IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The old test
x if ((len(repr(chr(x))) == 3) and (x < 127)) else ord('.')
went through some contortions to see if the character was printable, and
it got it slightly wrong. The idea was that `repr(chr(97)` is "'a'",
while `repr(chr(167)` is "'\xa7'", which we can distinguish using the
length. But that miscategorised the backslash character, which is
represented as "'\\'", a string of length 4, so it was show as '.'
instead.
Instead we notice that the characters we want to print in a hexdump
are exactly those between 32 and 126, inclusive.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
`pw.encode('utf-16-le')` is always bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
`pw.encode('utf-16-le')` is always bytes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This was a workaround for the migration to Python 3, but is now just
extra work for the computer and cognitive load for us.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is likely not necessary to cast to list().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is likely not necessary to cast to list() in most cases.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
On master attempting to chdir into a nested dfs link
e.g. cd dfslink (works)
cd dfslink/another_dfslink (fails)
[1] Add a test for this scenario (nested chdir)
[2] Add test for enumerating a dfs link in root of dfs share
[3] Add a test to check case insensitive chdir into dfs link on widelink
enabled share
Add knownfails for tests 1 and 3
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435
`assert` can be optimised away if python is run with `-O`.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 11 05:32:28 UTC 2024 on atb-devel-224
This is done by adding a new API that avoids the problems of
ldb_dn_copy() and makes it clear that a struct ldb_context *
pointer will be stored in the new copy.
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This flexiblity in the tests avoids requiring Samba/Heimdal to omit an NTSTATUS error
return and just be consistent between the different authentication paths.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 10 05:32:54 UTC 2024 on atb-devel-224
This makes sense as otherwise the user would suddenly not know their password
for use when they do not use their smartcard.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We do this by telling the Domain Functional Level upgrade code that
this is a new install.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This assures us that the new provision sets the value by default.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
The tests of passwords that will expire in the TGT lifetime fail against
windows, we do not see the rotation in that case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This allows Windows behaviour with clock skew to be allowed for.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This will allow other parts of the testsuite to use this helpful function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This demonstrates behaviour against a server presumed to be in FL 2016
what the impact of the msDS-ExpirePasswordsOnSmartCardOnlyAccounts
attribute is.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Windows 2022 at April 2024 has change and now includes the
AES keys for accounts with UF_SMARTCARD_REQUIRED, so revert
part of the change in b2fe1ea1c6.
(This is an improvement to Windows security).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
We have had confirmed from MS that this behaviour is both deliberate
and required. Possession of the credential is (by the returned PAC
containing the NT hash) possession of the password, and it must be
possible to change the password to a known value otherwise DPAPI
(local keychain) secured by this value can fail on the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15045
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This allows to verify the backup tarball contents with:
sha256sum -c SHA256SUM
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We also have ldapi, other sockets or pipes around, we don't want to
add. This will be relevant for adding checksums later.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This demonstrates that access_denied is only generated if the client
really generates a change in the database.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also test using the additional record in the answers section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow tests to backup the whole state
and mix them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It's possible to put the additional into the answers section,
so we should be able to test that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Failed DNS updates just echo the request flaged as response,
all other elements are unchanged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With socket_wrapper we only get 1500 byte chunks...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We just destroy the signature bytes but keep the header unchanged.
This makes it easier to look at it in wireshark.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13019
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If this test happens to be run in the five minute window prior to the
next ten‐hour GKDI interval — about once every one hundred and twenty
runs — the ‘current’ password requested from LDAP will actually be the
future password, which won’t match what’s in the database.
Instead of taking the password from LDAP, calculate it ourselves with
expected_gmsa_password_blob().
[330(7038)/334 at 43m51s] samba.tests.krb5.gmsa_tests(ad_dc:local)
UNEXPECTED(failure): samba.tests.krb5.gmsa_tests.samba.tests.krb5.gmsa_tests.GmsaTests.test_retrieving_managed_password_triggers_keys_update(ad_dc:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builds/samba-testbase/samba-def-build/bin/python/samba/tests/krb5/gmsa_tests.py", line 1091, in test_retrieving_managed_password_triggers_keys_update
self.assertEqual(creds.get_nt_hash(), nt_hash)
AssertionError: b'\xcf[\xe8:\xc7-\xd4V\xce\t\xfc\xcd\x06.T\x8a' != b'c\xc5\x97k\x17"G\x1e\x81>\xacV\x9d.*\x14'
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Jun 4 20:52:09 UTC 2024 on atb-devel-224
