samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-24 02:04:21 +03:00

History

Stefan Metzmacher e2d271cb6b CVE-2020-25719 CVE-2020-25717: auth/gensec: always require a PAC in domain mode (DC or member)

AD domains always provide a PAC unless UF_NO_AUTH_DATA_REQUIRED is set
on the service account, which can only be explicitly configured,
but that's an invalid configuration!

We still try to support standalone servers in an MIT realm,
as legacy setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

[jsutton@samba.org Removed knownfail entries]

2021-11-09 19:45:33 +00:00

bug-14236

libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE

2020-02-07 08:53:40 +00:00

complex_expressions

ldb: complex expression testing

2018-12-07 07:07:08 +01:00

dns

s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully

2020-05-15 07:29:16 +00:00

dns_packet

CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility

2020-07-02 09:01:41 +00:00

dns-aging

dns update: zero flags and reserved

2021-07-05 04:16:34 +00:00

durable-v2-delay

torture: Run durable_v2_reconnect_delay_msec with leases

2019-12-10 20:31:40 +00:00

empty-domain-name

s3:auth_sam: map an empty domain or '.' to the local SAM name

2020-02-05 16:30:42 +00:00

encrypted_secrets

knownfail: remove python[23] lines

2021-03-17 05:57:34 +00:00

getncchanges

knownfail: remove python[23] lines

2021-03-17 05:57:34 +00:00

initshutdown

Run test for initshutdown

2019-05-24 03:19:17 +00:00

kdc-enterprise

tests python krb5: Extra canonicalization tests

2020-11-30 05:21:42 +00:00

kdc-salt

dsdb: Allow special chars like "@" in samAccountName when generating the salt

2021-10-20 12:54:54 +00:00

keytab

selftest/samba4.blackbox.export.keytab: Update to use a principal with SPN as UPN

2018-09-05 11:42:25 +02:00

kinit_trust

s4/selftest: Adjust samba4.blackbox.pkinit to use (s3) smbclient

2020-04-03 15:08:30 +00:00

ktest

CVE-2020-25717: s3:auth: remove fallbacks in smb_getpwnam()

2021-11-09 19:45:33 +00:00

labdc

selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed

2018-07-10 04:42:10 +02:00

ldap

ldap_server: Terminate LDAP connections on krb ticket expiry

2020-08-21 19:14:32 +00:00

modify-order

pytests: try ldap.modify_order with normal user

2019-05-01 05:32:25 +00:00

multichannel

selftest: enable 'server multi channel support = yes'

2021-03-06 02:20:05 +00:00

netlogon

smbtorture: Add more tests around NETLOGON challenge reuse

2017-06-27 16:57:42 +02:00

ntlmv1-restrictions

knownfail: remove python[23] lines

2021-03-17 05:57:34 +00:00

ntlmv2-restrictions

s4:torture: Migrate smbtorture to new cmdline option parser

2021-06-16 00:34:38 +00:00

oneway

selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc

2021-07-07 14:10:29 +00:00

password_settings

knownfail: remove python[23] lines

2021-03-17 05:57:34 +00:00

priv_attr

CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK (for now)

2021-11-09 19:45:32 +00:00

python-segfaults

pyldb: Fix deleting an ldb.Control critical flag

2021-09-28 09:44:35 +00:00

quota1

smbd: Protect smbd_smb2_getinfo_send() against invalid quota files

2020-05-29 09:55:10 +00:00

README

selftest: fix typos in README files

2021-03-01 03:50:35 +00:00

replica_sync

knownfail: remove python[23] lines

2021-03-17 05:57:34 +00:00

rpc-netlogon-zerologon

CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password

2020-10-16 04:45:40 +00:00

rw-invalid

smbd: add vfs_valid_{pread,pwrite}_range() checks where needed

2020-05-12 19:53:44 +00:00

s3-lsa-server

test_trust_ntlm.sh: add lookup name tests

2018-02-21 14:19:19 +01:00

samba3.vfs.fruit

lib/adouble: pass filesize to ad_unpack()

2019-10-30 14:52:33 +00:00

smb1-tests

s4:torture: Migrate smbtorture to new cmdline option parser

2021-06-16 00:34:38 +00:00

smb2.replay

smb2_server: don't cancel pending request if at least one channel is still alive

2021-03-29 19:36:37 +00:00

smb2.session

s3:smbd: really support AES-256* in the server

2021-07-20 16:13:28 +00:00

smbcacls

s3:smbcacls: Add support for DFS path

2020-07-07 23:03:00 +00:00

smbclient-smb3

s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3

2017-06-27 16:57:48 +02:00

srvsvc

selftest: Run samba3.srvsvc tests covering more of the srvsvc server

2019-05-24 03:19:17 +00:00

uac_mod_lock

CVE-2020-25722 dsdb: Add restrictions on computer accounts without a trailing $

2021-11-09 19:45:32 +00:00

uac_objectclass_restrict

CVE-2020-25722 selftest/user_account_control: more work to cope with UAC/objectclass defaults and lock

2021-11-09 19:45:32 +00:00

upn_handling

s3:winbind: Do not lookup local system accounts in AD

2018-07-04 23:55:56 +02:00

usage

lib:ldb-samba: Migrate samba extensions to new cmdline option parser

2021-06-16 01:25:28 +00:00

vlv

CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port

2020-07-02 09:01:41 +00:00

wkssvc

selftest: Add more testing of wkssvc in source3

2019-05-24 03:19:17 +00:00

README

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines beginning with '#' are ignored.
# Please don't add tests to this README!