cfb9a1c4ec
resolves: RHEL-17283
1066 lines
35 KiB
Diff
1066 lines
35 KiB
Diff
From 3b25f764e714dee0327fd4f068bd14650f7e7ab4 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 09:18:26 +0100
|
|
Subject: [PATCH 01/13] s3:tests: Fix authentication with smbget_user in smbget
|
|
tests
|
|
|
|
Currently the smget share is broken. We set `guest ok = yes` so if you
|
|
specify invalid names, the authentication will still succeed as we
|
|
are mapped to guest.
|
|
|
|
The smbget_user is a local ad_member user. We need to set the
|
|
workstation as the "domain" for the user.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 28 ++++++++++++++--------------
|
|
1 file changed, 14 insertions(+), 14 deletions(-)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index bdc62a71eff..5ab35a03e24 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -72,7 +72,7 @@ test_singlefile_guest()
|
|
test_singlefile_U()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -132,7 +132,7 @@ test_singlefile_U_domain()
|
|
test_singlefile_smburl()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --workgroup $DOMAIN smb://$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -148,7 +148,7 @@ test_singlefile_smburl()
|
|
test_singlefile_smburl2()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET "smb://$DOMAIN;$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile"
|
|
+ $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile"
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -165,7 +165,7 @@ test_singlefile_authfile()
|
|
{
|
|
clear_download_area
|
|
cat >"${TMPDIR}/authfile" << EOF
|
|
-username = $USERNAME
|
|
+username = ${SERVER}/${USERNAME}
|
|
password = $PASSWORD
|
|
EOF
|
|
$SMBGET --verbose --authentication-file="${TMPDIR}/authfile" smb://$SERVER_IP/smbget/testfile
|
|
@@ -186,7 +186,7 @@ EOF
|
|
test_recursive_U()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/
|
|
+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -207,7 +207,7 @@ test_recursive_existing_dir()
|
|
{
|
|
clear_download_area
|
|
mkdir dir1
|
|
- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/
|
|
+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -230,7 +230,7 @@ test_recursive_with_empty()
|
|
# create some additional empty directories
|
|
mkdir -p $WORKDIR/dir001/dir002/dir003
|
|
mkdir -p $WORKDIR/dir004/dir005/dir006
|
|
- $SMBGET --verbose --recursive -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/
|
|
+ $SMBGET --verbose --recursive -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/
|
|
rc=$?
|
|
rm -rf $WORKDIR/dir001
|
|
rm -rf $WORKDIR/dir004
|
|
@@ -260,7 +260,7 @@ test_resume()
|
|
clear_download_area
|
|
cp $WORKDIR/testfile .
|
|
truncate -s 1024 testfile
|
|
- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -279,7 +279,7 @@ test_resume_modified()
|
|
{
|
|
clear_download_area
|
|
dd if=/dev/urandom bs=1024 count=2 of=testfile
|
|
- $SMBGET --verbose --resume -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --resume -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 1 ]; then
|
|
echo 'ERROR: RC does not match, expected: 1'
|
|
return 1
|
|
@@ -291,14 +291,14 @@ test_resume_modified()
|
|
test_update()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --verbose -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
fi
|
|
|
|
# secondary download should pass
|
|
- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -308,7 +308,7 @@ test_update()
|
|
# touch source to trigger new download
|
|
sleep 2
|
|
touch -m $WORKDIR/testfile
|
|
- $SMBGET --verbose --update -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --update -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -397,7 +397,7 @@ test_limit_rate()
|
|
test_encrypt()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --verbose --encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -409,7 +409,7 @@ test_encrypt()
|
|
fi
|
|
|
|
clear_download_area
|
|
- $SMBGET --verbose --client-protection=encrypt -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --client-protection=encrypt -U${SERVER}/${USERNAME}%$PASSWORD smb://$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From a61c1ed2e21640a60b219b8efb16fed7ddfbce7c Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 8 Dec 2023 13:06:27 +0100
|
|
Subject: [PATCH 02/13] selftest: Remove trailing tabs/white spaces in
|
|
Samba4.pm
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4)
|
|
---
|
|
selftest/target/Samba4.pm | 8 ++++----
|
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
|
index a10c1313322..e559bf888a9 100755
|
|
--- a/selftest/target/Samba4.pm
|
|
+++ b/selftest/target/Samba4.pm
|
|
@@ -559,7 +559,7 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
|
|
warn("Unable to clean up");
|
|
}
|
|
|
|
-
|
|
+
|
|
my $swiface = Samba::get_interface($hostname);
|
|
|
|
$ctx->{prefix} = $prefix;
|
|
@@ -1034,7 +1034,7 @@ replace: userPrincipalName
|
|
userPrincipalName: testallowed upn\@$ctx->{realm}
|
|
replace: servicePrincipalName
|
|
servicePrincipalName: host/testallowed
|
|
--
|
|
+-
|
|
";
|
|
close($ldif);
|
|
unless ($? == 0) {
|
|
@@ -1057,7 +1057,7 @@ servicePrincipalName: host/testallowed
|
|
changetype: modify
|
|
replace: userPrincipalName
|
|
userPrincipalName: testdenied_upn\@$ctx->{realm}.upn
|
|
--
|
|
+-
|
|
";
|
|
close($ldif);
|
|
unless ($? == 0) {
|
|
@@ -2225,7 +2225,7 @@ sub provision_chgdcpass($$)
|
|
warn("Unable to add wins configuration");
|
|
return undef;
|
|
}
|
|
-
|
|
+
|
|
# Remove secrets.tdb from this environment to test that we
|
|
# still start up on systems without the new matching
|
|
# secrets.tdb records.
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 4177d6b866f8a0a72ebe208c5025ad643a2610d8 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Fri, 8 Dec 2023 13:07:19 +0100
|
|
Subject: [PATCH 03/13] selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables
|
|
|
|
We should start using those in future. So we can distinguish which
|
|
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
|
|
possible should use DOMIAN_USER instead.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c)
|
|
---
|
|
selftest/target/Samba.pm | 4 ++++
|
|
selftest/target/Samba3.pm | 24 ++++++++++++++++++++++++
|
|
selftest/target/Samba4.pm | 8 ++++++++
|
|
3 files changed, 36 insertions(+)
|
|
|
|
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
|
|
index b959db493ca..e4bd6a0d5d2 100644
|
|
--- a/selftest/target/Samba.pm
|
|
+++ b/selftest/target/Samba.pm
|
|
@@ -947,6 +947,10 @@ my @exported_envvars = (
|
|
"PASSWORD",
|
|
"DC_USERNAME",
|
|
"DC_PASSWORD",
|
|
+ "DOMAIN_ADMIN",
|
|
+ "DOMAIN_ADMIN_PASSWORD",
|
|
+ "DOMAIN_USER",
|
|
+ "DOMAIN_USER_PASSWORD",
|
|
|
|
# UID/GID for rfc2307 mapping tests
|
|
"UID_RFC2307TEST",
|
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
index 85e69e4b72d..8755d0a2f1f 100755
|
|
--- a/selftest/target/Samba3.pm
|
|
+++ b/selftest/target/Samba3.pm
|
|
@@ -1006,6 +1006,10 @@ sub provision_ad_member
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
# forest trust
|
|
$ret->{TRUST_F_BOTH_SERVER} = $trustvars_f->{SERVER};
|
|
@@ -1171,6 +1175,10 @@ sub setup_ad_member_rfc2307
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
@@ -1267,6 +1275,10 @@ sub setup_admem_idmap_autorid
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
@@ -1366,6 +1378,10 @@ sub setup_ad_member_idmap_rid
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
return $ret;
|
|
}
|
|
@@ -1466,6 +1482,10 @@ sub setup_ad_member_idmap_ad
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
|
|
$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
|
|
@@ -1558,6 +1578,10 @@ sub setup_ad_member_oneway
|
|
$ret->{DC_NETBIOSNAME} = $dcvars->{NETBIOSNAME};
|
|
$ret->{DC_USERNAME} = $dcvars->{USERNAME};
|
|
$ret->{DC_PASSWORD} = $dcvars->{PASSWORD};
|
|
+ $ret->{DOMAIN_ADMIN} = $dcvars->{DOMAIN_ADMIN};
|
|
+ $ret->{DOMAIN_ADMIN_PASSWORD} = $dcvars->{DOMAIN_ADMIN_PASSWORD};
|
|
+ $ret->{DOMAIN_USER} = $dcvars->{DOMAIN_USER};
|
|
+ $ret->{DOMAIN_USER_PASSWORD} = $dcvars->{DOMAIN_USER_PASSWORD};
|
|
|
|
$ret->{TRUST_SERVER} = $dcvars->{TRUST_SERVER};
|
|
$ret->{TRUST_USERNAME} = $dcvars->{TRUST_USERNAME};
|
|
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
|
index e559bf888a9..cbaacce48da 100755
|
|
--- a/selftest/target/Samba4.pm
|
|
+++ b/selftest/target/Samba4.pm
|
|
@@ -587,6 +587,10 @@ sub provision_raw_prepare($$$$$$$$$$$$$$)
|
|
$ctx->{realm} = uc($realm);
|
|
$ctx->{dnsname} = lc($realm);
|
|
$ctx->{samsid} = $samsid;
|
|
+ $ctx->{domain_admin} = "Administrator";
|
|
+ $ctx->{domain_admin_password} = $password;
|
|
+ $ctx->{domain_user} = "alice";
|
|
+ $ctx->{domain_user_password} = "Secret007";
|
|
|
|
$ctx->{functional_level} = $functional_level;
|
|
|
|
@@ -906,6 +910,10 @@ nogroup:x:65534:nobody
|
|
DOMAIN => $ctx->{domain},
|
|
USERNAME => $ctx->{username},
|
|
DC_USERNAME => $ctx->{username},
|
|
+ DOMAIN_ADMIN => $ctx->{domain_admin},
|
|
+ DOMAIN_ADMIN_PASSWORD => $ctx->{domain_admin_password},
|
|
+ DOMAIN_USER => $ctx->{domain_user},
|
|
+ DOMAIN_USER_PASSWORD => $ctx->{domain_user_password},
|
|
REALM => $ctx->{realm},
|
|
DNSNAME => $ctx->{dnsname},
|
|
SAMSID => $ctx->{samsid},
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From c5839fd47591e46431d56091f151f22a5e35d16c Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 09:45:54 +0100
|
|
Subject: [PATCH 04/13] s3:tests: Pass down a normal domain user for
|
|
test_smbget.sh
|
|
|
|
It is better to test with a normal user than administrator.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 337034e675aaeb366d360a791ec0d003426230af)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 22 ++++++++++++----------
|
|
source3/selftest/tests.py | 2 ++
|
|
2 files changed, 14 insertions(+), 10 deletions(-)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 5ab35a03e24..257291b18ff 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -16,9 +16,11 @@ DOMAIN=${3}
|
|
REALM=${4}
|
|
USERNAME=${5}
|
|
PASSWORD=${6}
|
|
-WORKDIR=${7}
|
|
-SMBGET="$VALGRIND ${8}"
|
|
-shift 8
|
|
+DOMAIN_USER=${7}
|
|
+DOMAIN_USER_PASSWORD=${8}
|
|
+WORKDIR=${9}
|
|
+SMBGET="$VALGRIND ${10}"
|
|
+shift 10
|
|
|
|
TMPDIR="$SELFTEST_TMPDIR"
|
|
|
|
@@ -89,7 +91,7 @@ test_singlefile_U_UPN()
|
|
{
|
|
clear_download_area
|
|
|
|
- ${SMBGET} --verbose -U"${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \
|
|
+ ${SMBGET} --verbose -U"${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \
|
|
"smb://${SERVER_IP}/smbget/testfile"
|
|
ret=${?}
|
|
if [ ${ret} -ne 0 ]; then
|
|
@@ -111,7 +113,7 @@ test_singlefile_U_domain()
|
|
{
|
|
clear_download_area
|
|
|
|
- ${SMBGET} --verbose -U"${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \
|
|
+ ${SMBGET} --verbose -U"${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \
|
|
"smb://${SERVER_IP}/smbget/testfile"
|
|
ret=${?}
|
|
if [ ${ret} -ne 0 ]; then
|
|
@@ -132,7 +134,7 @@ test_singlefile_U_domain()
|
|
test_singlefile_smburl()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET --workgroup $DOMAIN smb://${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --workgroup $DOMAIN smb://${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -148,7 +150,7 @@ test_singlefile_smburl()
|
|
test_singlefile_smburl2()
|
|
{
|
|
clear_download_area
|
|
- $SMBGET "smb://$DOMAIN;${USERNAME}:$PASSWORD@$SERVER_IP/smbget/testfile"
|
|
+ $SMBGET "smb://$DOMAIN;${DOMAIN_USER}:$DOMAIN_USER_PASSWORD@$SERVER_IP/smbget/testfile"
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -343,7 +345,7 @@ test_msdfs_link_domain()
|
|
{
|
|
clear_download_area
|
|
|
|
- ${SMBGET} --verbose "-U${DOMAIN}/${DC_USERNAME}%${DC_PASSWORD}" \
|
|
+ ${SMBGET} --verbose "-U${DOMAIN}/${DOMAIN_USER}%${DOMAIN_USER_PASSWORD}" \
|
|
"smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file"
|
|
ret=$?
|
|
if [ ${ret} -ne 0 ]; then
|
|
@@ -358,7 +360,7 @@ test_msdfs_link_upn()
|
|
{
|
|
clear_download_area
|
|
|
|
- ${SMBGET} --verbose "-U${DC_USERNAME}@${REALM}%${DC_PASSWORD}" \
|
|
+ ${SMBGET} --verbose "-U${DOMAIN_USER}@${REALM}%${DOMAIN_USER_PASSWORD}" \
|
|
"smb://${SERVER}/msdfs-share/deeppath/msdfs-src2/readable_file"
|
|
ret=$?
|
|
if [ ${ret} -ne 0 ]; then
|
|
@@ -433,7 +435,7 @@ test_kerberos()
|
|
KRB5CCNAME="FILE:${KRB5CCNAME_PATH}"
|
|
export KRB5CCNAME
|
|
kerberos_kinit "${samba_kinit}" \
|
|
- "${DC_USERNAME}@${REALM}" "${DC_PASSWORD}"
|
|
+ "${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}"
|
|
|
|
$SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \
|
|
smb://$SERVER/smbget/testfile
|
|
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
|
|
index 5a784f1c5aa..973384f8c53 100755
|
|
--- a/source3/selftest/tests.py
|
|
+++ b/source3/selftest/tests.py
|
|
@@ -931,6 +931,8 @@ plantestsuite("samba3.blackbox.smbget",
|
|
'$REALM',
|
|
'smbget_user',
|
|
'$PASSWORD',
|
|
+ '$DOMAIN_USER',
|
|
+ '$DOMAIN_USER_PASSWORD',
|
|
'$LOCAL_PATH/smbget',
|
|
smbget
|
|
])
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 43f8a0acbcda931efb40403b15ef4c8d8ec94c8b Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 10:51:32 +0100
|
|
Subject: [PATCH 05/13] s3:tests: Fix test_kerberos in smbget tests
|
|
|
|
We switched to a temporary directory, so $PREFIX doesn't exist.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 62b0b79ce065246417996dec61afa6a10f6ab99b)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 257291b18ff..5b65db89a26 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -429,13 +429,17 @@ test_kerberos()
|
|
{
|
|
clear_download_area
|
|
|
|
- KRB5CCNAME_PATH="$PREFIX/smget_krb5ccache"
|
|
+ KRB5CCNAME_PATH="${TMPDIR}/smget_krb5ccache"
|
|
rm -f "${KRB5CCNAME_PATH}"
|
|
|
|
KRB5CCNAME="FILE:${KRB5CCNAME_PATH}"
|
|
export KRB5CCNAME
|
|
kerberos_kinit "${samba_kinit}" \
|
|
"${DOMAIN_USER}@${REALM}" "${DOMAIN_USER_PASSWORD}"
|
|
+ if [ $? -ne 0 ]; then
|
|
+ echo 'Failed to get Kerberos ticket'
|
|
+ return 1
|
|
+ fi
|
|
|
|
$SMBGET --verbose --use-krb5-ccache="${KRB5CCNAME}" \
|
|
smb://$SERVER/smbget/testfile
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 26be99f6ac11bd3c6cfd737b332ee3aca660b390 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 11:43:33 +0100
|
|
Subject: [PATCH 06/13] s3:tests: Fix the test_kerberos_trust in smbget
|
|
testsuite
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 468fb05d6357779228e411076e286abcdb70cf96)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 5b65db89a26..50e8cea3900 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -465,7 +465,7 @@ test_kerberos_trust()
|
|
|
|
$SMBGET --verbose --use-kerberos=required \
|
|
-U"${TRUST_F_BOTH_USERNAME}@${TRUST_F_BOTH_REALM}%${TRUST_F_BOTH_PASSWORD}" \
|
|
- smb://$SERVER/smbget/testfile
|
|
+ smb://$SERVER.${REALM}/smbget/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 0cbea3a4c5b7f5356c209ba2826f01506b40f1f8 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 13:11:46 +0100
|
|
Subject: [PATCH 07/13] s3:tests: Remove the non-working
|
|
test_kerberos_upn_denied of smbget
|
|
|
|
See TODO code comment for details.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 52 +++++++++++++++++------------
|
|
1 file changed, 30 insertions(+), 22 deletions(-)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 50e8cea3900..1956fc5b38e 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -480,26 +480,34 @@ test_kerberos_trust()
|
|
return 0
|
|
}
|
|
|
|
-test_kerberos_upn_denied()
|
|
-{
|
|
- clear_download_area
|
|
-
|
|
- $SMBGET --verbose --use-kerberos=required \
|
|
- -U"testdenied_upn@${REALM}.upn%${PASSWORD}" \
|
|
- "smb://${SERVER}/smbget/testfile"
|
|
- if [ $? -ne 0 ]; then
|
|
- echo 'ERROR: RC does not match, expected: 0'
|
|
- return 1
|
|
- fi
|
|
-
|
|
- cmp --silent $WORKDIR/testfile ./testfile
|
|
- if [ $? -ne 0 ]; then
|
|
- echo 'ERROR: file content does not match'
|
|
- return 1
|
|
- fi
|
|
-
|
|
- return 0
|
|
-}
|
|
+# TODO FIXME
|
|
+# This test does not work, as we can't tell the libsmb code that the
|
|
+# principal is an enterprice principal. We need support for enterprise
|
|
+# principals in kerberos_kinit_password_ext() and a way to pass it via the
|
|
+# credenitals structure and commandline options.
|
|
+# It works if you do: kinit -E testdenied_upn@${REALM}.upn
|
|
+#
|
|
+# test_kerberos_upn_denied()
|
|
+# {
|
|
+# set -x
|
|
+# clear_download_area
|
|
+#
|
|
+# $SMBGET --verbose --use-kerberos=required \
|
|
+# -U"testdenied_upn@${REALM}.upn%${DC_PASSWORD}" \
|
|
+# "smb://${SERVER}.${REALM}/smbget/testfile" -d10
|
|
+# if [ $? -ne 0 ]; then
|
|
+# echo 'ERROR: RC does not match, expected: 0'
|
|
+# return 1
|
|
+# fi
|
|
+#
|
|
+# cmp --silent $WORKDIR/testfile ./testfile
|
|
+# if [ $? -ne 0 ]; then
|
|
+# echo 'ERROR: file content does not match'
|
|
+# return 1
|
|
+# fi
|
|
+#
|
|
+# return 0
|
|
+# }
|
|
|
|
create_test_data
|
|
|
|
@@ -567,8 +575,8 @@ testit "kerberos" test_kerberos ||
|
|
testit "kerberos_trust" test_kerberos_trust ||
|
|
failed=$((failed + 1))
|
|
|
|
-testit "kerberos_upn_denied" test_kerberos_upn_denied ||
|
|
- failed=$((failed + 1))
|
|
+# testit "kerberos_upn_denied" test_kerberos_upn_denied ||
|
|
+# failed=$((failed + 1))
|
|
|
|
clear_download_area
|
|
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From b3d5792525df99cf149ce08392c359fb97f68ec5 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Thu, 7 Dec 2023 09:47:14 +0100
|
|
Subject: [PATCH 08/13] s3:tests: Fix smbget test
|
|
|
|
Time to fix the smget share to not have `guest ok = yes` set. A new
|
|
[smbget_guest] will be used for guest only tests. This way we can
|
|
correctly test different authentication mechanisms.
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit c46769f3f10d21ed802e17aa79ae17e345168e63)
|
|
---
|
|
selftest/target/Samba3.pm | 4 ++++
|
|
source3/script/tests/test_smbget.sh | 8 ++++----
|
|
2 files changed, 8 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
|
|
index 8755d0a2f1f..2c69993c56a 100755
|
|
--- a/selftest/target/Samba3.pm
|
|
+++ b/selftest/target/Samba3.pm
|
|
@@ -3587,6 +3587,10 @@ sub provision($$)
|
|
[smbget]
|
|
path = $smbget_sharedir
|
|
comment = smb username is [%U]
|
|
+
|
|
+[smbget_guest]
|
|
+ path = $smbget_sharedir
|
|
+ comment = smb username is [%U]
|
|
guest ok = yes
|
|
|
|
include = $aliceconfdir/%U.conf
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 1956fc5b38e..0af28c6ff89 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -57,8 +57,8 @@ clear_download_area()
|
|
test_singlefile_guest()
|
|
{
|
|
clear_download_area
|
|
- echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile"
|
|
- $SMBGET --verbose --guest smb://$SERVER_IP/smbget/testfile
|
|
+ echo "$SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile"
|
|
+ $SMBGET --verbose --guest smb://$SERVER_IP/smbget_guest/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
@@ -376,9 +376,9 @@ test_msdfs_link_upn()
|
|
test_limit_rate()
|
|
{
|
|
clear_download_area
|
|
- echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile"
|
|
+ echo "$SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile"
|
|
time_begin=$(date +%s)
|
|
- $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget/testfile
|
|
+ $SMBGET --verbose --guest --limit-rate 100 smb://$SERVER_IP/smbget_guest/testfile
|
|
if [ $? -ne 0 ]; then
|
|
echo 'ERROR: RC does not match, expected: 0'
|
|
return 1
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From b40c350a6550946129aadbace4e6cecc219c666a Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 6 Dec 2023 13:16:26 +0100
|
|
Subject: [PATCH 09/13] auth:creds:tests: Add test for password callback
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit ab4b25964a43a1ef550f10580ad395e178fe647e)
|
|
---
|
|
auth/credentials/tests/test_creds.c | 32 +++++++++++++++++++++++++++++
|
|
selftest/knownfail.d/creds | 1 +
|
|
2 files changed, 33 insertions(+)
|
|
create mode 100644 selftest/knownfail.d/creds
|
|
|
|
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
|
|
index a2f9642bfe0..414dd46a6b0 100644
|
|
--- a/auth/credentials/tests/test_creds.c
|
|
+++ b/auth/credentials/tests/test_creds.c
|
|
@@ -285,6 +285,37 @@ static void torture_creds_gensec_feature(void **state)
|
|
assert_int_equal(creds->gensec_features, GENSEC_FEATURE_SIGN);
|
|
}
|
|
|
|
+static const char *torture_get_password(struct cli_credentials *creds)
|
|
+{
|
|
+ return talloc_strdup(creds, "SECRET");
|
|
+}
|
|
+
|
|
+static void torture_creds_password_callback(void **state)
|
|
+{
|
|
+ TALLOC_CTX *mem_ctx = *state;
|
|
+ struct cli_credentials *creds = NULL;
|
|
+ const char *password = NULL;
|
|
+ enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
|
|
+ bool ok;
|
|
+
|
|
+ creds = cli_credentials_init(mem_ctx);
|
|
+ assert_non_null(creds);
|
|
+
|
|
+ ok = cli_credentials_set_domain(creds, "WURST", CRED_SPECIFIED);
|
|
+ assert_true(ok);
|
|
+ ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
|
|
+ assert_true(ok);
|
|
+
|
|
+ ok = cli_credentials_set_password_callback(creds, torture_get_password);
|
|
+ assert_true(ok);
|
|
+ assert_int_equal(creds->password_obtained, CRED_CALLBACK);
|
|
+
|
|
+ password = cli_credentials_get_password_and_obtained(creds,
|
|
+ &pwd_obtained);
|
|
+ assert_int_equal(pwd_obtained, CRED_CALLBACK_RESULT);
|
|
+ assert_string_equal(password, "SECRET");
|
|
+}
|
|
+
|
|
int main(int argc, char *argv[])
|
|
{
|
|
int rc;
|
|
@@ -296,6 +327,7 @@ int main(int argc, char *argv[])
|
|
cmocka_unit_test(torture_creds_parse_string),
|
|
cmocka_unit_test(torture_creds_krb5_state),
|
|
cmocka_unit_test(torture_creds_gensec_feature),
|
|
+ cmocka_unit_test(torture_creds_password_callback)
|
|
};
|
|
|
|
if (argc == 2) {
|
|
diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds
|
|
new file mode 100644
|
|
index 00000000000..09491f22c65
|
|
--- /dev/null
|
|
+++ b/selftest/knownfail.d/creds
|
|
@@ -0,0 +1 @@
|
|
+^samba.unittests.credentials.torture_creds_password_callback.none
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 42f5976603f2dfab9e3179535f9d137014621b54 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 6 Dec 2023 13:06:42 +0100
|
|
Subject: [PATCH 10/13] auth:creds: Fix
|
|
cli_credentials_get_password_and_obtained() with callback
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699)
|
|
---
|
|
auth/credentials/credentials.c | 4 +++-
|
|
selftest/knownfail.d/creds | 1 -
|
|
2 files changed, 3 insertions(+), 2 deletions(-)
|
|
delete mode 100644 selftest/knownfail.d/creds
|
|
|
|
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
|
|
index 0485cc4e64e..8cabdd8d1c3 100644
|
|
--- a/auth/credentials/credentials.c
|
|
+++ b/auth/credentials/credentials.c
|
|
@@ -465,11 +465,13 @@ _PUBLIC_ const char *
|
|
cli_credentials_get_password_and_obtained(struct cli_credentials *cred,
|
|
enum credentials_obtained *obtained)
|
|
{
|
|
+ const char *password = cli_credentials_get_password(cred);
|
|
+
|
|
if (obtained != NULL) {
|
|
*obtained = cred->password_obtained;
|
|
}
|
|
|
|
- return cli_credentials_get_password(cred);
|
|
+ return password;
|
|
}
|
|
|
|
/* Set a password on the credentials context, including an indication
|
|
diff --git a/selftest/knownfail.d/creds b/selftest/knownfail.d/creds
|
|
deleted file mode 100644
|
|
index 09491f22c65..00000000000
|
|
--- a/selftest/knownfail.d/creds
|
|
+++ /dev/null
|
|
@@ -1 +0,0 @@
|
|
-^samba.unittests.credentials.torture_creds_password_callback.none
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 619185a178f00bbf88a853309225773b02fdbda4 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 6 Dec 2023 13:26:43 +0100
|
|
Subject: [PATCH 11/13] auth:creds: Add
|
|
cli_credentials_get_domain_and_obtained()
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit a7622bc7db093558c6f6e3da4d2a899a764dec09)
|
|
---
|
|
auth/credentials/credentials.c | 22 ++++++++++++++++++++++
|
|
auth/credentials/credentials.h | 3 +++
|
|
auth/credentials/tests/test_creds.c | 6 ++++++
|
|
3 files changed, 31 insertions(+)
|
|
|
|
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
|
|
index 8cabdd8d1c3..7a00279b8b4 100644
|
|
--- a/auth/credentials/credentials.c
|
|
+++ b/auth/credentials/credentials.c
|
|
@@ -738,6 +738,28 @@ _PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
|
|
return cred->domain;
|
|
}
|
|
|
|
+/**
|
|
+ * @brief Obtain the domain for this credential context.
|
|
+ *
|
|
+ * @param[in] cred The credential context.
|
|
+ *
|
|
+ * @param[out] obtained A pointer to store the obtained information.
|
|
+ *
|
|
+ * @return The domain name or NULL if an error occurred.
|
|
+ */
|
|
+_PUBLIC_ const char *cli_credentials_get_domain_and_obtained(
|
|
+ struct cli_credentials *cred,
|
|
+ enum credentials_obtained *obtained)
|
|
+{
|
|
+ const char *domain = cli_credentials_get_domain(cred);
|
|
+
|
|
+ if (obtained != NULL) {
|
|
+ *obtained = cred->domain_obtained;
|
|
+ }
|
|
+
|
|
+ return domain;
|
|
+}
|
|
+
|
|
|
|
_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred,
|
|
const char *val,
|
|
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
|
|
index c3a048ecc8d..c5ffe536e07 100644
|
|
--- a/auth/credentials/credentials.h
|
|
+++ b/auth/credentials/credentials.h
|
|
@@ -127,6 +127,9 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
|
|
struct loadparm_context *lp_ctx,
|
|
struct keytab_container **_ktc);
|
|
const char *cli_credentials_get_domain(struct cli_credentials *cred);
|
|
+const char *cli_credentials_get_domain_and_obtained(
|
|
+ struct cli_credentials *cred,
|
|
+ enum credentials_obtained *obtained);
|
|
struct netlogon_creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
|
|
void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
|
|
struct loadparm_context *lp_ctx);
|
|
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
|
|
index 414dd46a6b0..2cb2e6d0e34 100644
|
|
--- a/auth/credentials/tests/test_creds.c
|
|
+++ b/auth/credentials/tests/test_creds.c
|
|
@@ -48,6 +48,7 @@ static void torture_creds_init(void **state)
|
|
const char *username = NULL;
|
|
const char *domain = NULL;
|
|
const char *password = NULL;
|
|
+ enum credentials_obtained dom_obtained = CRED_UNINITIALISED;
|
|
enum credentials_obtained usr_obtained = CRED_UNINITIALISED;
|
|
enum credentials_obtained pwd_obtained = CRED_UNINITIALISED;
|
|
bool ok;
|
|
@@ -65,6 +66,11 @@ static void torture_creds_init(void **state)
|
|
domain = cli_credentials_get_domain(creds);
|
|
assert_string_equal(domain, "WURST");
|
|
|
|
+ domain = cli_credentials_get_domain_and_obtained(creds,
|
|
+ &dom_obtained);
|
|
+ assert_int_equal(dom_obtained, CRED_SPECIFIED);
|
|
+ assert_string_equal(domain, "WURST");
|
|
+
|
|
username = cli_credentials_get_username(creds);
|
|
assert_null(username);
|
|
ok = cli_credentials_set_username(creds, "brot", CRED_SPECIFIED);
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From a72e035090075ff1b36c5d67daf5f601277bceaa Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 6 Dec 2023 15:58:08 +0100
|
|
Subject: [PATCH 12/13] s3:tests: Add interactive smbget test for password
|
|
entry
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce)
|
|
---
|
|
source3/script/tests/test_smbget.sh | 32 +++++++++++++++++++++++++++++
|
|
1 file changed, 32 insertions(+)
|
|
|
|
diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh
|
|
index 0af28c6ff89..74050f6951a 100755
|
|
--- a/source3/script/tests/test_smbget.sh
|
|
+++ b/source3/script/tests/test_smbget.sh
|
|
@@ -29,6 +29,7 @@ incdir=$(dirname $0)/../../../testprogs/blackbox
|
|
. "${incdir}/common_test_fns.inc"
|
|
|
|
samba_kinit=$(system_or_builddir_binary kinit "${BINDIR}" samba4kinit)
|
|
+samba_texpect="${BINDIR}/texpect"
|
|
|
|
create_test_data()
|
|
{
|
|
@@ -163,6 +164,33 @@ test_singlefile_smburl2()
|
|
return 0
|
|
}
|
|
|
|
+test_singlefile_smburl_interactive()
|
|
+{
|
|
+ clear_download_area
|
|
+
|
|
+ tmpfile="$(mktemp --tmpdir="${TMPDIR}" expect_XXXXXXXXXX)"
|
|
+
|
|
+ cat >"${tmpfile}" <<EOF
|
|
+expect Password for
|
|
+send ${DOMAIN_USER_PASSWORD}\n
|
|
+EOF
|
|
+
|
|
+ USER="hanswurst" ${samba_texpect} "${tmpfile}" ${SMBGET} "smb://${DOMAIN};${DOMAIN_USER}@${SERVER_IP}/smbget/testfile"
|
|
+ ret=$?
|
|
+ rm -f "${tmpfile}"
|
|
+ if [ ${ret} -ne 0 ]; then
|
|
+ echo 'ERROR: RC does not match, expected: 0'
|
|
+ return 1
|
|
+ fi
|
|
+ cmp --silent $WORKDIR/testfile ./testfile
|
|
+ ret=$?
|
|
+ if [ ${ret} -ne 0 ]; then
|
|
+ echo 'ERROR: file content does not match'
|
|
+ return 1
|
|
+ fi
|
|
+ return 0
|
|
+}
|
|
+
|
|
test_singlefile_authfile()
|
|
{
|
|
clear_download_area
|
|
@@ -533,6 +561,10 @@ testit "download single file with smb URL including domain" \
|
|
test_singlefile_smburl2 ||
|
|
failed=$(expr $failed + 1)
|
|
|
|
+testit "download single file with smb URL interactive" \
|
|
+ test_singlefile_smburl_interactive ||
|
|
+ failed=$(expr $failed + 1)
|
|
+
|
|
testit "download single file with authfile" test_singlefile_authfile ||
|
|
failed=$(expr $failed + 1)
|
|
|
|
--
|
|
2.43.0
|
|
|
|
|
|
From 7d13ed182ebd57d7ba38fc343b13b040f258d3a6 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Schneider <asn@samba.org>
|
|
Date: Wed, 6 Dec 2023 13:16:53 +0100
|
|
Subject: [PATCH 13/13] s3:utils: Fix auth callback with smburl
|
|
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532
|
|
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
(cherry picked from commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2)
|
|
---
|
|
source3/utils/smbget.c | 40 ++++++++++++++++++++++++++++++++++------
|
|
1 file changed, 34 insertions(+), 6 deletions(-)
|
|
|
|
diff --git a/source3/utils/smbget.c b/source3/utils/smbget.c
|
|
index 8d98ba24602..598607ea391 100644
|
|
--- a/source3/utils/smbget.c
|
|
+++ b/source3/utils/smbget.c
|
|
@@ -114,20 +114,48 @@ static void get_auth_data_with_context_fn(SMBCCTX *ctx,
|
|
const char *username = NULL;
|
|
const char *password = NULL;
|
|
const char *domain = NULL;
|
|
+ enum credentials_obtained obtained = CRED_UNINITIALISED;
|
|
|
|
- username = cli_credentials_get_username(creds);
|
|
+ username = cli_credentials_get_username_and_obtained(creds, &obtained);
|
|
if (username != NULL) {
|
|
- strncpy(usr, username, usr_len - 1);
|
|
+ bool overwrite = false;
|
|
+ if (usr[0] == '\0') {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (obtained >= CRED_CALLBACK_RESULT) {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (overwrite) {
|
|
+ strncpy(usr, username, usr_len - 1);
|
|
+ }
|
|
}
|
|
|
|
- password = cli_credentials_get_password(creds);
|
|
+ password = cli_credentials_get_password_and_obtained(creds, &obtained);
|
|
if (password != NULL) {
|
|
- strncpy(pwd, password, pwd_len - 1);
|
|
+ bool overwrite = false;
|
|
+ if (usr[0] == '\0') {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (obtained >= CRED_CALLBACK_RESULT) {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (overwrite) {
|
|
+ strncpy(pwd, password, pwd_len - 1);
|
|
+ }
|
|
}
|
|
|
|
- domain = cli_credentials_get_domain(creds);
|
|
+ domain = cli_credentials_get_domain_and_obtained(creds, &obtained);
|
|
if (domain != NULL) {
|
|
- strncpy(dom, domain, dom_len - 1);
|
|
+ bool overwrite = false;
|
|
+ if (usr[0] == '\0') {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (obtained >= CRED_CALLBACK_RESULT) {
|
|
+ overwrite = true;
|
|
+ }
|
|
+ if (overwrite) {
|
|
+ strncpy(dom, domain, dom_len - 1);
|
|
+ }
|
|
}
|
|
|
|
smbc_set_credentials_with_fallback(ctx, domain, username, password);
|
|
--
|
|
2.43.0
|
|
|