samba.git/source4/kdc/tests, branch master Unnamed repository; edit this file 'description' to name the repository. s4:kdc:db-glue:tests free principal 2026-02-23T20:16:34+00:00 Gary Lockyer gary@catalyst.net.nz 2026-02-18T23:19:35+00:00 fb16086ba44ad1943ec6796c8d607ed4c37eb064 Call krb5_free_principal to quiet valgrind leak reports Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
Call krb5_free_principal to quiet valgrind leak reports

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
s4:kdc:db-glue altSecurityIdentities DN and serial reversed 2026-02-23T20:16:34+00:00 Gary Lockyer gary@catalyst.net.nz 2026-02-18T23:18:38+00:00 580051e5686d9a26d2502eb969f7a80e13519afb When altSecurityIdentities is set by RSAT / ADUC they store the Issuer and Subject DN in last to first order i.e. CN=Common Name, O=Organization, C=Country Need to reverse that to first to last order, i.e. C=Country, O=Organization, CN=Common name Which is how they're stored on the X509 certificates. Also the serial number is stored in reverse order. BUG: https://bugzilla.samba.org/show_bug.cgi?id=16001 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
When altSecurityIdentities is set by RSAT / ADUC they store the
Issuer and Subject DN in last to first order i.e.
       CN=Common Name, O=Organization, C=Country
Need to reverse that to first to last order, i.e.
       C=Country, O=Organization, CN=Common name
Which is how they're stored on the X509 certificates.

Also the serial number is stored in reverse order.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=16001

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
s4:kdc: Fix cmocka.h include 2025-10-17T11:12:29+00:00 Andreas Schneider asn@samba.org 2025-10-17T07:10:29+00:00 0ff580d46507bdeb19f862c33137209996f0fc65 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Add missing include needed for cmocka.h 2025-10-17T11:12:29+00:00 Andreas Schneider asn@samba.org 2025-08-07T08:36:51+00:00 50604bc027c3d053cafd803ff515e6da881e79a5 This will be required in future. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> 
This will be required in future.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
s4:kdc:db-glue-tests Fix CID 1666664 2025-10-13T03:39:34+00:00 Gary Lockyer gary@catalyst.net.nz 2025-10-12T20:44:49+00:00 6af2e180ce1c1e599d60fc6bfd5086216e92b040 Fix Coverity issue CID 1666664 115 char* ts = ldb_timestring(msg, created); >>> CID 1666664: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a pointer that might be "NULL" "ts" when calling >>> "ldb_msg_add_string". 116 ldb_msg_add_string(msg, "whenCreated", ts); Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> 
Fix Coverity issue CID 1666664

115     	char* ts = ldb_timestring(msg, created);
>>>     CID 1666664:         Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "NULL" "ts" when calling
>>>     "ldb_msg_add_string".
116     	ldb_msg_add_string(msg, "whenCreated", ts);

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 s4:kdc:sdb_to_hdb strong/flexible certificate mappings 2025-10-10T02:30:06+00:00 Gary Lockyer gary@catalyst.net.nz 2025-09-07T22:29:36+00:00 9ffcd38c16c0f44950a7ea547eb19a01590617f7 Map the content of sdb_certificate_mappings to the hdb extension HDB_Ext_CertificateMapping Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Autobuild-User(master): Jennifer Sutton <jsutton@samba.org> Autobuild-Date(master): Fri Oct 10 02:30:06 UTC 2025 on atb-devel-224 
Map the content of sdb_certificate_mappings to the hdb extension
HDB_Ext_CertificateMapping

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Fri Oct 10 02:30:06 UTC 2025 on atb-devel-224
s4:kdc:sdb Support Windows flexible cert mappings 2025-10-10T01:27:31+00:00 Gary Lockyer gary@catalyst.net.nz 2025-09-01T21:59:13+00:00 14d9a1be89557c3c7bca13be7410a47b7b6bf511 Extract certificate mappings from the altSecurityIdentities attribute and populate the new sdb_certificate_mappings element of sdb Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
Extract certificate mappings from the altSecurityIdentities attribute and
populate the new sdb_certificate_mappings element of sdb

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
s4:kdc:sdb_to_hdb key trust support 2025-09-16T23:23:42+00:00 Gary Lockyer gary@catalyst.net.nz 2025-08-11T00:00:03+00:00 f52ea1082bf245f6bfd424b6ba76c74881df97b5 Convert key trust public keys contained in the clients sdb records, and add to the HDB_Ext_KeyTrust extension on the clients HDB record Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Tue Sep 16 23:23:42 UTC 2025 on atb-devel-224 
Convert key trust public keys contained in the clients sdb records, and add
to the HDB_Ext_KeyTrust extension on the clients HDB record

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Sep 16 23:23:42 UTC 2025 on atb-devel-224
s4:kdc:db-glue binary dn changes 2025-09-16T22:22:34+00:00 Gary Lockyer gary@catalyst.net.nz 2025-08-11T04:09:46+00:00 4d9c130a14b83615fa165ae8f1b4f5b5bb53caf8 msDS-KeyCredentialLink will be stored as a BinaryDN and not a binary blob. This commit updates db-glue and it's tests accordingly. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> 
msDS-KeyCredentialLink will be stored as a BinaryDN and not a binary blob.
This commit updates db-glue and it's tests accordingly.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
s4:kdc Support for key trust authentication 2025-07-29T05:31:10+00:00 Gary Lockyer gary@catalyst.net.nz 2025-07-25T01:22:27+00:00 33b55227db888acf70db9ff44c385a294e07ce36 Extract the public kes from msDS-KeyCredentialLink and populate the sdb structure. These values can then be passed to Kergeros to allow key trust authentication. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Tue Jul 29 05:31:10 UTC 2025 on atb-devel-224 
Extract the public kes from msDS-KeyCredentialLink and populate the sdb
structure.  These values can then be passed to Kergeros to allow key
trust authentication.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Jul 29 05:31:10 UTC 2025 on atb-devel-224