The Samba-Bugzilla – Attachment 17388 Details for
Bug 15104
--use-kerberos with no arg (as a final option) doesn't fail
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.16
v4-16-test-fix-libcmdline.patch (text/plain), 10.42 KB, created by
Andreas Schneider
on 2022-06-22 14:53:05 UTC
(
hide
)
Description:
patch for 4.16
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2022-06-22 14:53:05 UTC
Size:
10.42 KB
patch
obsolete
>From ebee214542117717d516d269224f4e75038cf654 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Tue, 24 May 2022 10:17:00 +0200 >Subject: [PATCH 1/4] testprogs: Fix auth with smbclient and krb5 ccache > >--use-kerberos=required will ask the user to provide a username and >password to do a kinit. The test will open a password prompt in this >case. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit e9e5b3ae0f662d8541358a07861c06aa9f48aa5a) >--- > testprogs/blackbox/test_kpasswd_heimdal.sh | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > >diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh >index 43f38b09de2..a73c6665a18 100755 >--- a/testprogs/blackbox/test_kpasswd_heimdal.sh >+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh >@@ -71,7 +71,7 @@ testit "kinit with user password" \ > do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` > > test_smbclient "Test login with user kerberos ccache" \ >- "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` >+ "ls" "$SMB_UNC" --use-krb5-ccache=${KRB5CCNAME} || failed=`expr $failed + 1` > > testit "change user password with 'samba-tool user password' (unforced)" \ > $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD --use-kerberos=off --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1` >@@ -84,7 +84,7 @@ testit "kinit with user password" \ > do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1` > > test_smbclient "Test login with user kerberos ccache" \ >- "ls" "$SMB_UNC" --use-kerberos=required || failed=`expr $failed + 1` >+ "ls" "$SMB_UNC" --use-krb5-ccache=${KRB5CCNAME} || failed=`expr $failed + 1` > > ########################################################### > ### check that a short password is rejected >-- >2.36.1 > > >From 3682bcc279149dba730ad805c2819bdcdddaaddd Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 22 Jun 2022 08:28:40 +0200 >Subject: [PATCH 2/4] lib:cmdline: Fix error handling of > --use-kerberos=desired|required|off > >Best reviewed with `git show -b` > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 2dbd3210ed4a6703fcc6b0350a86860e5bcbd7c7) >--- > lib/cmdline/cmdline.c | 42 ++++++++++++++++++++++++++---------------- > 1 file changed, 26 insertions(+), 16 deletions(-) > >diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c >index 33d0c94e3b1..707c93cc70a 100644 >--- a/lib/cmdline/cmdline.c >+++ b/lib/cmdline/cmdline.c >@@ -904,26 +904,36 @@ static void popt_common_credentials_callback(poptContext popt_ctx, > } > } > break; >- case OPT_USE_KERBEROS: >- if (arg != NULL) { >- int32_t use_kerberos = >- lpcfg_parse_enum_vals("client use kerberos", arg); >+ case OPT_USE_KERBEROS: { >+ int32_t use_kerberos = INT_MIN; >+ if (arg == NULL) { >+ fprintf(stderr, >+ "Failed to parse " >+ "--use-kerberos=desired|required|off: " >+ "Missing argument\n"); >+ exit(1); >+ } > >- if (use_kerberos == INT_MIN) { >- fprintf(stderr, "Failed to parse --use-kerberos\n"); >- exit(1); >- } >+ use_kerberos = lpcfg_parse_enum_vals("client use kerberos", >+ arg); >+ if (use_kerberos == INT_MIN) { >+ fprintf(stderr, >+ "Failed to parse " >+ "--use-kerberos=desired|required|off: " >+ "Invalid argument\n"); >+ exit(1); >+ } > >- ok = cli_credentials_set_kerberos_state(creds, >- use_kerberos, >- CRED_SPECIFIED); >- if (!ok) { >- fprintf(stderr, >- "Failed to set Kerberos state to %s!\n", arg); >- exit(1); >- } >+ ok = cli_credentials_set_kerberos_state(creds, >+ use_kerberos, >+ CRED_SPECIFIED); >+ if (!ok) { >+ fprintf(stderr, >+ "Failed to set Kerberos state to %s!\n", arg); >+ exit(1); > } > break; >+ } > case OPT_USE_KERBEROS_CCACHE: > if (arg != NULL) { > const char *error_string = NULL; >-- >2.36.1 > > >From 1b22f0491e3015419fe1988aa7f96e60f3708cc6 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 22 Jun 2022 08:34:20 +0200 >Subject: [PATCH 3/4] lib:cmdline: Fix error handling of > --use-krb5-ccache=CCACHE > >Best reviewed with `git show -b` > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 7cc340f972afa8320c0e4c1a2b5f1e11483bb4eb) >--- > lib/cmdline/cmdline.c | 58 ++++++++++++++++++++++++------------------- > 1 file changed, 32 insertions(+), 26 deletions(-) > >diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c >index 707c93cc70a..de2992d3c32 100644 >--- a/lib/cmdline/cmdline.c >+++ b/lib/cmdline/cmdline.c >@@ -934,37 +934,43 @@ static void popt_common_credentials_callback(poptContext popt_ctx, > } > break; > } >- case OPT_USE_KERBEROS_CCACHE: >- if (arg != NULL) { >- const char *error_string = NULL; >- int rc; >+ case OPT_USE_KERBEROS_CCACHE: { >+ const char *error_string = NULL; >+ int rc; > >- ok = cli_credentials_set_kerberos_state(creds, >- CRED_USE_KERBEROS_REQUIRED, >- CRED_SPECIFIED); >- if (!ok) { >- fprintf(stderr, >- "Failed to set Kerberos state to %s!\n", arg); >- exit(1); >- } >+ if (arg == NULL) { >+ fprintf(stderr, >+ "Failed to parse --use-krb5-ccache=CCACHE: " >+ "Missing argument\n"); >+ exit(1); >+ } > >- rc = cli_credentials_set_ccache(creds, >- lp_ctx, >- arg, >- CRED_SPECIFIED, >- &error_string); >- if (rc != 0) { >- fprintf(stderr, >- "Error reading krb5 credentials cache: '%s'" >- " - %s\n", >- arg, >- error_string); >- exit(1); >- } >+ ok = cli_credentials_set_kerberos_state(creds, >+ CRED_USE_KERBEROS_REQUIRED, >+ CRED_SPECIFIED); >+ if (!ok) { >+ fprintf(stderr, >+ "Failed to set Kerberos state to %s!\n", arg); >+ exit(1); >+ } > >- skip_password_callback = true; >+ rc = cli_credentials_set_ccache(creds, >+ lp_ctx, >+ arg, >+ CRED_SPECIFIED, >+ &error_string); >+ if (rc != 0) { >+ fprintf(stderr, >+ "Error reading krb5 credentials cache: '%s'" >+ " - %s\n", >+ arg, >+ error_string); >+ exit(1); > } >+ >+ skip_password_callback = true; > break; >+ } > case OPT_USE_WINBIND_CCACHE: > { > uint32_t gensec_features; >-- >2.36.1 > > >From deba562cd0f8e6cc6b3b76303457bf5b7be3a685 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 22 Jun 2022 08:37:06 +0200 >Subject: [PATCH 4/4] lib:cmdline: Fix error handling of > --client-protection=sign|encrypt|off > >Best reviewed with `git show -b` > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15104 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit f68374aac54b2e5c315acbab3e189755842e7c4e) >--- > lib/cmdline/cmdline.c | 119 ++++++++++++++++++++++-------------------- > 1 file changed, 63 insertions(+), 56 deletions(-) > >diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c >index de2992d3c32..9f4e964f289 100644 >--- a/lib/cmdline/cmdline.c >+++ b/lib/cmdline/cmdline.c >@@ -990,68 +990,75 @@ static void popt_common_credentials_callback(poptContext popt_ctx, > skip_password_callback = true; > break; > } >- case OPT_CLIENT_PROTECTION: >- if (arg != NULL) { >- uint32_t gensec_features; >- enum smb_signing_setting signing_state = >- SMB_SIGNING_OFF; >- enum smb_encryption_setting encryption_state = >- SMB_ENCRYPTION_OFF; >- >- gensec_features = >- cli_credentials_get_gensec_features( >- creds); >- >- if (strequal(arg, "off")) { >- gensec_features &= >- ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL); >- >- signing_state = SMB_SIGNING_OFF; >- encryption_state = SMB_ENCRYPTION_OFF; >- } else if (strequal(arg, "sign")) { >- gensec_features |= GENSEC_FEATURE_SIGN; >- >- signing_state = SMB_SIGNING_REQUIRED; >- encryption_state = SMB_ENCRYPTION_OFF; >- } else if (strequal(arg, "encrypt")) { >- gensec_features |= GENSEC_FEATURE_SEAL; >- >- signing_state = SMB_SIGNING_REQUIRED; >- encryption_state = SMB_ENCRYPTION_REQUIRED; >- } else { >- fprintf(stderr, >- "Failed to parse --client-protection\n"); >- exit(1); >- } >+ case OPT_CLIENT_PROTECTION: { >+ uint32_t gensec_features; >+ enum smb_signing_setting signing_state = >+ SMB_SIGNING_OFF; >+ enum smb_encryption_setting encryption_state = >+ SMB_ENCRYPTION_OFF; > >- ok = cli_credentials_set_gensec_features(creds, >- gensec_features, >- CRED_SPECIFIED); >- if (!ok) { >- fprintf(stderr, >- "Failed to set gensec feature!\n"); >- exit(1); >- } >+ if (arg == NULL) { >+ fprintf(stderr, >+ "Failed to parse " >+ "--client-protection=sign|encrypt|off: " >+ "Missing argument\n"); >+ exit(1); >+ } > >- ok = cli_credentials_set_smb_signing(creds, >- signing_state, >- CRED_SPECIFIED); >- if (!ok) { >- fprintf(stderr, >- "Failed to set smb signing!\n"); >- exit(1); >- } >+ gensec_features = >+ cli_credentials_get_gensec_features( >+ creds); >+ >+ if (strequal(arg, "off")) { >+ gensec_features &= >+ ~(GENSEC_FEATURE_SIGN|GENSEC_FEATURE_SEAL); >+ >+ signing_state = SMB_SIGNING_OFF; >+ encryption_state = SMB_ENCRYPTION_OFF; >+ } else if (strequal(arg, "sign")) { >+ gensec_features |= GENSEC_FEATURE_SIGN; > >- ok = cli_credentials_set_smb_encryption(creds, >- encryption_state, >+ signing_state = SMB_SIGNING_REQUIRED; >+ encryption_state = SMB_ENCRYPTION_OFF; >+ } else if (strequal(arg, "encrypt")) { >+ gensec_features |= GENSEC_FEATURE_SEAL; >+ >+ signing_state = SMB_SIGNING_REQUIRED; >+ encryption_state = SMB_ENCRYPTION_REQUIRED; >+ } else { >+ fprintf(stderr, >+ "Failed to parse --client-protection\n"); >+ exit(1); >+ } >+ >+ ok = cli_credentials_set_gensec_features(creds, >+ gensec_features, > CRED_SPECIFIED); >- if (!ok) { >- fprintf(stderr, >- "Failed to set smb encryption!\n"); >- exit(1); >- } >+ if (!ok) { >+ fprintf(stderr, >+ "Failed to set gensec feature!\n"); >+ exit(1); >+ } >+ >+ ok = cli_credentials_set_smb_signing(creds, >+ signing_state, >+ CRED_SPECIFIED); >+ if (!ok) { >+ fprintf(stderr, >+ "Failed to set smb signing!\n"); >+ exit(1); >+ } >+ >+ ok = cli_credentials_set_smb_encryption(creds, >+ encryption_state, >+ CRED_SPECIFIED); >+ if (!ok) { >+ fprintf(stderr, >+ "Failed to set smb encryption!\n"); >+ exit(1); > } > break; >+ } > } /* switch */ > } > >-- >2.36.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
asn
:
review?
(
metze
)
asn
:
review?
(
abartlet
)
Actions:
View
Attachments on
bug 15104
: 17388 |
17391