docs-xml/manpages/pam_winbind.8.xml | 8 +-
docs-xml/manpages/pam_winbind.conf.5.xml | 9 +-
lib/replace/wscript | 1 +
lib/util/debug.c | 12 +-
lib/util/tests/test_util_paths.c | 2 +-
lib/util/util_paths.c | 47 +++-
python/samba/dbchecker.py | 24 +-
.../tests/samba_tool/user_virtualCryptSHA_base.py | 118 ++++++++++
.../tests/samba_tool/user_virtualCryptSHA_gpg.py | 261 +++++++++++++++++++++
.../user_virtualCryptSHA_userPassword.py | 185 +++++++++++++++
selftest/quick | 3 +
selftest/target/Samba4.pm | 39 +++
source3/libsmb/cli_smb2_fnum.c | 26 +-
source3/locking/leases_db.c | 12 +-
source3/locking/locking.c | 9 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 74 +++---
source3/rpcclient/cmd_srvsvc.c | 29 ++-
source3/script/tests/test_netfileenum.sh | 73 ++++++
source3/selftest/tests.py | 9 +
source3/smbd/open.c | 37 ++-
source3/smbd/oplock.c | 48 ++--
source3/smbd/proto.h | 2 +-
source3/smbd/vfs.c | 40 +++-
source3/winbindd/idmap_ad.c | 8 +
source4/dsdb/samdb/ldb_modules/password_hash.c | 37 ++-
source4/kdc/db-glue.c | 18 +-
source4/selftest/tests.py | 5 +-
source4/torture/smb2/delete-on-close.c | 43 +++-
testprogs/blackbox/test_old_enctypes.sh | 68 ++++++
35 files changed, 1242 insertions(+), 116 deletions(-)
create mode 100755 ctdb/tests/UNIT/eventscripts/stubs/nfsconf
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_base.py
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_gpg.py
create mode 100644 python/samba/tests/samba_tool/user_virtualCryptSHA_userPassword.py
create mode 100755 source3/script/tests/test_netfileenum.sh
create mode 100755 testprogs/blackbox/test_old_enctypes.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 44492c06950..ea5f2684baf 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=12
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a5b554fe11f..dfeb80b6a6b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,77 @@
+ ==============================
+ Release Notes for Samba 4.12.6
+ August 13, 2020
+ ==============================
+
+
+This is the latest stable release of the Samba 4.12 release series.
+
+
+Changes since 4.12.5
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
+ to work on RHEL7.
+ * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14426: lib/debug: Set the correct default backend loglevel to
+ MAX_DEBUG_LEVEL.
+ * BUG 14428: PANIC: Assert failed in get_lease_type().
+
+o Bjoern Jacke <bjacke at samba.org>
+ * BUG 14422: util: Fix build on AIX by fixing the order of replace.h include.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14355: srvsvc_NetFileEnum asserts with open files.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14354: KDC breaks with DES keys still in the database and
+ msDS-SupportedEncryptionTypes 31 indicating support for it.
+ * BUG 14427: s3:smbd: Make sure vfs_ChDir() always sets
+ conn->cwd_fsp->fh->fd = AT_FDCWD.
+ * BUG 14428: PANIC: Assert failed in get_lease_type().
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14358: docs: Fix documentation for require_membership_of of
+ pam_winbind.conf.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 14444: ctdb-scripts: Use nfsconf utility for variable values in CTDB
+ NFS scripts.
+
+o Andrew Walker <awalker at ixsystems.com>
+ * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
+ mode fatal.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
==============================
Release Notes for Samba 4.12.5
July 02, 2020
@@ -58,8 +132,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
==============================
Release Notes for Samba 4.12.4
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index 71d8ecf8074..6a372d4b4fd 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -299,6 +299,9 @@ nfs_check_thread_count ()
# assume that those using the default don't care about the number
# of threads and that they have switched on this feature in error.
_configured_threads="${RPCNFSDCOUNT:-${USE_KERNEL_NFSD_NUMBER}}"
+ if [ -z "$_configured_threads" ] && type nfsconf >/dev/null 2>&1 ; then
+ _configured_threads=$(nfsconf --get nfsd threads) || true
+ fi
[ -n "$_configured_threads" ] || return 0
_threads_file="${PROCFS_PATH}/fs/nfsd/threads"
diff --git a/ctdb/config/statd-callout b/ctdb/config/statd-callout
index b75135bbde5..67ed2a5bc62 100755
--- a/ctdb/config/statd-callout
+++ b/ctdb/config/statd-callout
@@ -3,10 +3,18 @@
# This must run as root as CTDB tool commands need to access CTDB socket
[ "$(id -u)" -eq 0 ] || exec sudo "$0" "$@"
-# this script needs to be installed so that statd points to it with the -H
-# command line argument. The easiest way to do that is to put something like this in
-# /etc/sysconfig/nfs:
-# STATD_HOSTNAME="myhostname -H /etc/ctdb/statd-callout"
+# statd must be configured to use this script as its high availability call-out.
+#
+# In most Linux versions this can be done using something like the following...
+#
+# /etc/sysconfig/nfs (Red Hat) or /etc/default/nfs-common (Debian):
+# NFS_HOSTNAME=myhostname
+# STATD_HOSTNAME="${NFS_HOSTNAME} -H /etc/ctdb/statd-callout"
+#
+# Newer Red Hat Linux variants instead use /etc/nfs.conf:
+# [statd]
+# name = myhostname
+# ha-callout = /etc/ctdb/statd-callout
[ -n "$CTDB_BASE" ] || \
CTDB_BASE=$(d=$(dirname "$0") ; cd -P "$d" ; echo "$PWD")
@@ -23,6 +31,11 @@ die ()
# Try different variables to find config file for NFS_HOSTNAME
load_system_config "nfs" "nfs-common"
+# If NFS_HOSTNAME not set then try to pull it out of /etc/nfs.conf
+if [ -z "$NFS_HOSTNAME" ] && type nfsconf >/dev/null 2>&1 ; then
+ NFS_HOSTNAME=$(nfsconf --get statd name)
+fi
+
[ -n "$NFS_HOSTNAME" ] || \
die "NFS_HOSTNAME is not configured. statd-callout failed"
diff --git a/ctdb/tests/UNIT/eventscripts/stubs/nfsconf b/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
new file mode 100755
index 00000000000..84dd9ea5f60
--- /dev/null
+++ b/ctdb/tests/UNIT/eventscripts/stubs/nfsconf
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# This always fails for now, since there are no tests that expect to
+# use it.
+exit 1
diff --git a/ctdb/tests/scripts/integration.bash b/ctdb/tests/scripts/integration.bash
index 51e9c7cb822..495e271d53b 100644
--- a/ctdb/tests/scripts/integration.bash
+++ b/ctdb/tests/scripts/integration.bash
@@ -157,7 +157,7 @@ try_command_on_node ()
if $verbose ; then
echo "Output of \"$cmd\":"
- cat "$outfile"
+ cat "$outfile" || true
fi
}
diff --git a/docs-xml/manpages/pam_winbind.8.xml b/docs-xml/manpages/pam_winbind.8.xml
index 622e9e188d9..32030ef0ecc 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -84,9 +84,11 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
</para>
<para>
diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml b/docs-xml/manpages/pam_winbind.conf.5.xml
index c4a7771fb31..0bc288f91a1 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -69,9 +69,12 @@
If this option is set, pam_winbind will only succeed if the user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It is also possible to give a NAME instead of the
SID. That name must have the form: <parameter>MYDOMAIN\mygroup</parameter> or
- <parameter>MYDOMAIN\myuser</parameter>. pam_winbind will, in that case, lookup the SID internally. Note that
- NAME may not contain any spaces. It is thus recommended to only use SIDs. You can verify the list of SIDs a
- user is a member of with <command>wbinfo --user-sids=SID</command>. This setting is empty by default.
+ <parameter>MYDOMAIN\myuser</parameter> (where '\' character corresponds to the value of
+ <parameter>winbind separator</parameter> parameter). It is also possible to use a UPN in the form
+ <parameter>user at REALM</parameter> or <parameter>group at REALM</parameter>. pam_winbind will, in that case, lookup
+ the SID internally. Note that NAME may not contain any spaces. It is thus recommended to only use SIDs. You can
+ verify the list of SIDs a user is a member of with <command>wbinfo --user-sids=SID</command>.
+ This setting is empty by default.
</para>
<para>This option only operates during password authentication, and will not restrict access if a password is not required for any reason (such as SSH key-based login).</para>
</listitem>
diff --git a/lib/replace/wscript b/lib/replace/wscript
index ab2b3c043af..55c8903f1c8 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -661,6 +661,7 @@ def configure(conf):
conf.CHECK_FUNCS_IN('crypt', 'crypt', checklibc=True)
conf.CHECK_FUNCS_IN('crypt_r', 'crypt', checklibc=True)
+ conf.CHECK_FUNCS_IN('crypt_rn', 'crypt', checklibc=True)
conf.CHECK_VARIABLE('rl_event_hook', define='HAVE_DECL_RL_EVENT_HOOK', always=True,
headers='readline.h readline/readline.h readline/history.h')
diff --git a/lib/util/debug.c b/lib/util/debug.c
index d990a6bf2b0..1650551a766 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -30,6 +30,7 @@
#include "util_strlist.h" /* LIST_SEP */
#include "blocking.h"
#include "debug.h"
+#include <assert.h>
/* define what facility to use for syslog */
#ifndef SYSLOG_FACILITY
@@ -1113,6 +1114,7 @@ static bool reopen_one_log(int *fd, const char *logfile)
*/
bool reopen_logs_internal(void)
{
+ struct debug_backend *b = NULL;
mode_t oldumask;
int new_fd = 0;
size_t i;
@@ -1140,15 +1142,13 @@ bool reopen_logs_internal(void)
dbgc_config[DBGC_ALL].fd = 2;
return true;
- case DEBUG_FILE: {
- struct debug_backend *b = debug_find_backend("file");
+ case DEBUG_FILE:
+ b = debug_find_backend("file");
+ assert(b != NULL);
- if (b != NULL) {
- b->log_level = dbgc_config[DBGC_ALL].loglevel;
- }
+ b->log_level = MAX_DEBUG_LEVEL;
break;
}
- }
oldumask = umask( 022 );
diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
index b89abf0aea1..4dfe11c1445 100644
--- a/lib/util/tests/test_util_paths.c
+++ b/lib/util/tests/test_util_paths.c
@@ -23,9 +23,9 @@
#include <setjmp.h>
#include <cmocka.h>
+#include "lib/replace/replace.h"
#include <talloc.h>
-#include "lib/replace/replace.h"
#include "lib/util/util_paths.c"
static int setup(void **state)
diff --git a/lib/util/util_paths.c b/lib/util/util_paths.c
index c0ee5c32c30..72cc0aab8de 100644
--- a/lib/util/util_paths.c
+++ b/lib/util/util_paths.c
@@ -68,25 +68,54 @@ static char *get_user_home_dir(TALLOC_CTX *mem_ctx)
{
struct passwd pwd = {0};
struct passwd *pwdbuf = NULL;
- char buf[NSS_BUFLEN_PASSWD] = {0};
+ char *buf = NULL;
+ char *out = NULL;
+ long int initlen;
+ size_t len;
int rc;
- rc = getpwuid_r(getuid(), &pwd, buf, NSS_BUFLEN_PASSWD, &pwdbuf);
+ initlen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (initlen == -1) {
+ len = 1024;
+ } else {
+ len = (size_t)initlen;
+ }
+ buf = talloc_size(mem_ctx, len);
+ if (buf == NULL) {
+ return NULL;
+ }
+
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ while (rc == ERANGE) {
+ size_t newlen = 2 * len;
+ if (newlen < len) {
+ /* Overflow */
+ goto done;
+ }
+ len = newlen;
+ buf = talloc_realloc_size(mem_ctx, buf, len);
+ if (buf == NULL) {
+ goto done;
+ }
+ rc = getpwuid_r(getuid(), &pwd, buf, len, &pwdbuf);
+ }
if (rc != 0 || pwdbuf == NULL ) {
- int len_written;
const char *szPath = getenv("HOME");
if (szPath == NULL) {
- return NULL;
+ goto done;
}
- len_written = snprintf(buf, sizeof(buf), "%s", szPath);
- if (len_written >= sizeof(buf) || len_written < 0) {
- /* Output was truncated or an error. */
+ len = strnlen(szPath, PATH_MAX);
+ if (len >= PATH_MAX) {
return NULL;
}
- return talloc_strdup(mem_ctx, buf);
+ out = talloc_strdup(mem_ctx, szPath);
+ goto done;
}
- return talloc_strdup(mem_ctx, pwd.pw_dir);
+ out = talloc_strdup(mem_ctx, pwd.pw_dir);
+done:
+ TALLOC_FREE(buf);
+ return out;
}
char *path_expand_tilde(TALLOC_CTX *mem_ctx, const char *d)
diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py
index 7496a463930..593aa8cf6d2 100644
--- a/python/samba/dbchecker.py
+++ b/python/samba/dbchecker.py
@@ -621,7 +621,29 @@ newSuperior: %s""" % (str(from_dn), str(to_rdn), str(to_base)))
return 0
nc_root = self.samdb.get_nc_root(dn)
- target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ try:
+ target_nc_root = self.samdb.get_nc_root(dsdb_dn.dn)
+ except ldb.LdbError as e:
+ (enum, estr) = e.args
+ if enum != ldb.ERR_NO_SUCH_OBJECT:
+ raise
+ target_nc_root = None
+
+ if target_nc_root is None:
+ # We don't bump the error count as Samba produces
+ # these in normal operation creating a lab domain (due
+ # to the way the rename is handled, links to
+ # now-expunged objects will never be fixed to stay
+ # inside the NC
+ self.report("WARNING: no target object found for GUID "
+ "component for link "
+ "%s in object to %s outside our NCs"
+ "%s - %s" % (attrname, dsdb_dn.dn, dn, val))
+ self.report("Not removing dangling one-way "
+ "left-over link outside our NCs "
+ "(we might be building a renamed/lab domain)")
+ return 0
+
if nc_root != target_nc_root:
# We don't bump the error count as Samba produces these
# in normal operation
diff --git a/python/samba/tests/samba_tool/user_virtualCryptSHA_base.py b/python/samba/tests/samba_tool/user_virtualCryptSHA_base.py
new file mode 100644
index 00000000000..e32f8d7343c
--- /dev/null
+++ b/python/samba/tests/samba_tool/user_virtualCryptSHA_base.py
@@ -0,0 +1,118 @@
+# Tests for the samba-tool user sub command reading Primary:userPassword
+#
+# Copyright (C) Andrew Bartlett <abartlet at samba.org> 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+import os
+import time
+import base64
+import ldb
+import samba
+from samba.tests.samba_tool.base import SambaToolCmdTest
+from samba.credentials import Credentials
+from samba.samdb import SamDB
+from samba.auth import system_session
+from samba.ndr import ndr_unpack
+from samba.dcerpc import drsblobs
+from samba import dsdb
+import re
+
+USER_NAME = "CryptSHATestUser"
+HASH_OPTION = "password hash userPassword schemes"
+
+# Get the value of an attribute from the output string
+# Note: Does not correctly handle values spanning multiple lines,
+# which is acceptable for it's usage in these tests.
+
+
+def _get_attribute(out, name):
+ p = re.compile("^" + name + ":\s+(\S+)")
+ for line in out.split("\n"):
+ m = p.match(line)
+ if m:
+ return m.group(1)
+ return ""
+
+
+class UserCmdCryptShaTestCase(SambaToolCmdTest):
+ """
+ Tests for samba-tool user subcommands generation of the virtualCryptSHA256
+ and virtualCryptSHA512 attributes
+ """
+ users = []
+ samdb = None
+
+ def setUp(self):
+ super(UserCmdCryptShaTestCase, self).setUp()
+
+ def add_user(self, hashes=""):
+ self.lp = samba.tests.env_loadparm()
+
+ # set the extra hashes to be calculated
+ self.lp.set(HASH_OPTION, hashes)
+
+ self.creds = Credentials()
+ self.session = system_session()
+ self.ldb = SamDB(
+ session_info=self.session,
+ credentials=self.creds,
+ lp=self.lp)
+
+ password = self.random_password()
+ self.runsubcmd("user",
+ "create",
+ USER_NAME,
+ password)
+
+ def tearDown(self):
+ super(UserCmdCryptShaTestCase, self).tearDown()
+ self.runsubcmd("user", "delete", USER_NAME)
+
+ def _get_password(self, attributes, decrypt=False):
+ command = ["user",
+ "getpassword",
+ USER_NAME,
+ "--attributes",
+ attributes]
+ if decrypt:
+ command.append("--decrypt-samba-gpg")
+
+ (result, out, err) = self.runsubcmd(*command)
+ self.assertCmdSuccess(result,
+ out,
+ err,
+ "Ensure getpassword runs")
+ self.assertEqual(err, "", "getpassword")
+ self.assertMatch(out,
+ "Got password OK",
+ "getpassword out[%s]" % out)
+ return out
--
Samba Shared Repository
More information about the samba-cvs
mailing list