summaryrefslogtreecommitdiff
path: root/python
AgeCommit message (Collapse)AuthorFilesLines
2021-09-21tests/krb5: Add helper method for modifying PACsJoseph Sutton1-0/+45
This method can remove or replace a PAC in an authorization-data container, while additionally returning the original PAC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-21python/join: Check for correct msDS-KrbTgtLink attributeJoseph Sutton1-3/+4
Previously, the wrong case was used when checking for this attribute, which meant krbtgt accounts were not being cleaned up. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-21python: Don't leak file handlesJoseph Sutton3-10/+17
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-15tests/krb5: Allow replicating accounts to the created RODCJoseph Sutton1-0/+50
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Create RODC account for testingJoseph Sutton1-0/+114
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Allow replicating accounts to the RODCJoseph Sutton1-2/+139
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Add get_secrets() method to get the secret attributes of a DNJoseph Sutton1-5/+21
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Add method to get RODC krbtgt credentialsJoseph Sutton1-0/+74
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Sign-extend kvno from 32-bit integerJoseph Sutton1-0/+3
This helps to avoid problems with RODC kvnos that have the high bit set. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15pytest:segfault: Add test for ldb.msg_diff()Joseph Sutton1-0/+12
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Generate padata for FAST testsJoseph Sutton1-40/+61
This gives us access to parameters of kdc_exchange_dict and enables us to simplify the logic. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Add get_cached_creds() method to create persistent accounts for ↵Joseph Sutton2-68/+125
testing BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Get encpart decryption key from kdc_exchange_dictJoseph Sutton2-86/+54
Instead of using check_padata_fn to get the encpart decryption key, we can get the key from the AS-REQ preauth phase or from the TGT, depending on whether the message is an AS-REQ or a TGS-REQ. This allows removal of check_padata_fn and some duplicated code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Get expected cname from TGT for TGS-REQ messagesJoseph Sutton1-8/+7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-15tests/krb5: Allow specifying status code to be checkedJoseph Sutton1-0/+9
This allows us to check the status code that may be sent in an error reply to a TGS-REQ message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-09-14tests/krb5: Create testing accounts in appropriate containersJoseph Sutton1-1/+6
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Sep 14 00:01:44 UTC 2021 on sn-devel-184
2021-09-13tests/krb5: Check for presence of 'key-expiration' elementJoseph Sutton1-2/+9
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Check 'caddr' elementJoseph Sutton1-2/+4
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Check for presence of 'renew-till' elementJoseph Sutton1-2/+13
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Allow Kerberos requests to be sent to DC or RODCJoseph Sutton2-15/+26
If run inside the 'rodc' testing environment, 'DC_SERVER' and 'SERVER' refer to the hostnames of the DC and RODC respectively, and this commit allows either one of them to be used as the KDC for Kerberos exchanges. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Make time assertion less strictJoseph Sutton1-1/+1
This assertion could fail if there was a time difference between the KDC and the client. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Allow specifying ticket flags expected to be set or resetJoseph Sutton2-2/+49
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Remove magic constantsJoseph Sutton2-2/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Don't create PAC request or options manually in fast_testsJoseph Sutton1-13/+9
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Don't create PAC request manually in as_req_testsJoseph Sutton1-24/+11
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: add options to kdc_exchange_dict to specify including ↵Joseph Sutton1-6/+34
PAC-REQUEST or PAC-OPTIONS Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Move padata generation methods to base classJoseph Sutton2-14/+13
This allows them to be used directly from RawKerberosTest. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Keep track of account DN in credentials objectJoseph Sutton2-0/+10
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Allow specifying additional User Account Control flags for accountJoseph Sutton1-4/+4
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Allow specifying an OU to create accounts inJoseph Sutton1-2/+6
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Replace expected_cname_private with expected_anon parameterJoseph Sutton2-43/+24
This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as the cname, and makes the reply checking logic easier to follow. This also removes the need to fetch the client credentials in the test methods. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Use more compact dict lookupJoseph Sutton1-3/+3
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Add KDCOptions flag for constrained delegationJoseph Sutton2-0/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Use signed integers to represent key version numbers in ASN.1Joseph Sutton3-3/+3
As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses signed 32-bit integers to represent key version numbers. This makes a difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than 32767, where the kvno should be encoded in four bytes rather than five. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Add methods to obtain the length of checksum typesJoseph Sutton1-0/+26
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-13tests/krb5: Calculate expected salt if not given explicitlyJoseph Sutton1-2/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-10selftest: remove unsupported smbcacls option --getRalph Boehme2-2/+2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14828 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-09-09gpo: Add Chromium Group PolicyDavid Mulder1-2/+467
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 9 20:42:35 UTC 2021 on sn-devel-184
2021-09-09gpo: Test Chromium Group PolicyDavid Mulder2-0/+5053
Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-07samba-tool: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-06selftest: Add prefix to new schema attributes to avoid flapping ↵Andrew Bartlett1-3/+3
dsdb_schema_attributes If two of these unit tests run in the same second they could select the same name, as the name was only based on the time and a common prefix. As observed by Jeremy Allison. Thanks for the report! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14819 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Sep 6 02:32:51 UTC 2021 on sn-devel-184
2021-09-05selftest: Add a test for LookupSids3 and LookupNames4 in pythonAndrew Bartlett1-0/+333
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14807 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-04python: Fix usage stringsJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-02tests/krb5: Allow KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN for a missing snameAndrew Bartlett3-9/+21
This allows our code to still pass with the error code that MIT and Heimdal have chosen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184
2021-09-02tests/krb5: Allow expected_error_mode to be a container typeJoseph Sutton1-21/+35
This allows a range of possible error codes to be checked against, for cases when the particular error code returned is not so important. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-09-02tests/krb5: Add tests for omitting sname in inner requestJoseph Sutton1-0/+28
Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC. This is fixed in MIT Krb5 commit d775c95af7606a51bf79547a94fa52ddd1cb7f49 and was given CVE-2021-37750 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-09-02tests/krb5: Allow specifying parameters specific to the inner FAST request bodyJoseph Sutton2-0/+17
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-09-02tests/krb5: Add tests for omitting sname in requestJoseph Sutton1-2/+81
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-09-02tests/krb5: Check PADATA-PW-SALT element in e-dataJoseph Sutton1-0/+14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-09-02tests/krb5: Check e-data element for TGS-REP errors without FASTJoseph Sutton2-20/+34
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-26 02:38:48 +0000