getpass regressions on Solaris/Illumos - 3.6 and master.

[Andrew Bartlett]

On Sun, 2012-01-29 at 00:24 -0500, Ira Cooper wrote:
> There's been at least 2 regressions on the Solaris platforms.  One
> involving net join not working, and one involving smbclient not working,
> using typed passwords.
> 
> I ended up tracking this issue down via bisection
> to: 510e61871c0c2b2659b80d5f785522184131b1d9 and then working out why that
> patch was the issue.
> 
> If you look at the commit involved, it looks like a no-op.  Alas, util.c
> included "system/passwd.h" and util_cmdline.c did not, so there was a
> regression, because getpass doesn't take passwords longer than 8
> characters, on Solaris.
> 
> I'm looking for a better idea than just adding "system/passwd.h" to
> source3/include/includes.h, that also has the effect of protecting against
> the kind of simple mistake made in the commit above.  I can't blame the
> committer for the error, it was far too easy to make, in my opinion.
> 
> Patch enclosed, and verified to work, against v3-6-test, that just adds
> "system/passwd.h" to source3/include/includes.h.
> 
> Thanks for the explanation of the brokenness of getpass on Solaris, Andrew
> Bartlett.

I think the correct fix is change the getpass() calls to be explicit
calls directly to the Samba replacement functions (which would be
renamed and moved to samba-util).  

We should then only fall back if we find a real-world system where the
replacement (now samba-util) function fails to compile, that we wish to
support, and it has a non-broken getpass()/getpassphrase().

(This is the opposite to our normal practice with replacement functions,
and I queried this myself in years past, but it was put to me
persuasively that otherwise the replacement will never be tested).

This will greatly reduce the chance that this might happen again.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org