Andreas Schneider [Wed, 25 Aug 2021 14:05:00 +0000 (16:05 +0200)]
WIP
Andreas Schneider [Wed, 25 Aug 2021 13:34:58 +0000 (15:34 +0200)]
third_party: Update waf to version 2.0.22
New in waf 2.0.22
* Fix stdin propagation with faulty vcvarsall scripts #2315
* Enable mixing Unix-style paths with destdir on Windows platforms #2337
* Fix shell escaping unit test parameters #2314
* Improve extras/clang_compilation_database and extras/swig compatibility #2336
* Propagate C++ flags to the Cuda compiler in extras/cuda #2311
* Fix detection of Qt 5.0.0 (preparation for Qt6) #2331
* Enable Haxe processing #2308
* Fix regression in MACOSX_DEPLOYMENT_TARGET caused by distutils #2330
* Fix extras/wafcache concurrent trimming issues #2312
* Fix extras/wafcache symlink handling #2327
Signed-off-by: Andreas Schneider <asn@samba.org>
Björn Jacke [Mon, 28 Jun 2021 15:00:54 +0000 (17:00 +0200)]
mangle_hash2: remove LOCK$ from list of reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 24 19:26:59 UTC 2021 on sn-devel-184
Björn Jacke [Mon, 28 Jun 2021 14:56:18 +0000 (16:56 +0200)]
mangle_hash2: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Björn Jacke [Mon, 28 Jun 2021 14:55:04 +0000 (16:55 +0200)]
ntvfs: add missing COM/LPT ports that are also reserved names
see also:
https://docs.microsoft.com/en-us/windows/win32/fileio/naming-a-file?redirectedfrom=MSDN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8776
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 12 Jun 2021 08:03:16 +0000 (10:03 +0200)]
rpcclient: Add unixinfo commands
The unixinfo pipe might go away in the future, but right now we have
it around. This code is simple and can go away again when unixinfo
dies.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 24 18:22:56 UTC 2021 on sn-devel-184
Volker Lendecke [Sat, 19 Jun 2021 15:05:39 +0000 (17:05 +0200)]
winbindd: NULL-initialize a pointer
Patches from the dcerpc patchset will create warnings out of this not
being initialized.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:03:55 +0000 (14:03 +0200)]
rpc_client: Align cli_api_pipe_send() with tevent_req() conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:05:30 +0000 (14:05 +0200)]
rpc_client: Use tevent_req_nterror() properly in cli_api_pipe
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Aug 2021 10:13:13 +0000 (12:13 +0200)]
rpc_client: Make rpc_pipe_open_tcp() static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Aug 2021 07:37:12 +0000 (09:37 +0200)]
torture: Remove rpc_open_tcp test program
Its initial commit in 2008 stated that it still needs to be integrated
into the test suite. As far as I can see, this never happened.
Why remove it? Without this we can make rpc_open_tcp() static for
easier refactoring.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:11:32 +0000 (12:11 +0200)]
rpc_client: Simplify get_complete_frag_send()
tevent_req_oom() and tevent_req_nomem() instead of explicit
NT_STATUS_NO_MEMORY; do an early return if done.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:12:31 +0000 (12:12 +0200)]
rpc_client: Simplify get_complete_frag_got_header()
tevent_req_nterror() returns a bool, no separate check required
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:12:58 +0000 (12:12 +0200)]
rpc_client: Simplify get_complete_frag_got_header()
Use tevent_req_oom()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 10:14:23 +0000 (12:14 +0200)]
rpc_client: Simplify get_complete_frag_got_rest()
tevent_req_simple_finish_ntstatus() is made precisely for this simple
case where we just pass on a subreq's NTSTATUS
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:16:22 +0000 (14:16 +0200)]
rpc_client: Simplify rpc_api_pipe_auth3_done()
Use tevent_req_simple_finish_ntstatus()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:18:26 +0000 (14:18 +0200)]
rpc_client: Avoid casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:21:23 +0000 (14:21 +0200)]
rpc_client: Use tevent_req_nterror() properly
Signed-off-by: Volker Lendecke <vl@samba.org>
Volker Lendecke [Fri, 6 Aug 2021 12:22:47 +0000 (14:22 +0200)]
rpc_client: Simplify rpccli_bh_disconnect_recv()
Use tevent_req_simple_recv_ntstatus()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 25 Jul 2021 13:55:46 +0000 (15:55 +0200)]
winbind: Remove an unused include
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sat, 7 Aug 2021 08:26:03 +0000 (10:26 +0200)]
rpc_client: Adapt rpc_write_send() to tevent_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 13:56:57 +0000 (15:56 +0200)]
rpc_client: Adapt rpc_api_pipe_send() to recent coding conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 14:12:19 +0000 (16:12 +0200)]
rpc_client: Use ndr_syntax_id_equal() in check_bind_response()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 10 Aug 2021 14:13:09 +0000 (16:13 +0200)]
rpc_client: Use struct init/assignment
Don't leave structures/unions partially uninitialized
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 13:51:07 +0000 (15:51 +0200)]
rpc_client: Adapt rpc_pipe_bind_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 14:05:00 +0000 (16:05 +0200)]
rpc_client: Avoid ZERO_STRUCTP in prepare_verification_trailer()
Direct struct assignments are easier to read for me, but YMMV.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 13 Aug 2021 14:15:16 +0000 (16:15 +0200)]
rpc_client: Adapt rpc_api_pipe_req_send() to talloc_req conventions
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 05:42:48 +0000 (07:42 +0200)]
rpc_client: Slightly simplify rpc_api_pipe_req_send()
tevent_req_create() zero-initializes "state"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 05:49:27 +0000 (07:49 +0200)]
rpc_client: Early TALLOC_FREE() in prepare_verification_trailer()
We don't need "t" from here on anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 3 Aug 2021 07:09:28 +0000 (09:09 +0200)]
rpc_client: Fix a small memleak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 14:28:31 +0000 (16:28 +0200)]
libsmb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 14:52:24 +0000 (16:52 +0200)]
rpc_client: Slightly simplify rpc_transport_np_init_pipe_open()
Avoid an unnecessary else, use tevent_req_nterror() in if-clause
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 15:10:17 +0000 (17:10 +0200)]
lib: Improve comment wording
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 15:20:03 +0000 (17:20 +0200)]
rpc_server: Fix a comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 15:20:21 +0000 (17:20 +0200)]
rpc_server: Simplify _samr_CreateUser2()
Use a variable that we just set a line before, don't duplicate the
priv name.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 15:24:45 +0000 (17:24 +0200)]
rpc_server: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 15:59:49 +0000 (17:59 +0200)]
rpc_server: Remove an unused function declaration
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 18:18:45 +0000 (20:18 +0200)]
rpc_server: Slightly simplify set_user_info_18()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 18:18:45 +0000 (20:18 +0200)]
rpc_server: Slightly simplify set_user_info_21()
Instead of adding the NULL check to data_blob_talloc_zero() put "out"
on the stack.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 17 Aug 2021 18:37:04 +0000 (20:37 +0200)]
rpc_server: Simplify open_np_file()
No need to go via a string to create the SID describing the SMB3
encryption, we can directly use sid_append_rid().
This by the way fixes a bug: SID_MAX_SIZE is the maximum length of the
binary SID, not the maximum string length for a SID.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 Aug 2021 04:21:52 +0000 (06:21 +0200)]
librpc: Simplify GUID_hexstring()
A temporary talloc context seems unnecessary to me.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 Aug 2021 04:25:00 +0000 (06:25 +0200)]
librpc: Simplify GUID_string2() by using GUID_buf_string()
Avoid unnecessary talloc
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 Aug 2021 04:27:52 +0000 (06:27 +0200)]
librpc: Simplify GUID_zero() with a direct struct return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andrew Bartlett [Mon, 23 Aug 2021 08:45:50 +0000 (20:45 +1200)]
samba-tool domain backup: Use tdbbackup on metadata.tdb
metadata.tdb is inside sam.ldb.d/ but should be backed up with tdbbackup.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 24 13:22:04 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 23 Aug 2021 06:14:16 +0000 (18:14 +1200)]
samba-tool: Rework transations/locks to hold a lock during mdb backup
We now also get sidForRestore under that lock, rather than
after the backup.
This avoids using the database again after the backup process
While not entirely clear how/why this matters with LMDB
as seen in Fedora 34, likely due to the same issues
seen with 0.9.26 or later fixed by commmit
bb3dcd403ced922574a89011dd3814c4fe87dd76.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Mon, 23 Aug 2021 07:41:15 +0000 (19:41 +1200)]
samba-tool domain backup offline: Use passed in samdb when backing up sam.ldb
This avoids opening the database again by having the caller pass in
the DB open
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14676
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 24 Aug 2021 08:14:14 +0000 (10:14 +0200)]
selftest: Add python path for compiled python modules like ldb
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Thu, 19 Aug 2021 22:43:52 +0000 (15:43 -0700)]
s3: smbd: Ensure all returns from OpenDir() correctly set errno.
Complex code paths inside open_internal_dirfsp() can return an
NTSTATUS, but trample on the matching errno. We need to make
sure if open_internal_dirfsp() fails, errno matches the NTSTATUS
return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14805
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Aug 20 09:56:49 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 19 Jul 2021 22:10:41 +0000 (15:10 -0700)]
s3: VFS: streams_depot: Allow "streams directory" outside of share path to work again.
As we're dealing with absolute paths here, we just need
to temporarily replace the connectpath whilst enumerating
streams.
Remove knownfail file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 19 17:04:44 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 19 Jul 2021 21:52:32 +0000 (14:52 -0700)]
s3: VFS: vfs_streams_depot: Factor out the code that gets the absolute stream rootdir into a function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Jeremy Allison [Wed, 21 Jul 2021 00:50:49 +0000 (17:50 -0700)]
s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share.
Mark as knownfail.d/simpleserver_streams
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Noel Power [Thu, 19 Aug 2021 11:13:27 +0000 (12:13 +0100)]
s4: torture: CHECK ret value and fail if false
If we reach 'done' with ret == false without setting
the torture result we get unexpected results e.g.
Exception: Exception: Unknown error/failure. Missing torture_fail() or torture_assert_*() call?
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 22:58:44 +0000 (10:58 +1200)]
tests/krb5: Add FAST tests
Example command:
SERVER=addc STRICT_CHECKING=0 SMB_CONF_PATH=/dev/null \
KRB5_CONFIG=krb5.conf DOMAIN=ADDOMAIN REALM=ADDOM.SAMBA.EXAMPLE.COM \
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \
PYTHONPATH=bin/python python/samba/tests/krb5/fast_tests.py
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 18 23:20:14 UTC 2021 on sn-devel-184
Gary Lockyer [Wed, 9 Jun 2021 21:56:58 +0000 (09:56 +1200)]
initial FAST tests
Currently incomplete, and tested only against MIT Kerberos.
[abartlet@samba.org
Originally "WIP inital FAST tests"
Samba's general policy that we don't push WIP patches, we polish
into a 'perfect' patch stream.
However, I think there are good reasons to keep this patch distinct
in this particular case.
Gary is being modest in titling this WIP (now removed from the title
to avoid confusion). They are not WIP in the normal sense of
partially or untested code or random unfinished thoughts. The primary
issue is that at that point where Gary had to finish up he had
trouble getting FAST support enabled on Windows, so couldn't test
against our standard reference. They are instead good, working
initial tests written against the RFC and tested against Samba's AD DC
in the mode backed by MIT Kerberos.
This preserves clear authorship for the two distinct bodies of work,
as in the next patch Joseph was able to extend and improve the tests
significantly. ]
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:49:58 +0000 (14:49 +1200)]
tests/krb5: Check PADATA-FX-ERROR in reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 23:50:16 +0000 (11:50 +1200)]
tests/krb5: Allow generic_check_kdc_error() to check inner FAST errors
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:50:20 +0000 (14:50 +1200)]
tests/krb5: Check PADATA-PAC-OPTIONS in reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:29:39 +0000 (16:29 +1200)]
tests/krb5: Make generic_check_kdc_error() also work for checking TGS replies
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 08:49:25 +0000 (20:49 +1200)]
tests/krb5: Make check_rep_padata() also work for checking TGS replies
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:49:12 +0000 (14:49 +1200)]
tests/krb5: Check PADATA-FX-COOKIE in reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:36:56 +0000 (14:36 +1200)]
tests/krb5: Check PADATA-ENCRYPTED-CHALLENGE in reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:42:26 +0000 (16:42 +1200)]
tests/krb5: Adjust reply padata checking depending on whether FAST was sent
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:31:39 +0000 (16:31 +1200)]
tests/krb5: Check reply FAST padata if request included FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:25:39 +0000 (16:25 +1200)]
tests/krb5: Check sname is krbtgt for FAST generic error
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 23:15:00 +0000 (11:15 +1200)]
tests/krb5: Add get_krbtgt_sname() method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:26:06 +0000 (16:26 +1200)]
tests/krb5: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:35:32 +0000 (16:35 +1200)]
tests/krb5: Don't expect RC4 in ETYPE-INFO2 for a non-error reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 04:21:14 +0000 (16:21 +1200)]
tests/krb5: Add check_rep_padata() method to check padata in reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 03:20:09 +0000 (15:20 +1200)]
tests/krb5: Add generate_simple_fast() method to generate FX-FAST padata
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:18:29 +0000 (14:18 +1200)]
tests/krb5: Include authdata in kdc_exchange_dict
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:05:59 +0000 (14:05 +1200)]
tests/krb5: Add expected_cname_private parameter to kdc_exchange_dict
This is useful for testing the 'hide client names' FAST option.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:34:49 +0000 (14:34 +1200)]
tests/krb5: Check encrypted-pa-data
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 03:21:01 +0000 (15:21 +1200)]
tests/krb5: Add methods to determine whether elements were included in the request
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 03:20:44 +0000 (15:20 +1200)]
tests/krb5: Add functions to get dicts of request padata
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:42:57 +0000 (14:42 +1200)]
tests/krb5: Check FAST response
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:10:13 +0000 (14:10 +1200)]
tests/krb5: Add method to verify ticket checksum for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:04:37 +0000 (14:04 +1200)]
tests/krb5: Add method to check PA-FX-FAST-REPLY
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:01:36 +0000 (14:01 +1200)]
tests/krb5: Allow specifying parameters specific to the outer request body
This is useful for testing FAST.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 22:33:24 +0000 (10:33 +1200)]
tests/krb5: Add FAST armor generation to _generic_kdc_exchange()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 22:33:10 +0000 (10:33 +1200)]
tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 22:19:46 +0000 (10:19 +1200)]
tests/krb5: Include authenticator_subkey in AS-REQ exchange dict
This is needed for FAST.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 08:49:12 +0000 (20:49 +1200)]
tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error()
This method will also be useful in checking TGS-REP error replies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 6 Jul 2021 00:49:05 +0000 (12:49 +1200)]
tests/krb5: Add methods to calculate keys for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 6 Jul 2021 00:47:18 +0000 (12:47 +1200)]
tests/krb5: Add method to generate FAST encrypted challenge padata
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 5 Jul 2021 22:23:26 +0000 (10:23 +1200)]
tests/krb5: Add more methods to create ASN1 objects for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 5 Jul 2021 22:21:07 +0000 (10:21 +1200)]
tests/krb5: Add more ASN1 definitions for FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 01:59:36 +0000 (13:59 +1200)]
tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 23:06:35 +0000 (11:06 +1200)]
tests/krb5: Ensure generated padata is not None
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Wed, 28 Jul 2021 07:27:02 +0000 (19:27 +1200)]
tests/krb5: Add generate_ap_req() method
This method will be useful to generate an AP-REQ for use as FAST armor.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 00:52:42 +0000 (12:52 +1200)]
tests/krb5: Check nonce in EncKDCRepPart
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 23:39:37 +0000 (11:39 +1200)]
tests/krb5: Make checking less strict
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 23:34:19 +0000 (11:34 +1200)]
tests/krb5: Check version number of obtained ticket
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Tue, 27 Jul 2021 02:39:42 +0000 (14:39 +1200)]
tests/krb5: Assert that more variables are not None
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 22:37:48 +0000 (10:37 +1200)]
tests/krb5: Ensure in assertElementPresent() that container elements are not empty
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 23:06:15 +0000 (11:06 +1200)]
tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn
This means that there can no longer be surprises where a test receives a
reply when it was expecting an error, or vice versa.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 22:35:40 +0000 (10:35 +1200)]
tests/krb5: Include kdc_options in kdc_exchange_dict
Make kdc_options an element of kdc_exchange_dict instead of a parameter
to _generic_kdc_exchange(). This allows testing code to adjust the reply
checking based on the options that were specified in the request.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 22:32:52 +0000 (10:32 +1200)]
tests/krb5: Always specify expected error code
Now the expected error code is always determined by the test code itself
rather than by generic_check_as_error().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 26 Jul 2021 05:19:04 +0000 (17:19 +1200)]
tests/krb5: Add check_reply() method to check for AS or TGS reply
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Thu, 22 Jul 2021 04:22:09 +0000 (16:22 +1200)]
tests/krb5: Add method to calculate account salt
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Joseph Sutton [Mon, 5 Jul 2021 22:19:57 +0000 (10:19 +1200)]
tests/krb5: Add more methods for obtaining machine and service credentials
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>