Andreas Schneider [Thu, 7 Oct 2021 13:55:37 +0000 (15:55 +0200)]
waf: Fix resolv_wrapper with glibc 2.34
With glibc 2.34 we are not able to talk to the DNS server via socket_wrapper
anymore. The res_* symbols have been moved from libresolv to libc. We are not
able to intercept any traffic inside of libc.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Günther Deschner [Thu, 4 Nov 2021 21:22:44 +0000 (22:22 +0100)]
s3-winexe: Fix winexe core dump (use-after-free)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14893
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 5 11:43:57 UTC 2021 on sn-devel-184
David Mulder [Thu, 4 Nov 2021 14:42:06 +0000 (08:42 -0600)]
samba-tool: Add domain member leave
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Nov 4 20:43:32 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 29 Oct 2021 20:03:42 +0000 (22:03 +0200)]
lib/dbwrap: reset deleted record to tdb_null
This allows the calling the following sequence of dbwrap functions:
dbwrap_delete_record(rec);
data = dbwrap_record_get_value(rec);
without triggering the assert rec->value_valid inside dbwrap_record_get_value().
Note that dbwrap_record_storev() continues to invalidate the record, so this
change somewhat blurs our semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 4 19:49:47 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 29 Oct 2021 04:27:38 +0000 (06:27 +0200)]
CI: add a test for bug 14882
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Mon, 5 Oct 2020 06:52:32 +0000 (08:52 +0200)]
s3/libsmb: check for global parametric option "libsmb:client_guid"
Useful in test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14882
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 4 Nov 2021 02:02:36 +0000 (19:02 -0700)]
s3: smbd: Ensure in the directory scanning loops inside rmdir_internals() we don't overwrite the 'ret' variable.
If we overwrite with ret=0, we return NT_STATUS_OK even when we goto err.
This function should be restructured to use NT_STATUS internally,
and make 'int ret' transitory, but that's a patch for another
time.
Remove knownfail.
BUG: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 4 09:10:27 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 3 Nov 2021 23:50:10 +0000 (16:50 -0700)]
s3: smbtorture3: Add test for setting delete on close on a directory, then creating a file within to see if delete succeeds.
Exposes an existing problem where "ret" is overwritten
in the directory scan.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Wed, 3 Nov 2021 13:40:01 +0000 (14:40 +0100)]
smbd: early out in is_visible_fsp()
This is used in a hot codepath (directory enumeration) so we should avoiding the
string comparisions by adding an early exit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 3 17:33:00 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 2 Nov 2021 04:34:59 +0000 (05:34 +0100)]
vfs_fruit: remove a fsp check from ad_fset()
This comes from times before we had pathref fsps. Back then if you wanted to
check if fsp->fh->fd contained a valid value != -1, you'd also first check that
the passed in fsp and fsp->fh are non NULL. With pathref fsps we don't need this
anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14890
RN: Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 2 Nov 2021 17:44:44 +0000 (10:44 -0700)]
s3: smbd: dirfsp is being used uninitialized inside rmdir_internals().
Not caught be the tests in bugs 14878, 14879 as can_delete_directory_fsp()
doesn't have the same bug.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14892
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 3 14:33:49 UTC 2021 on sn-devel-184
Pavel Filipenský [Thu, 21 Oct 2021 13:01:48 +0000 (15:01 +0200)]
s3:librpc: Improve calling of krb5_kt_end_seq_get()
Remove indentation with early return, best reviewed with
git show -b
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184
David Mulder [Thu, 14 Oct 2021 21:36:52 +0000 (15:36 -0600)]
gp: Apply Firewalld Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 1 21:16:43 UTC 2021 on sn-devel-184
David Mulder [Tue, 12 Oct 2021 18:54:09 +0000 (12:54 -0600)]
gp: Test Firewalld Group Policy Apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Wed, 6 Oct 2021 18:46:26 +0000 (12:46 -0600)]
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Martin Schwenke [Sun, 31 Oct 2021 00:59:30 +0000 (11:59 +1100)]
debug: Add new smb.conf option "debug syslog format"
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Nov 1 07:29:47 UTC 2021 on sn-devel-184
Martin Schwenke [Thu, 28 Oct 2021 08:05:19 +0000 (19:05 +1100)]
debug: Add debug_syslog_format setting
Without debug_hires_timestamp this produces a syslog style header
containing:
"MON DD HH:MM:SS HOSTNAME PROGNAME[PID] "
With debug_hires_timestamp this produces a syslog style header
containing:
"RFC5424-TIMESTAMP HOSTNAME PROGNAME[PID] "
All other settings are ignored.
This will be made visible via smb.conf in a subsequent commit.
This commit adds some simple hostname handling. It avoids using
get_myname() from util.c because using that potentially pulls in all
manner of dependencies. No real error handling is done. In the worst
case debug_set_hostname() sets the hostname to a truncated version of
the given string. Similarly, in an even weirder world,
ensure_hostname() sets the hostname to a truncation of "unknown".
Both of these are unlikely in all reasonable cases.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andrew Walker [Thu, 28 Oct 2021 20:01:42 +0000 (16:01 -0400)]
s3:modules:recycle - fix crash in recycle_unlink_internal
Original logic for separating path from base name assumed
that we were using same string to determine offset when
getting the parent dir name (smb_fname->base_name).
Simplify by using parent_dirname() to split the path
from base name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14888
Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 30 04:34:53 UTC 2021 on sn-devel-184
eaglegai [Thu, 28 Oct 2021 13:51:13 +0000 (21:51 +0800)]
fix undefined-shift in put_res_rec fuzz error: ../../source3/libsmb/nmblib.c:451:4: runtime error: left shift of 65312 by 16 places cannot be represented in type 'int'
Author: eaglegai <eaglegai@163.com>
Signed-off-by: eaglegai <eaglegai@163.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 29 20:29:26 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 25 Oct 2021 19:42:02 +0000 (12:42 -0700)]
s3: docs-xml: Clarify the "delete veto files" paramter.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 29 14:57:14 UTC 2021 on sn-devel-184
Jeremy Allison [Mon, 25 Oct 2021 19:36:57 +0000 (12:36 -0700)]
s3: smbd: Fix logic in can_delete_directory_fsp() to cope with dangling symlinks.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Oct 2021 19:32:29 +0000 (12:32 -0700)]
s3: smbd: Fix logic in rmdir_internals() to cope with dangling symlinks.
Still need to add the same logic in can_delete_directory_fsp()
before we can delete the knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Oct 2021 19:21:37 +0000 (12:21 -0700)]
s3: smbd: Fix rmdir_internals() to do an early return if lp_delete_veto_files() is not set.
Fix the comments to match what the code actually does. The
exit at the end of the scan directory loop if we find a client
visible filename is a change in behavior, but the previous
behavior (not exist on visible filename, but delete it) was
a bug and in non-tested code. Now it's testd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Oct 2021 19:02:43 +0000 (12:02 -0700)]
s3: VFS: xattr_tdb. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 25 Oct 2021 19:01:58 +0000 (12:01 -0700)]
s3: VFS: streams_depot. Allow unlinkat to cope with dangling symlinks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 21 Oct 2021 23:37:27 +0000 (16:37 -0700)]
s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 21 Oct 2021 23:18:24 +0000 (16:18 -0700)]
s3: smbd: Fix recursive directory delete of a directory containing veto file and msdfs links.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 21 Oct 2021 22:06:20 +0000 (15:06 -0700)]
s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Andreas Schneider [Tue, 26 Oct 2021 07:20:32 +0000 (09:20 +0200)]
editorconfig: Heimdal has mixed spaces and tabs with different width
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 29 10:16:15 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 28 Oct 2021 08:50:30 +0000 (10:50 +0200)]
third_party: Update pam_wrapper to version 1.1.4
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 28 19:03:04 UTC 2021 on sn-devel-184
Ralph Boehme [Tue, 5 Oct 2021 13:10:33 +0000 (15:10 +0200)]
lib: handle NTTIME_THAW in nt_time_to_full_timespec()
Preliminary handling of NTTIME_THAW to avoid NTTIME_THAW is passed as some
mangled value down to the VFS set timestamps function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
RN: Avoid storing NTTIME_THAW (-2) as value on disk
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 28 Oct 2021 10:55:39 +0000 (12:55 +0200)]
torture: add a test for NTTIME_FREEZE and NTTIME_THAW
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 28 Oct 2021 08:18:54 +0000 (10:18 +0200)]
lib: add a test for null_nttime(NTTIME_THAW)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 28 Oct 2021 08:18:17 +0000 (10:18 +0200)]
lib: update null_nttime() of -1: -1 is NTTIME_FREEZE
NTTIME_FREEZE is not a nil sentinel value, instead it implies special, yet
unimplemented semantics. Callers must deal with those values specifically and
null_nttime() must not lie about their nature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Thu, 28 Oct 2021 08:17:01 +0000 (10:17 +0200)]
lib: use NTTIME_FREEZE in a null_nttime() test
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 27 Oct 2021 15:02:48 +0000 (17:02 +0200)]
lib: fix null_nttime() tests
The test was checking -1 twice:
torture_assert(tctx, null_nttime(-1), "-1");
torture_assert(tctx, null_nttime(-1), "-1");
The first line was likely supposed to test the value "0".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 5 Oct 2021 13:10:10 +0000 (15:10 +0200)]
lib: add NTTIME_THAW
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14127
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Wed, 27 Oct 2021 11:45:15 +0000 (13:45 +0200)]
lib:cmdline: Fix -k option which doesn't expect anything
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 28 13:23:34 UTC 2021 on sn-devel-184
Andreas Schneider [Wed, 27 Oct 2021 13:30:20 +0000 (15:30 +0200)]
testprogs: Use new cmdline option for kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14846
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
David Mulder [Tue, 26 Oct 2021 14:46:24 +0000 (08:46 -0600)]
Revert "samba-tool: Pick local host if calling samba-tool from DC"
This reverts commit
7c9195e28bc51ac375d609f8306db2456f348167.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Oct 26 16:00:28 UTC 2021 on sn-devel-184
David Mulder [Mon, 25 Oct 2021 14:49:35 +0000 (08:49 -0600)]
samba-tool: Pick local host if calling samba-tool from DC
It is reasonable to assume, that if we are running a command from a DC,
that a user expects that the command will run against this DC.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Oct 26 14:23:42 UTC 2021 on sn-devel-184
Andreas Schneider [Mon, 25 Oct 2021 12:29:56 +0000 (14:29 +0200)]
Revert "gp: Add Firewalld ADMX templates"
This reverts commit
7253405c35247dff192e86598b18d524e1602818.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Mon Oct 25 15:04:18 UTC 2021 on sn-devel-184
Andreas Schneider [Mon, 25 Oct 2021 12:29:41 +0000 (14:29 +0200)]
Revert "gp: Test Firewalld Group Policy Apply"
This reverts commit
8f347449190c698ec4d2720bbf6ffced853ef797.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Andreas Schneider [Mon, 25 Oct 2021 12:29:20 +0000 (14:29 +0200)]
Revert "gp: Apply Firewalld Policy"
This reverts commit
9ac2d5d991d16d1957c720fcda3ff6a9ac78dc13.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Joseph Sutton [Thu, 21 Oct 2021 03:46:56 +0000 (16:46 +1300)]
tests/krb5: Check account name and SID in PAC for S4U tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 25 09:23:35 UTC 2021 on sn-devel-184
David Mulder [Thu, 14 Oct 2021 21:36:52 +0000 (15:36 -0600)]
gp: Apply Firewalld Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
David Mulder [Tue, 12 Oct 2021 18:54:09 +0000 (12:54 -0600)]
gp: Test Firewalld Group Policy Apply
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
David Mulder [Wed, 6 Oct 2021 18:46:26 +0000 (12:46 -0600)]
gp: Add Firewalld ADMX templates
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Andrew Bartlett [Thu, 21 Oct 2021 21:50:36 +0000 (10:50 +1300)]
lib/krb5_wrap: Fix missing error check in new salt code
CID
1492905: Control flow issues (DEADCODE)
This was a regression in
5eeb441b771a1ffe1ba1c69b72e8795f525a58ed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Oct 23 08:07:13 UTC 2021 on sn-devel-184
Andrew Bartlett [Tue, 19 Oct 2021 03:01:36 +0000 (16:01 +1300)]
dsdb: Allow special chars like "@" in samAccountName when generating the salt
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 12:54:54 UTC 2021 on sn-devel-184
Joseph Sutton [Tue, 19 Oct 2021 23:46:36 +0000 (12:46 +1300)]
tests/krb5: Add tests for account salt calculation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 19 Oct 2021 23:45:47 +0000 (12:45 +1300)]
tests/krb5: Fix account salt calculation to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 19 Oct 2021 23:45:08 +0000 (12:45 +1300)]
tests/krb5: Allow specifying the UPN for test accounts
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 19 Oct 2021 23:44:19 +0000 (12:44 +1300)]
tests/krb5: Allow creating machine accounts without a trailing dollar
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 19 Oct 2021 23:41:39 +0000 (12:41 +1300)]
tests/krb5: Allow specifying prefix or suffix for test account names
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 19 Oct 2021 23:39:05 +0000 (12:39 +1300)]
tests/krb5: Decrease length of test account prefix
This allows us more room to test with different account names.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 5 Oct 2021 14:42:00 +0000 (16:42 +0200)]
selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline")
This is much more flexible and concentrates the logic in a single place.
We'll use winbindd => "offline" in other places soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Fri, 8 Oct 2021 16:04:55 +0000 (18:04 +0200)]
selftest/Samba3: remove unused close(USERMAP); calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 4 Oct 2021 11:02:35 +0000 (13:02 +0200)]
waf: Allow building with MIT KRB5 >= 1.20
gssrpc/xdr.h:105:1: error: function declaration isn’t a prototype
[-Werror=strict-prototypes]
105 | typedef bool_t (*xdrproc_t)();
| ^~~~~~~
This can't be fixed, as the protoype is variadic. It can take up to three
arguments.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Sun, 17 Oct 2021 22:55:14 +0000 (11:55 +1300)]
selftest: Improve error handling and perl style when setting up users in Samba4.pm
This catches errors and avoids using global varibles (the old
style file handles are global).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 18 Oct 2021 07:44:54 +0000 (20:44 +1300)]
selftest: Remove duplicate setup of $base_dn and $ldbmodify
These are already set up to the same values above for the full
DC and correct values for the (strange) s4member environment.
By not setting $base_dn again we avoid an error once we start
checking for them.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Thu, 19 Aug 2021 23:26:02 +0000 (11:26 +1200)]
pytest: s3_net_join: avoid name clash
The net_join test uses "NetJoinTest" (and doesn't properly clean up),
we must use a unique name for this test in s3_net_join.py.
[abartlet@samba.org The hilarious naming conventions come from a time when samba-tool
was known as "net" in the s4 branch]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 02:40:09 +0000 (15:40 +1300)]
selftest: krb5 account creation: clarify account type as an enum
This makes the code clearer with a symbolic constant rather
than a True/False boolean.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Thu, 5 Aug 2021 23:08:10 +0000 (11:08 +1200)]
pytest: dynamic tests optionally add __doc__
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Mon, 20 Sep 2021 04:27:40 +0000 (16:27 +1200)]
selftest: Increase account lockout windows to make test more realiable
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Wed, 8 Sep 2021 05:01:26 +0000 (17:01 +1200)]
pytest/rodc_rwdc: try to avoid race.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Viktor Dukhovni [Wed, 10 Aug 2016 23:31:14 +0000 (23:31 +0000)]
HEIMDAL:kdc: Fix transit path validation CVE-2017-6594
Commit
f469fc6 (2010-10-02) inadvertently caused the previous hop realm
to not be added to the transit path of issued tickets. This may, in
some cases, enable bypass of capath policy in Heimdal versions 1.5
through 7.2.
Note, this may break sites that rely on the bug. With the bug some
incomplete [capaths] worked, that should not have. These may now break
authentication in some cross-realm configurations.
(similar to heimdal commit
b1e699103f08d6a0ca46a122193c9da65f6cf837)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12998
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 10:58:37 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 18 Oct 2021 03:07:11 +0000 (16:07 +1300)]
tests/krb5: Add tests for constrained delegation to NO_AUTH_DATA_REQUIRED service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 20 09:22:43 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 18 Oct 2021 03:05:19 +0000 (16:05 +1300)]
tests/krb5: Ensure PAC is not present if expect_pac is false
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 18 Oct 2021 03:00:45 +0000 (16:00 +1300)]
kdc: Correctly strip PAC, rather than error on UF_NO_AUTH_DATA_REQUIRED for servers
UF_NO_AUTH_DATA_REQUIRED on a server/service account should cause
the PAC to be stripped not to given an error if the PAC was still
present.
Tested against Windows 2019
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andrew Bartlett [Mon, 18 Oct 2021 02:21:50 +0000 (15:21 +1300)]
kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client principals
Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED
applies to services only, not to clients.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 16 Apr 2018 14:08:29 +0000 (16:08 +0200)]
netlogon_creds_cli: add netlogon_creds_cli_SendToSam_recv() and don't ignore result
This is a low level function that should not ignore results.
If the caller doesn't care it's his choice.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 19 20:20:00 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 28 Sep 2021 20:24:32 +0000 (22:24 +0200)]
libcli/smb: use MID=0 for SMB2 Cancel with ASYNC_ID and legacy signing algorithms
We can only assume that servers with support for AES-GMAC-128 signing
will except an SMB2 Cancel with ASYNC_ID and real MID.
This strategy is also used by Windows clients, because
some vendors don't cope otherwise.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14855
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 19 19:23:39 UTC 2021 on sn-devel-184
Martin Schwenke [Tue, 19 Oct 2021 00:00:22 +0000 (11:00 +1100)]
bootstrap: Debian 11 has liburing-dev
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14872
Signed-off-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 19 09:14:10 UTC 2021 on sn-devel-184
Martin Schwenke [Thu, 14 Oct 2021 03:50:41 +0000 (14:50 +1100)]
bootstrap: Add Debian 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14872
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 18 17:19:17 UTC 2021 on sn-devel-184
Joseph Sutton [Fri, 15 Oct 2021 01:29:26 +0000 (14:29 +1300)]
tests/krb5: Add tests for requesting a service ticket without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Oct 17 23:40:33 UTC 2021 on sn-devel-184
Joseph Sutton [Fri, 15 Oct 2021 01:27:25 +0000 (14:27 +1300)]
tests/krb5: Add method to get the PAC from a ticket
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 15 Oct 2021 01:27:15 +0000 (14:27 +1300)]
tests/krb5: Allow specifying whether to expect a PAC with _test_as_exchange()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 15 Oct 2021 01:26:40 +0000 (14:26 +1300)]
tests/krb5: Allow get_tgt() to request including or omitting a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 14 Oct 2021 23:12:30 +0000 (12:12 +1300)]
heimdal:kdc: Fix ticket signing without a PAC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Fri, 15 Oct 2021 00:09:20 +0000 (13:09 +1300)]
selftest/dbcheck: Fix up RODC one-way links (use correct dbcheck rule)
The previous commit was correct on intention, but it was not noticed
as there is a race, that the incorrect rule was appended to.
These links are removed by remove_plausible_deleted_DN_links not
fix_all_old_dn_string_component_mismatch
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 15 10:00:47 UTC 2021 on sn-devel-184
Andrew Bartlett [Thu, 14 Oct 2021 19:22:17 +0000 (08:22 +1300)]
gitlab-ci: Do not download artifacts of unrelated builds
This needs: is overridden in many cases, but ensures none of the other
main jobs start until this build finishes. However this also
ensures we do not download artifacts from any build unless we
specifically depend on it, saving bandwidth
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Thu, 14 Oct 2021 07:24:49 +0000 (20:24 +1300)]
gitlab-ci: Do not retry for job_execution_timeout
If we timeout, we should just stop at 2 hours, not waste 6 hours (3 x 2 hours).
This is for when the job runs long for any reason, currently the
reasons for a timeout are not transient, we need to either change
the timeout or fix the system. Likewise if the tests get into a loop
or deadlock we want to see that as a failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14863
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jeremy Allison [Wed, 13 Oct 2021 16:46:07 +0000 (09:46 -0700)]
s3: smbspool. Remove last use of 'extern char **environ;'.
This should come from lib/replace/replace.h to cope with
system (MacOSX etc.) differences.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14862
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 14 19:51:59 UTC 2021 on sn-devel-184
Nicolas Williams [Mon, 11 Oct 2021 02:55:59 +0000 (21:55 -0500)]
krb5: Fix PAC signature leak affecting KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Cherry-picked from Heimdal commit
54581d2d52443a9a07ed5980df331f660b397dcf]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 03:08:39 +0000 (16:08 +1300)]
s4:kdc: Check ticket signature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 02:43:41 +0000 (15:43 +1300)]
heimdal: Make _krb5_pac_get_kdc_checksum_info() into a global function
This lets us call it from Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 11 Aug 2021 01:27:11 +0000 (13:27 +1200)]
s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match Windows
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Howard [Thu, 23 Sep 2021 07:51:51 +0000 (17:51 +1000)]
kdc: correctly generate PAC TGS signature
When generating an AS-REQ, the TGS signature was incorrectly generated using
the server key, which would fail to validate if the server was not also the
TGS. Fix this.
Patch from Isaac Bourkis <iboukris@gmail.com>.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
e7863e2af922809dad25a2e948e98c408944d551
- Samba's Heimdal version does not have the generate_pac() helper
function.
- Samba's Heimdal version does not use the 'r' context variable.
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Howard [Thu, 23 Sep 2021 04:39:35 +0000 (14:39 +1000)]
kdc: use ticket client name when signing PAC
The principal in the PAC_LOGON_NAME buffer is expected to match the client name
in the ticket. Previously we were setting this to the canonical client name,
which would have broken PAC validation if the client did not request name
canonicalization
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
3b0856cab2b25624deb1f6e0e67637ba96a647ac
- Renamed variable to avoid shadowing existing variable
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Howard [Sun, 6 Jan 2019 06:54:58 +0000 (17:54 +1100)]
kdc: only set HDB_F_GET_KRBTGT when requesting TGS principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
f1dd2b818aa0866960945edea02a6bc782ed697c
- Removed change to _kdc_find_etype() use_strongest_session_key
parameter since Samba's Heimdal version uses different logic
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Luke Howard [Fri, 17 Sep 2021 03:57:57 +0000 (13:57 +1000)]
krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC checksum fails
Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if
the checksum is absent or unkeyed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Cherry-picked from Heimdal commit
c4b99b48c4b18f30d504b427bc1961d7a71f631e]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Sun, 19 Sep 2021 12:16:58 +0000 (15:16 +0300)]
krb5: rework PAC validation loop
Avoid allocating the PAC on error.
Closes: #836
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Cherry-picked from Heimdal commit
6df8be5091363a1c9a9165465ab8292f817bec81]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Sun, 19 Sep 2021 12:04:14 +0000 (15:04 +0300)]
krb5: allow NULL parameter to krb5_pac_free()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Cherry-picked from Heimdal commit
b295167208a96e68515902138f6ce93972892ec5]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Fri, 13 Aug 2021 09:44:37 +0000 (12:44 +0300)]
kdc: sign ticket using Windows PAC
Split Windows PAC signing and verification logic, as the signing has to be when
the ticket is ready.
Create sign and verify the PAC KDC signature if the plugin did not, allowing
for S4U2Proxy to work, instead of KRB5SignedPath.
Use the header key to verify PAC server signature, as the same key used to
encrypt/decrypt the ticket should be used for PAC server signature, like U2U
tickets are signed witht the tgt session-key and not with the longterm key,
and so krbtgt should be no different and the header key should be used.
Lookup the delegated client in DB instead of passing the delegator DB entry.
Add PAC ticket-signatures and related functions.
Note: due to the change from KRB5SignedPath to PAC, S4U2Proxy requests
against new KDC will not work if the evidence ticket was acquired from
an old KDC, and vide versa.
Closes: #767
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
2ffaba9401d19c718764d4bd24180960290238e9
- Removed tests
- Adapted to Samba's version of Heimdal
- Addressed build failures with -O3
- Added knownfails
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Mon, 28 Dec 2020 20:07:10 +0000 (22:07 +0200)]
kdc: remove KRB5SignedPath, to be replaced with PAC
KRB5SignedPath was a Heimdal-specific authorization data element used to
protect the authenticity of evidence tickets when used in constrained
delegation (without a Windows PAC).
Remove this, to be replaced with the Windows PAC which itself now supports
signing the entire ticket in the TGS key.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
[jsutton@samba.org Backported from Heimdal commit
bb1d8f2a8c2545bccdf2c9179ce9259bf1050086
- Removed tests
- Removed auditing hook (only present in Heimdal master)
- Added knownfails
]
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 02:42:29 +0000 (15:42 +1300)]
s4/torture: Expect ticket checksum PAC buffer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 6 Oct 2021 03:40:21 +0000 (16:40 +1300)]
s4:kdc: Fix debugging messages
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 03:06:58 +0000 (16:06 +1300)]
s4:kdc: Simplify samba_kdc_update_pac_blob() to take ldb_context as parameter
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 8 Oct 2021 02:40:39 +0000 (15:40 +1300)]
tests/krb5: Fix duplicate account creation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>