[SCM] Samba Shared Repository - branch master updated
David Disseldorp
ddiss at samba.org
Thu Sep 17 00:06:03 UTC 2020
The branch, master has been updated
via ed625d66943 tests: Disable kerberos for weak crypto test
via 63b0d2dc760 selftest: set pid directory in client's smb.conf
via ebada816ded selftest: Create client directories in a loop
from 67498ffd787 s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ed625d669437bb940a98a0e51c67a85d947dc2d5
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Sep 15 12:32:44 2020 +0200
tests: Disable kerberos for weak crypto test
Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184
commit 63b0d2dc7608ba30b1269a1937da1ac3ba3e40d3
Author: Samuel Cabrero <scabrero at suse.de>
Date: Tue Sep 15 13:32:00 2020 +0200
selftest: set pid directory in client's smb.conf
Set a pid file directory to avoid the following testparm error:
ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit ebada816dedf5ea86fdb17b78998890114344b6d
Author: Samuel Cabrero <scabrero at samba.org>
Date: Wed Sep 16 13:00:33 2020 +0200
selftest: Create client directories in a loop
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/selftest.pl | 74 +++++++++++-----------------------
testprogs/blackbox/test_weak_crypto.sh | 12 +++++-
2 files changed, 35 insertions(+), 51 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index d14df92a11c..6ea21fa6bfe 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -22,6 +22,7 @@ use warnings;
use FindBin qw($RealBin $Script);
use File::Spec;
use File::Temp qw(tempfile);
+use File::Path qw(remove_tree);
use Getopt::Long;
use POSIX;
use Cwd qw(abs_path);
@@ -501,67 +502,39 @@ sub write_clientconf($$$)
mkdir("$clientdir", 0777) unless -d "$clientdir";
- if ( -d "$clientdir/private" ) {
- unlink <$clientdir/private/*>;
- } else {
- mkdir("$clientdir/private", 0777);
- }
-
- if ( -d "$clientdir/bind-dns" ) {
- unlink <$clientdir/bind-dns/*>;
- } else {
- mkdir("$clientdir/bind-dns", 0777);
- }
-
- if ( -d "$clientdir/lockdir" ) {
- unlink <$clientdir/lockdir/*>;
- } else {
- mkdir("$clientdir/lockdir", 0777);
- }
-
- if ( -d "$clientdir/statedir" ) {
- unlink <$clientdir/statedir/*>;
- } else {
- mkdir("$clientdir/statedir", 0777);
- }
-
- if ( -d "$clientdir/cachedir" ) {
- unlink <$clientdir/cachedir/*>;
- } else {
- mkdir("$clientdir/cachedir", 0777);
+ my @subdirs = (
+ { name => "private", mask => 0777 },
+ { name => "bind-dns", mask => 0777 },
+ { name => "lockdir", mask => 0777 },
+ { name => "statedir", mask => 0777 },
+ { name => "cachedir", mask => 0777 },
+ { name => "pkinit", mask => 0700 },
+ { name => "pid", mask => 0777 },
+ # the ncalrpcdir needs exactly 0755 otherwise tests fail.
+ { name => "ncalrpcdir", mask => 0755, umask => 0022 },
+ );
+
+ foreach my $sub (@subdirs) {
+ my $dir = "$clientdir/$sub->{name}";
+ remove_tree($dir);
+ my $mask = umask;
+ if (defined($sub->{umask})) {
+ umask $sub->{umask};
+ }
+ mkdir($dir, $sub->{mask});
+ umask $mask;
}
- # this is ugly, but the ncalrpcdir needs exactly 0755
- # otherwise tests fail.
- my $mask = umask;
- umask 0022;
- if ( -d "$clientdir/ncalrpcdir/np" ) {
- unlink <$clientdir/ncalrpcdir/np/*>;
- rmdir "$clientdir/ncalrpcdir/np";
- }
- if ( -d "$clientdir/ncalrpcdir" ) {
- unlink <$clientdir/ncalrpcdir/*>;
- rmdir "$clientdir/ncalrpcdir";
- }
- mkdir("$clientdir/ncalrpcdir", 0755);
- umask $mask;
-
my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
my $ca_users_dir = "$cadir/Users";
- if ( -d "$clientdir/pkinit" ) {
- unlink <$clientdir/pkinit/*>;
- } else {
- mkdir("$clientdir/pkinit", 0700);
- }
-
# each user has a USER-${USER_PRINCIPAL_NAME}-cert.pem and
# USER-${USER_PRINCIPAL_NAME}-private-key.pem symlink
# We make a copy here and make the certificated easily
# accessable in the client environment.
- $mask = umask;
+ my $mask = umask;
umask 0077;
opendir USERS, "${ca_users_dir}" or die "Could not open dir '${ca_users_dir}': $!";
for my $d (readdir USERS) {
@@ -601,6 +574,7 @@ sub write_clientconf($$$)
state directory = $clientdir/statedir
cache directory = $clientdir/cachedir
ncalrpc dir = $clientdir/ncalrpcdir
+ pid directory = $clientdir/pid
panic action = $RealBin/gdb_backtrace \%d
max xmit = 32K
notify:inotify = false
diff --git a/testprogs/blackbox/test_weak_crypto.sh b/testprogs/blackbox/test_weak_crypto.sh
index fe927e8c3a9..50a67aef110 100755
--- a/testprogs/blackbox/test_weak_crypto.sh
+++ b/testprogs/blackbox/test_weak_crypto.sh
@@ -27,6 +27,16 @@ samba_bindir="$BINDIR"
samba_testparm="$BINDIR/testparm"
samba_rpcclient="$samba_bindir/rpcclient"
+opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
+
+unset GNUTLS_FORCE_FIPS_MODE
+
+# Checks that testparm reports: Weak crypto is allowed
+testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
+
+# We should be allowed to use NTLM for connecting
+testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
+
GNUTLS_FORCE_FIPS_MODE=1
export GNUTLS_FORCE_FIPS_MODE
@@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE
testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
# We should not be allowed to use NTLM for connecting
-testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
+testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
unset GNUTLS_FORCE_FIPS_MODE
--
Samba Shared Repository
More information about the samba-cvs
mailing list