IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Before we were putting it in an otherwise unused variable, and
deleting the previous krbtgt_dn, if any.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
out_dict would have been shared across all calls, aggregating values as it went.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This seems to be really broken in GnuTLS and the documentation is also
not correct.
This partially reverts 53e3a959b958a3b099df6ecc5f6e294e96bd948e
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 1 14:56:33 UTC 2020 on sn-devel-184
This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Tue Jun 23 17:53:22 UTC 2020 on sn-devel-184
Create a parent class for parsing Registry.pol
files by group policy extensions.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
The current code attempts a SAMR based password set for all errors,
we want to continue on LDAP or local LDB (in the restore case) unless
we really got the specific error given by Windows 2000.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14414
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Jun 23 05:07:00 UTC 2020 on sn-devel-184
Thanks to Jim Brown.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 19:54:04 UTC 2020 on sn-devel-184
Running samba.tests.docs on my machine:
before -> (2m6.952s)
after -> (22.298s)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 19 10:59:30 UTC 2020 on sn-devel-184
Running samba.tests.docs on my machine:
before -> (3m52.582s)
after -> (2m6.952s)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
We want correct documentation if at all possible.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 15:48:06 UTC 2020 on sn-devel-184
We clarify the smb.conf manpage entry for "use mmap" to match the actual behaviour
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This cost around 10ms for every Python script, and was only used in one
test.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Only provision.py wants a function from urllib, but we were importing
it in samba.compat, which is imported by samba, mening that every
python script importing anything from samba took 40ms longer to start
up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
that's how MIT kdc encodes it, clients accept both.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 11 04:37:37 UTC 2020 on sn-devel-184
The unix session info is required and expected by e.g. many vfs
modules. Missing unix session info leads to samba panic.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
These have been known to be given by Windows DCs that share the same domain
as while invalid, they are not format-checked inbound when set by the DNS
Manager MMC applet over the dnsserver pipe to Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This will be used by a test and the DNS server code to parse short dnsProperty
records which come from Windows servers.
This example is from the value that caused Samba to fail as it
can not be parsed as a normal dnsp_DnsProperty
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This patch especially improves the case where extra arguments are used.
Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.
Example without this patch:
# samba-tool sites list --all
Usage: samba-tool sites <subcommand>
samba-tool sites: error: no such option: --all
This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.
Example with this patch:
# samba-tool sites list --all
samba-tool sites: no such subcommand: list
Usage: samba-tool sites <subcommand>
(...)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184
Python 3.8 adds this warning via https://bugs.python.org/issue34850:
the "is" and "is not" operator sometimes is used with string and
numerical literals. This code "works" on CPython by accident, because
of caching on different levels (small integers and strings caches,
interned strings, deduplicating constants at compile time). But it
shouldn't work on other implementations, and can not work even on
early or future CPython versions.
Reported-by: L. van Belle <belle@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Apr 27 12:19:59 UTC 2020 on sn-devel-184
The LDAP backend for the Samba AD DC, aiming to store the AD DC in
an existing LDAP server was largely removed many years aga, but the
other parts were removed in 2b0fc74a0916a6ab0d5ac007cc5e100d4682b2ea.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 23 06:12:20 UTC 2020 on sn-devel-184
This just demonstrates that the infrastructure works:-)
I'm running this as:
SERVER=172.31.9.188 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE \
USERNAME=administrator PASSWORD=A1b2C3d4 SERVICE_USERNAME="w2012r2-188" \
python/samba/tests/krb5/simple_tests.py
Pair-Programmed-With: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Pair-Programmed-With: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
The pyasn1 bindings are generated by pyasn1gen.py from
https://github.com/kimgr/asn1ate.git
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
This is crypto.py of commit f0612aa908062fb239d1c3873595e7204ae1691d
from https://github.com/greghudson/pyk5.git
This will be used in order to do raw protocol testing against
[MS-KILE] KDCs.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
