summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* pyldb: Make ldb.Message containment testing consistent with indexingJoseph Sutton2021-10-261-4/+0
| | | | | | | | | | | | | | | | | Previously, containment testing using the 'in' operator was handled by performing an equality comparison between the chosen object and each of the message's keys in turn. This behaviour was prone to errors due to not considering differences in case between otherwise equal elements, as the indexing operations do. Containment testing should now be more consistent with the indexing operations and with the get() method of ldb.Message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 860d8902a9c502d4be83396598cf4a53c80fea69)
* pyldb: Add tests for ldb.Message containment testingJoseph Sutton2021-10-261-0/+4
| | | | | | | | | | | | | These tests verify that the 'in' operator on ldb.Message is consistent with indexing and the get() method. This means that the 'dn' element should always be present, lookups should be case-insensitive, and use of an invalid type should result in a TypeError. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 865fe238599a732360b77e06e592cb85d459acf8)
* pyldb: Raise TypeError for an invalid ldb.Message indexJoseph Sutton2021-10-261-1/+0
| | | | | | | | | | | Previously, a TypeError was raised and subsequently overridden by a KeyError. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 22353767ca75af9d9e8fa1e7da372dcb5eddfcb7)
* pyldb: Add test for an invalid ldb.Message index typeJoseph Sutton2021-10-261-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b018e51d2725a23b2fedd3058644b8021f6a6a06)
* pyldb: Fix deleting an ldb.Control critical flagJoseph Sutton2021-10-261-1/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 9d25a21d6024c6c2f8e4634f45e3944d8acbf8b8)
* pytest:segfault: Add test for deleting an ldb.Control critical flagJoseph Sutton2021-10-261-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit b1adaa517c1237a473bdcf818523f5107df3d6b0)
* pyldb: Fix deleting an ldb.Message dnJoseph Sutton2021-10-261-1/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d7af772de88885f46708329ff7bb5798da91d2c7)
* pytest:segfault: Add test for deleting an ldb.Message dnJoseph Sutton2021-10-261-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6a041f6a99c39632d5c32e9d53b06719c20bef2c)
* dsdb: Allow special chars like "@" in samAccountName when generating the saltAndrew Bartlett2021-10-251-11/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184 (cherry picked from commit 5eeb441b771a1ffe1ba1c69b72e8795f525a58ed)
* tests/krb5: Add tests for account salt calculationJoseph Sutton2021-10-251-0/+12
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 46039baa81377df10e5b134e4bb064ed246795e4)
* selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd ↵Stefan Metzmacher2021-10-251-30/+8
| | | | | | | | | | | | | | => "offline") This is much more flexible and concentrates the logic in a single place. We'll use winbindd => "offline" in other places soon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 4dc3c68c9a28f71888e3d6dd3b1f0bcdb8fa45de)
* selftest/Samba3: remove unused close(USERMAP); callsStefan Metzmacher2021-10-251-5/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d998f7f8df215866ab32e05be772e24fc0b2131c)
* selftest: Improve error handling and perl style when setting up users in ↵Andrew Bartlett2021-10-251-19/+53
| | | | | | | | | | | | | Samba4.pm This catches errors and avoids using global varibles (the old style file handles are global). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 459200caba04fd83ed650b9cdfe5b158cf9a149f)
* selftest: Remove duplicate setup of $base_dn and $ldbmodifyAndrew Bartlett2021-10-251-4/+0
| | | | | | | | | | | | These are already set up to the same values above for the full DC and correct values for the (strange) s4member environment. By not setting $base_dn again we avoid an error once we start checking for them. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2c0658d408f17af2abc223b0cb18d8d33e0ecd1a)
* tests/krb5: Add tests for constrained delegation to NO_AUTH_DATA_REQUIRED ↵Joseph Sutton2021-10-251-1/+7
| | | | | | | | | | | | | | service BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 20 09:22:43 UTC 2021 on sn-devel-184 (cherry picked from commit 83a654a4efd39a6e792a6d49e0ecf586e9bc53ef)
* kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for ↵Andrew Bartlett2021-10-251-4/+0
| | | | | | | | | | | | | | | | servers UF_NO_AUTH_DATA_REQUIRED on a server/service account should cause the PAC to be stripped not to given an error if the PAC was still present. Tested against Windows 2019 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 031a8287642e3c4b9d0b7c6b51f3b1d79b227542)
* kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principalsAndrew Bartlett2021-10-252-2/+0
| | | | | | | | | | | Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED applies to services only, not to clients. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 92e8ce18a79e88c9b961dc20e39436c4cf653013)
* tests/krb5: Add tests for requesting a service ticket without a PACJoseph Sutton2021-10-252-0/+10
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Oct 17 23:40:33 UTC 2021 on sn-devel-184 (cherry picked from commit 9d3a691920205f8a9dc05d0e173e25e6a335f139)
* s4:kdc: Check ticket signatureJoseph Sutton2021-10-251-9/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 02fa69c6c73c01d82807be4370e838f3e7c66f35)
* s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match WindowsJoseph Sutton2021-10-251-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 28a5a586c8e9cd155d676dcfcb81a2587ace99d1)
* kdc: sign ticket using Windows PACIsaac Boukris2021-10-251-53/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Split Windows PAC signing and verification logic, as the signing has to be when the ticket is ready. Create sign and verify the PAC KDC signature if the plugin did not, allowing for S4U2Proxy to work, instead of KRB5SignedPath. Use the header key to verify PAC server signature, as the same key used to encrypt/decrypt the ticket should be used for PAC server signature, like U2U tickets are signed witht the tgt session-key and not with the longterm key, and so krbtgt should be no different and the header key should be used. Lookup the delegated client in DB instead of passing the delegator DB entry. Add PAC ticket-signatures and related functions. Note: due to the change from KRB5SignedPath to PAC, S4U2Proxy requests against new KDC will not work if the evidence ticket was acquired from an old KDC, and vide versa. Closes: #767 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 [jsutton@samba.org Backported from Heimdal commit 2ffaba9401d19c718764d4bd24180960290238e9 - Removed tests - Adapted to Samba's version of Heimdal - Addressed build failures with -O3 - Added knownfails ] Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d7b03394a9012960d71489e775d40d10fd6f5232)
* kdc: remove KRB5SignedPath, to be replaced with PACIsaac Boukris2021-10-251-0/+6
| | | | | | | | | | | | | | | | | | | | | | KRB5SignedPath was a Heimdal-specific authorization data element used to protect the authenticity of evidence tickets when used in constrained delegation (without a Windows PAC). Remove this, to be replaced with the Windows PAC which itself now supports signing the entire ticket in the TGS key. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 [jsutton@samba.org Backported from Heimdal commit bb1d8f2a8c2545bccdf2c9179ce9259bf1050086 - Removed tests - Removed auditing hook (only present in Heimdal master) - Added knownfails ] Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ccabc7f16cca5b0dcb46233e934e708167f1071b)
* s4/torture: Expect ticket checksum PAC bufferJoseph Sutton2021-10-252-0/+82
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit d5002c34ce1ffef795dc83af3175ca0e04d17dfd)
* tests/krb5: Add constrained delegation testsJoseph Sutton2021-10-251-0/+29
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 56ccdba54e0c7cf3409d8430ea1012e5d3d9b092)
* tests/krb5: Check padata types when STRICT_CHECKING=0Joseph Sutton2021-10-251-0/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit bd22dcd9cc4dfda827f892224eb2da4a16564176)
* tests/krb5: Add compatability tests for ticket checksumsJoseph Sutton2021-10-251-1/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ec4b264bdf9ab64a728212580b344fbf35c3c673)
* heimdal:kdc: Only check for default salt for des-cbc-crc enctypeJoseph Sutton2021-10-221-3/+0
| | | | | | | | | | | | | | | | | | Previously, this algorithm was preferring RC4 over AES for machine accounts in the preauth case. This is because AES keys for machine accounts in Active Directory use a non-default salt, while RC4 keys do not use a salt. To avoid this behaviour, only prefer keys with default salt for the des-cbc-crc enctype. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8e1efd8bd3bf698dc0b6ed2081919f49b1412b53) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Fri Oct 22 08:39:30 UTC 2021 on sn-devel-184
* s3: smbd: Ensure when we change security context we delete any $cwd cache.Jeremy Allison2021-10-181-1/+0
| | | | | | | | | | | | | | | | | | | | This will ensure we *always* call into the VFS_SMB_CHDIR backends on security context switch. The $cwd was an optimization that was only looking at the raw filesystem path. We could delete it completely but that is a patch for another day. Remove knownfail on regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 RN: vfs_shadow_copy2: core dump in make_relative_path Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184 (cherry picked from commit 4fe965836243928ac33eb95a67d3e889fdc15861)
* s3: selftest: Add regression test to show the $cwd cache is misbehaving when ↵Jeremy Allison2021-10-181-0/+1
| | | | | | | | | | we connect as a different user on a share. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 954e637ddc6f0f5291d0a15cdbcbc6a4f7a6cb13)
* pyldb: Avoid use-after-free in msg_diff()Joseph Sutton2021-09-291-1/+0
| | | | | | | | | | | | | | | | | Make a deep copy of the message elements in msg_diff() so that if either of the input messages are deallocated early, the result does not refer to non-existing elements. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit 19a2af02f57d99db8ed3c6b028c3abdf4b553700) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Wed Sep 29 11:46:33 UTC 2021 on sn-devel-184
* pytest:segfault: Add test for ldb.msg_diff()Joseph Sutton2021-09-291-0/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> (cherry picked from commit a99a76722d6046a5d63032e3d2bb3f791da948a6)
* tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing snameAndrew Bartlett2021-09-081-3/+0
| | | | | | | | | | | | | | | | This allows our code to still pass with the error code that MIT and Heimdal have chosen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184 (cherry picked from commit 10baaf08523200e47451aa1862430977b0365b59)
* kdc: KRB5KDC_ERR_{C,S}_PRINCIPAL_UNKNOWN if missing fieldLuke Howard2021-09-081-0/+1
| | | | | | | | | | | | | | | If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour. [abartlet@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd and knownfail added] BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit b0f4455e524cbbfb13202220e7095f466b083a2f)
* tests/krb5: Add tests for omitting sname in inner requestJoseph Sutton2021-09-082-0/+4
| | | | | | | | | | | | | | Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC. This is fixed in MIT Krb5 commit d775c95af7606a51bf79547a94fa52ddd1cb7f49 and was given CVE-2021-37750 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 24914ae17d49f634fafc1bdeb88859293da05f79)
* tests/krb5: Add tests for omitting sname in requestJoseph Sutton2021-09-082-0/+7
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit bbbb13caf7bd2440c80f4f4775725b7863d16a5b)
* tests/krb5: Remove harmful and a-typical return in as_req testcaseAndrew Bartlett2021-09-081-10/+0
| | | | | | | | | | | | | | | | | | A test in a TestCase class should not return a value, the test is determined by the assertions raised. Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2] to not always be filled, so we need to remove this rudundent code. This also fixes a *lot* of tests against the MIT KDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 3330eaf39c6174f2d90fe4d8e016efb97005d1e5)
* CVE-2021-3671 tests/krb5: Add tests for omitting sname in outer requestJoseph Sutton2021-09-082-0/+4
| | | | | | | | | | | | Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would crash the Heimdal KDC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit b8e2515552ffa158fab1e86a39004de4cc419da5)
* tests/krb5: Add test for sending PA-ENCRYPTED-CHALLENGE without FASTJoseph Sutton2021-09-081-0/+1
| | | | | | | | | | | | | Note: This test crashed the MIT KDC prior to MIT commit fc98f520caefff2e5ee9a0026fdf5109944b3562 which was given CVE-2021-36222. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 15f9f040fe537ebd30419a4751aa0f13b20f242b)
* tests/krb5: Make cname checking less strictJoseph Sutton2021-09-081-39/+0
| | | | | | | | | | | Without this additional 'self.strict_checking' check, the tests in the following patches do not get far enough to trigger a crash with the MIT KDC. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit 36798f5b651a02b74b6844c024101f7a026f1f68)
* tests/krb5: Make e-data checking less strictJoseph Sutton2021-09-081-341/+0
| | | | | | | | | | | | | Without this additional 'self.strict_checking' check, the tests in the following patches do not get far enough to trigger a crash with the MIT KDC, instead failing when obtaining a TGT for the user or machine. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 79dda329f2a8382f1e46b50f4b9692e78d687826)
* build: Move minimum MIT krb5 version to 1.19 to align with what is testedAndrew Bartlett2021-09-083-24/+0
| | | | | | | | | | | | | | | | | This avoid shipping untested code and aligns with the version used in GitLab CI for all the MIT builds. The "bronze bit" (CVE-2020-17049) security fixes will need a new MIT KDB version in any case, this prepares the ground by removing the older version support. (knownfail_mit_kdc updates taken from a patch by Andreas Schneider <asn@samba.org> that did this optionally) Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit 554bdfa8a04fd95c710b486890277dd92f685f2f)
* tests/krb5: Add FAST testsJoseph Sutton2021-09-082-6/+101
| | | | | | | | | | | | | | | | | | | Example command: SERVER=addc STRICT_CHECKING=0 SMB_CONF_PATH=/dev/null \ KRB5_CONFIG=krb5.conf DOMAIN=ADDOMAIN REALM=ADDOM.SAMBA.EXAMPLE.COM \ ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \ PYTHONPATH=bin/python python/samba/tests/krb5/fast_tests.py Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 18 23:20:14 UTC 2021 on sn-devel-184 (cherry picked from commit 984a0db00c3f2e38b568a75eb1944f4d7bb7f854)
* initial FAST testsGary Lockyer2021-09-081-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently incomplete, and tested only against MIT Kerberos. [abartlet@samba.org Originally "WIP inital FAST tests" Samba's general policy that we don't push WIP patches, we polish into a 'perfect' patch stream. However, I think there are good reasons to keep this patch distinct in this particular case. Gary is being modest in titling this WIP (now removed from the title to avoid confusion). They are not WIP in the normal sense of partially or untested code or random unfinished thoughts. The primary issue is that at that point where Gary had to finish up he had trouble getting FAST support enabled on Windows, so couldn't test against our standard reference. They are instead good, working initial tests written against the RFC and tested against Samba's AD DC in the mode backed by MIT Kerberos. This preserves clear authorship for the two distinct bodies of work, as in the next patch Joseph was able to extend and improve the tests significantly. ] Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit b7b62957bdce9929fabd3812b9378bdbd6c12966)
* selftest: Add support for setting ENV variables in plantestsuite()Andreas Schneider2021-09-081-6/+19
| | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit 48289b6964d28e153fec885aceca02c6a9b436ef)
* selftest: Add support for setting ENV variables in plansmbtorture4testsuite()Andreas Schneider2021-09-081-2/+3
| | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit 3db299e586fd9464b6e1b145f29b10c8ae325d3a)
* selftest: Re-format long lines in selftesthelpers.pyAndreas Schneider2021-09-081-5/+13
| | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817 (cherry picked from commit 18976a9568b23759060377d09304e9d7badb143a)
* s3: smbd: Fix openat_pathref_fsp() to cope with FIFO's in the filesystem.Jeremy Allison2021-09-061-4/+0
| | | | | | | | | | | | | | | Remove skip test for the DISABLE_OPATH case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184 (cherry picked from commit 2f2c53c4f8f59a497bc33a24e5e0fc15ea076876)
* s3: smbd: Add fifo test for the DISABLE_OPATH case.Jeremy Allison2021-09-061-0/+4
| | | | | | | | | | | Currently we hang when trying to list a directory containing a fifo when configured with DISABLE_OPATH. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a54d9ffc87ebe602a0e7c48e35643ed2ff1a00bc)
* s3/rpc_server: track the number of policy handles with a talloc destructorRalph Boehme2021-08-261-1/+0
| | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 RN: smbd "deadtime" parameter doesn't work anymore Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184 (cherry picked from commit 45a33b25c4e6b1db5d2dfa6297ccb390220a7c80) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Thu Aug 26 14:30:56 UTC 2021 on sn-devel-184
* selftest: add a test for the "deadtime" parameterRalph Boehme2021-08-261-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 39db53a1391769fc6476fa55b02add08f1b8cd75)
View Lorry Controller Status