summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* VERSION: Disable GIT_SNAPSHOT for the 4.16.0 release.samba-4.16.0Jule Anger2022-03-211-2/+2
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* WHATSNEW: Add release notes for Samba 4.16.0.Jule Anger2022-03-211-12/+42
| | | | Signed-off-by: Jule Anger <janger@samba.org>
* WHATSNEW: Mention our matrix room as wellAndrew Bartlett2022-03-211-1/+2
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* WHATSNEW: IRC is irc.libera.chat according to ↵Thomas Debesse2022-03-211-1/+1
| | | | | | | https://www.samba.org/samba/irc.html Signed-off-by: Thomas Debesse <dev@illwieckz.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* WHATSNEW for Heimdal upgradeAndrew Bartlett2022-03-171-0/+40
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* WHATSNEW: older SMB1 command removal/simpliciation and deprecationAndrew Bartlett2022-03-171-15/+63
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:kdc: tunnel the check_client_access status to hdb_samba4_audit()Stefan Metzmacher2022-03-173-0/+6
| | | | | | | | | | | | | | | | Otherwise useful information gets lost while converting from NTSTATUS to krb5_error and back to NTSTATUS again. E.g. NT_STATUS_ACCOUNT_DISABLED would be audited as NT_STATUS_ACCOUNT_LOCKED_OUT. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5294dc80090482d5669126802672eb2c89e269cf) Autobuild-User(v4-16-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-16-test): Thu Mar 17 10:12:38 UTC 2022 on sn-devel-184
* s4-kdc: Handle previously unhandled auth event typesJoseph Sutton2022-03-171-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Cases to handle KDC_AUTH_EVENT_VALIDATED_LONG_TERM_KEY and KDC_AUTH_EVENT_PREAUTH_SUCCEEDED were removed in: commit 791be84c3eecb95e03611458e2305bae272ba267 Author: Stefan Metzmacher <metze@samba.org> Date: Wed Mar 2 10:10:08 2022 +1300 s4:kdc: hdb_samba4_audit() is only called once per request Normally these auth event types are overwritten with the KDC_AUTH_EVENT_CLIENT_AUTHORIZED event type, but if a client passes the pre-authentication check, and happens to fail the client access check (e.g. because the account is disabled), we get error messages of the form: hdb_samba4_audit: Unhandled hdb_auth_status=9 => INTERNAL_ERROR To avoid such errors, use the error code provided in the request structure to obtain a relevant status code in cases not handled explicitly. For unexpected values we return KRB5KRB_ERR_GENERIC in order to hopefully prevent success. And within make test we panic in order let a ci run fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15015 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b01388da8a72c11c46bb27e773b354520bc6ac88)
* s3:libads: Fix creating local krb5.confAndreas Schneider2022-03-171-0/+5
| | | | | | | | | | | | | | | We create an KDC ip string entry directly at the beginning, use it if we don't have any additional DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Mar 16 14:26:36 UTC 2022 on sn-devel-184 (cherry picked from commit 68d181ee676e17a5cdcfc12c5cc7eef242fdfa6c)
* s3:libads: Check print_canonical_sockaddr_with_port() for NULL in ↵Andreas Schneider2022-03-171-2/+7
| | | | | | | | | | get_kdc_ip_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 12c843ad0a97fcbaaea738b82941533e5d2aec99)
* s3:libads: Remove obsolete free's of kdc_strAndreas Schneider2022-03-171-11/+1
| | | | | | | | | | This is allocated on the stackframe now! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit cca189d0934790418e27d9d01282370b1e6a057f)
* s3:libads: Allocate all memory on the talloc stackframeAndreas Schneider2022-03-171-6/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 652c8ce1672dfead00c7af6af22e3bb3927764ec)
* s3:libads: Use talloc_asprintf_append() in get_kdc_ip_string()Andreas Schneider2022-03-171-4/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 812032833aa65729dbbfd4313a6e3fe072c88530)
* s3:libads: Improve debug messages for get_kdc_ip_string()Andreas Schneider2022-03-171-1/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 7f721dc2eee0064a1ddd480fcaf77bf1659c7a26)
* s3:libads: Leave early on error in get_kdc_ip_string()Andreas Schneider2022-03-171-6/+11
| | | | | | | | | | This avoids useless allocations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 313f03c78487ae49747b8143220ecbfe8ad9310a)
* s3:libads: Remove trailing spaces in kerberos.cAndreas Schneider2022-03-171-9/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 567b1996796e5d3cf572653f38817d832fa135ca)
* testprogs: Add test that local krb5.conf has been createdAndreas Schneider2022-03-171-0/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15016 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit d2ac90cdd5672330ed9c323fc474f8ba62750a6f)
* s3:libsmb: Fix errno for failed authentication in SMBC_server_internal()Elia Geretto2022-03-171-1/+1
| | | | | | | | | | | | | | | | | | | | In SMBC_server_internal(), when authentication fails, the errno value is currently hard-coded to EPERM, while it should be EACCES instead. Use the NT_STATUS map to set the appropriate value. This bug was found because it breaks listing printers protected by authentication in GNOME Control Panel. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14983 Signed-off-by: Elia Geretto <elia.f.geretto@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 16 19:44:18 UTC 2022 on sn-devel-184 (cherry picked from commit 70b9977a46e5242174b4461a7f49d5f640c1db62)
* s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4namesStefan Metzmacher2022-03-162-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | authenticate_ldap_simple_bind*() needs to pass the result of the cracknames operation into the auth stack as user_info->client.{account,domain}_name, because user_info->client.{account,domain}_name is also used when forwarding the request via netrLogonSamLogon* to a remote server, for exactly that the values are also used in order to map a AUTH_PASSWORD_PLAIN into AUTH_PASSWORD_RESPONSE, where the NTLMv2 response contains the account and domain names passed in the netr_IdentityInfo value. Otherwise it would not be possible to forward the LDAP simple bind authentication request to a remote DC. Currently this only applies to an RODC that forwards the request to an RWDC. But note that LDAP simple binds (as on Windows) only work for users in the DCs forest, as the DsCrackNames need to work and it can't work for users of remote forests. I tested that in a DC of a forest root domain, if rejected the LDAP simple bind against a different forest, but allowed it for a users of a child domain in the same forest. The NTLMSSP bind worked in both cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184 (cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86) Autobuild-User(v4-16-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-16-test): Wed Mar 16 14:40:08 UTC 2022 on sn-devel-184
* auth: let auth logging prefer user_info->orig_client.{account,domain}_name ↵Stefan Metzmacher2022-03-162-5/+17
| | | | | | | | | | | | | | | | | if available The optional user_info->orig_client.{account,domain}_name are the once really used by the client and should be used in audit logging. But we still fallback to user_info->client.{account,domain}_name. This will be important for the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 24b580cae23860a0fe6c9d3a285d60564057043d)
* s4:auth: rename user_info->mapped_state to user_info->cracknames_calledStefan Metzmacher2022-03-163-4/+4
| | | | | | | | | | | | | This makes it much clearer what it is used for and it is a special hack for authenticate_ldap_simple_bind_send() in order to avoid some additional work in authsam_check_password_internals(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 427125d182252d8aee3dd906ee34a909cdbb8ef3)
* winbindd: don't set mapped_state in winbindd_dual_auth_passdb()Stefan Metzmacher2022-03-162-5/+0
| | | | | | | | | | | | | | | | | | | mapped_state is a special hack for authenticate_ldap_simple_bind_send() in order to avoid some additional work in authsam_check_password_internals() This doesn't apply here. We should also handle wbinfo -a authentication UPN names, e.g. administrator@DOMAIN, even if the account belongs to the local sam. With this change the behavior is consistent also locally on DCs and also an RODC can handle these requests locally for cached accounts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
* nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAINStefan Metzmacher2022-03-162-0/+4
| | | | | | | | | | | | | | | | | When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote DC work fine for upn names, e.g. administrator@DOMAIN. But it currently fails locally on a DC against the local sam. For the RODC only work because it forwards the request to an RWDC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
* s3:auth: make_user_info_map() should not set mapped_stateStefan Metzmacher2022-03-161-2/+0
| | | | | | | | | | | | | mapped_state is only evaluated in authsam_check_password_internals() of auth_sam.c in source4, so setting it in the auth3 code doesn't make any difference. I've proved that with an SMB_ASSERT() and a full pipeline not triggering it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit c56cb12f347b7582290ce1d4dfe3959d69050bd9)
* s4:auth: fix confusing DEBUG message in authsam_want_check()Stefan Metzmacher2022-03-161-2/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit a12683bd1206df4d4d87a3842d92e34a69e172b7)
* s4:auth: check for user_info->mapped.account_name if it needs to be filledStefan Metzmacher2022-03-161-6/+1
| | | | | | | | | | | | | | | | mapped_state is a special hack for authenticate_ldap_simple_bind_send() in order to avoid some additional work in authsam_check_password_internals(). But that code will be changed in the next commits, so we can simplify the logic and only check for user_info->mapped.account_name being NULL. As it's the important factor that user_info->mapped.account_name is non-NULL down in the auth stack. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit c7b8c71b2b71bb9d95c33d403c4204376f443852)
* s4:rpc_server/samr: don't set mapped_state in auth_usersupplied_info for ↵Stefan Metzmacher2022-03-161-1/+0
| | | | | | | | | | | | | audit logging mapped_state is completely irrelevant for audit logging and will also be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 52787b9c1e9370133ff4481c62c2e7b9393c2439)
* s4:kdc: don't set mapped_state in auth_usersupplied_info for audit loggingStefan Metzmacher2022-03-161-1/+0
| | | | | | | | | | | mapped_state is completely irrelevant for audit logging and will also be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ca6948642bc2ff821ec4ca8ab24902b1ba9e8397)
* s4:dsdb: don't set mapped_state in auth_usersupplied_info for audit loggingStefan Metzmacher2022-03-161-1/+0
| | | | | | | | | | | mapped_state is completely irrelevant for audit logging and will also be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 99efe5f4e9ce426b28cef94d858849707ce15739)
* s4:smb_server: don't set mapped_state explicitly in auth_usersupplied_infoStefan Metzmacher2022-03-161-2/+0
| | | | | | | | | | | We already use talloc_zero() and mapped_state will be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 859c7817350553259eb09c889bc40afebb60064a)
* auth/ntlmssp: don't set mapped_state explicitly in auth_usersupplied_infoStefan Metzmacher2022-03-161-1/+0
| | | | | | | | | | | We already use talloc_zero() and mapped_state will be removed in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 9a4ac8ab2e2c8ee48f6bf5a6ecf7988c435ba1c6)
* s4:auth: encrypt_user_info() should set password_state instead of mapped_stateStefan Metzmacher2022-03-161-2/+2
| | | | | | | | | | | | | | user_info->mapped_state has nothing to do with enum auth_password_state, user_info->password_state is the one that holds the auth_password_state value. Luckily user_info->password_state was never referenced in the encrypt_user_info() callers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit a6fb598d9dcbfe21ef285b5f30fabcb88a259c93)
* s4:auth: a simple bind uses the DCs name as workstationStefan Metzmacher2022-03-161-1/+2
| | | | | | | | | | | | | | | I've seen that in LogonSamLogonEx request triggered by a simple bind with a user of a trusted domain within the same forest. Note simple binds don't work with users for another forest/external domain, as the DsCrackNames call on the bind_dn fails. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 31db704882bbcd569c2abb764ac1d3691ee0a267)
* s3:rpc_client: let rpccli_netlogon_network_logon() fallback to workstation = ↵Stefan Metzmacher2022-03-161-0/+4
| | | | | | | | | | | lp_netbios_name() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14641 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5c04c01354944fc3a64bb109bf3e9bf89086cc6f)
* rodc: Add tests for simple BIND alongside NTLMSSP bindsGarming Sam2022-03-162-22/+38
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
* s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an ↵Stefan Metzmacher2022-03-162-3/+3
| | | | | | | | | | | | | | | | | | interactive logon Using != AUTH_PASSWORD_RESPONSE is not the correct indication due to the local mappings from AUTH_PASSWORD_PLAIN via AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE. It means an LDAP simble bind will now honour 'old password allowed period'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
* s3:auth: let make_user_info_netlogon_interactive() set ↵Stefan Metzmacher2022-03-161-0/+1
| | | | | | | | | | | | | | USER_INFO_INTERACTIVE_LOGON This is not really relevant for now, as USER_INFO_INTERACTIVE_LOGON is not evaluated in the source3/auth stack. But better add it to be consistent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 012bd9f5b780f7a90cf3bd918f044ea67fae7017)
* dsdb/tests: add test_login_basics_simple()Stefan Metzmacher2022-03-162-7/+20
| | | | | | | | | | | | This demonstrates that 'old password allowed period' also applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 3625d1381592f7af8ec14715c6c2dfa4d9f02676)
* dsdb/tests: prepare BasePasswordTestCase for simple bind testsStefan Metzmacher2022-03-161-3/+17
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0b1fbc9d56e2a25e3f1527ee5bc54880bdc65fc6)
* dsdb/tests: introduce assertLoginSuccessStefan Metzmacher2022-03-162-5/+15
| | | | | | | | | | This makes it possible to catch failures with knownfail entries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 751ce671a4af32bc1c56433a5a1c8161377856c5)
* dsdb/tests: make use of assertLoginFailure helperStefan Metzmacher2022-03-161-6/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 03ba5af3d9eaeb5f0c7c1a1a61ef2ac454eb8392)
* dsdb/tests: let all BasePasswordTestCase tests provide self.host_url[_ldaps]Stefan Metzmacher2022-03-163-7/+9
| | | | | | | | | | This will make further changes easier. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5a3214c99048a88b0a9f509e3b5b38326529b02c)
* dsdb/tests: passwords.py don't need to import BasePasswordTestCaseStefan Metzmacher2022-03-161-1/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 90754591a7e4d5a3af70c01425930f4ec063c516)
* python:tests: let insta_creds() also copy the bind_dn from the templateStefan Metzmacher2022-03-161-0/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit a30a7626254c863f95b98c97ea46ff54b98078ad)
* s4-kdc: Fix memory leak in FAST cookie handlingAndrew Bartlett2022-03-141-0/+1
| | | | | | | | | | | | | | | | The call to sdb_free_entry() was forgotten. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15000 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 11 11:05:55 UTC 2022 on sn-devel-184 (cherry picked from commit b7bc1f6dddc1c5fee8a39422823f167db1f24bb2) Autobuild-User(v4-16-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-16-test): Mon Mar 14 15:24:28 UTC 2022 on sn-devel-184
* third_party/heimdal: import lorikeet-heimdal-202203101710 (commit ↵Stefan Metzmacher2022-03-144-73/+134
| | | | | | | | | | | | | | | | | df8d801544144949931cd742169be1207b239c3d) This fixes the regressions against KDCs without FAST support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 11 18:06:47 UTC 2022 on sn-devel-184 (cherry picked from commit 9b48e7f7eda5e368c1192d562c268885c1f68d8b)
* selftest: use 'kdc enable fast = no' for fl2000 fl2003Stefan Metzmacher2022-03-143-1/+38
| | | | | | | | | | | | This makes sure we still run tests against KDCs without FAST support and it already found a few regressions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> (cherry picked from commit f1a71e24864367a55a30813dd642e7ef392b5ac9)
* s4:kdc: make use of the 'kdc enable fast' optionStefan Metzmacher2022-03-142-2/+13
| | | | | | | | | | | | This will useful to test against a KDC without FAST support and find/prevent regressions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> (cherry picked from commit 2db7589d69abebad16b66d933114367f815d5fc3)
* docs-xml: add 'kdc enable fast' optionStefan Metzmacher2022-03-143-0/+19
| | | | | | | | | | | | This will be useful to test against a KDC without FAST support and find/prevent regressions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> (cherry picked from commit 12b623088cf48cf9e4a046441810ef20e1f079b8)
* third_party/heimdal: import lorikeet-heimdal-202203101709 (commit ↵Stefan Metzmacher2022-03-1413-10/+590
| | | | | | | | | | | 47863866da25cc21d292ce335a976b8b33fa1864) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> (cherry picked from commit 67bdc922f9836779f1b37805575c5c4eea9ba3e6)
View Lorry Controller Status