The branch, master has been updated via d84a8d5 s3-selftest Add tests to show kerberos works across a password change via 0415a57 s3-librpc Fix creation of in-memory keytab for previous password via 747ebc1 s3-selftest names into DNS hosts file to avoid NBT lookups via 457c665 libcli/nbt Cope with blank lines in DNS hosts file from 82e0ba2 docs: fix the missing parameter description section in the smb.conf manpage
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d84a8d534374072fc96fd5da34e0021c81005f1a Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 6 09:12:15 2011 +1000 s3-selftest Add tests to show kerberos works across a password change It is important that a machine account password change does not invalidate existing tickets. This is only for the default kerberos method with a password in secrets.tdb. The keytab based methods are still not tested. Andrew Bartlett Autobuild-User: Andrew Bartlett <abart...@samba.org> Autobuild-Date: Wed Apr 6 05:24:48 CEST 2011 on sn-devel-104 commit 0415a5736e7e68f076fcf63dc16a7d33da4e569d Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 6 09:10:13 2011 +1000 s3-librpc Fix creation of in-memory keytab for previous password We set the current password twice, rather than the current and old password. Andrew Bartlett commit 747ebc118a5cff75e71341e1f39b8127e96e41cd Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 6 12:10:03 2011 +1000 s3-selftest names into DNS hosts file to avoid NBT lookups NBT lookups cause trouble and variablity in 'make test', so it's much better if we just use the fake DNS code. This code is only used by smbtorture4 at this time, but the other client tools are generally told to contact by IP address. We need to contact by name to test Kerberos, and this should make the kerberos tests much more reliable. Andrew Bartlett commit 457c665be2777513ff8aed1de53d8ea4eb462adc Author: Andrew Bartlett <abart...@samba.org> Date: Wed Apr 6 12:09:41 2011 +1000 libcli/nbt Cope with blank lines in DNS hosts file ----------------------------------------------------------------------- Summary of changes: libcli/nbt/dns_hosts_file.c | 6 ++-- selftest/target/Samba3.pm | 23 ++++++++++++++++--- source3/librpc/crypto/gse_krb5.c | 2 +- .../{ktest-krb5_ccache => ktest-krb5_ccache-2} | Bin 11966 -> 11966 bytes source3/selftest/ktest-krb5_ccache-3 | Bin 0 -> 6031 bytes source3/selftest/ktest-secrets.tdb | Bin 45056 -> 45056 bytes source3/selftest/tests.py | 5 +++- 7 files changed, 27 insertions(+), 9 deletions(-) rename source3/selftest/{ktest-krb5_ccache => ktest-krb5_ccache-2} (100%) create mode 100644 source3/selftest/ktest-krb5_ccache-3 Changeset truncated at 500 lines: diff --git a/libcli/nbt/dns_hosts_file.c b/libcli/nbt/dns_hosts_file.c index c6491a9..8013936 100644 --- a/libcli/nbt/dns_hosts_file.c +++ b/libcli/nbt/dns_hosts_file.c @@ -85,15 +85,15 @@ static bool getdns_hosts_fileent(TALLOC_CTX *ctx, XFILE *fp, char **pp_name, cha ++count; if (next_token_talloc(ctx, &ptr, &name, NULL)) ++count; - if (strcasecmp(name_type, "A") == 0) { + if (name_type && strcasecmp(name_type, "A") == 0) { if (next_token_talloc(ctx, &ptr, &ip, NULL)) ++count; - } else if (strcasecmp(name_type, "SRV") == 0) { + } else if (name_type && strcasecmp(name_type, "SRV") == 0) { if (next_token_talloc(ctx, &ptr, &next_name, NULL)) ++count; if (next_token_talloc(ctx, &ptr, &port, NULL)) ++count; - } else if (strcasecmp(name_type, "CNAME") == 0) { + } else if (name_type && strcasecmp(name_type, "CNAME") == 0) { if (next_token_talloc(ctx, &ptr, &next_name, NULL)) ++count; } diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index de3fffb..b6c851a 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -298,19 +298,29 @@ $ret->{USERNAME} = KTEST\\Administrator # ticket_lifetime = 799718400 # renew_lifetime = 799718400 # -# The commands run were: +# The commands for the -2 keytab where were: # kinit administra...@ktest.samba.example.com # kvno host/localkte...@ktest.samba.example.com # kvno cifs/localkte...@ktest.samba.example.com # kvno host/localkte...@ktest.samba.example.com # kvno cifs/localkte...@ktest.samba.example.com # -# This creates a credential cache with a very long lifetime (2036 at at 2011-04) +# and then for the -3 keytab, I did +# +# net changetrustpw; kdestroy and the same again. +# +# This creates a credential cache with a very long lifetime (2036 at +# at 2011-04), and shows that running 'net changetrustpw' does not +# break existing logins (for the secrets.tdb method at least). +# $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; - system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache"); - chmod 0600, "$prefix/krb5_ccache"; + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); + chmod 0600, "$prefix/krb5_ccache-2"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); + chmod 0600, "$prefix/krb5_ccache-3"; $self->check_or_start($ret, ($ENV{SMBD_MAXTIME} or 2700), @@ -802,6 +812,11 @@ domusers:X:$gid_domusers: print "DONE\n"; + open(HOSTS, ">>$ENV{SELFTEST_PREFIX}/dns_host_file") or die("Unable to open $ENV{SELFTEST_PREFIX}/dns_host_file"); + print HOSTS "A $server $server_ip +"; + close(HOSTS); + $ret{SERVER_IP} = $server_ip; $ret{NMBD_TEST_LOG} = "$prefix/nmbd_test.log"; $ret{NMBD_TEST_LOG_POS} = 0; diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 735dff0..830d517 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -280,7 +280,7 @@ static krb5_error_code get_mem_keytab_from_secrets(krb5_context krbctx, goto out; } - pwd_old = secrets_fetch_machine_password(lp_workgroup(), NULL, NULL); + pwd_old = secrets_fetch_prev_machine_password(lp_workgroup()); if (!pwd_old) { DEBUG(10, (__location__ ": no prev machine password\n")); } else { diff --git a/source3/selftest/ktest-krb5_ccache-3 b/source3/selftest/ktest-krb5_ccache-3 new file mode 100644 index 0000000..a056beb Binary files /dev/null and b/source3/selftest/ktest-krb5_ccache-3 differ diff --git a/source3/selftest/ktest-secrets.tdb b/source3/selftest/ktest-secrets.tdb index c09c315..cf5c3d0 100644 Binary files a/source3/selftest/ktest-secrets.tdb and b/source3/selftest/ktest-secrets.tdb differ diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 826b84f..3fd44c5 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -219,7 +219,10 @@ if sub.returncode == 0: e = "" a = "" binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e) - options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache" + options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2" + plansmbtorturetestsuite(test, "ktest", options, 'over kerberos with old ccache ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) + + options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-3" plansmbtorturetestsuite(test, "ktest", options, 'over kerberos ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) -- Samba Shared Repository