samba.git/libcli/auth/wscript_build, branch talloc-2.4.2 Unnamed repository; edit this file 'description' to name the repository. libcli:auth: Add test for encode_pwd_buffer514_from_str() 2022-07-28T11:51:28+00:00 Andreas Schneider asn@samba.org 2022-07-25T09:25:09+00:00 e181dd7b7633cdc14bcfc4b4ef71044062e0c6b6 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
librpc: Remove the gensec dependency from library dcerpc-binding 2021-04-06T23:33:14+00:00 Volker Lendecke vl@samba.org 2021-04-02T11:41:21+00:00 4d3b6506d30e4bf302f832493dad00a83b73d370 This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184 
This means yet another library, but having to depend on gensec just
for dcerpc_parse_binding() and basic packet parsing seems like a bit
overkill to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr  6 23:33:14 UTC 2021 on sn-devel-184
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:17:29+00:00 d3123858fb59046e826cf2c7ec2a3839e6508624 This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
smbdes: add des_crypt56_gnutls() using DES-CBC with zeroed IV 2019-12-10T00:30:30+00:00 Isaac Boukris iboukris@gmail.com 2019-10-19T20:48:19+00:00 0f855f1ab955e3ecf47689c5e4578eb67ebe8f27 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
libcli/auth: test des_crypt56() and add test_gnutls to selftest 2019-12-10T00:30:29+00:00 Isaac Boukris iboukris@gmail.com 2019-11-09T16:47:33+00:00 07b4606f893fabd50c2685307d58e86f55defae5 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
build: Do not build selftest binaries for builds without --enable-selftest 2019-11-22T11:48:59+00:00 Andrew Bartlett abartlet@samba.org 2019-11-21T21:06:57+00:00 6107c79c90fdff3fe60e0d0ef3efe57b52b21262 Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184 
Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY()

This allows us to be much more consistent (at least in the core Samba)
and documents clearly why the binary should not be installed.

Not modified are
 - test_lp_load
 - notifyd-tests
 - gendrandperf
 - test* from examples/libsmbclient
 - dbwrap_torture
 - split_tokens
 - locktest2
 - msgtest
 - msg_sink
 - msg_source
 - versiontest
 - rpc_open_tcp
 - test_headers

As these are not tested in selftest so any change would also be
untested.  Of course they probably should be added in a different
MR.

Also not modified (because they are not tests, nor part of the
build system) are:
 - smb2mount
 - notifydd
 - log2pacp
 - debug2html
 - smbfilter
 - destroy_netlogon_creds_cli
 - spotlight2*
 - tevent_glib_tracker

These do however appear to be untested.

For now, the source4 forked client tools are left unchanged:
 - smbclient4
 - nmblookup4

Finally, the heimdal binaries are left as install=False as
they are either part of the build system or end-user tools
that we just don't want to install.  These are however tested.

The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309
and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally
correct but are not needed if the selftest is not run on MacOS.

There are likely other platforms or build environments where building
our test binaries is more pain than valuable, see for example also
https://lists.samba.org/archive/samba/2019-November/227137.html

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>

Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
libcli/auth: add gnutls test for aes-128-cfb8 cipher bug 2019-10-07T09:31:35+00:00 Günther Deschner gd@samba.org 2019-09-28T11:10:32+00:00 7c2745d41e808b7240358f5d0702dfe7abdc93a1 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Oct 7 09:31:35 UTC 2019 on sn-devel-184 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct  7 09:31:35 UTC 2019 on sn-devel-184
libcli/auth: add test for gensec_schannel code 2019-10-07T08:13:44+00:00 Günther Deschner gd@samba.org 2019-09-25T21:44:49+00:00 7eae4280d23404be7d27f65a0c817bea2e0084b6 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
libcli:auth: Add test for decoding an RC4 password buffer 2019-07-26T01:48:22+00:00 Andreas Schneider asn@samba.org 2019-07-05T07:39:02+00:00 7ccc76f951a626a25d553ac85c5bf30eb29ffa2b BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14031

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
lib/crypto: move gnutls error wrapper to own subsystem 2019-06-27T12:54:22+00:00 Andrew Bartlett abartlet@samba.org 2019-06-26T04:41:05+00:00 8f4c30f785cd012597883016e35f794e9a800404 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>