[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Jul 5 23:52:01 UTC 2021
The branch, master has been updated
via 7c3bb491baf testprogs: Consistantly use kinit -c $KRB5CCNAME
via 0388a8f33bd gensec_krb5: restore ipv6 support for kpasswd
from fc267567a07 printing: avoid crash in LPRng_time
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 7c3bb491baf7d6f10760fb42b34a990e3806df9c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 16:29:36 2020 +0200
testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use.
The kerberos_kinit() shell function uses this internally.
-c is the common option between MIT and Heimdal, and is
equivilant to --cache
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
commit 0388a8f33bdde49f1cc805a0291859203c1a52b4
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jul 2 09:37:25 2021 +0200
gensec_krb5: restore ipv6 support for kpasswd
We need to offer as much space we have in order to
get the address out of tsocket_address_bsd_sockaddr().
This fixes a regression in commit
43c808f2ff907497dfff0988ff90a48fdcfc16ef.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/auth/gensec/gensec_krb5.c | 6 ++++--
testprogs/blackbox/common_test_fns.inc | 2 +-
testprogs/blackbox/test_chgdcpass.sh | 5 +++--
testprogs/blackbox/test_export_keytab_heimdal.sh | 8 ++++++--
testprogs/blackbox/test_kinit_heimdal.sh | 7 +++++--
testprogs/blackbox/test_kinit_trusts_heimdal.sh | 7 ++++---
testprogs/blackbox/test_kpasswd_heimdal.sh | 3 +--
testprogs/blackbox/test_ktpass.sh | 5 +++--
testprogs/blackbox/test_net_ads_dns.sh | 8 --------
testprogs/blackbox/test_password_settings.sh | 7 +------
testprogs/blackbox/test_pkinit_heimdal.sh | 5 +++--
testprogs/blackbox/test_pkinit_pac_heimdal.sh | 11 ++++-------
testprogs/blackbox/test_s4u_heimdal.sh | 5 +++--
testprogs/blackbox/test_samba_upgradedns.sh | 4 ----
testprogs/blackbox/test_trust_user_account.sh | 5 +++--
15 files changed, 41 insertions(+), 47 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/auth/gensec/gensec_krb5.c b/source4/auth/gensec/gensec_krb5.c
index 45abbb97b6b..7d87b3ac6b9 100644
--- a/source4/auth/gensec/gensec_krb5.c
+++ b/source4/auth/gensec/gensec_krb5.c
@@ -149,8 +149,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
struct samba_sockaddr addr;
bool ok;
+ addr.sa_socklen = sizeof(addr.u);
sockaddr_ret = tsocket_address_bsd_sockaddr(
- tlocal_addr, &addr.u.sa, sizeof(addr.u.sa));
+ tlocal_addr, &addr.u.sa, addr.sa_socklen);
if (sockaddr_ret < 0) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
@@ -170,8 +171,9 @@ static NTSTATUS gensec_krb5_start(struct gensec_security *gensec_security, bool
struct samba_sockaddr addr;
bool ok;
+ addr.sa_socklen = sizeof(addr.u);
sockaddr_ret = tsocket_address_bsd_sockaddr(
- tremote_addr, &addr.u.sa, sizeof(addr.u.sa));
+ tremote_addr, &addr.u.sa, addr.sa_socklen);
if (sockaddr_ret < 0) {
talloc_free(gensec_krb5_state);
return NT_STATUS_INTERNAL_ERROR;
diff --git a/testprogs/blackbox/common_test_fns.inc b/testprogs/blackbox/common_test_fns.inc
index 7b421e9eb08..1c988f439a7 100755
--- a/testprogs/blackbox/common_test_fns.inc
+++ b/testprogs/blackbox/common_test_fns.inc
@@ -98,7 +98,7 @@ kerberos_kinit() {
if [ "${kbase}" = "samba4kinit" ]; then
kpassfile=$(mktemp)
echo $password > ${kpassfile}
- $kinit_tool --password-file=${kpassfile} $principal $@
+ $kinit_tool -c ${KRB5CCNAME} --password-file=${kpassfile} $principal $@
status=$?
rm -f ${kpassfile}
else
diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh
index 54137b980ca..d7d1d030c19 100755
--- a/testprogs/blackbox/test_chgdcpass.sh
+++ b/testprogs/blackbox/test_chgdcpass.sh
@@ -24,11 +24,11 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
heimdal=0
if test -x $BINDIR/samba4kinit; then
heimdal=1
- samba4kinit=bin/samba4kinit
+ samba4kinit_binary=bin/samba4kinit
fi
@@ -59,6 +59,7 @@ test_drs() {
enctype="-e $ENCTYPE"
KRB5CCNAME="$PREFIX/tmpccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME
diff --git a/testprogs/blackbox/test_export_keytab_heimdal.sh b/testprogs/blackbox/test_export_keytab_heimdal.sh
index d595650e46b..a621b71eebe 100755
--- a/testprogs/blackbox/test_export_keytab_heimdal.sh
+++ b/testprogs/blackbox/test_export_keytab_heimdal.sh
@@ -27,9 +27,9 @@ newuser="$samba_tool user create"
DNSDOMAIN=$(echo $REALM | tr '[:upper:]' '[:lower:]')
SERVER_FQDN="$SERVER.$DNSDOMAIN"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
. `dirname $0`/subunit.sh
@@ -82,6 +82,7 @@ testit "dump keytab from domain for user principal with SPN as UPN" $VALGRIND $P
test_keytab "dump keytab from domain for user principal" "$PREFIX/tmpkeytab-3" "http/testupnspn.$DNSDOMAIN@$REALM" 3
KRB5CCNAME="$PREFIX/tmpuserccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
@@ -93,15 +94,18 @@ testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/t
test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpadminccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpspnupnccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "kinit with SPN from keytab" $VALGRIND $samba4kinit -k -t $PREFIX/tmpkeytab-3 http/testupnspn.$DNSDOMAIN || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpadminccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
testit "del user" $VALGRIND $PYTHON $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh
index 99fcb5482a2..7a3ff684135 100755
--- a/testprogs/blackbox/test_kinit_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_heimdal.sh
@@ -23,9 +23,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
samba_tool="$samba4bindir/samba-tool"
@@ -59,6 +59,7 @@ export ADMIN_LDBMODIFY_CONFIG
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
ADMIN_KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH
@@ -105,6 +106,7 @@ testit "enable user with kerberos cache" $VALGRIND $PYTHON $enableaccount nettes
KRB5CCNAME_PATH="$PREFIX/tmpuserccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
@@ -239,6 +241,7 @@ test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-cca
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH
diff --git a/testprogs/blackbox/test_kinit_trusts_heimdal.sh b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
index f971a8fcde2..f0529667cf8 100755
--- a/testprogs/blackbox/test_kinit_trusts_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
@@ -27,9 +27,9 @@ shift 3
failed=0
samba4bindir="$BINDIR"
-samba4kinit=kinit
-if test -x $samba4bindir/samba4kinit; then
- samba4kinit=$samba4bindir/samba4kinit
+samba4kinit_binary=kinit
+if test -x $BINDIR/samba4kinit; then
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
smbclient="$samba4bindir/smbclient"
@@ -46,6 +46,7 @@ enctype="-e $ENCTYPE"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH
diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh
index 7351ce022d1..1cf61e5d07d 100755
--- a/testprogs/blackbox/test_kpasswd_heimdal.sh
+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh
@@ -42,8 +42,7 @@ do_kinit() {
password="$2"
shift
shift
- echo $password > $PREFIX/tmppassfile
- $samba_kinit --password-file=$PREFIX/tmppassfile $principal $@
+ kerberos_kinit "$samba_kinit" "$principal" "$password" $@
}
UID_WRAPPER_ROOT=1
diff --git a/testprogs/blackbox/test_ktpass.sh b/testprogs/blackbox/test_ktpass.sh
index bb4c36d7fb2..94b7760559d 100755
--- a/testprogs/blackbox/test_ktpass.sh
+++ b/testprogs/blackbox/test_ktpass.sh
@@ -16,9 +16,9 @@ shift 1
samba_tool="$BINDIR/samba-tool"
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
CONFIG="--configfile=$PREFIX/etc/smb.conf"
@@ -28,6 +28,7 @@ TESTUSER="ktpassUser"
testit "user create" $PYTHON $samba_tool user create $CONFIG $TESTUSER testp at ssw0Rd || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmpccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
echo "testp at ssw0Rd" >$PREFIX/tmppassfile
testit "kinit with passwd" $samba4kinit -e arcfour-hmac-md5 --password-file=$PREFIX/tmppassfile $TESTUSER at SAMBA.EXAMPLE.COM || failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_net_ads_dns.sh b/testprogs/blackbox/test_net_ads_dns.sh
index 0a9deef455a..12d3941450a 100755
--- a/testprogs/blackbox/test_net_ads_dns.sh
+++ b/testprogs/blackbox/test_net_ads_dns.sh
@@ -20,19 +20,11 @@ shift 6
failed=0
samba4bindir="$BINDIR"
-samba4kinit=kinit
-if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
-fi
samba_tool="$samba4bindir/samba-tool"
net_tool="$samba4bindir/net"
smbpasswd="$samba4bindir/smbpasswd"
texpect="$samba4bindir/texpect"
-samba4kpasswd=kpasswd
-if test -x $BINDIR/samba4kpasswd; then
- samba4kpasswd=$BINDIR/samba4kpasswd
-fi
ldbsearch="$samba4bindir/ldbsearch"
ldbmodify="$samba4bindir/ldbmodify"
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 8c2ca188d3a..9a4846a8094 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -44,12 +44,7 @@ do_kinit() {
password="$2"
shift
shift
- if test -x $samba_bindir/samba4kinit; then
- echo $password > $PREFIX/tmpuserpassfile
- $samba_kinit --password-file=$PREFIX/tmpuserpassfile $principal $@
- else
- echo $password | $samba_kinit $principal $@
- fi
+ kerberos_kinit "$samba_kinit" "$principal" "$password" $@
}
test_smbpasswd()
diff --git a/testprogs/blackbox/test_pkinit_heimdal.sh b/testprogs/blackbox/test_pkinit_heimdal.sh
index 02faa4fccea..08ebc7497c4 100755
--- a/testprogs/blackbox/test_pkinit_heimdal.sh
+++ b/testprogs/blackbox/test_pkinit_heimdal.sh
@@ -23,9 +23,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
samba_tool="$samba4bindir/samba-tool"
@@ -53,6 +53,7 @@ unc="//$SERVER/tmp"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
PASSFILE_PATH="$PREFIX/tmppassfile"
diff --git a/testprogs/blackbox/test_pkinit_pac_heimdal.sh b/testprogs/blackbox/test_pkinit_pac_heimdal.sh
index 45edb7e6cb4..eb0a5d6c8fe 100755
--- a/testprogs/blackbox/test_pkinit_pac_heimdal.sh
+++ b/testprogs/blackbox/test_pkinit_pac_heimdal.sh
@@ -21,9 +21,9 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
smbtorture4="$samba4bindir/smbtorture --basedir=$SELFTEST_TMPDIR"
@@ -36,18 +36,15 @@ unc="//$SERVER/tmp"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
-PASSFILE_PATH="$PREFIX/tmppassfile"
-rm -f $PASSFILE_PATH
-echo $PASSWORD > $PASSFILE_PATH
USER_PRINCIPAL_NAME=`echo "${USERNAME}@${REALM}" | tr A-Z a-z`
PKUSER="--pk-user=FILE:$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-cert.pem,$PREFIX/pkinit/USER-${USER_PRINCIPAL_NAME}-private-key.pem"
-testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable --cache=$KRB5CCNAME $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
testit "STEP1 remote.pac verification" $smbtorture4 ncacn_np:$SERVER rpc.pac --workgroup=$DOMAIN -U$USERNAME%$PASSWORD --option=torture:pkinit_ccache=$KRB5CCNAME || failed=`expr $failed + 1`
-rm -f $PASSFILE_PATH
rm -f $KRB5CCNAME_PATH
exit $failed
diff --git a/testprogs/blackbox/test_s4u_heimdal.sh b/testprogs/blackbox/test_s4u_heimdal.sh
index c63eeaa2e30..f27c7d60104 100755
--- a/testprogs/blackbox/test_s4u_heimdal.sh
+++ b/testprogs/blackbox/test_s4u_heimdal.sh
@@ -24,9 +24,9 @@ failed=0
samba_tool="$VALGRIND $PYTHON $BINDIR/samba-tool"
-samba4kinit=kinit
+samba4kinit_binary=kinit
if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
+ samba4kinit_binary=$BINDIR/samba4kinit
fi
samba4kgetcred=kgetcred
@@ -40,6 +40,7 @@ fi
ocache="$PREFIX/tmpoutcache"
KRB5CCNAME_PATH="$PREFIX/tmpccache"
KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -rf $KRB5CCNAME_PATH
diff --git a/testprogs/blackbox/test_samba_upgradedns.sh b/testprogs/blackbox/test_samba_upgradedns.sh
index ef3023af10d..93799d4866f 100755
--- a/testprogs/blackbox/test_samba_upgradedns.sh
+++ b/testprogs/blackbox/test_samba_upgradedns.sh
@@ -19,10 +19,6 @@ failed=0
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit=kinit
-if test -x $BINDIR/samba4kinit; then
- samba4kinit=$BINDIR/samba4kinit
-fi
. `dirname $0`/subunit.sh
diff --git a/testprogs/blackbox/test_trust_user_account.sh b/testprogs/blackbox/test_trust_user_account.sh
index 1b2ba6d3811..63024a9b158 100755
--- a/testprogs/blackbox/test_trust_user_account.sh
+++ b/testprogs/blackbox/test_trust_user_account.sh
@@ -20,9 +20,9 @@ shift 5
samba_tool="$BINDIR/samba-tool"
samba4bindir="$BINDIR"
samba4srcdir="$SRCDIR/source4"
-samba4kinit="kinit -k"
+samba4kinit_binary="kinit -k"
if test -x $BINDIR/samba4kinit; then
- samba4kinit="$BINDIR/samba4kinit --use-keytab"
+ samba4kinit_binary="$BINDIR/samba4kinit --use-keytab"
fi
KEYTAB="$PREFIX/tmptda.keytab"
@@ -33,6 +33,7 @@ export KRB5_TRACE
testit "retrieve keytab for TDA of $REMOTE_REALM" $PYTHON $samba_tool domain exportkeytab $KEYTAB $CONFIGURATION --principal "$REMOTE_FLAT\$@$OUR_REALM" || failed=`expr $failed + 1`
KRB5CCNAME="$PREFIX/tmptda.ccache"
+samba4kinit="$samba4kinit_binary -c $KRB5CCNAME"
export KRB5CCNAME
rm -f $KRB5CCNAME
--
Samba Shared Repository
More information about the samba-cvs
mailing list