The branch, v4-6-test has been updated via 0afb85c tests/bind.py: Add a bind test with NTLMSSP with no domain via 96d9297 s3:cliconnect.c: remove useless ';' via bb14cec s3:libsmb: allow -U"\administrator" to work from d71e1a2 Merge tag 'samba-4.6.14' into v4-6-test
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log ----------------------------------------------------------------- commit 0afb85c28f3932ef952abbbe10c20340e51ca90d Author: Garming Sam <garm...@catalyst.net.nz> Date: Mon Jan 8 16:34:02 2018 +1300 tests/bind.py: Add a bind test with NTLMSSP with no domain Confirmed to pass against Windows 2012 R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam <garm...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> (cherry picked from commit 2e49a97777ebf5bffbeadca03517b4a21bca24c0) Autobuild-User(v4-6-test): Stefan Metzmacher <me...@samba.org> Autobuild-Date(v4-6-test): Tue Mar 20 21:20:00 CET 2018 on sn-devel-144 commit 96d9297a98d86000ec776049d84305ad9371efcc Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 9 08:57:05 2018 +0100 s3:cliconnect.c: remove useless ';' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3) commit bb14cec6160bf9249fe2eb997ff48ad1408885d3 Author: Stefan Metzmacher <me...@samba.org> Date: Tue Jan 9 08:55:48 2018 +0100 s3:libsmb: allow -U"\\administrator" to work cli_credentials_get_principal() returns NULL in that case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 0786a65cabb92a812cf1c692d0d26914f74a6f87) ----------------------------------------------------------------------- Summary of changes: auth/credentials/tests/bind.py | 26 +++++++++++++++++++++++++- source3/libsmb/cliconnect.c | 9 +++++++-- 2 files changed, 32 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/tests/bind.py b/auth/credentials/tests/bind.py index 91e493d..4aa4498 100755 --- a/auth/credentials/tests/bind.py +++ b/auth/credentials/tests/bind.py @@ -43,6 +43,7 @@ creds_machine = copy.deepcopy(creds) creds_user1 = copy.deepcopy(creds) creds_user2 = copy.deepcopy(creds) creds_user3 = copy.deepcopy(creds) +creds_user4 = copy.deepcopy(creds) class BindTests(samba.tests.TestCase): @@ -64,7 +65,7 @@ class BindTests(samba.tests.TestCase): self.config_dn = self.info_dc["configurationNamingContext"][0] self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn self.password = "P@ssw0rd" - self.username = "BindTestUser_" + time.strftime("%s", time.gmtime()) + self.username = "BindTestUser" def tearDown(self): super(BindTests, self).tearDown() @@ -113,6 +114,7 @@ unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """ expression="(samAccountName=%s)" % self.username) self.assertEquals(len(ldb_res), 1) user_dn = ldb_res[0]["dn"] + self.addCleanup(delete_force, self.ldb, user_dn) # do a simple bind and search with the user account in format user@realm creds_user1.set_bind_dn(self.username + "@" + creds.get_realm()) @@ -138,5 +140,27 @@ unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """ lp=lp, ldap_only=True) res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) + def test_user_account_bind_no_domain(self): + # create user + self.ldb.newuser(username=self.username, password=self.password) + ldb_res = self.ldb.search(base=self.domain_dn, + scope=SCOPE_SUBTREE, + expression="(samAccountName=%s)" % self.username) + self.assertEquals(len(ldb_res), 1) + user_dn = ldb_res[0]["dn"] + self.addCleanup(delete_force, self.ldb, user_dn) + + creds_user4.set_username(self.username) + creds_user4.set_password(self.password) + creds_user4.set_domain('') + creds_user4.set_workstation('') + print "BindTest (no domain) with: " + self.username + try: + ldb_user4 = samba.tests.connect_samdb(host, credentials=creds_user4, + lp=lp, ldap_only=True) + except: + self.fail("Failed to connect without the domain set") + + res = ldb_user4.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"]) TestProgram(module=__name__, opts=subunitopts) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 75bcae4..7f03e8b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -283,8 +283,9 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli, auth_requested = cli_credentials_authentication_requested(creds); if (auth_requested) { + errno = 0; user_principal = cli_credentials_get_principal(creds, frame); - if (user_principal == NULL) { + if (errno != 0) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } @@ -299,6 +300,10 @@ NTSTATUS cli_session_creds_prepare_krb5(struct cli_state *cli, try_kerberos = true; } + if (user_principal == NULL) { + try_kerberos = false; + } + if (target_hostname == NULL) { try_kerberos = false; } else if (is_ipaddress(target_hostname)) { @@ -1281,7 +1286,7 @@ static struct tevent_req *cli_session_setup_spnego_send( status = cli_session_creds_prepare_krb5(cli, creds); if (tevent_req_nterror(req, status)) { - return tevent_req_post(req, ev);; + return tevent_req_post(req, ev); } subreq = cli_session_setup_gensec_send(state, ev, cli, creds, -- Samba Shared Repository