[SCM] Samba Shared Repository - branch master updated

David Disseldorp ddiss at samba.org
Thu Sep 17 00:06:03 UTC 2020 

The branch, master has been updated
       via  ed625d66943 tests: Disable kerberos for weak crypto test
       via  63b0d2dc760 selftest: set pid directory in client's smb.conf
       via  ebada816ded selftest: Create client directories in a loop
      from  67498ffd787 s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit ed625d669437bb940a98a0e51c67a85d947dc2d5
Author: Samuel Cabrero <scabrero at suse.de>
Date:   Tue Sep 15 12:32:44 2020 +0200

    tests: Disable kerberos for weak crypto test
    
    Otherwise the test fails because the client is authenticated using
    spnego and gse_krb5, not triggering the weak crypto restrictions.
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>
    
    Autobuild-User(master): David Disseldorp <ddiss at samba.org>
    Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184

commit 63b0d2dc7608ba30b1269a1937da1ac3ba3e40d3
Author: Samuel Cabrero <scabrero at suse.de>
Date:   Tue Sep 15 13:32:00 2020 +0200

    selftest: set pid directory in client's smb.conf
    
    Set a pid file directory to avoid the following testparm error:
    
    ERROR: pid directory /usr/local/samba/var/run does not exist
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit ebada816dedf5ea86fdb17b78998890114344b6d
Author: Samuel Cabrero <scabrero at samba.org>
Date:   Wed Sep 16 13:00:33 2020 +0200

    selftest: Create client directories in a loop
    
    Signed-off-by: Samuel Cabrero <scabrero at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 selftest/selftest.pl                   | 74 +++++++++++-----------------------
 testprogs/blackbox/test_weak_crypto.sh | 12 +++++-
 2 files changed, 35 insertions(+), 51 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index d14df92a11c..6ea21fa6bfe 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -22,6 +22,7 @@ use warnings;
 use FindBin qw($RealBin $Script);
 use File::Spec;
 use File::Temp qw(tempfile);
+use File::Path qw(remove_tree);
 use Getopt::Long;
 use POSIX;
 use Cwd qw(abs_path);
@@ -501,67 +502,39 @@ sub write_clientconf($$$)
 
 	mkdir("$clientdir", 0777) unless -d "$clientdir";
 
-	if ( -d "$clientdir/private" ) {
-	        unlink <$clientdir/private/*>;
-	} else {
-	        mkdir("$clientdir/private", 0777);
-	}
-
-	if ( -d "$clientdir/bind-dns" ) {
-	        unlink <$clientdir/bind-dns/*>;
-	} else {
-	        mkdir("$clientdir/bind-dns", 0777);
-	}
-
-	if ( -d "$clientdir/lockdir" ) {
-	        unlink <$clientdir/lockdir/*>;
-	} else {
-	        mkdir("$clientdir/lockdir", 0777);
-	}
-
-	if ( -d "$clientdir/statedir" ) {
-	        unlink <$clientdir/statedir/*>;
-	} else {
-	        mkdir("$clientdir/statedir", 0777);
-	}
-
-	if ( -d "$clientdir/cachedir" ) {
-	        unlink <$clientdir/cachedir/*>;
-	} else {
-	        mkdir("$clientdir/cachedir", 0777);
+	my @subdirs = (
+		{ name => "private", mask => 0777 },
+		{ name => "bind-dns", mask => 0777 },
+		{ name => "lockdir", mask => 0777 },
+		{ name => "statedir", mask => 0777 },
+		{ name => "cachedir", mask => 0777 },
+		{ name => "pkinit", mask => 0700 },
+		{ name => "pid", mask => 0777 },
+		# the ncalrpcdir needs exactly 0755 otherwise tests fail.
+		{ name => "ncalrpcdir", mask => 0755, umask => 0022 },
+	);
+
+	foreach my $sub (@subdirs) {
+		my $dir = "$clientdir/$sub->{name}";
+		remove_tree($dir);
+		my $mask = umask;
+		if (defined($sub->{umask})) {
+			umask $sub->{umask};
+		}
+		mkdir($dir, $sub->{mask});
+		umask $mask;
 	}
 
-	# this is ugly, but the ncalrpcdir needs exactly 0755
-	# otherwise tests fail.
-	my $mask = umask;
-	umask 0022;
-	if ( -d "$clientdir/ncalrpcdir/np" ) {
-	        unlink <$clientdir/ncalrpcdir/np/*>;
-		rmdir "$clientdir/ncalrpcdir/np";
-	}
-	if ( -d "$clientdir/ncalrpcdir" ) {
-	        unlink <$clientdir/ncalrpcdir/*>;
-		rmdir "$clientdir/ncalrpcdir";
-	}
-	mkdir("$clientdir/ncalrpcdir", 0755);
-	umask $mask;
-
 	my $cadir = "$ENV{SRCDIR_ABS}/selftest/manage-ca/CA-samba.example.com";
 	my $cacert = "$cadir/Public/CA-samba.example.com-cert.pem";
 	my $cacrl_pem = "$cadir/Public/CA-samba.example.com-crl.pem";
 	my $ca_users_dir = "$cadir/Users";
 
-	if ( -d "$clientdir/pkinit" ) {
-	        unlink <$clientdir/pkinit/*>;
-	} else {
-	        mkdir("$clientdir/pkinit", 0700);
-	}
-
 	# each user has a USER-${USER_PRINCIPAL_NAME}-cert.pem and
 	# USER-${USER_PRINCIPAL_NAME}-private-key.pem symlink
 	# We make a copy here and make the certificated easily
 	# accessable in the client environment.
-	$mask = umask;
+	my $mask = umask;
 	umask 0077;
 	opendir USERS, "${ca_users_dir}" or die "Could not open dir '${ca_users_dir}': $!";
 	for my $d (readdir USERS) {
@@ -601,6 +574,7 @@ sub write_clientconf($$$)
 	state directory = $clientdir/statedir
 	cache directory = $clientdir/cachedir
 	ncalrpc dir = $clientdir/ncalrpcdir
+	pid directory = $clientdir/pid
 	panic action = $RealBin/gdb_backtrace \%d
 	max xmit = 32K
 	notify:inotify = false
diff --git a/testprogs/blackbox/test_weak_crypto.sh b/testprogs/blackbox/test_weak_crypto.sh
index fe927e8c3a9..50a67aef110 100755
--- a/testprogs/blackbox/test_weak_crypto.sh
+++ b/testprogs/blackbox/test_weak_crypto.sh
@@ -27,6 +27,16 @@ samba_bindir="$BINDIR"
 samba_testparm="$BINDIR/testparm"
 samba_rpcclient="$samba_bindir/rpcclient"
 
+opt="--option=gensec:gse_krb5=no -U${USERNAME}%${PASSWORD}"
+
+unset GNUTLS_FORCE_FIPS_MODE
+
+# Checks that testparm reports: Weak crypto is allowed
+testit_grep "testparm" "Weak crypto is allowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
+
+# We should be allowed to use NTLM for connecting
+testit "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
+
 GNUTLS_FORCE_FIPS_MODE=1
 export GNUTLS_FORCE_FIPS_MODE
 
@@ -34,7 +44,7 @@ export GNUTLS_FORCE_FIPS_MODE
 testit_grep "testparm" "Weak crypto is disallowed" $samba_testparm -s $SMB_CONF_PATH 2>&1 || failed=`expr $failed + 1`
 
 # We should not be allowed to use NTLM for connecting
-testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER -U$USERNAME%$PASSWORD -c "getusername" || failed=`expr $failed + 1`
+testit_expect_failure "rpclient.ntlm" $samba_rpcclient ncacn_np:$SERVER $opt -c "getusername" || failed=`expr $failed + 1`
 
 unset GNUTLS_FORCE_FIPS_MODE
 


-- 
Samba Shared Repository

More information about the samba-cvs mailing list