sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
e7144f2e11
samba-mirror/selftest/knownfail.d
History
Stefan Metzmacher c7a3ce95ac auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server 
This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3c and
3a0b835408.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144
2018-05-16 03:26:03 +02:00
..
dns join.py Add DNS records at domain join time 2017-06-11 02:04:51 +02:00
encrypted_secrets selftest fl2000dc provision with --plaintext-secrets 2017-12-18 00:10:17 +01:00
getncchanges getncchanges.py: Add a multi-valued linked attribute test 2017-09-18 05:51:25 +02:00
keytab auth: keytab invalidation fix 2018-05-15 15:45:08 +02:00
netlogon smbtorture: Add more tests around NETLOGON challenge reuse 2017-06-27 16:57:42 +02:00
ntlmv1-restrictions selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only options 2017-07-04 06:57:20 +02:00
ntlmv2-restrictions s4:selftest: replace --option=usespnego= with --option=clientusespnego= 2018-01-10 01:01:24 +01:00
password_hash_gpgme tests: Add a test case for msDS-PasswordReversibleEncryptionEnabled 2018-05-11 06:01:24 +02:00
password_lockout tests: Add test for password-lockout via SAMR RPC 2018-05-11 06:01:24 +02:00
password_settings tests: Add tests for Password Settings Objects 2018-05-11 06:01:23 +02:00
README selftest: use an additional directory of knownfail/flapping files 2017-06-03 13:55:41 +02:00
replica_sync selftest: Add test for a re-animated object conflict 2017-09-26 05:33:17 +02:00
s3-lsa-server test_trust_ntlm.sh: add lookup name tests 2018-02-21 14:19:19 +01:00
samba3.vfs.fruit vfs_fruit: set delete-on-close for empty finderinfo 2018-01-09 17:09:12 +01:00
smbclient-smb3 s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3 2017-06-27 16:57:48 +02:00
upn_handling winbind: Fix UPN handling in parse_domain_user() 2018-05-11 09:07:37 +02:00

README 

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines begining with '#' are ignored.
# Please don't add tests to this README!