[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Jun 22 11:50:02 UTC 2022
The branch, master has been updated
via f68374aac54 lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off
via 7cc340f972a lib:cmdline: Fix error handling of --use-krb5-ccache=CCACHE
via 2dbd3210ed4 lib:cmdline: Fix error handling of --use-kerberos=desired|required|off
via e9e5b3ae0f6 testprogs: Fix auth with smbclient and krb5 ccache
from 3d57bb74500 s3:tests: Reformat xattr-tdb-1/run.sh
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f68374aac54b2e5c315acbab3e189755842e7c4e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 08:37:06 2022 +0200
lib:cmdline: Fix error handling of --client-protection=sign|encrypt|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jun 22 11:49:23 UTC 2022 on sn-devel-184
commit 7cc340f972afa8320c0e4c1a2b5f1e11483bb4eb
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 08:34:20 2022 +0200
lib:cmdline: Fix error handling of --use-krb5-ccache=CCACHE
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 2dbd3210ed4a6703fcc6b0350a86860e5bcbd7c7
Author: Andreas Schneider <asn at samba.org>
Date: Wed Jun 22 08:28:40 2022 +0200
lib:cmdline: Fix error handling of --use-kerberos=desired|required|off
Best reviewed with `git show -b`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit e9e5b3ae0f662d8541358a07861c06aa9f48aa5a
Author: Andreas Schneider <asn at samba.org>
Date: Tue May 24 10:17:00 2022 +0200
testprogs: Fix auth with smbclient and krb5 ccache
--use-kerberos=required will ask the user to provide a username and
password to do a kinit. The test will open a password prompt in this
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/cmdline/cmdline.c | 219 ++++++++++++++++-------------
testprogs/blackbox/test_kpasswd_heimdal.sh | 4 +-
2 files changed, 123 insertions(+), 100 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 33d0c94e3b1..9f4e964f289 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -904,57 +904,73 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
}
}
break;
- case OPT_USE_KERBEROS:
- if (arg != NULL) {
- int32_t use_kerberos =
- lpcfg_parse_enum_vals("client use kerberos", arg);
+ case OPT_USE_KERBEROS: {
+ int32_t use_kerberos = INT_MIN;
+ if (arg == NULL) {
+ fprintf(stderr,
+ "Failed to parse "
+ "--use-kerberos=desired|required|off: "
+ "Missing argument\n");
+ exit(1);
+ }
- if (use_kerberos == INT_MIN) {
- fprintf(stderr, "Failed to parse --use-kerberos\n");
- exit(1);
- }
+ use_kerberos = lpcfg_parse_enum_vals("client use kerberos",
+ arg);
+ if (use_kerberos == INT_MIN) {
+ fprintf(stderr,
+ "Failed to parse "
+ "--use-kerberos=desired|required|off: "
+ "Invalid argument\n");
+ exit(1);
+ }
- ok = cli_credentials_set_kerberos_state(creds,
- use_kerberos,
- CRED_SPECIFIED);
- if (!ok) {
- fprintf(stderr,
- "Failed to set Kerberos state to %s!\n", arg);
- exit(1);
- }
+ ok = cli_credentials_set_kerberos_state(creds,
+ use_kerberos,
+ CRED_SPECIFIED);
+ if (!ok) {
+ fprintf(stderr,
+ "Failed to set Kerberos state to %s!\n", arg);
+ exit(1);
}
break;
- case OPT_USE_KERBEROS_CCACHE:
- if (arg != NULL) {
- const char *error_string = NULL;
- int rc;
+ }
+ case OPT_USE_KERBEROS_CCACHE: {
+ const char *error_string = NULL;
+ int rc;
- ok = cli_credentials_set_kerberos_state(creds,
- CRED_USE_KERBEROS_REQUIRED,
- CRED_SPECIFIED);
- if (!ok) {
- fprintf(stderr,
- "Failed to set Kerberos state to %s!\n", arg);
- exit(1);
- }
+ if (arg == NULL) {
+ fprintf(stderr,
+ "Failed to parse --use-krb5-ccache=CCACHE: "
+ "Missing argument\n");
+ exit(1);
+ }
- rc = cli_credentials_set_ccache(creds,
- lp_ctx,
- arg,
- CRED_SPECIFIED,
- &error_string);
- if (rc != 0) {
- fprintf(stderr,
- "Error reading krb5 credentials cache: '%s'"
- " - %s\n",
- arg,
- error_string);
- exit(1);
- }
+ ok = cli_credentials_set_kerberos_state(creds,
+ CRED_USE_KERBEROS_REQUIRED,
+ CRED_SPECIFIED);
+ if (!ok) {
+ fprintf(stderr,
+ "Failed to set Kerberos state to %s!\n", arg);
+ exit(1);
+ }
- skip_password_callback = true;
+ rc = cli_credentials_set_ccache(creds,
+ lp_ctx,
+ arg,
+ CRED_SPECIFIED,
+ &error_string);
+ if (rc != 0) {
+ fprintf(stderr,
+ "Error reading krb5 credentials cache: '%s'"
+ " - %s\n",
+ arg,
+ error_string);
+ exit(1);
}
+
+ skip_password_callback = true;
break;
+ }
case OPT_USE_WINBIND_CCACHE:
{
uint32_t gensec_features;
@@ -974,68 +990,75 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
skip_password_callback = true;
break;
}
- case OPT_CLIENT_PROTECTION:
- if (arg != NULL) {
- uint32_t gensec_features;
- enum smb_signing_setting signing_state =
- SMB_SIGNING_OFF;
- enum smb_encryption_setting encryption_state =
- SMB_ENCRYPTION_OFF;
-
- gensec_features =
- cli_credentials_get_gensec_features(
- creds);
-
- if (strequal(arg, "off")) {
- gensec_features &=
- ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL);
-
- signing_state = SMB_SIGNING_OFF;
- encryption_state = SMB_ENCRYPTION_OFF;
- } else if (strequal(arg, "sign")) {
- gensec_features |= GENSEC_FEATURE_SIGN;
-
- signing_state = SMB_SIGNING_REQUIRED;
- encryption_state = SMB_ENCRYPTION_OFF;
- } else if (strequal(arg, "encrypt")) {
- gensec_features |= GENSEC_FEATURE_SEAL;
-
- signing_state = SMB_SIGNING_REQUIRED;
- encryption_state = SMB_ENCRYPTION_REQUIRED;
- } else {
- fprintf(stderr,
- "Failed to parse --client-protection\n");
- exit(1);
- }
+ case OPT_CLIENT_PROTECTION: {
+ uint32_t gensec_features;
+ enum smb_signing_setting signing_state =
+ SMB_SIGNING_OFF;
+ enum smb_encryption_setting encryption_state =
+ SMB_ENCRYPTION_OFF;
- ok = cli_credentials_set_gensec_features(creds,
- gensec_features,
- CRED_SPECIFIED);
- if (!ok) {
- fprintf(stderr,
- "Failed to set gensec feature!\n");
- exit(1);
- }
+ if (arg == NULL) {
+ fprintf(stderr,
+ "Failed to parse "
+ "--client-protection=sign|encrypt|off: "
+ "Missing argument\n");
+ exit(1);
+ }
- ok = cli_credentials_set_smb_signing(creds,
- signing_state,
- CRED_SPECIFIED);
- if (!ok) {
- fprintf(stderr,
- "Failed to set smb signing!\n");
- exit(1);
- }
+ gensec_features =
+ cli_credentials_get_gensec_features(
+ creds);
- ok = cli_credentials_set_smb_encryption(creds,
- encryption_state,
+ if (strequal(arg, "off")) {
+ gensec_features &=
+ ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL);
+
+ signing_state = SMB_SIGNING_OFF;
+ encryption_state = SMB_ENCRYPTION_OFF;
+ } else if (strequal(arg, "sign")) {
+ gensec_features |= GENSEC_FEATURE_SIGN;
+
+ signing_state = SMB_SIGNING_REQUIRED;
+ encryption_state = SMB_ENCRYPTION_OFF;
+ } else if (strequal(arg, "encrypt")) {
+ gensec_features |= GENSEC_FEATURE_SEAL;
+
+ signing_state = SMB_SIGNING_REQUIRED;
+ encryption_state = SMB_ENCRYPTION_REQUIRED;
+ } else {
+ fprintf(stderr,
+ "Failed to parse --client-protection\n");
+ exit(1);
+ }
+
+ ok = cli_credentials_set_gensec_features(creds,
+ gensec_features,
CRED_SPECIFIED);
- if (!ok) {
- fprintf(stderr,
- "Failed to set smb encryption!\n");
- exit(1);
- }
+ if (!ok) {
+ fprintf(stderr,
+ "Failed to set gensec feature!\n");
+ exit(1);
+ }
+
+ ok = cli_credentials_set_smb_signing(creds,
+ signing_state,
+ CRED_SPECIFIED);
+ if (!ok) {
+ fprintf(stderr,
+ "Failed to set smb signing!\n");
+ exit(1);
+ }
+
+ ok = cli_credentials_set_smb_encryption(creds,
+ encryption_state,
+ CRED_SPECIFIED);
+ if (!ok) {
+ fprintf(stderr,
+ "Failed to set smb encryption!\n");
+ exit(1);
}
break;
+ }
} /* switch */
}
diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh
index 43f38b09de2..a73c6665a18 100755
--- a/testprogs/blackbox/test_kpasswd_heimdal.sh
+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh
@@ -71,7 +71,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \
- "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1`
+ "ls" "$SMB_UNC" --use-krb5-ccache=${KRB5CCNAME} || failed=`expr $failed + 1`
testit "change user password with 'samba-tool user password' (unforced)" \
$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
@@ -84,7 +84,7 @@ testit "kinit with user password" \
do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" \
- "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1`
+ "ls" "$SMB_UNC" --use-krb5-ccache=${KRB5CCNAME} || failed=`expr $failed + 1`
###########################################################
### check that a short password is rejected
--
Samba Shared Repository
More information about the samba-cvs
mailing list