The branch, master has been updated
via aaf2cae s3-kpasswd: Fix build warning.
via 638a8ed s4-heimdal: do not build rkpty anymore.
via c4e15e0 testprogs: use texpect instead of rkpty.
via a78a87a testprogs: test kpasswd via "net ads password".
via fa39e02 testprogs: use texpect in passwords test file instead of
rkpty.
via 3ba74c8 lib/texpect: add texpect binary based on heimdals rkpty.
via 9e42b01 s3-kpasswd: send a netbios krb5 address to avoid invalid
net address errors from heimdal.
via 1d779bd Remove custom password change code in libads
via 6bdde64 Remove duplicate definitions
via af7613f testprogs: allow to run passwords test with MIT and Heimdal
kinit.
via 7982c37 testprogs: Use the system binaries for KRB5 if we don't
build in-tree heimdal.
via 980ce21 selftest: Use the dns domain in the hosts file.
from 470e5b8 s4-netlogond: Give a better error if we do not have a
flatname attribute
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aaf2cae36b8ce8e13d04e1124f5ca581cfb64bc2
Author: Günther Deschner <g...@samba.org>
Date: Wed Aug 27 09:09:13 2014 +0200
s3-kpasswd: Fix build warning.
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Mon Sep 1 18:15:15 CEST 2014 on sn-devel-104
commit 638a8edd7ce708cf550c054ac16dade795b6448b
Author: Günther Deschner <g...@samba.org>
Date: Tue Aug 26 18:05:32 2014 +0200
s4-heimdal: do not build rkpty anymore.
It is fully replaced with texpect now.
Guenther
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit c4e15e0f6d367cc0e527af002ea65e0be4dacfa9
Author: Günther Deschner <g...@samba.org>
Date: Tue Aug 26 18:01:10 2014 +0200
testprogs: use texpect instead of rkpty.
Guenther
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit a78a87ac5397e464de9d8e81c0c0334d278f9032
Author: Günther Deschner <g...@samba.org>
Date: Tue Aug 26 12:39:06 2014 +0200
testprogs: test kpasswd via "net ads password".
Guenther
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit fa39e025ff009b3d117f210cc33930629c5c547f
Author: Günther Deschner <g...@samba.org>
Date: Mon Aug 25 19:41:14 2014 +0200
testprogs: use texpect in passwords test file instead of rkpty.
Guenther
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 3ba74c83dc5a1fd067ce238d8a6276e4276d6827
Author: Günther Deschner <g...@samba.org>
Date: Mon Aug 25 19:38:12 2014 +0200
lib/texpect: add texpect binary based on heimdals rkpty.
Guenther
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 9e42b0186525597de60fdb194a3e8f409f3d7d08
Author: Günther Deschner <g...@samba.org>
Date: Tue Aug 26 14:28:01 2014 +0200
s3-kpasswd: send a netbios krb5 address to avoid invalid net address errors
from
heimdal.
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 1d779bdbb21f50c1f638e1abfa732807d32d6887
Author: Simo Sorce <i...@samba.org>
Date: Sat Aug 2 10:31:20 2014 -0400
Remove custom password change code in libads
Use standard libkrb5 calls instead.
Signed-off-by: Simo Sorce <i...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 6bdde64354e7020b1ea91cbbb06c76984491195c
Author: Simo Sorce <i...@samba.org>
Date: Sat Aug 2 09:39:20 2014 -0400
Remove duplicate definitions
Thee are already defined both in Heimdal and MIT public headers
Signed-off-by: Simo Sorce <i...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit af7613fa2562a80688b461cbbdc95dd14bb4ddb1
Author: Günther Deschner <g...@samba.org>
Date: Mon Aug 25 16:35:23 2014 +0200
testprogs: allow to run passwords test with MIT and Heimdal kinit.
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 7982c373b04377da7eb998f94846db5f9e56dbb7
Author: Andreas Schneider <a...@samba.org>
Date: Mon May 12 16:56:29 2014 +0200
testprogs: Use the system binaries for KRB5 if we don't build in-tree
heimdal.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlet <abart...@samba.org>
commit 980ce21a5b80f4cd40f9c3876c09a885918491ce
Author: Andreas Schneider <a...@samba.org>
Date: Mon Sep 1 14:45:26 2014 +0200
selftest: Use the dns domain in the hosts file.
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Stefan Metzmacher <me...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.h | 1 -
lib/texpect/texpect.c | 441 +++++++++++++++++++
lib/texpect/wscript | 9 +
selftest/target/Samba4.pm | 4 +-
source3/libads/krb5_setpw.c | 635 +++------------------------
source4/heimdal_build/wscript_build | 5 -
source4/scripting/bin/setup_dns.sh | 7 +-
testprogs/blackbox/test_chgdcpass.sh | 7 +-
testprogs/blackbox/test_export_keytab.sh | 6 +-
testprogs/blackbox/test_kinit.sh | 22 +-
testprogs/blackbox/test_ktpass.sh | 6 +-
testprogs/blackbox/test_passwords.sh | 59 ++-
testprogs/blackbox/test_pdbtest.sh | 6 +-
testprogs/blackbox/test_pkinit.sh | 13 +-
testprogs/blackbox/test_samba_upgradedns.sh | 6 +-
wscript | 1 +
wscript_build | 1 +
17 files changed, 628 insertions(+), 601 deletions(-)
create mode 100644 lib/texpect/texpect.c
create mode 100644 lib/texpect/wscript
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index af661d9..189dcf9 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -161,7 +161,6 @@ bool smb_krb5_principal_compare_any_realm(krb5_context
context,
krb5_const_principal princ1,
krb5_const_principal princ2);
krb5_error_code smb_krb5_renew_ticket(const char *ccache_string, const char
*client_string, const char *service_string, time_t *expire_time);
-krb5_error_code kpasswd_err_to_krb5_err(krb5_error_code res_code);
krb5_error_code smb_krb5_gen_netbios_krb5_address(smb_krb5_addresses
**kerb_addr,
const char *netbios_name);
krb5_error_code smb_krb5_free_addresses(krb5_context context,
smb_krb5_addresses *addr);
diff --git a/lib/texpect/texpect.c b/lib/texpect/texpect.c
new file mode 100644
index 0000000..c1a6a99
--- /dev/null
+++ b/lib/texpect/texpect.c
@@ -0,0 +1,441 @@
+/*
+ * Copyright (c) 2008 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#ifndef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_WAIT_H
+#include <sys/wait.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_PTY_H
+#include <pty.h>
+#endif
+#ifdef HAVE_UTIL_H
+#include <util.h>
+#endif
+#ifdef HAVE_LIBUTIL_H
+#include <libutil.h>
+#endif
+
+#ifdef STREAMSPTY
+#include <stropts.h>
+#endif /* STREAMPTY */
+
+#include <popt.h>
+#include <errno.h>
+#include <err.h>
+
+struct command {
+ enum { CMD_EXPECT = 0, CMD_SEND, CMD_PASSWORD } type;
+ unsigned int lineno;
+ char *str;
+ struct command *next;
+};
+
+/*
+ *
+ */
+
+static struct command *commands, **next = &commands;
+
+static sig_atomic_t alarmset = 0;
+
+static int opt_timeout = 10;
+static int opt_verbose;
+
+static int master;
+static int slave;
+static char line[256] = { 0 };
+
+static void caught_signal(int signo)
+{
+ alarmset = signo;
+}
+
+
+static void open_pty(void)
+{
+#ifdef _AIX
+ printf("implement open_pty\n");
+ exit(77);
+#endif
+#if defined(HAVE_OPENPTY) || defined(__linux) || defined(__osf__) /* XXX */
+ if(openpty(&master, &slave, line, 0, 0) == 0)
+ return;
+#endif /* HAVE_OPENPTY .... */
+#ifdef STREAMSPTY
+ {
+ char *clone[] = {
+ "/dev/ptc",
+ "/dev/ptmx",
+ "/dev/ptm",
+ "/dev/ptym/clone",
+ NULL
+ };
+ char **q;
+
+ for(q = clone; *q; q++){
+ master = open(*q, O_RDWR);
+ if(master >= 0){
+#ifdef HAVE_GRANTPT
+ grantpt(master);
+#endif
+#ifdef HAVE_UNLOCKPT
+ unlockpt(master);
+#endif
+ strlcpy(line, ptsname(master), sizeof(line));
+ slave = open(line, O_RDWR);
+ if (slave < 0)
+ errx(1, "failed to open slave when
using %s", *q);
+ ioctl(slave, I_PUSH, "ptem");
+ ioctl(slave, I_PUSH, "ldterm");
+
+ return;
+ }
+ }
+ }
+#endif /* STREAMSPTY */
+
+ /* more cases, like open /dev/ptmx, etc */
+
+ exit(77);
+}
+
+/*
+ *
+ */
+
+static char *iscmd(const char *buf, const char *s)
+{
+ size_t len = strlen(s);
+
+ if (strncmp(buf, s, len) != 0) {
+ return NULL;
+ }
+
+ return strdup(buf + len);
+}
+
+/*******************************************************************
+A write wrapper that will deal with EINTR.
+********************************************************************/
+
+static ssize_t sys_write(int fd, const void *buf, size_t count)
+{
+ ssize_t ret;
+
+ do {
+ ret = write(fd, buf, count);
+#if defined(EWOULDBLOCK)
+ } while (ret == -1 && (errno == EINTR || errno == EAGAIN || errno ==
EWOULDBLOCK));
+#else
+ } while (ret == -1 && (errno == EINTR || errno == EAGAIN));
+#endif
+ return ret;
+}
+
+static void parse_configuration(const char *fn)
+{
+ struct command *c;
+ char s[1024];
+ char *str;
+ unsigned int lineno = 0;
+ FILE *cmd;
+
+ cmd = fopen(fn, "r");
+ if (cmd == NULL)
+ err(1, "open: %s", fn);
+
+ while (fgets(s, sizeof(s), cmd) != NULL) {
+
+ s[strcspn(s, "#\n")] = '\0';
+ lineno++;
+
+ c = calloc(1, sizeof(*c));
+ if (c == NULL)
+ errx(1, "malloc");
+
+ c->lineno = lineno;
+ (*next) = c;
+ next = &(c->next);
+
+ if ((str = iscmd(s, "expect ")) != NULL) {
+ c->type = CMD_EXPECT;
+ c->str = str;
+ } else if ((str = iscmd(s, "send ")) != NULL) {
+ c->type = CMD_SEND;
+ c->str = str;
+ } else if ((str = iscmd(s, "password ")) != NULL) {
+ c->type = CMD_PASSWORD;
+ c->str = str;
+ } else
+ errx(1, "Invalid command on line %d: %s", lineno, s);
+ }
+
+ fclose(cmd);
+}
+
+/* A wrapper to close als file descriptors above the given fd */
+static int sys_closefrom(int fd)
+{
+ int num = getdtablesize();
+
+ if (num < 0) {
+ num = 1024;
+ }
+
+ for (; fd <= num; fd++) {
+ close(fd);
+ }
+
+ return 0;
+}
+
+
+/*
+ *
+ */
+
+static int eval_parent(pid_t pid)
+{
+ struct command *c;
+ char in;
+ size_t len = 0;
+ ssize_t sret;
+
+ for (c = commands; c != NULL; c = c->next) {
+ switch(c->type) {
+ case CMD_EXPECT:
+ if (opt_verbose) {
+ printf("[expecting %s]\n", c->str);
+ }
+ len = 0;
+ alarm(opt_timeout);
+ while((sret = read(master, &in, sizeof(in))) > 0) {
+ alarm(opt_timeout);
+ printf("%c", in);
+ if (c->str[len] != in) {
+ len = 0;
+ continue;
+ }
+ len++;
+ if (c->str[len] == '\0') {
+ break;
+ }
+ }
+ alarm(0);
+ if (alarmset == SIGALRM) {
+ errx(1, "timeout waiting for %s (line %u)",
+ c->str, c->lineno);
+ } else if (alarmset) {
+ errx(1, "got a signal %d waiting for %s (line
%u)",
+ (int)alarmset, c->str,
c->lineno);
+ }
+
+ if (sret <= 0) {
+ errx(1, "end command while waiting for %s (line
%u)",
+ c->str, c->lineno);
+ }
+ break;
+ case CMD_SEND:
+ case CMD_PASSWORD: {
+ size_t i = 0;
+ const char *msg = (c->type == CMD_PASSWORD) ? "****" :
c->str;
+
+ if (opt_verbose) {
+ printf("[send %s]\n", msg);
+ }
+
+ len = strlen(c->str);
+
+ while (i < len) {
+ if (c->str[i] == '\\' && i < len - 1) {
+ char ctrl;
+ i++;
+ switch(c->str[i]) {
+ case 'n':
+ ctrl = '\n';
+ break;
+ case 'r':
+ ctrl = '\r';
+ break;
+ case 't':
+ ctrl = '\t';
+ break;
+ default:
+ errx(1,
+ "unknown control char %c
(line %u)",
+ c->str[i],
+ c->lineno);
+ }
+ if (sys_write(master, &ctrl, 1) != 1) {
+ errx(1, "command refused input
(line %u)", c->lineno);
+ }
+ } else {
+ if (sys_write(master, &c->str[i], 1) !=
1) {
+ errx(1, "command refused input
(line %u)", c->lineno);
+ }
+ }
+ i++;
+ }
+ break;
+ }
+ default:
+ abort();
+ }
+ }
+
+ while(read(master, &in, sizeof(in)) > 0) {
+ printf("%c", in);
+ }
+
+ if (opt_verbose) {
+ printf("[end of program]\n");
+ }
+
+ /*
+ * Fetch status from child
+ */
+ {
+ int ret, status;
+
+ ret = waitpid(pid, &status, 0);
+ if (ret == -1) {
+ err(1, "waitpid");
+ }
+
+ if (WIFEXITED(status) && WEXITSTATUS(status)) {
+ return WEXITSTATUS(status);
+ } else if (WIFSIGNALED(status)) {
+ printf("killed by signal: %d\n", WTERMSIG(status));
+ return 1;
+ }
+ }
+
+ return 0;
+}
+
+/*
+ *
+ */
+struct poptOption long_options[] = {
+ POPT_AUTOHELP
+ {"timeout", 't', POPT_ARG_INT, &opt_timeout, 't'},
+ {"verbose", 'v', POPT_ARG_NONE, &opt_verbose, 'v'},
+ POPT_TABLEEND
+};
+
+int main(int argc, const char **argv)
+{
+ int optidx = 0;
+ pid_t pid;
+ poptContext pc;
+ const char *instruction_file;
+ const char *program;
+ char* const *program_args;
+
+ pc = poptGetContext("texpect",
+ argc,
+ argv,
+ long_options,
+ POPT_CONTEXT_POSIXMEHARDER);
+
+ if (argc == 1) {
+ poptPrintHelp(pc, stderr, 0);
+ return 1;
+ }
+
+ while ((optidx = poptGetNextOpt(pc)) != -1) {
+ ;;
+ }
+
+ instruction_file = poptGetArg(pc);
+ program_args = poptGetArgs(pc);
+ program = program_args[0];
+
+ if (opt_verbose) {
+ int i;
+
+ printf("Using instruction_file: %s\n", instruction_file);
+ printf("Executing '%s' ", program);
+ for (i = 0; program_args && program_args[i] != NULL; i++) {
+ printf("'%s' ", program_args[i]);
+ }
+ printf("\n");
+ }
+
+ parse_configuration(instruction_file);
+
+ open_pty();
+
+ pid = fork();
+ switch (pid) {
+ case -1:
+ err(1, "Failed to fork");
+ case 0:
+
+ if(setsid()<0)
+ err(1, "setsid");
+
+ dup2(slave, STDIN_FILENO);
+ dup2(slave, STDOUT_FILENO);
+ dup2(slave, STDERR_FILENO);
+
+ sys_closefrom(STDERR_FILENO + 1);
+
+ /* texpect <expect_instructions> <progname> [<args>] */
+ execvp(program, program_args);
+ err(1, "Failed to exec: %s", program);
+ default:
+ close(slave);
+ {
+ struct sigaction sa;
+
+ sa.sa_handler = caught_signal;
+ sa.sa_flags = 0;
+ sigemptyset (&sa.sa_mask);
+
+ sigaction(SIGALRM, &sa, NULL);
+ }
+
+ return eval_parent(pid);
+ }
+}
diff --git a/lib/texpect/wscript b/lib/texpect/wscript
new file mode 100644
index 0000000..51602f1
--- /dev/null
+++ b/lib/texpect/wscript
@@ -0,0 +1,9 @@
+#!/usr/bin/env python
+
+def configure(conf):
+ conf.CHECK_FUNCS_IN('openpty', 'util', checklibc=True, headers='pty.h
util.h libutil.h')
+
+def build(bld):
+ bld.SAMBA_BINARY('texpect',
+ 'texpect.c',
+ deps='popt util')
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 28c287e..342de58 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -703,8 +703,8 @@ $ctx->{unix_name}:x:$ctx->{unix_gid}:
my $hostname = lc($ctx->{hostname});
open(HOSTS, ">>$ctx->{nsswrap_hosts}");
- print HOSTS "$ctx->{ipv4} ${hostname}.samba.example.com ${hostname}\n";
- print HOSTS "$ctx->{ipv6} ${hostname}.samba.example.com ${hostname}\n";
+ print HOSTS "$ctx->{ipv4} ${hostname}.$ctx->{dnsname} ${hostname}\n";
+ print HOSTS "$ctx->{ipv6} ${hostname}.$ctx->{dnsname} ${hostname}\n";
close(HOSTS);
my $configuration = "--configfile=$ctx->{smb_conf}";
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index d27e55b..5b33e2e 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -25,23 +25,7 @@
#ifdef HAVE_KRB5
-#define DEFAULT_KPASSWD_PORT 464
-
-#define KRB5_KPASSWD_VERS_CHANGEPW 1
--
Samba Shared Repository
