From cfb9a1c4ecbb55dfea52d94515ef4e858df62c05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20Filipensk=C3=BD?= Date: Thu, 14 Dec 2023 21:27:22 +0100 Subject: [PATCH] Fix smbget password interactive authentication resolves: RHEL-17283 --- samba-4.19-fix-smbget-auth.patch | 1065 +++++++++++++++++++++++++++++ samba-4.19-fix-smbget-debug.patch | 106 +++ samba.spec | 11 +- 3 files changed, 1181 insertions(+), 1 deletion(-) create mode 100644 samba-4.19-fix-smbget-auth.patch create mode 100644 samba-4.19-fix-smbget-debug.patch diff --git a/samba-4.19-fix-smbget-auth.patch b/samba-4.19-fix-smbget-auth.patch new file mode 100644 index 0000000..499075f --- /dev/null +++ b/samba-4.19-fix-smbget-auth.patch @@ -0,0 +1,1065 @@ +From 3b25f764e714dee0327fd4f068bd14650f7e7ab4 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 09:18:26 +0100 +Subject: [PATCH 01/13] s3:tests: Fix authentication with smbget_user in smbget + tests + +Currently the smget share is broken. We set `guest ok = yes` so if you +specify invalid names, the authentication will still succeed as we +are mapped to guest. + +The smbget_user is a local ad_member user. We need to set the +workstation as the "domain" for the user. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9) +--- + source3/script/tests/test_smbget.sh | 28 ++++++++++++++-------------- + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index bdc62a71eff..5ab35a03e24 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -72,7 +72,7 @@ test_singlefile_guest() + test_singlefile_U() + { + clear_download_area +- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -132,7 +132,7 @@ test_singlefile_U_domain() + test_singlefile_smburl() + { + clear_download_area +- $SMBGET --workgroup $DOMAIN smb://$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile ++ $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -148,7 +148,7 @@ test_singlefile_smburl() + test_singlefile_smburl2() + { + clear_download_area +- $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile" ++ $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile" + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -165,7 +165,7 @@ test_singlefile_authfile() + { + clear_download_area + cat >"${TMPDIR}/authfile" << EOF +-username = $USERNAME ++username = ${SERVER}/${USERNAME} + password = $PASSWORD + EOF + $SMBGET --verbose --authentication-file="${TMPDIR}/authfile" smb://$SERVER_IP/smbget/testfile +@@ -186,7 +186,7 @@ EOF + test_recursive_U() + { + clear_download_area +- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ ++ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -207,7 +207,7 @@ test_recursive_existing_dir() + { + clear_download_area + mkdir dir1 +- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ ++ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -230,7 +230,7 @@ test_recursive_with_empty() + # create some additional empty directories + mkdir -p $WORKDIR/dir001/dir002/dir003 + mkdir -p $WORKDIR/dir004/dir005/dir006 +- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ ++ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/ + rc=$? + rm -rf $WORKDIR/dir001 + rm -rf $WORKDIR/dir004 +@@ -260,7 +260,7 @@ test_resume() + clear_download_area + cp $WORKDIR/testfile . + truncate -s 1024 testfile +- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -279,7 +279,7 @@ test_resume_modified() + { + clear_download_area + dd if=/dev/urandom bs=1024 count=2 of=testfile +- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 1 ]; then + echo 'ERROR: RC does not match, expected: 1' + return 1 +@@ -291,14 +291,14 @@ test_resume_modified() + test_update() + { + clear_download_area +- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 + fi + + # secondary download should pass +- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -308,7 +308,7 @@ test_update() + # touch source to trigger new download + sleep 2 + touch -m $WORKDIR/testfile +- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -397,7 +397,7 @@ test_limit_rate() + test_encrypt() + { + clear_download_area +- $SMBGET --verbose --encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -409,7 +409,7 @@ test_encrypt() + fi + + clear_download_area +- $SMBGET --verbose --client-protection=encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --client-protection=encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +-- +2.43.0 + + +From a61c1ed2e21640a60b219b8efb16fed7ddfbce7c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 8 Dec 2023 13:06:27 +0100 +Subject: [PATCH 02/13] selftest: Remove trailing tabs/white spaces in + Samba4.pm + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4) +--- + selftest/target/Samba4.pm | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index a10c1313322..e559bf888a9 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -559,7 +559,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) + warn("Unable to clean up"); + } + +- ++ + my $swiface = Samba::get_interface($hostname); + + $ctx->{prefix} = $prefix; +@@ -1034,7 +1034,7 @@ replace: userPrincipalName + userPrincipalName: testallowed upn\@$ctx->{realm} + replace: servicePrincipalName + servicePrincipalName: host/testallowed +-- ++- + "; + close($ldif); + unless ($? == 0) { +@@ -1057,7 +1057,7 @@ servicePrincipalName: host/testallowed + changetype: modify + replace: userPrincipalName + userPrincipalName: testdenied_upn\@$ctx->{realm}.upn +-- ++- + "; + close($ldif); + unless ($? == 0) { +@@ -2225,7 +2225,7 @@ sub provision_chgdcpass($$) + warn("Unable to add wins configuration"); + return undef; + } +- ++ + # Remove secrets.tdb from this environment to test that we + # still start up on systems without the new matching + # secrets.tdb records. +-- +2.43.0 + + +From 4177d6b866f8a0a72ebe208c5025ad643a2610d8 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Fri, 8 Dec 2023 13:07:19 +0100 +Subject: [PATCH 03/13] selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables + +We should start using those in future. So we can distinguish which +privileges we want. Currently DC_USERNAME is the Administrator. Whatever +possible should use DOMIAN_USER instead. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c) +--- + selftest/target/Samba.pm | 4 ++++ + selftest/target/Samba3.pm | 24 ++++++++++++++++++++++++ + selftest/target/Samba4.pm | 8 ++++++++ + 3 files changed, 36 insertions(+) + +diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm +index b959db493ca..e4bd6a0d5d2 100644 +--- a/selftest/target/Samba.pm ++++ b/selftest/target/Samba.pm +@@ -947,6 +947,10 @@ my @exported_envvars = ( + "PASSWORD", + "DC_USERNAME", + "DC_PASSWORD", ++ "DOMAIN_ADMIN", ++ "DOMAIN_ADMIN_PASSWORD", ++ "DOMAIN_USER", ++ "DOMAIN_USER_PASSWORD", + + # UID/GID for rfc2307 mapping tests + "UID_RFC2307TEST", +diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm +index 85e69e4b72d..8755d0a2f1f 100755 +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -1006,6 +1006,10 @@ sub provision_ad_member + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + # forest trust + $ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER}; +@@ -1171,6 +1175,10 @@ sub setup_ad_member_rfc2307 + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; + } +@@ -1267,6 +1275,10 @@ sub setup_admem_idmap_autorid + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; + } +@@ -1366,6 +1378,10 @@ sub setup_ad_member_idmap_rid + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + return $ret; + } +@@ -1466,6 +1482,10 @@ sub setup_ad_member_idmap_ad + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; +@@ -1558,6 +1578,10 @@ sub setup_ad_member_oneway + $ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME}; + $ret->{DC_USERNAME} = $dcvars->{USERNAME}; + $ret->{DC_PASSWORD} = $dcvars->{PASSWORD}; ++ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN}; ++ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD}; ++ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER}; ++ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD}; + + $ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER}; + $ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME}; +diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm +index e559bf888a9..cbaacce48da 100755 +--- a/selftest/target/Samba4.pm ++++ b/selftest/target/Samba4.pm +@@ -587,6 +587,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$) + $ctx->{realm} = uc($realm); + $ctx->{dnsname} = lc($realm); + $ctx->{samsid} = $samsid; ++ $ctx->{domain_admin} = "Administrator"; ++ $ctx->{domain_admin_password} = $password; ++ $ctx->{domain_user} = "alice"; ++ $ctx->{domain_user_password} = "Secret007"; + + $ctx->{functional_level} = $functional_level; + +@@ -906,6 +910,10 @@ nogroup:x:65534:nobody + DOMAIN => $ctx->{domain}, + USERNAME => $ctx->{username}, + DC_USERNAME => $ctx->{username}, ++ DOMAIN_ADMIN => $ctx->{domain_admin}, ++ DOMAIN_ADMIN_PASSWORD => $ctx->{domain_admin_password}, ++ DOMAIN_USER => $ctx->{domain_user}, ++ DOMAIN_USER_PASSWORD => $ctx->{domain_user_password}, + REALM => $ctx->{realm}, + DNSNAME => $ctx->{dnsname}, + SAMSID => $ctx->{samsid}, +-- +2.43.0 + + +From c5839fd47591e46431d56091f151f22a5e35d16c Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 09:45:54 +0100 +Subject: [PATCH 04/13] s3:tests: Pass down a normal domain user for + test_smbget.sh + +It is better to test with a normal user than administrator. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 337034e675aaeb366d360a791ec0d003426230af) +--- + source3/script/tests/test_smbget.sh | 22 ++++++++++++---------- + source3/selftest/tests.py | 2 ++ + 2 files changed, 14 insertions(+), 10 deletions(-) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 5ab35a03e24..257291b18ff 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -16,9 +16,11 @@ DOMAIN=${3} + REALM=${4} + USERNAME=${5} + PASSWORD=${6} +-WORKDIR=${7} +-SMBGET="$VALGRIND ${8}" +-shift 8 ++DOMAIN_USER=${7} ++DOMAIN_USER_PASSWORD=${8} ++WORKDIR=${9} ++SMBGET="$VALGRIND ${10}" ++shift 10 + + TMPDIR="$SELFTEST_TMPDIR" + +@@ -89,7 +91,7 @@ test_singlefile_U_UPN() + { + clear_download_area + +- ${SMBGET} --verbose -U"${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \ ++ ${SMBGET} --verbose -U"${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \ + "smb://${SERVER_IP}/smbget/testfile" + ret=${?} + if [ ${ret} -ne 0 ]; then +@@ -111,7 +113,7 @@ test_singlefile_U_domain() + { + clear_download_area + +- ${SMBGET} --verbose -U"${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \ ++ ${SMBGET} --verbose -U"${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \ + "smb://${SERVER_IP}/smbget/testfile" + ret=${?} + if [ ${ret} -ne 0 ]; then +@@ -132,7 +134,7 @@ test_singlefile_U_domain() + test_singlefile_smburl() + { + clear_download_area +- $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile ++ $SMBGET --workgroup $DOMAIN smb://${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -148,7 +150,7 @@ test_singlefile_smburl() + test_singlefile_smburl2() + { + clear_download_area +- $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile" ++ $SMBGET "smb://$DOMAIN;${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile" + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -343,7 +345,7 @@ test_msdfs_link_domain() + { + clear_download_area + +- ${SMBGET} --verbose "-U${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \ ++ ${SMBGET} --verbose "-U${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \ + "smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file" + ret=$? + if [ ${ret} -ne 0 ]; then +@@ -358,7 +360,7 @@ test_msdfs_link_upn() + { + clear_download_area + +- ${SMBGET} --verbose "-U${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \ ++ ${SMBGET} --verbose "-U${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \ + "smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file" + ret=$? + if [ ${ret} -ne 0 ]; then +@@ -433,7 +435,7 @@ test_kerberos() + KRB5CCNAME="FILE:${KRB5CCNAME_PATH}" + export KRB5CCNAME + kerberos_kinit "${samba_kinit}" \ +- "${DC_USERNAME}@${REALM}" "${DC_PASSWORD}" ++ "${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}" + + $SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \ + smb://$SERVER/smbget/testfile +diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py +index 5a784f1c5aa..973384f8c53 100755 +--- a/source3/selftest/tests.py ++++ b/source3/selftest/tests.py +@@ -931,6 +931,8 @@ plantestsuite("samba3.blackbox.smbget", + '$REALM', + 'smbget_user', + '$PASSWORD', ++ '$DOMAIN_USER', ++ '$DOMAIN_USER_PASSWORD', + '$LOCAL_PATH/smbget', + smbget + ]) +-- +2.43.0 + + +From 43f8a0acbcda931efb40403b15ef4c8d8ec94c8b Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 10:51:32 +0100 +Subject: [PATCH 05/13] s3:tests: Fix test_kerberos in smbget tests + +We switched to a temporary directory, so $PREFIX doesn't exist. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 62b0b79ce065246417996dec61afa6a10f6ab99b) +--- + source3/script/tests/test_smbget.sh | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 257291b18ff..5b65db89a26 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -429,13 +429,17 @@ test_kerberos() + { + clear_download_area + +- KRB5CCNAME_PATH="$PREFIX/smget_krb5ccache" ++ KRB5CCNAME_PATH="${TMPDIR}/smget_krb5ccache" + rm -f "${KRB5CCNAME_PATH}" + + KRB5CCNAME="FILE:${KRB5CCNAME_PATH}" + export KRB5CCNAME + kerberos_kinit "${samba_kinit}" \ + "${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}" ++ if [ $? -ne 0 ]; then ++ echo 'Failed to get Kerberos ticket' ++ return 1 ++ fi + + $SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \ + smb://$SERVER/smbget/testfile +-- +2.43.0 + + +From 26be99f6ac11bd3c6cfd737b332ee3aca660b390 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 11:43:33 +0100 +Subject: [PATCH 06/13] s3:tests: Fix the test_kerberos_trust in smbget + testsuite + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 468fb05d6357779228e411076e286abcdb70cf96) +--- + source3/script/tests/test_smbget.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 5b65db89a26..50e8cea3900 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -465,7 +465,7 @@ test_kerberos_trust() + + $SMBGET --verbose --use-kerberos=required \ + -U"${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_REALM}%${TRUST_F_BOTH_PASSWORD}" \ +- smb://$SERVER/smbget/testfile ++ smb://$SERVER.${REALM}/smbget/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +-- +2.43.0 + + +From 0cbea3a4c5b7f5356c209ba2826f01506b40f1f8 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 13:11:46 +0100 +Subject: [PATCH 07/13] s3:tests: Remove the non-working + test_kerberos_upn_denied of smbget + +See TODO code comment for details. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7) +--- + source3/script/tests/test_smbget.sh | 52 +++++++++++++++++------------ + 1 file changed, 30 insertions(+), 22 deletions(-) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 50e8cea3900..1956fc5b38e 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -480,26 +480,34 @@ test_kerberos_trust() + return 0 + } + +-test_kerberos_upn_denied() +-{ +- clear_download_area +- +- $SMBGET --verbose --use-kerberos=required \ +- -U"testdenied_upn@${REALM}.upn%${PASSWORD}" \ +- "smb://${SERVER}/smbget/testfile" +- if [ $? -ne 0 ]; then +- echo 'ERROR: RC does not match, expected: 0' +- return 1 +- fi +- +- cmp --silent $WORKDIR/testfile ./testfile +- if [ $? -ne 0 ]; then +- echo 'ERROR: file content does not match' +- return 1 +- fi +- +- return 0 +-} ++# TODO FIXME ++# This test does not work, as we can't tell the libsmb code that the ++# principal is an enterprice principal. We need support for enterprise ++# principals in kerberos_kinit_password_ext() and a way to pass it via the ++# credenitals structure and commandline options. ++# It works if you do: kinit -E testdenied_upn@${REALM}.upn ++# ++# test_kerberos_upn_denied() ++# { ++# set -x ++# clear_download_area ++# ++# $SMBGET --verbose --use-kerberos=required \ ++# -U"testdenied_upn@${REALM}.upn%${DC_PASSWORD}" \ ++# "smb://${SERVER}.${REALM}/smbget/testfile" -d10 ++# if [ $? -ne 0 ]; then ++# echo 'ERROR: RC does not match, expected: 0' ++# return 1 ++# fi ++# ++# cmp --silent $WORKDIR/testfile ./testfile ++# if [ $? -ne 0 ]; then ++# echo 'ERROR: file content does not match' ++# return 1 ++# fi ++# ++# return 0 ++# } + + create_test_data + +@@ -567,8 +575,8 @@ testit "kerberos" test_kerberos || + testit "kerberos_trust" test_kerberos_trust || + failed=$((failed + 1)) + +-testit "kerberos_upn_denied" test_kerberos_upn_denied || +- failed=$((failed + 1)) ++# testit "kerberos_upn_denied" test_kerberos_upn_denied || ++# failed=$((failed + 1)) + + clear_download_area + +-- +2.43.0 + + +From b3d5792525df99cf149ce08392c359fb97f68ec5 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Thu, 7 Dec 2023 09:47:14 +0100 +Subject: [PATCH 08/13] s3:tests: Fix smbget test + +Time to fix the smget share to not have `guest ok = yes` set. A new +[smbget_guest] will be used for guest only tests. This way we can +correctly test different authentication mechanisms. + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit c46769f3f10d21ed802e17aa79ae17e345168e63) +--- + selftest/target/Samba3.pm | 4 ++++ + source3/script/tests/test_smbget.sh | 8 ++++---- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm +index 8755d0a2f1f..2c69993c56a 100755 +--- a/selftest/target/Samba3.pm ++++ b/selftest/target/Samba3.pm +@@ -3587,6 +3587,10 @@ sub provision($$) + [smbget] + path = $smbget_sharedir + comment = smb username is [%U] ++ ++[smbget_guest] ++ path = $smbget_sharedir ++ comment = smb username is [%U] + guest ok = yes + + include = $aliceconfdir/%U.conf +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 1956fc5b38e..0af28c6ff89 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -57,8 +57,8 @@ clear_download_area() + test_singlefile_guest() + { + clear_download_area +- echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile" +- $SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile ++ echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile" ++ $SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +@@ -376,9 +376,9 @@ test_msdfs_link_upn() + test_limit_rate() + { + clear_download_area +- echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile" ++ echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile" + time_begin=$(date +%s) +- $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile ++ $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 +-- +2.43.0 + + +From b40c350a6550946129aadbace4e6cecc219c666a Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 6 Dec 2023 13:16:26 +0100 +Subject: [PATCH 09/13] auth:creds:tests: Add test for password callback + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit ab4b25964a43a1ef550f10580ad395e178fe647e) +--- + auth/credentials/tests/test_creds.c | 32 +++++++++++++++++++++++++++++ + selftest/knownfail.d/creds | 1 + + 2 files changed, 33 insertions(+) + create mode 100644 selftest/knownfail.d/creds + +diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c +index a2f9642bfe0..414dd46a6b0 100644 +--- a/auth/credentials/tests/test_creds.c ++++ b/auth/credentials/tests/test_creds.c +@@ -285,6 +285,37 @@ static void torture_creds_gensec_feature(void **state) + assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN); + } + ++static const char *torture_get_password(struct cli_credentials *creds) ++{ ++ return talloc_strdup(creds, "SECRET"); ++} ++ ++static void torture_creds_password_callback(void **state) ++{ ++ TALLOC_CTX *mem_ctx = *state; ++ struct cli_credentials *creds = NULL; ++ const char *password = NULL; ++ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED; ++ bool ok; ++ ++ creds = cli_credentials_init(mem_ctx); ++ assert_non_null(creds); ++ ++ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED); ++ assert_true(ok); ++ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED); ++ assert_true(ok); ++ ++ ok = cli_credentials_set_password_callback(creds, torture_get_password); ++ assert_true(ok); ++ assert_int_equal(creds->password_obtained, CRED_CALLBACK); ++ ++ password = cli_credentials_get_password_and_obtained(creds, ++ &pwd_obtained); ++ assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT); ++ assert_string_equal(password, "SECRET"); ++} ++ + int main(int argc, char *argv[]) + { + int rc; +@@ -296,6 +327,7 @@ int main(int argc, char *argv[]) + cmocka_unit_test(torture_creds_parse_string), + cmocka_unit_test(torture_creds_krb5_state), + cmocka_unit_test(torture_creds_gensec_feature), ++ cmocka_unit_test(torture_creds_password_callback) + }; + + if (argc == 2) { +diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds +new file mode 100644 +index 00000000000..09491f22c65 +--- /dev/null ++++ b/selftest/knownfail.d/creds +@@ -0,0 +1 @@ ++^samba.unittests.credentials.torture_creds_password_callback.none +-- +2.43.0 + + +From 42f5976603f2dfab9e3179535f9d137014621b54 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 6 Dec 2023 13:06:42 +0100 +Subject: [PATCH 10/13] auth:creds: Fix + cli_credentials_get_password_and_obtained() with callback + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699) +--- + auth/credentials/credentials.c | 4 +++- + selftest/knownfail.d/creds | 1 - + 2 files changed, 3 insertions(+), 2 deletions(-) + delete mode 100644 selftest/knownfail.d/creds + +diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c +index 0485cc4e64e..8cabdd8d1c3 100644 +--- a/auth/credentials/credentials.c ++++ b/auth/credentials/credentials.c +@@ -465,11 +465,13 @@ _PUBLIC_ const char * + cli_credentials_get_password_and_obtained(struct cli_credentials *cred, + enum credentials_obtained *obtained) + { ++ const char *password = cli_credentials_get_password(cred); ++ + if (obtained != NULL) { + *obtained = cred->password_obtained; + } + +- return cli_credentials_get_password(cred); ++ return password; + } + + /* Set a password on the credentials context, including an indication +diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds +deleted file mode 100644 +index 09491f22c65..00000000000 +--- a/selftest/knownfail.d/creds ++++ /dev/null +@@ -1 +0,0 @@ +-^samba.unittests.credentials.torture_creds_password_callback.none +-- +2.43.0 + + +From 619185a178f00bbf88a853309225773b02fdbda4 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 6 Dec 2023 13:26:43 +0100 +Subject: [PATCH 11/13] auth:creds: Add + cli_credentials_get_domain_and_obtained() + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit a7622bc7db093558c6f6e3da4d2a899a764dec09) +--- + auth/credentials/credentials.c | 22 ++++++++++++++++++++++ + auth/credentials/credentials.h | 3 +++ + auth/credentials/tests/test_creds.c | 6 ++++++ + 3 files changed, 31 insertions(+) + +diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c +index 8cabdd8d1c3..7a00279b8b4 100644 +--- a/auth/credentials/credentials.c ++++ b/auth/credentials/credentials.c +@@ -738,6 +738,28 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred) + return cred->domain; + } + ++/** ++ * @brief Obtain the domain for this credential context. ++ * ++ * @param[in] cred The credential context. ++ * ++ * @param[out] obtained A pointer to store the obtained information. ++ * ++ * @return The domain name or NULL if an error occurred. ++ */ ++_PUBLIC_ const char *cli_credentials_get_domain_and_obtained( ++ struct cli_credentials *cred, ++ enum credentials_obtained *obtained) ++{ ++ const char *domain = cli_credentials_get_domain(cred); ++ ++ if (obtained != NULL) { ++ *obtained = cred->domain_obtained; ++ } ++ ++ return domain; ++} ++ + + _PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, + const char *val, +diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h +index c3a048ecc8d..c5ffe536e07 100644 +--- a/auth/credentials/credentials.h ++++ b/auth/credentials/credentials.h +@@ -127,6 +127,9 @@ int cli_credentials_get_keytab(struct cli_credentials *cred, + struct loadparm_context *lp_ctx, + struct keytab_container **_ktc); + const char *cli_credentials_get_domain(struct cli_credentials *cred); ++const char *cli_credentials_get_domain_and_obtained( ++ struct cli_credentials *cred, ++ enum credentials_obtained *obtained); + struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred); + void cli_credentials_set_machine_account_pending(struct cli_credentials *cred, + struct loadparm_context *lp_ctx); +diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c +index 414dd46a6b0..2cb2e6d0e34 100644 +--- a/auth/credentials/tests/test_creds.c ++++ b/auth/credentials/tests/test_creds.c +@@ -48,6 +48,7 @@ static void torture_creds_init(void **state) + const char *username = NULL; + const char *domain = NULL; + const char *password = NULL; ++ enum credentials_obtained dom_obtained = CRED_UNINITIALISED; + enum credentials_obtained usr_obtained = CRED_UNINITIALISED; + enum credentials_obtained pwd_obtained = CRED_UNINITIALISED; + bool ok; +@@ -65,6 +66,11 @@ static void torture_creds_init(void **state) + domain = cli_credentials_get_domain(creds); + assert_string_equal(domain, "WURST"); + ++ domain = cli_credentials_get_domain_and_obtained(creds, ++ &dom_obtained); ++ assert_int_equal(dom_obtained, CRED_SPECIFIED); ++ assert_string_equal(domain, "WURST"); ++ + username = cli_credentials_get_username(creds); + assert_null(username); + ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED); +-- +2.43.0 + + +From a72e035090075ff1b36c5d67daf5f601277bceaa Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 6 Dec 2023 15:58:08 +0100 +Subject: [PATCH 12/13] s3:tests: Add interactive smbget test for password + entry + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce) +--- + source3/script/tests/test_smbget.sh | 32 +++++++++++++++++++++++++++++ + 1 file changed, 32 insertions(+) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 0af28c6ff89..74050f6951a 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -29,6 +29,7 @@ incdir=$(dirname $0)/../../../testprogs/blackbox + . "${incdir}/common_test_fns.inc" + + samba_kinit=$(system_or_builddir_binary kinit "${BINDIR}" samba4kinit) ++samba_texpect="${BINDIR}/texpect" + + create_test_data() + { +@@ -163,6 +164,33 @@ test_singlefile_smburl2() + return 0 + } + ++test_singlefile_smburl_interactive() ++{ ++ clear_download_area ++ ++ tmpfile="$(mktemp --tmpdir="${TMPDIR}" expect_XXXXXXXXXX)" ++ ++ cat >"${tmpfile}" < +Date: Wed, 6 Dec 2023 13:16:53 +0100 +Subject: [PATCH 13/13] s3:utils: Fix auth callback with smburl + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2) +--- + source3/utils/smbget.c | 40 ++++++++++++++++++++++++++++++++++------ + 1 file changed, 34 insertions(+), 6 deletions(-) + +diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c +index 8d98ba24602..598607ea391 100644 +--- a/source3/utils/smbget.c ++++ b/source3/utils/smbget.c +@@ -114,20 +114,48 @@ static void get_auth_data_with_context_fn(SMBCCTX *ctx, + const char *username = NULL; + const char *password = NULL; + const char *domain = NULL; ++ enum credentials_obtained obtained = CRED_UNINITIALISED; + +- username = cli_credentials_get_username(creds); ++ username = cli_credentials_get_username_and_obtained(creds, &obtained); + if (username != NULL) { +- strncpy(usr, username, usr_len - 1); ++ bool overwrite = false; ++ if (usr[0] == '\0') { ++ overwrite = true; ++ } ++ if (obtained >= CRED_CALLBACK_RESULT) { ++ overwrite = true; ++ } ++ if (overwrite) { ++ strncpy(usr, username, usr_len - 1); ++ } + } + +- password = cli_credentials_get_password(creds); ++ password = cli_credentials_get_password_and_obtained(creds, &obtained); + if (password != NULL) { +- strncpy(pwd, password, pwd_len - 1); ++ bool overwrite = false; ++ if (usr[0] == '\0') { ++ overwrite = true; ++ } ++ if (obtained >= CRED_CALLBACK_RESULT) { ++ overwrite = true; ++ } ++ if (overwrite) { ++ strncpy(pwd, password, pwd_len - 1); ++ } + } + +- domain = cli_credentials_get_domain(creds); ++ domain = cli_credentials_get_domain_and_obtained(creds, &obtained); + if (domain != NULL) { +- strncpy(dom, domain, dom_len - 1); ++ bool overwrite = false; ++ if (usr[0] == '\0') { ++ overwrite = true; ++ } ++ if (obtained >= CRED_CALLBACK_RESULT) { ++ overwrite = true; ++ } ++ if (overwrite) { ++ strncpy(dom, domain, dom_len - 1); ++ } + } + + smbc_set_credentials_with_fallback(ctx, domain, username, password); +-- +2.43.0 + diff --git a/samba-4.19-fix-smbget-debug.patch b/samba-4.19-fix-smbget-debug.patch new file mode 100644 index 0000000..b837fea --- /dev/null +++ b/samba-4.19-fix-smbget-debug.patch @@ -0,0 +1,106 @@ +From 21d8c1b2dabf8dd5a65de14816c6701e9c81de44 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Tue, 5 Dec 2023 15:46:48 +0100 +Subject: [PATCH 1/2] s3:tests: Add smbget test for + smb://DOAMIN;user%password@server/share/file + +This is supported according to the smbget manpage! + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e) +--- + source3/script/tests/test_smbget.sh | 20 ++++++++++++++++++++ + 1 file changed, 20 insertions(+) + +diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh +index 46c1f4a68a5..bdc62a71eff 100755 +--- a/source3/script/tests/test_smbget.sh ++++ b/source3/script/tests/test_smbget.sh +@@ -145,6 +145,22 @@ test_singlefile_smburl() + return 0 + } + ++test_singlefile_smburl2() ++{ ++ clear_download_area ++ $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile" ++ if [ $? -ne 0 ]; then ++ echo 'ERROR: RC does not match, expected: 0' ++ return 1 ++ fi ++ cmp --silent $WORKDIR/testfile ./testfile ++ if [ $? -ne 0 ]; then ++ echo 'ERROR: file content does not match' ++ return 1 ++ fi ++ return 0 ++} ++ + test_singlefile_authfile() + { + clear_download_area +@@ -499,6 +515,10 @@ testit "download single file with --update and UPN" test_singlefile_U_UPN || + testit "download single file with smb URL" test_singlefile_smburl || + failed=$(expr $failed + 1) + ++testit "download single file with smb URL including domain" \ ++ test_singlefile_smburl2 || ++ failed=$(expr $failed + 1) ++ + testit "download single file with authfile" test_singlefile_authfile || + failed=$(expr $failed + 1) + +-- +2.43.0 + + +From e19fa9d75ee70ec23e70f166ee70241c116f7bf5 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Wed, 6 Dec 2023 08:48:34 +0100 +Subject: [PATCH 2/2] s3:utils: Fix setting the debug level + +BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525 + +Signed-off-by: Andreas Schneider +Reviewed-by: Andrew Bartlett +(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d) +--- + source3/utils/smbget.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c +index 5c99dcf918a..8d98ba24602 100644 +--- a/source3/utils/smbget.c ++++ b/source3/utils/smbget.c +@@ -849,6 +849,7 @@ int main(int argc, char **argv) + uint32_t gensec_features; + bool use_wbccache = false; + SMBCCTX *smb_ctx = NULL; ++ int dbg_lvl = -1; + int rc; + + smb_init_locale(); +@@ -922,13 +923,16 @@ int main(int argc, char **argv) + + samba_cmdline_burn(argc, argv); + ++ /* smbc_new_context() will set the log level to 0 */ ++ dbg_lvl = debuglevel_get(); ++ + smb_ctx = smbc_new_context(); + if (smb_ctx == NULL) { + fprintf(stderr, "Unable to initialize libsmbclient\n"); + ok = false; + goto done; + } +- smbc_setDebug(smb_ctx, debuglevel_get()); ++ smbc_setDebug(smb_ctx, dbg_lvl); + + rc = smbc_setConfiguration(smb_ctx, lp_default_path()); + if (rc < 0) { +-- +2.43.0 + diff --git a/samba.spec b/samba.spec index 5c91b2d..b7b5c05 100644 --- a/samba.spec +++ b/samba.spec @@ -147,7 +147,7 @@ %define samba_requires_eq() %(LC_ALL="C" echo '%*' | xargs -r rpm -q --qf 'Requires: %%{name} = %%{epoch}:%%{version}\\n' | sed -e 's/ (none):/ /' -e 's/ 0:/ /' | grep -v "is not") %global samba_version 4.19.3 -%global baserelease 1 +%global baserelease 2 # This should be rc1 or %%nil %global pre_release %nil @@ -244,6 +244,8 @@ Source201: README.downgrade Source202: samba.abignore Patch0: v4-19-fix-force-user.patch +Patch1: samba-4.19-fix-smbget-debug.patch +Patch2: samba-4.19-fix-smbget-auth.patch Requires(pre): /usr/sbin/groupadd @@ -370,6 +372,10 @@ BuildRequires: librados-devel BuildRequires: python3-etcd %endif +%if %{with gpupdate} +BuildRequires: cepces +%endif + # pidl requirements BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: perl(FindBin) @@ -4473,6 +4479,9 @@ fi %endif %changelog +* Thu Dec 14 2023 Pavel Filipenský - 4.19.3-2 +- resolves: RHEL-17283 - Fix smbget password interactive authentication + * Mon Dec 04 2023 Pavel Filipenský - 4.19.3-1 - resolves: RHEL-16483 - Update to version 4.19.3 - resolves: RHEL-11361