IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This will allow other parts of the testsuite to use this helpful function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Windows 2022 at April 2024 has change and now includes the
AES keys for accounts with UF_SMARTCARD_REQUIRED, so revert
part of the change in b2fe1ea1c6.
(This is an improvement to Windows security).
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Because ‘found_logon_info’ was invariably true, we would miss the case
in which set_pac_sids() failed to accomplish anything, having been
unable to find the LOGON_INFO PAC buffer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Don’t require passing in an ID to create an authentication policy.
Instead, have create_authn_policy() generate one for us.
We now return an actual AuthenticationPolicy object rather than just a
DN. This will give the tests more details to work with about the
policies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
KerberosCredentials objects now keep track of their account’s SID, which
removes the need to look it up with KDCBaseTest.get_objectSid().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This prevents having to look them up in the database when tests need
them.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows us to determine which parts of an authentication policy
apply to a particular account, which will be necessary to test audit
logging.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of using anonymous credentials, we now connect using the
passed-in credentials.
We now correctly construct nt_password and nt_verifier so as to
successfully change the password, instead of having to distinguish
between a WRONG_PASSWORD error and an error caused by the password
change being disallowed.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It’s possible that we reuse the same silo across multiple tests. In that
case, we should not delete it until we are sure we have finished with
it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we get a string, we’ll still assume it’s a DN and create a security
descriptor using it.
This is useful in cases where we don’t have a DN (e.g., the account is
not created yet).
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means that tests can now specify values for ‘objectClass’ in
additional_details which override the default value.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Move logic specific to the Network logon into that branch, so it’s
easier to see what’s going on.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now that add_dollar is honoured for all account types, we don’t want to
pass add_dollar=True for user accounts.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
