samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00

History

Joseph Sutton 3cab628936 CVE-2022-2031 s4:kdc: Fix canonicalisation of kadmin/changepw principal

Since this principal goes through the samba_kdc_fetch_server() path,
setting the canonicalisation flag would cause the principal to be
replaced with the sAMAccountName; this meant requests to
kadmin/changepw@REALM would result in a ticket to krbtgt@REALM. Now we
properly handle canonicalisation for the kadmin/changepw principal.

View with 'git show -b'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

[jsutton@samba.org Adapted entry to entry_ex->entry; removed MIT KDC
 1.20-specific knownfails]

2022-07-24 11:42:02 +02:00

bug-14236

libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE

2020-02-07 08:53:40 +00:00

complex_expressions

ldb: complex expression testing

2018-12-07 07:07:08 +01:00

dns

s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully

2020-05-15 07:29:16 +00:00

dns_packet

CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility

2020-07-02 09:01:41 +00:00

durable-v2-delay

torture: Run durable_v2_reconnect_delay_msec with leases

2019-12-10 20:31:40 +00:00

empty-domain-name

s3:auth_sam: map an empty domain or '.' to the local SAM name

2020-02-05 16:30:42 +00:00

encrypted_secrets

selftest/knownfail: Add python2 version of known fails

2018-12-10 10:38:26 +01:00

getncchanges

repl_md: Avoid dropping cross-partition links

2019-07-02 04:21:36 +00:00

initshutdown

Run test for initshutdown

2019-05-24 03:19:17 +00:00

kdc-salt

dsdb: Allow special chars like "@" in samAccountName when generating the salt

2021-10-26 12:00:28 +00:00

keytab

selftest/samba4.blackbox.export.keytab: Update to use a principal with SPN as UPN

2018-09-05 11:42:25 +02:00

kinit_trust

s4/selftest: Adjust samba4.blackbox.pkinit to use (s3) smbclient

2020-04-03 15:08:30 +00:00

labdc

selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed

2018-07-10 04:42:10 +02:00

ldap

CVE-2020-25722 Ensure the structural objectclass cannot be changed

2021-11-08 10:46:45 +01:00

ldap_spn

CVE-2020-25722 s4/dsdb/samldb: reject SPN with too few/many components

2021-11-08 10:46:44 +01:00

modify-order

CVE-2020-25722 Ensure the structural objectclass cannot be changed

2021-11-08 10:46:45 +01:00

netlogon

smbtorture: Add more tests around NETLOGON challenge reuse

2017-06-27 16:57:42 +02:00

ntlmv1-restrictions

selftest/knownfail: Add python2 version of known fails

2018-12-10 10:38:26 +01:00

ntlmv2-restrictions

s4:selftest: replace --option=usespnego= with --option=clientusespnego=

2018-01-10 01:01:24 +01:00

password_settings

s4/selftest: Move samba4.ldap.passwordsettings to ad_dc_default_smb1

2020-04-03 15:08:32 +00:00

priv_attr

CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK (for now)

2021-11-08 10:46:42 +01:00

python-segfaults

pyldb: Fix deleting an ldb.Control critical flag

2021-10-26 12:00:28 +00:00

quota1

smbd: Protect smbd_smb2_getinfo_send() against invalid quota files

2020-05-29 09:55:10 +00:00

README

selftest: use an additional directory of knownfail/flapping files

2017-06-03 13:55:41 +02:00

replica_sync

selftest/knownfail: Add python2 version of known fails

2018-12-10 10:38:26 +01:00

rpc-netlogon-zerologon

CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password

2020-10-16 04:45:40 +00:00

rw-invalid

smbd: add vfs_valid_{pread,pwrite}_range() checks where needed

2020-05-12 19:53:44 +00:00

s3-lsa-server

test_trust_ntlm.sh: add lookup name tests

2018-02-21 14:19:19 +01:00

samba3.vfs.fruit

lib/adouble: pass filesize to ad_unpack()

2019-10-30 14:52:33 +00:00

smb1-tests

s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.

2022-02-09 10:23:19 +00:00

smbcacls

s3:smbcacls: Add support for DFS path

2020-07-07 23:03:00 +00:00

smbclient-smb3

s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3

2017-06-27 16:57:48 +02:00

srvsvc

selftest: Run samba3.srvsvc tests covering more of the srvsvc server

2019-05-24 03:19:17 +00:00

uac_objectclass_restrict

CVE-2020-25722 Ensure the structural objectclass cannot be changed

2021-11-08 10:46:45 +01:00

upn_handling

s3:winbind: Do not lookup local system accounts in AD

2018-07-04 23:55:56 +02:00

usage

source4/scripting/bin: Swap machine account password scripts

2020-02-06 14:57:42 +00:00

vlv

CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port

2020-07-02 09:01:41 +00:00

wkssvc

selftest: Add more testing of wkssvc in source3

2019-05-24 03:19:17 +00:00

README

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines begining with '#' are ignored.
# Please don't add tests to this README!