samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-09-11 09:44:19 +03:00

Author	SHA1	Message	Date
Jo Sutton	4e8ca6140a	ldb: Attach appropriate ldb context to returned result This is done by adding a new API that avoids the problems of ldb_dn_copy() and makes it clear that a struct ldb_context * pointer will be stored in the new copy. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-11 04:32:30 +00:00
Jo Sutton	a54dca4ea5	tests/krb5: Calculate correct gMSA password to fix flapping test If this test happens to be run in the five minute window prior to the next ten‐hour GKDI interval — about once every one hundred and twenty runs — the ‘current’ password requested from LDAP will actually be the future password, which won’t match what’s in the database. Instead of taking the password from LDAP, calculate it ourselves with expected_gmsa_password_blob(). [330(7038)/334 at 43m51s] samba.tests.krb5.gmsa_tests(ad_dc:local) UNEXPECTED(failure): samba.tests.krb5.gmsa_tests.samba.tests.krb5.gmsa_tests.GmsaTests.test_retrieving_managed_password_triggers_keys_update(ad_dc:local) REASON: Exception: Exception: Traceback (most recent call last): File "/builds/samba-testbase/samba-def-build/bin/python/samba/tests/krb5/gmsa_tests.py", line 1091, in test_retrieving_managed_password_triggers_keys_update self.assertEqual(creds.get_nt_hash(), nt_hash) AssertionError: b'\xcf[\xe8:\xc7-\xd4V\xce\t\xfc\xcd\x06.T\x8a' != b'c\xc5\x97k\x17"G\x1e\x81>\xacV\x9d.*\x14' Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 4 20:52:09 UTC 2024 on atb-devel-224	2024-06-04 20:52:09 +00:00
Jo Sutton	9c700f790b	tests/krb5: Reset local database time in a cleaner (and nearly equivalent) fashion Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 19:49:36 +00:00
Jo Sutton	3256c6bfd6	tests/krb5: Make use of update_password() method Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 19:49:36 +00:00
Jo Sutton	a0d639bfb8	tests/krb5: Test that previous keys are counted as current keys following a gMSA key rollover Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 20:33:36 +00:00
Jo Sutton	5c4f2623c5	tests/krb5: Add more tests for gMSAs Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	6f09418010	tests/krb5: Test viewing gMSA passwords after performing simple binds Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	f9cbda9cf0	tests/krb5: Test that computers (and, by extension, gMSAs) cannot perform interactive logons Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	336a58473a	tests/krb5: Don’t pass gMSA as ‘domain_joined_mach_creds’ parameter We just want to test whether a gMSA can use netlogon. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	ad0740751e	tests/krb5: Test performing NTLMSSP logons at different times Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	9fac9b776e	tests/krb5: Test that gMSA passwords cannot be viewed over an unsealed connection Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	aa4347ff23	tests/krb5: Add ‘expect_success’ parameter to gensec_ntlmssp_logon() View with ‘git show -b’. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	41e71406a1	tests/krb5: Make use of gmsa_series_for_account() method This allows us to replace a call to expected_current_gmsa_password_blob() with one to expected_gmsa_password_blob(), a method which allows us to specify the exact key we expect. Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	577aa79042	tests/krb5: Add quantized_time() method Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	65fe09007f	tests/krb5: Read current time from correct SamDB Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	103ca0276f	tests/krb5: Check that updated NT hashes of gMSAs have the values we expect Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-04-24 05:16:29 +00:00
Jo Sutton	20ce68f159	tests/krb5: Test retrieving a denied gMSA password over an unsealed connection Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Jo Sutton <jsutton@samba.org> Autobuild-Date(master): Sun Apr 21 23:17:53 UTC 2024 on atb-devel-224	2024-04-21 23:17:53 +00:00
Jo Sutton	1b765edbc9	tests/krb5: Add tests that gMSA keys are updated in the database when appropriate Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-04-21 22:10:36 +00:00
Jo Sutton	47c519af8e	tests/krb5: Import MAX_CLOCK_SKEW more directly Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-04-21 22:10:36 +00:00
Jo Sutton	bb5ca9f466	tests/krb5: Add tests for gMSAs Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-04-16 03:58:31 +00:00

20 Commits