The Samba-Bugzilla – Attachment 18199 Details for
Bug 15532
smget: username in the smburl and interactive password entry doesn't work
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
patch for 4.19
v4-19-fix-smbget2.patch (text/plain), 35.07 KB, created by
Andreas Schneider
on 2023-12-11 08:56:10 UTC
(
hide
)
Description:
patch for 4.19
Filename:
MIME Type:
Creator:
Andreas Schneider
Created:
2023-12-11 08:56:10 UTC
Size:
35.07 KB
patch
obsolete
>From 3b25f764e714dee0327fd4f068bd14650f7e7ab4 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 09:18:26 +0100 >Subject: [PATCH 01/13] s3:tests: Fix authentication with smbget_user in smbget > tests > >Currently the smget share is broken. We set `guest ok = yes` so if you >specify invalid names, the authentication will still succeed as we >are mapped to guest. > >The smbget_user is a local ad_member user. We need to set the >workstation as the "domain" for the user. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9) >--- > source3/script/tests/test_smbget.sh | 28 ++++++++++++++-------------- > 1 file changed, 14 insertions(+), 14 deletions(-) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index bdc62a71eff..5ab35a03e24 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -72,7 +72,7 @@ test_singlefile_guest() > test_singlefile_U() > { > clear_download_area >- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -132,7 +132,7 @@ test_singlefile_U_domain() > test_singlefile_smburl() > { > clear_download_area >- $SMBGET --workgroup $DOMAIN smb://$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile >+ $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -148,7 +148,7 @@ test_singlefile_smburl() > test_singlefile_smburl2() > { > clear_download_area >- $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile" >+ $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile" > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -165,7 +165,7 @@ test_singlefile_authfile() > { > clear_download_area > cat >"${TMPDIR}/authfile" << EOF >-username = $USERNAME >+username = ${SERVER}/${USERNAME} > password = $PASSWORD > EOF > $SMBGET --verbose --authentication-file="${TMPDIR}/authfile" smb://$SERVER_IP/smbget/testfile >@@ -186,7 +186,7 @@ EOF > test_recursive_U() > { > clear_download_area >- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ >+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -207,7 +207,7 @@ test_recursive_existing_dir() > { > clear_download_area > mkdir dir1 >- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ >+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -230,7 +230,7 @@ test_recursive_with_empty() > # create some additional empty directories > mkdir -p $WORKDIR/dir001/dir002/dir003 > mkdir -p $WORKDIR/dir004/dir005/dir006 >- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ >+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ > rc=$? > rm -rf $WORKDIR/dir001 > rm -rf $WORKDIR/dir004 >@@ -260,7 +260,7 @@ test_resume() > clear_download_area > cp $WORKDIR/testfile . > truncate -s 1024 testfile >- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -279,7 +279,7 @@ test_resume_modified() > { > clear_download_area > dd if=/dev/urandom bs=1024 count=2 of=testfile >- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 1 ]; then > echo 'ERROR: RC does not match, expected: 1' > return 1 >@@ -291,14 +291,14 @@ test_resume_modified() > test_update() > { > clear_download_area >- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 > fi > > # secondary download should pass >- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -308,7 +308,7 @@ test_update() > # touch source to trigger new download > sleep 2 > touch -m $WORKDIR/testfile >- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -397,7 +397,7 @@ test_limit_rate() > test_encrypt() > { > clear_download_area >- $SMBGET --verbose --encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -409,7 +409,7 @@ test_encrypt() > fi > > clear_download_area >- $SMBGET --verbose --client-protection=encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --client-protection=encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >-- >2.43.0 > > >From a61c1ed2e21640a60b219b8efb16fed7ddfbce7c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 8 Dec 2023 13:06:27 +0100 >Subject: [PATCH 02/13] selftest: Remove trailing tabs/white spaces in > Samba4.pm > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4) >--- > selftest/target/Samba4.pm | 8 ++++---- > 1 file changed, 4 insertions(+), 4 deletions(-) > >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index a10c1313322..e559bf888a9 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -559,7 +559,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > warn("Unable to clean up"); > } > >- >+ > my $swiface = Samba::get_interface($hostname); > > $ctx->{prefix} = $prefix; >@@ -1034,7 +1034,7 @@ replace: userPrincipalName > userPrincipalName: testallowed upn\@$ctx->{realm} > replace: servicePrincipalName > servicePrincipalName: host/testallowed >-- >+- > "; > close($ldif); > unless ($? == 0) { >@@ -1057,7 +1057,7 @@ servicePrincipalName: host/testallowed > changetype: modify > replace: userPrincipalName > userPrincipalName: testdenied_upn\@$ctx->{realm}.upn >-- >+- > "; > close($ldif); > unless ($? == 0) { >@@ -2225,7 +2225,7 @@ sub provision_chgdcpass($$) > warn("Unable to add wins configuration"); > return undef; > } >- >+ > # Remove secrets.tdb from this environment to test that we > # still start up on systems without the new matching > # secrets.tdb records. >-- >2.43.0 > > >From 4177d6b866f8a0a72ebe208c5025ad643a2610d8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Fri, 8 Dec 2023 13:07:19 +0100 >Subject: [PATCH 03/13] selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables > >We should start using those in future. So we can distinguish which >privileges we want. Currently DC_USERNAME is the Administrator. Whatever >possible should use DOMIAN_USER instead. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c) >--- > selftest/target/Samba.pm | 4 ++++ > selftest/target/Samba3.pm | 24 ++++++++++++++++++++++++ > selftest/target/Samba4.pm | 8 ++++++++ > 3 files changed, 36 insertions(+) > >diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm >index b959db493ca..e4bd6a0d5d2 100644 >--- a/selftest/target/Samba.pm >+++ b/selftest/target/Samba.pm >@@ -947,6 +947,10 @@ my @exported_envvars = ( > "PASSWORD", > "DC_USERNAME", > "DC_PASSWORD", >+ "DOMAIN_ADMIN", >+ "DOMAIN_ADMIN_PASSWORD", >+ "DOMAIN_USER", >+ "DOMAIN_USER_PASSWORD", > > # UID/GID for rfc2307 mapping tests > "UID_RFC2307TEST", >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 85e69e4b72d..8755d0a2f1f 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -1006,6 +1006,10 @@ sub provision_ad_member > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > # forest trust > $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; >@@ -1171,6 +1175,10 @@ sub setup_ad_member_rfc2307 > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > return $ret; > } >@@ -1267,6 +1275,10 @@ sub setup_admem_idmap_autorid > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > return $ret; > } >@@ -1366,6 +1378,10 @@ sub setup_ad_member_idmap_rid > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > return $ret; > } >@@ -1466,6 +1482,10 @@ sub setup_ad_member_idmap_ad > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; > $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; >@@ -1558,6 +1578,10 @@ sub setup_ad_member_oneway > $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; > $ret->{DC_USERNAME} = $dcvars->{USERNAME}; > $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; >+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; >+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; >+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; >+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; > > $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; > $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; >diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >index e559bf888a9..cbaacce48da 100755 >--- a/selftest/target/Samba4.pm >+++ b/selftest/target/Samba4.pm >@@ -587,6 +587,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) > $ctx->{realm} = uc($realm); > $ctx->{dnsname} = lc($realm); > $ctx->{samsid} = $samsid; >+ $ctx->{domain_admin} = "Administrator"; >+ $ctx->{domain_admin_password} = $password; >+ $ctx->{domain_user} = "alice"; >+ $ctx->{domain_user_password} = "Secret007"; > > $ctx->{functional_level} = $functional_level; > >@@ -906,6 +910,10 @@ nogroup:x:65534:nobody > DOMAIN => $ctx->{domain}, > USERNAME => $ctx->{username}, > DC_USERNAME => $ctx->{username}, >+ DOMAIN_ADMIN => $ctx->{domain_admin}, >+ DOMAIN_ADMIN_PASSWORD => $ctx->{domain_admin_password}, >+ DOMAIN_USER => $ctx->{domain_user}, >+ DOMAIN_USER_PASSWORD => $ctx->{domain_user_password}, > REALM => $ctx->{realm}, > DNSNAME => $ctx->{dnsname}, > SAMSID => $ctx->{samsid}, >-- >2.43.0 > > >From c5839fd47591e46431d56091f151f22a5e35d16c Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 09:45:54 +0100 >Subject: [PATCH 04/13] s3:tests: Pass down a normal domain user for > test_smbget.sh > >It is better to test with a normal user than administrator. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 337034e675aaeb366d360a791ec0d003426230af) >--- > source3/script/tests/test_smbget.sh | 22 ++++++++++++---------- > source3/selftest/tests.py | 2 ++ > 2 files changed, 14 insertions(+), 10 deletions(-) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 5ab35a03e24..257291b18ff 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -16,9 +16,11 @@ DOMAIN=${3} > REALM=${4} > USERNAME=${5} > PASSWORD=${6} >-WORKDIR=${7} >-SMBGET="$VALGRIND ${8}" >-shift 8 >+DOMAIN_USER=${7} >+DOMAIN_USER_PASSWORD=${8} >+WORKDIR=${9} >+SMBGET="$VALGRIND ${10}" >+shift 10 > > TMPDIR="$SELFTEST_TMPDIR" > >@@ -89,7 +91,7 @@ test_singlefile_U_UPN() > { > clear_download_area > >- ${SMBGET} --verbose -U"${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \ >+ ${SMBGET} --verbose -U"${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \ > "smb://${SERVER_IP}/smbget/testfile" > ret=${?} > if [ ${ret} -ne 0 ]; then >@@ -111,7 +113,7 @@ test_singlefile_U_domain() > { > clear_download_area > >- ${SMBGET} --verbose -U"${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \ >+ ${SMBGET} --verbose -U"${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \ > "smb://${SERVER_IP}/smbget/testfile" > ret=${?} > if [ ${ret} -ne 0 ]; then >@@ -132,7 +134,7 @@ test_singlefile_U_domain() > test_singlefile_smburl() > { > clear_download_area >- $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile >+ $SMBGET --workgroup $DOMAIN smb://${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -148,7 +150,7 @@ test_singlefile_smburl() > test_singlefile_smburl2() > { > clear_download_area >- $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile" >+ $SMBGET "smb://$DOMAIN;${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile" > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -343,7 +345,7 @@ test_msdfs_link_domain() > { > clear_download_area > >- ${SMBGET} --verbose "-U${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \ >+ ${SMBGET} --verbose "-U${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \ > "smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file" > ret=$? > if [ ${ret} -ne 0 ]; then >@@ -358,7 +360,7 @@ test_msdfs_link_upn() > { > clear_download_area > >- ${SMBGET} --verbose "-U${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \ >+ ${SMBGET} --verbose "-U${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \ > "smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file" > ret=$? > if [ ${ret} -ne 0 ]; then >@@ -433,7 +435,7 @@ test_kerberos() > KRB5CCNAME="FILE:${KRB5CCNAME_PATH}" > export KRB5CCNAME > kerberos_kinit "${samba_kinit}" \ >- "${DC_USERNAME}@${REALM}" "${DC_PASSWORD}" >+ "${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}" > > $SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \ > smb://$SERVER/smbget/testfile >diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py >index 5a784f1c5aa..973384f8c53 100755 >--- a/source3/selftest/tests.py >+++ b/source3/selftest/tests.py >@@ -931,6 +931,8 @@ plantestsuite("samba3.blackbox.smbget", > '$REALM', > 'smbget_user', > '$PASSWORD', >+ '$DOMAIN_USER', >+ '$DOMAIN_USER_PASSWORD', > '$LOCAL_PATH/smbget', > smbget > ]) >-- >2.43.0 > > >From 43f8a0acbcda931efb40403b15ef4c8d8ec94c8b Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 10:51:32 +0100 >Subject: [PATCH 05/13] s3:tests: Fix test_kerberos in smbget tests > >We switched to a temporary directory, so $PREFIX doesn't exist. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 62b0b79ce065246417996dec61afa6a10f6ab99b) >--- > source3/script/tests/test_smbget.sh | 6 +++++- > 1 file changed, 5 insertions(+), 1 deletion(-) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 257291b18ff..5b65db89a26 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -429,13 +429,17 @@ test_kerberos() > { > clear_download_area > >- KRB5CCNAME_PATH="$PREFIX/smget_krb5ccache" >+ KRB5CCNAME_PATH="${TMPDIR}/smget_krb5ccache" > rm -f "${KRB5CCNAME_PATH}" > > KRB5CCNAME="FILE:${KRB5CCNAME_PATH}" > export KRB5CCNAME > kerberos_kinit "${samba_kinit}" \ > "${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}" >+ if [ $? -ne 0 ]; then >+ echo 'Failed to get Kerberos ticket' >+ return 1 >+ fi > > $SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \ > smb://$SERVER/smbget/testfile >-- >2.43.0 > > >From 26be99f6ac11bd3c6cfd737b332ee3aca660b390 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 11:43:33 +0100 >Subject: [PATCH 06/13] s3:tests: Fix the test_kerberos_trust in smbget > testsuite > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 468fb05d6357779228e411076e286abcdb70cf96) >--- > source3/script/tests/test_smbget.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 5b65db89a26..50e8cea3900 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -465,7 +465,7 @@ test_kerberos_trust() > > $SMBGET --verbose --use-kerberos=required \ > -U"${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_REALM}%${TRUST_F_BOTH_PASSWORD}" \ >- smb://$SERVER/smbget/testfile >+ smb://$SERVER.${REALM}/smbget/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >-- >2.43.0 > > >From 0cbea3a4c5b7f5356c209ba2826f01506b40f1f8 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 13:11:46 +0100 >Subject: [PATCH 07/13] s3:tests: Remove the non-working > test_kerberos_upn_denied of smbget > >See TODO code comment for details. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7) >--- > source3/script/tests/test_smbget.sh | 52 +++++++++++++++++------------ > 1 file changed, 30 insertions(+), 22 deletions(-) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 50e8cea3900..1956fc5b38e 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -480,26 +480,34 @@ test_kerberos_trust() > return 0 > } > >-test_kerberos_upn_denied() >-{ >- clear_download_area >- >- $SMBGET --verbose --use-kerberos=required \ >- -U"testdenied_upn@${REALM}.upn%${PASSWORD}" \ >- "smb://${SERVER}/smbget/testfile" >- if [ $? -ne 0 ]; then >- echo 'ERROR: RC does not match, expected: 0' >- return 1 >- fi >- >- cmp --silent $WORKDIR/testfile ./testfile >- if [ $? -ne 0 ]; then >- echo 'ERROR: file content does not match' >- return 1 >- fi >- >- return 0 >-} >+# TODO FIXME >+# This test does not work, as we can't tell the libsmb code that the >+# principal is an enterprice principal. We need support for enterprise >+# principals in kerberos_kinit_password_ext() and a way to pass it via the >+# credenitals structure and commandline options. >+# It works if you do: kinit -E testdenied_upn@${REALM}.upn >+# >+# test_kerberos_upn_denied() >+# { >+# set -x >+# clear_download_area >+# >+# $SMBGET --verbose --use-kerberos=required \ >+# -U"testdenied_upn@${REALM}.upn%${DC_PASSWORD}" \ >+# "smb://${SERVER}.${REALM}/smbget/testfile" -d10 >+# if [ $? -ne 0 ]; then >+# echo 'ERROR: RC does not match, expected: 0' >+# return 1 >+# fi >+# >+# cmp --silent $WORKDIR/testfile ./testfile >+# if [ $? -ne 0 ]; then >+# echo 'ERROR: file content does not match' >+# return 1 >+# fi >+# >+# return 0 >+# } > > create_test_data > >@@ -567,8 +575,8 @@ testit "kerberos" test_kerberos || > testit "kerberos_trust" test_kerberos_trust || > failed=$((failed + 1)) > >-testit "kerberos_upn_denied" test_kerberos_upn_denied || >- failed=$((failed + 1)) >+# testit "kerberos_upn_denied" test_kerberos_upn_denied || >+# failed=$((failed + 1)) > > clear_download_area > >-- >2.43.0 > > >From b3d5792525df99cf149ce08392c359fb97f68ec5 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Thu, 7 Dec 2023 09:47:14 +0100 >Subject: [PATCH 08/13] s3:tests: Fix smbget test > >Time to fix the smget share to not have `guest ok = yes` set. A new >[smbget_guest] will be used for guest only tests. This way we can >correctly test different authentication mechanisms. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit c46769f3f10d21ed802e17aa79ae17e345168e63) >--- > selftest/target/Samba3.pm | 4 ++++ > source3/script/tests/test_smbget.sh | 8 ++++---- > 2 files changed, 8 insertions(+), 4 deletions(-) > >diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >index 8755d0a2f1f..2c69993c56a 100755 >--- a/selftest/target/Samba3.pm >+++ b/selftest/target/Samba3.pm >@@ -3587,6 +3587,10 @@ sub provision($$) > [smbget] > path = $smbget_sharedir > comment = smb username is [%U] >+ >+[smbget_guest] >+ path = $smbget_sharedir >+ comment = smb username is [%U] > guest ok = yes > > include = $aliceconfdir/%U.conf >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 1956fc5b38e..0af28c6ff89 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -57,8 +57,8 @@ clear_download_area() > test_singlefile_guest() > { > clear_download_area >- echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile" >- $SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile >+ echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile" >+ $SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >@@ -376,9 +376,9 @@ test_msdfs_link_upn() > test_limit_rate() > { > clear_download_area >- echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile" >+ echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile" > time_begin=$(date +%s) >- $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile >+ $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile > if [ $? -ne 0 ]; then > echo 'ERROR: RC does not match, expected: 0' > return 1 >-- >2.43.0 > > >From b40c350a6550946129aadbace4e6cecc219c666a Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 6 Dec 2023 13:16:26 +0100 >Subject: [PATCH 09/13] auth:creds:tests: Add test for password callback > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit ab4b25964a43a1ef550f10580ad395e178fe647e) >--- > auth/credentials/tests/test_creds.c | 32 +++++++++++++++++++++++++++++ > selftest/knownfail.d/creds | 1 + > 2 files changed, 33 insertions(+) > create mode 100644 selftest/knownfail.d/creds > >diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c >index a2f9642bfe0..414dd46a6b0 100644 >--- a/auth/credentials/tests/test_creds.c >+++ b/auth/credentials/tests/test_creds.c >@@ -285,6 +285,37 @@ static void torture_creds_gensec_feature(void **state) > assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN); > } > >+static const char *torture_get_password(struct cli_credentials *creds) >+{ >+ return talloc_strdup(creds, "SECRET"); >+} >+ >+static void torture_creds_password_callback(void **state) >+{ >+ TALLOC_CTX *mem_ctx = *state; >+ struct cli_credentials *creds = NULL; >+ const char *password = NULL; >+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED; >+ bool ok; >+ >+ creds = cli_credentials_init(mem_ctx); >+ assert_non_null(creds); >+ >+ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED); >+ assert_true(ok); >+ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED); >+ assert_true(ok); >+ >+ ok = cli_credentials_set_password_callback(creds, torture_get_password); >+ assert_true(ok); >+ assert_int_equal(creds->password_obtained, CRED_CALLBACK); >+ >+ password = cli_credentials_get_password_and_obtained(creds, >+ &pwd_obtained); >+ assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT); >+ assert_string_equal(password, "SECRET"); >+} >+ > int main(int argc, char *argv[]) > { > int rc; >@@ -296,6 +327,7 @@ int main(int argc, char *argv[]) > cmocka_unit_test(torture_creds_parse_string), > cmocka_unit_test(torture_creds_krb5_state), > cmocka_unit_test(torture_creds_gensec_feature), >+ cmocka_unit_test(torture_creds_password_callback) > }; > > if (argc == 2) { >diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds >new file mode 100644 >index 00000000000..09491f22c65 >--- /dev/null >+++ b/selftest/knownfail.d/creds >@@ -0,0 +1 @@ >+^samba.unittests.credentials.torture_creds_password_callback.none >-- >2.43.0 > > >From 42f5976603f2dfab9e3179535f9d137014621b54 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 6 Dec 2023 13:06:42 +0100 >Subject: [PATCH 10/13] auth:creds: Fix > cli_credentials_get_password_and_obtained() with callback > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699) >--- > auth/credentials/credentials.c | 4 +++- > selftest/knownfail.d/creds | 1 - > 2 files changed, 3 insertions(+), 2 deletions(-) > delete mode 100644 selftest/knownfail.d/creds > >diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c >index 0485cc4e64e..8cabdd8d1c3 100644 >--- a/auth/credentials/credentials.c >+++ b/auth/credentials/credentials.c >@@ -465,11 +465,13 @@ _PUBLIC_ const char * > cli_credentials_get_password_and_obtained(struct cli_credentials *cred, > enum credentials_obtained *obtained) > { >+ const char *password = cli_credentials_get_password(cred); >+ > if (obtained != NULL) { > *obtained = cred->password_obtained; > } > >- return cli_credentials_get_password(cred); >+ return password; > } > > /* Set a password on the credentials context, including an indication >diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds >deleted file mode 100644 >index 09491f22c65..00000000000 >--- a/selftest/knownfail.d/creds >+++ /dev/null >@@ -1 +0,0 @@ >-^samba.unittests.credentials.torture_creds_password_callback.none >-- >2.43.0 > > >From 619185a178f00bbf88a853309225773b02fdbda4 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 6 Dec 2023 13:26:43 +0100 >Subject: [PATCH 11/13] auth:creds: Add > cli_credentials_get_domain_and_obtained() > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit a7622bc7db093558c6f6e3da4d2a899a764dec09) >--- > auth/credentials/credentials.c | 22 ++++++++++++++++++++++ > auth/credentials/credentials.h | 3 +++ > auth/credentials/tests/test_creds.c | 6 ++++++ > 3 files changed, 31 insertions(+) > >diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c >index 8cabdd8d1c3..7a00279b8b4 100644 >--- a/auth/credentials/credentials.c >+++ b/auth/credentials/credentials.c >@@ -738,6 +738,28 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) > return cred->domain; > } > >+/** >+ * @brief Obtain the domain for this credential context. >+ * >+ * @param[in] cred The credential context. >+ * >+ * @param[out] obtained A pointer to store the obtained information. >+ * >+ * @return The domain name or NULL if an error occurred. >+ */ >+_PUBLIC_ const char *cli_credentials_get_domain_and_obtained( >+ struct cli_credentials *cred, >+ enum credentials_obtained *obtained) >+{ >+ const char *domain = cli_credentials_get_domain(cred); >+ >+ if (obtained != NULL) { >+ *obtained = cred->domain_obtained; >+ } >+ >+ return domain; >+} >+ > > _PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, > const char *val, >diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h >index c3a048ecc8d..c5ffe536e07 100644 >--- a/auth/credentials/credentials.h >+++ b/auth/credentials/credentials.h >@@ -127,6 +127,9 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, > struct loadparm_context *lp_ctx, > struct keytab_container **_ktc); > const char *cli_credentials_get_domain(struct cli_credentials *cred); >+const char *cli_credentials_get_domain_and_obtained( >+ struct cli_credentials *cred, >+ enum credentials_obtained *obtained); > struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); > void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, > struct loadparm_context *lp_ctx); >diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c >index 414dd46a6b0..2cb2e6d0e34 100644 >--- a/auth/credentials/tests/test_creds.c >+++ b/auth/credentials/tests/test_creds.c >@@ -48,6 +48,7 @@ static void torture_creds_init(void **state) > const char *username = NULL; > const char *domain = NULL; > const char *password = NULL; >+ enum credentials_obtained dom_obtained = CRED_UNINITIALISED; > enum credentials_obtained usr_obtained = CRED_UNINITIALISED; > enum credentials_obtained pwd_obtained = CRED_UNINITIALISED; > bool ok; >@@ -65,6 +66,11 @@ static void torture_creds_init(void **state) > domain = cli_credentials_get_domain(creds); > assert_string_equal(domain, "WURST"); > >+ domain = cli_credentials_get_domain_and_obtained(creds, >+ &dom_obtained); >+ assert_int_equal(dom_obtained, CRED_SPECIFIED); >+ assert_string_equal(domain, "WURST"); >+ > username = cli_credentials_get_username(creds); > assert_null(username); > ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED); >-- >2.43.0 > > >From a72e035090075ff1b36c5d67daf5f601277bceaa Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 6 Dec 2023 15:58:08 +0100 >Subject: [PATCH 12/13] s3:tests: Add interactive smbget test for password > entry > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce) >--- > source3/script/tests/test_smbget.sh | 32 +++++++++++++++++++++++++++++ > 1 file changed, 32 insertions(+) > >diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh >index 0af28c6ff89..74050f6951a 100755 >--- a/source3/script/tests/test_smbget.sh >+++ b/source3/script/tests/test_smbget.sh >@@ -29,6 +29,7 @@ incdir=$(dirname $0)/../../../testprogs/blackbox > . "${incdir}/common_test_fns.inc" > > samba_kinit=$(system_or_builddir_binary kinit "${BINDIR}" samba4kinit) >+samba_texpect="${BINDIR}/texpect" > > create_test_data() > { >@@ -163,6 +164,33 @@ test_singlefile_smburl2() > return 0 > } > >+test_singlefile_smburl_interactive() >+{ >+ clear_download_area >+ >+ tmpfile="$(mktemp --tmpdir="${TMPDIR}" expect_XXXXXXXXXX)" >+ >+ cat >"${tmpfile}" <<EOF >+expect Password for >+send ${DOMAIN_USER_PASSWORD}\n >+EOF >+ >+ USER="hanswurst" ${samba_texpect} "${tmpfile}" ${SMBGET} "smb://${DOMAIN};${DOMAIN_USER}@${SERVER_IP}/smbget/testfile" >+ ret=$? >+ rm -f "${tmpfile}" >+ if [ ${ret} -ne 0 ]; then >+ echo 'ERROR: RC does not match, expected: 0' >+ return 1 >+ fi >+ cmp --silent $WORKDIR/testfile ./testfile >+ ret=$? >+ if [ ${ret} -ne 0 ]; then >+ echo 'ERROR: file content does not match' >+ return 1 >+ fi >+ return 0 >+} >+ > test_singlefile_authfile() > { > clear_download_area >@@ -533,6 +561,10 @@ testit "download single file with smb URL including domain" \ > test_singlefile_smburl2 || > failed=$(expr $failed + 1) > >+testit "download single file with smb URL interactive" \ >+ test_singlefile_smburl_interactive || >+ failed=$(expr $failed + 1) >+ > testit "download single file with authfile" test_singlefile_authfile || > failed=$(expr $failed + 1) > >-- >2.43.0 > > >From 7d13ed182ebd57d7ba38fc343b13b040f258d3a6 Mon Sep 17 00:00:00 2001 >From: Andreas Schneider <asn@samba.org> >Date: Wed, 6 Dec 2023 13:16:53 +0100 >Subject: [PATCH 13/13] s3:utils: Fix auth callback with smburl > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 > >Signed-off-by: Andreas Schneider <asn@samba.org> >Reviewed-by: Andrew Bartlett <abartlet@samba.org> >(cherry picked from commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2) >--- > source3/utils/smbget.c | 40 ++++++++++++++++++++++++++++++++++------ > 1 file changed, 34 insertions(+), 6 deletions(-) > >diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c >index 8d98ba24602..598607ea391 100644 >--- a/source3/utils/smbget.c >+++ b/source3/utils/smbget.c >@@ -114,20 +114,48 @@ static void get_auth_data_with_context_fn(SMBCCTX *ctx, > const char *username = NULL; > const char *password = NULL; > const char *domain = NULL; >+ enum credentials_obtained obtained = CRED_UNINITIALISED; > >- username = cli_credentials_get_username(creds); >+ username = cli_credentials_get_username_and_obtained(creds, &obtained); > if (username != NULL) { >- strncpy(usr, username, usr_len - 1); >+ bool overwrite = false; >+ if (usr[0] == '\0') { >+ overwrite = true; >+ } >+ if (obtained >= CRED_CALLBACK_RESULT) { >+ overwrite = true; >+ } >+ if (overwrite) { >+ strncpy(usr, username, usr_len - 1); >+ } > } > >- password = cli_credentials_get_password(creds); >+ password = cli_credentials_get_password_and_obtained(creds, &obtained); > if (password != NULL) { >- strncpy(pwd, password, pwd_len - 1); >+ bool overwrite = false; >+ if (usr[0] == '\0') { >+ overwrite = true; >+ } >+ if (obtained >= CRED_CALLBACK_RESULT) { >+ overwrite = true; >+ } >+ if (overwrite) { >+ strncpy(pwd, password, pwd_len - 1); >+ } > } > >- domain = cli_credentials_get_domain(creds); >+ domain = cli_credentials_get_domain_and_obtained(creds, &obtained); > if (domain != NULL) { >- strncpy(dom, domain, dom_len - 1); >+ bool overwrite = false; >+ if (usr[0] == '\0') { >+ overwrite = true; >+ } >+ if (obtained >= CRED_CALLBACK_RESULT) { >+ overwrite = true; >+ } >+ if (overwrite) { >+ strncpy(dom, domain, dom_len - 1); >+ } > } > > smbc_set_credentials_with_fallback(ctx, domain, username, password); >-- >2.43.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18199">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
pfilipensky
:
review+
Actions:
View
Attachments on
bug 15532
: 18199