sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
127,069 Commits 60 Branches 1,145 Tags 452 MiB
44566f59d8
Commit Graph

127069 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Joseph Sutton
b62488113f tests/krb5: Add method to check PA-FX-FAST-REPLY 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
16ce1a1d30 tests/krb5: Allow specifying parameters specific to the outer request body 
This is useful for testing FAST.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
0df385fc49 tests/krb5: Add FAST armor generation to _generic_kdc_exchange() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
5c2cd71ae7 tests/krb5: Modify generate_ap_req() to also generate FAST armor AP-REQ 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
d554b6dc0f tests/krb5: Include authenticator_subkey in AS-REQ exchange dict 
This is needed for FAST.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
74f332c6f9 tests/krb5: Rename generic_check_as_error() to generic_check_kdc_error() 
This method will also be useful in checking TGS-REP error replies.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
0808940674 tests/krb5: Add methods to calculate keys for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
aafc868969 tests/krb5: Add method to generate FAST encrypted challenge padata 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
69a66c0d2a tests/krb5: Add more methods to create ASN1 objects for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
ec70290029 tests/krb5: Add more ASN1 definitions for FAST 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
025737deb5 tests/krb5: Generate AP-REQ for TGS request in _generic_kdc_exchange() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
b6f96dd639 tests/krb5: Ensure generated padata is not None 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
4824dd4e9f tests/krb5: Add generate_ap_req() method 
This method will be useful to generate an AP-REQ for use as FAST armor.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
4951a105b0 tests/krb5: Check nonce in EncKDCRepPart 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
6df0e406f1 tests/krb5: Make checking less strict 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
98dc19e8c8 tests/krb5: Check version number of obtained ticket 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
3d1066e923 tests/krb5: Assert that more variables are not None 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
ba3c92f77b tests/krb5: Ensure in assertElementPresent() that container elements are not empty 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
7881865550 tests/krb5: Only allow specifying one of check_rep_fn and check_error_fn 
This means that there can no longer be surprises where a test receives a
reply when it was expecting an error, or vice versa.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
8fe9589da2 tests/krb5: Include kdc_options in kdc_exchange_dict 
Make kdc_options an element of kdc_exchange_dict instead of a parameter
to _generic_kdc_exchange(). This allows testing code to adjust the reply
checking based on the options that were specified in the request.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
21c64fda8f tests/krb5: Always specify expected error code 
Now the expected error code is always determined by the test code itself
rather than by generic_check_as_error().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
28fb50f511 tests/krb5: Add check_reply() method to check for AS or TGS reply 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:34 +00:00
Joseph Sutton
f5689bb8fa tests/krb5: Add method to calculate account salt 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
50d743bafc tests/krb5: Add more methods for obtaining machine and service credentials 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
4790b6b04a tests/krb5: Allow specifying additional details when creating an account 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
ce379edf2e tests/krb5: Use encryption with admin credentials 
This ensures that account creation using admin credentials succeeds.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
bab7503e30 tests/krb5: Add get_EpochFromKerberosTime() 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
fe8912e4a8 tests/krb5: Make _test_as_exchange() return value more consistent 
Always return the reply and the kdc_exchange_dict so that the caller has
more potentially useful information.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
cb332d8300 tests/krb5: Add method to return dict containing padata elements 
This makes checking multiple padata elements easier.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
f5a906f74f tests/krb5: Add get_enc_timestamp_pa_data_from_key() 
This makes it easier to create encrypted timestamp padata when the key
has already been obtained.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
2c80f7f851 tests/krb5: Refactor get_pa_data() 
The function now returns a single padata object rather than a list,
making it easier to combine multiple padata elements into a request. The
new name 'get_enc_timestamp_pa_data' also makes it clearer as to what
the method generates.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
a5e5f8fdfe tests/krb5: Allow cf2 to automatically use the enctype of the first key 
RFC6113 states: "Unless otherwise specified, the resulting enctype of
KRB-FX-CF2 is the enctype of k1." This change means the enctype no
longer has to be specified manually.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
17d5a26729 tests/krb5: Use credentials kvno when creating password key 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
d6a242e200 tests/krb5: Check Kerberos protocol version number 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
8194b2a261 tests/krb5: Expect e-data except when the error code is KDC_ERR_GENERIC 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
a0c6538a97 tests/krb5: Fix encpart_decryption_key with MIT KDC 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
bad5f4ee5f tests/krb5: Fix callback_dict parameter 
Items contained in a default-created callback_dict should not be carried
over between unrelated calls to {as,tgs}_as_exchange_dict().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
67ff72395c tests/krb5: Fix including enc-authorization-data 
Remove the EncAuthorizationData parameters from AS_REQ_create(), since
it should only be present in the TGS-REQ form. Also, fix a call to
EncryptedData_create() to supply the key usage when creating
enc-authorization-data.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
a2b183c179 tests/krb5: Remove magic constants 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
41c3e41034 tests/krb5: Simplify Python syntax 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
38b3a36181 tests/krb5: Use more compact dict lookup 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
1320ac0f91 tests/krb5: Remove unneeded statements 
A return statement is redundant as the last statement in a method, as
methods will otherwise return None. Also, code blocks consisting of a
single 'pass' statement can be safely omitted.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
df6623363a tests/krb5: formatting 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
7013a8edd1 tests/krb5: Fix method name typo 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
9eb4c4b7b1 tests/krb5: Fix comment typo 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
4797ced890 tests/krb5: Fix ms_kile_client_principal_lookup_test errors 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
6818d20489 pygensec: Don't modify Python bytes objects 
gensec_update() and gensec_unwrap() can both modify their input buffers
(for example, during the inplace RRC operation on GSSAPI tokens).
However, buffers obtained from Python bytes objects must not be modified
in any way. Create a copy of the input buffer so the original isn't
modified.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Joseph Sutton
814df05f8c pygensec: Fix memory leaks 
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-18 22:28:33 +00:00
Ralph Boehme
4809f4a6ee registry: check for running as root in clustering mode 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787
RN:  net conf list crashes when run as normal user

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 17 11:23:15 UTC 2021 on sn-devel-184
 2021-08-17 11:23:15 +00:00
Ralph Boehme
fd19cae8d2 s3/lib/dbwrap: check if global_messaging_context() succeeded 
The subsequent messaging_ctdb_connection() will fail an assert if messaging is
not up and running, maybe it's a bit better to add a check if
global_messaging_context() actually succeeded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2021-08-17 10:31:29 +00:00