IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Trying to run any of these tests without having built ctdb results in a
failure, as the environment cannot be started.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This makes sure they are run as part of "samba-addc-mit-1".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15336
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This demonstrates that the server did not detect CVE-2023-0922
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 31 09:30:17 UTC 2023 on atb-devel-224
We now create a client claims blob and add it to the PAC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
have_fast_support is unconditionally set to 1, so this doesn't change
any behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Added delete protected test to known fail as Samba doesn't seem to enforce this yet.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This give us a building block to test the PAC claims format
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These tests verify that the groups in the device info structure in the
PAC are exactly as expected under various scenarios.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This has the lower-case share, used in the next commit
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15313
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Test should have been using "schema_pair_dc", it was picking this up from the variable env in the loop above it.
However, it was hardcoded to use promoted_dc.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15316
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
There are four functions, allowing compression and decompression in
the two formats we support so far. The functions will accept bytes or
unicode strings which are treated as utf-8.
The LZ77+Huffman decompression algorithm requires an exact target
length to decompress, so this is mandatory.
The plain decompression algorithm does not need an exact length, but
you can provide one to help it know how much space to allocate. As
currently written, you can provide a short length and it will often
succeed in decompressing to a different shorter string.
These bindings are intended to make ad-hoc investigation easier, not
for production use. This is reflected in the guesses about output size
that plain_decompress() makes if you don't supply one -- either they
are stupidly wasteful or ridiculously insufficient, depending on
whether or not you were trying to decompress a 20MB string.
>>> a = '12345678'
>>> import compression
>>> b = compression.huffman_compress(a)
>>> b
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #....
>>> len(b)
262
>>> c = compression.huffman_decompress(b, len(a))
>>> c
b'12345678' # note, c is bytes, a is str
>>> a
'12345678'
>>> d = compression.plain_compress(a)
>>> d
b'\xff\xff\xff\x0012345678'
>>> compression.plain_decompress(d) # no size specified, guesses
b'12345678'
>>> compression.plain_decompress(d,5)
b'12345'
>>> compression.plain_decompress(d,0) # 0 for auto
b'12345678'
>>> compression.plain_decompress(d,1)
b'1'
>>> compression.plain_decompress(a,444)
Traceback (most recent call last):
compression.CompressionError: unable to decompress data into a buffer of 444 bytes.
>>> compression.plain_decompress(b,444)
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #...
That last one decompresses the Huffman compressed file with the plain
compressor; pretty much any string is valid for plain decompression.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
This shows that changes around RC4 encryption types do not break older
functional levels where only RC4 keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The KDC should leave the choice of ticket encryption type up to the
target service, and admit no influence from the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In which we make AS and TGS requests and verify the SIDs we expect are
returned in the PAC.
Example command to test against Windows Server 2019 functional level
2016 with FAST enabled:
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \
CLAIMS_SUPPORT=1 COMPOUND_ID_SUPPORT=1 DC_SERVER=ADDC.EXAMPLE.COM \
DOMAIN=EXAMPLE EXPECT_PAC=1 FAST_SUPPORT=1 KRB5_CONFIG=krb5.conf \
PYTHONPATH=bin/python REALM=EXAMPLE.COM SERVER=ADDC.EXAMPLE.COM \
SKIP_INVALID=1 SMB_CONF_PATH=smb.conf STRICT_CHECKING=1 \
TKT_SIG_SUPPORT=1 python3 python/samba/tests/krb5/group_tests.py
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 8 03:37:37 UTC 2022 on sn-devel-184
samba/libsmb.py will become a common file to do the library
initialization for our tests. We already have two copies in
smb3unix.py and libsmb.py, and there might be more soon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 25 10:30:59 UTC 2022 on sn-devel-184
We don't need the local configuration here.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Based on tests originally written by Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 9 01:11:05 UTC 2022 on sn-devel-184
