IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Windows 11 22H2 performs such requests, with year 9999.
The test fails with KDC_ERR_BAD_INTEGRITY on older
Heimdal versions, which are unable to verify a checksum
over the modified request body (due to a re-encoding failure).
REF: https://github.com/heimdal/heimdal/issues/1011
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15197
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This function returns a ccache containing a previously obtained ticket.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously we would ignore 'client_opts' and always use the same user
and machine accounts for TGS-REQs. Use 'client_opts' and add a new
'armor_opts' parameter for specifying options of the armoring account.
Furthermore, our test-specific ticket caching is no longer of use, for
get_tgt() and get_service_ticket() now implement ticket caching. Remove
it and eliminate the possibility of mistakenly using stale tickets.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
None of these functions can return False now. Instead we must catch the
LdbError if we want to perform further error handling.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Based on tests originally written by Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 9 01:11:05 UTC 2022 on sn-devel-184
We should not be able to use krb@REALM instead of krbtgt@REALM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows us to make use of it in other tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
The environment variable is a string, but we expect an integer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Windows only requires SEC_ADS_CONTROL_ACCESS for the check to pass.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 15:38:23 UTC 2022 on sn-devel-184
This ensures that when an enum value is expected, a magic constant won't
be supplied instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 08:18:06 UTC 2022 on sn-devel-184
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Those will be needed earlier in the next commit.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This ensures accounts are still cleaned up if a test fails before adding
it to the cleanup list.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This prevents problems if accounts are added as children of other
accounts.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This code can be made part of the previous 'else' branch.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Fri Mar 18 00:11:25 UTC 2022 on sn-devel-184
Use a unique name for the mock RODC. Don't assign to _rodc_ctx until the
RODC has been created, so we don't try to use a mock RODC that failed to
create.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This fixes a lot of tests with Python 3.8. Stacktrace example:
File "python/samba/tests/krb5/as_req_tests.py", line 249, in test_as_req_enc_timestamp_rc4_dummy
self._run_as_req_enc_timestamp(
File "python/samba/tests/krb5/as_req_tests.py", line 129, in _run_as_req_enc_timestamp
as_rep, kdc_exchange_dict = self._test_as_exchange(
File "python/samba/tests/krb5/raw_testcase.py", line 3982, in _test_as_exchange
rep = self._generic_kdc_exchange(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2029, in _generic_kdc_exchange
return check_rep_fn(kdc_exchange_dict, callback_dict, rep)
File "python/samba/tests/krb5/raw_testcase.py", line 2328, in generic_check_kdc_rep
self.check_reply_padata(kdc_exchange_dict,
File "python/samba/tests/krb5/raw_testcase.py", line 2998, in check_reply_padata
got_patypes = tuple(pa['padata-type'] for pa in rep_padata)
TypeError: 'NoneType' object is not iterable
This adds additional checks for rep_padata.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This also addresses CVE-2020-17049.
MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
enough distributions have been released with MIT Kerberos 1.20.
Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Heimdal matches Windows in this respect
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
So far we have only been checking padata in error replies and with FAST.
We should also check it in the general success case.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
