IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This currently fails due to the DC not having a rIDNextRID attribute,
which is required for the restore process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 19 20:01:00 UTC 2021 on sn-devel-184
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through SMB.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through RPC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service through LDAP.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Test that we can use a credentials cache with a user's service ticket
obtained with our Python code to connect to a service using the normal
credentials system backed on to MIT/Heimdal Kerberos 5 libraries. This
will allow us to validate the output of the MIT/Heimdal libraries in the
future.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This made Python 2's print behave like Python 3's print().
In some cases, where we had:
from __future__ import print_function
"""Intended module documentation..."""
this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This kind of test is better hosted in python than in C. More lines,
but the ones in source4/libcli/security/tests/sddl.c were preeetty
long...
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 13 19:17:56 UTC 2021 on sn-devel-184
Tests of [MS-KILE]: Kerberos Protocol Extensions
section 3.3.5.6.1 Client Principal Lookup
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
GNUstep as an mdfind binary, and both should be co-instalable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14431
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 29 16:18:54 UTC 2021 on sn-devel-184
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture.
Tests should not create files in the build nor the source directory!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 27 11:01:32 UTC 2021 on sn-devel-184
That share will get the "honor change notify privilege = yes" option
once it's implemented. For now it's marked as knownfail.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Implement the tests in source4/torture/krb5/kdc-heimdal.c in python.
The following tests were not re-implemented as they are client side
tests for the "Orpheus Lyre" attack:
TORTURE_KRB5_TEST_CHANGE_SERVER_OUT
TORTURE_KRB5_TEST_CHANGE_SERVER_IN
TORTURE_KRB5_TEST_CHANGE_SERVER_BOTH
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add new python test to document the differences between the MIT and
Heimdal Kerberos implementations.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:
- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns
This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.
It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Add a ZeroLogon test suite, to allow the ZeroLogon tests to be run against
the s3 and s4 netlogon servers.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
LDAP connections should time out when the kerberos ticket used to authenticate
expires. Windows does this with a RFC4511 section 4.4.1 message (that as of
August 2020 is encoded not according to the RFC) followed by a TCP disconnect.
ldb sees the section 4.4.1 as a protocol violation and returns
LDB_ERR_PROTOCOL_ERROR.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Without this, test_multibind() only gets NULL for userdn and password,
not doing what the test claims. This now fails, because our LDAP
server does not allow plain text binds.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The commit creates a dfs link in existing 'fileserver' env
share msdfs_share. Additionally we create a new dfs target in
a new share (with associated directory)
Additionally add a known fail as smbcacls doesn't not yet navigate DFS links.
A subsequent commit will fix smcacls to handle DFS (and remove the
knownfail)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
We check the output with both --fullname and with the default shortname
to ensure it works as expected.
We also do tests for each level and test relative names are used.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Sachin Prabhu <sprabhu@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User((no branch)): Stefan Metzmacher <metze@samba.org>
Autobuild-Date((no branch)): Tue Jul 7 12:16:34 UTC 2020 on sn-devel-184
These time the push and pull function in isolation.
Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This allows the userPassword (not GPG) part of the test to run on hosts without
python3-gpg (eg RHEL7) while still testing the userPassword handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected. Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
