Günther Deschner [Tue, 17 Oct 2023 10:59:59 +0000 (12:59 +0200)]
s3-iremotewinspool: add additional openprinterex userlevel validation
When called via the PAR interface, we need to do additional userlevel
input validation.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Sun, 22 Sep 2019 18:58:30 +0000 (20:58 +0200)]
s4-torture: add missing copyright header in iremotewinspool helper
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 10 Feb 2017 12:52:44 +0000 (13:52 +0100)]
create ctags also for perl modules
Günther Deschner [Fri, 20 Jan 2017 15:43:43 +0000 (16:43 +0100)]
wip new torture test 'add_driver_printer_inf'
Günther Deschner [Tue, 10 Jan 2017 14:36:39 +0000 (15:36 +0100)]
wip: guess a good ntprint.inf during _winspool_AsyncInstallPrinterDriverFromPackage
Günther Deschner [Wed, 16 Nov 2016 18:26:43 +0000 (19:26 +0100)]
s3-net: add "net rpc printer migrate coredrivers" skeleton.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Mon, 9 Jan 2017 16:23:11 +0000 (17:23 +0100)]
s3-spoolss: properly implement _spoolss_GetPrinterDriverPackagePath (by using winreg_get_driver_package_internal)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 20 Jan 2017 16:57:19 +0000 (17:57 +0100)]
use winreg_add_driver_package_internal in _winspool_AsyncInstallPrinterDriverFromPackage
Günther Deschner [Wed, 23 Jan 2013 10:12:01 +0000 (11:12 +0100)]
s3-spoolss: implement _spoolss PrinterIC family of calls.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Günther Deschner [Fri, 18 Nov 2016 17:21:08 +0000 (18:21 +0100)]
s3-spoolss: support OSVersionEx
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Thu, 1 Dec 2016 20:33:17 +0000 (21:33 +0100)]
s3-spoolss: Set a better default Printer Port Name.
According to MS-RPRN it must follow this pattern:
"<266> Section 2.2.4.10: Windows uses the following patterns for port names:
PARALLEL_PORT = "LPT" DIGIT ":"
SERIAL_PORT = "COM" DIGIT ":"
FILE_PORT = "FILE:"
USB_PORT = "USB" 1#DIGIT ":"
UNC_PORT = SERVER_NAME DIRECTORY FILENAME
LOCAL_FILE_PORT = PATH
PORT_NAME = (PARALLEL_PORT | SERIAL_PORT | FILE_PORT | USB_PORT |
UNC_PORT | LOCAL_FILE_PORT)"
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 8 Nov 2016 15:50:55 +0000 (16:50 +0100)]
fixup cmd_spoolss_get_core_printer_drivers after IDL changes
Günther Deschner [Tue, 8 Nov 2016 15:50:39 +0000 (16:50 +0100)]
fixup _spoolss_GetCorePrinterDrivers after idl changes
Günther Deschner [Tue, 8 Nov 2016 10:33:02 +0000 (11:33 +0100)]
wip w2k8 behaviour in test_AsyncUploadPrinterDriverPackage
Günther Deschner [Tue, 8 Nov 2016 10:26:18 +0000 (11:26 +0100)]
wip getcoreprinterdrivers
Günther Deschner [Thu, 3 Nov 2016 16:57:37 +0000 (17:57 +0100)]
wip _winspool_AsyncDeletePrinterDriverPackage
Günther Deschner [Sat, 21 Sep 2019 18:39:25 +0000 (20:39 +0200)]
fixup _winspool_AsyncUploadPrinterDriverPackage after IDL change
Günther Deschner [Tue, 1 Nov 2016 16:37:44 +0000 (17:37 +0100)]
s3-spoolss: implement _spoolss_GetCorePrinterDrivers
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 5 Oct 2016 13:05:11 +0000 (15:05 +0200)]
install driver
Günther Deschner [Tue, 27 Sep 2016 03:35:41 +0000 (05:35 +0200)]
s3-net: add net_inf_listdrivers
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Thu, 22 Dec 2016 10:18:50 +0000 (11:18 +0100)]
### CABINET WORK END ###
Aurelien Aptel [Tue, 13 Dec 2016 17:40:37 +0000 (18:40 +0100)]
s3/utils/cabtool: add new tool to manipulate CAB files
Adds a new cabtool that lets users create and extract CAB files.
Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Günther Deschner [Fri, 28 Oct 2016 14:34:11 +0000 (16:34 +0200)]
FIXME s4-torture: add validate test for MSZIP compressed cabinet files
Günther Deschner [Fri, 16 Sep 2016 12:41:41 +0000 (14:41 +0200)]
s3-net: add "net cabinet".
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 16 Sep 2016 08:48:28 +0000 (10:48 +0200)]
s3-lib/cab: add a library for generating and extracting Windows Cabinet files.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Thu, 22 Dec 2016 10:18:33 +0000 (11:18 +0100)]
### CABINET WORK START ###
Günther Deschner [Fri, 23 Sep 2016 01:46:57 +0000 (03:46 +0200)]
fix GetCorePrinterDriver work
Günther Deschner [Mon, 12 Sep 2016 19:27:14 +0000 (21:27 +0200)]
s3-iremotewinspool: implement _winspool_AsyncDeletePrinterDriverPackage
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Mon, 12 Sep 2016 16:25:34 +0000 (18:25 +0200)]
s3-net: add tool to test inf parsing
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Mon, 12 Sep 2016 16:21:55 +0000 (18:21 +0200)]
s3-winspool: implement _winspool_AsyncInstallPrinterDriverFromPackage
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 20 Sep 2016 15:12:37 +0000 (17:12 +0200)]
lib/util: add add_string_to_array_unique
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 9 Sep 2016 14:36:36 +0000 (16:36 +0200)]
add cabinet generation code. monstrous hack....
Günther Deschner [Thu, 8 Sep 2016 19:12:07 +0000 (21:12 +0200)]
s3-spoolss: implement _spoolss_GetPrinterDriverPackagePath
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Thu, 1 Sep 2016 17:57:02 +0000 (19:57 +0200)]
HACK: pretend printer driver isolation
Günther Deschner [Fri, 2 Sep 2016 08:04:47 +0000 (10:04 +0200)]
s3-iremotewinspool: implement _winspool_AsyncCorePrinterDriverInstalled
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Mon, 12 Sep 2016 19:00:44 +0000 (21:00 +0200)]
s3-iremotewinspool: implement _winspool_AsyncUploadPrinterDriverPackage
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 13 Oct 2023 22:52:56 +0000 (00:52 +0200)]
s3-iremotewinspool: enforce auth level privacy for communication
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Sat, 27 Aug 2016 10:23:54 +0000 (12:23 +0200)]
selftest: run the rpc.iremotewinspool testsuite against s3 iremotewinspool server.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 31 Aug 2016 16:50:14 +0000 (18:50 +0200)]
s3-iremotewinspool: implement _winspool_AsyncGetRemoteNotifications (WIP)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 31 Aug 2016 16:49:09 +0000 (18:49 +0200)]
s3-iremotewinspool: implement _winspool_SyncRefreshRemoteNotifications (WIP!)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 31 Aug 2016 16:48:19 +0000 (18:48 +0200)]
s3-iremotewinspool: implement _winspool_SyncUnRegisterForRemoteNotifications
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Wed, 31 Aug 2016 16:47:52 +0000 (18:47 +0200)]
s3-iremotewinspool: implement _winspool_SyncRegisterForRemoteNotifications
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Tue, 22 Aug 2017 09:08:55 +0000 (11:08 +0200)]
s3-iremotewinspool: add winspool_is_privileged_user
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 22 Sep 2023 22:23:01 +0000 (00:23 +0200)]
rpc_spoolss: start iremotewinspool (MS-PAR) server in rpc_spoolss
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Günther Deschner [Fri, 13 Oct 2023 22:01:57 +0000 (00:01 +0200)]
s3-spoolss: move some spoolss globals to extra header
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:30 +0000 (11:35 +0100)]
smb2_server: monitor connections with TEVENT_FD_ERROR
By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.
In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224
Stefan Metzmacher [Thu, 12 Jan 2023 09:49:13 +0000 (10:49 +0100)]
s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:48:22 +0000 (10:48 +0100)]
s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:46:56 +0000 (10:46 +0100)]
s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:44:25 +0000 (10:44 +0100)]
libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:46:20 +0000 (10:46 +0100)]
s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:43:21 +0000 (10:43 +0100)]
s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false)
As a client we want recv pending responses even if the server
already closed the connection.
While tstream_bsd_fail_readv_first_error(false) is the default for
tstream_bsd, the wins replication protocol is special as it has
a way to switch server and client roles on an existing tcp connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:42:14 +0000 (10:42 +0100)]
s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:41:04 +0000 (10:41 +0100)]
s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:40:13 +0000 (10:40 +0100)]
s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:39:48 +0000 (10:39 +0100)]
s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:38:53 +0000 (10:38 +0100)]
s4:kdc: make use of tstream_bsd_fail_readv_first_error(true)
This avoids doing useless work in case the client connection
is already broken.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 09:08:56 +0000 (10:08 +0100)]
lib/tsocket: add tstream_bsd_fail_readv_first_error()
This gives the caller the option to fail immediately if
TEVENT_FD_ERROR appear even with pending bytes in the
recv queue.
Servers typically want to activate this in order to avoid
pointless work, while clients typically want to read
pending responses from the recv queue.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:17:06 +0000 (20:17 +0100)]
lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()
This makes the logic introduced to fix bug #15202 simpler.
While developing this I noticed that a lot of callers
rely on the fact that they can read the pending bytes out
of the recv queue before EOF is reported.
So I changed the code handle TEVENT_FD_ERROR together with
TEVENT_FD_READ in a way that keep the existing callers happy.
In the next step we'll add a way to let callers opt-in in order
to fail immediately if TEVENT_FD_ERROR appears (even if there
are pending bytes remaining in the recv queue).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:15:33 +0000 (20:15 +0100)]
lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 11:54:33 +0000 (12:54 +0100)]
lib/async_req: let writev_send/recv use TEVENT_FD_ERROR
Unless err_on_readability is true, we use TEVENT_FD_READ only
to detect errors. Now that we have TEVENT_FD_ERROR we should use it.
As a side effect it makes the code much simpler and clearer, as
we can directly map TEVENT_FD_ERROR to EPIPE.
In addition the err_on_readability=true case is now also
clearer, where we just map TEVENT_FD_READ to EPIPE.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Wed, 11 Jan 2023 19:04:26 +0000 (20:04 +0100)]
lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ
This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]
lib/tsocket: make use of samba_socket_sock_error()
This is nicer than calling getsockopt(state->fd, SOL_SOCKET, SO_ERROR)
directly.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:35:11 +0000 (11:35 +0100)]
lib/tsocket: make use of samba_socket_poll_or_sock_error()
This is just a copy of the existing code...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Stefan Metzmacher [Thu, 12 Jan 2023 10:14:06 +0000 (11:14 +0100)]
lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()
These are copies of the static functions in lib/tsocket/tsocket_bsd.c,
which we will replace in the next commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 20 Oct 2023 02:01:30 +0000 (15:01 +1300)]
s4:kdc: Add device to Authenticated Users for authentication policy evaluation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 24 01:59:32 UTC 2023 on atb-devel-224
Joseph Sutton [Fri, 20 Oct 2023 02:00:12 +0000 (15:00 +1300)]
s4:kdc: Add a flag indicating that the device should be added to Authenticated Users
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:43 +0000 (20:02 +1300)]
s4:kdc: Add device to default groups for authentication policy evaluation
This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.
It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.
Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:32 +0000 (20:02 +1300)]
s4:kdc: Add a flag indicating that the device should be added to the default groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 07:02:13 +0000 (20:02 +1300)]
s4:kdc: Make a copy of the device SIDs to be placed in the security token
We shall need to add extra SIDs on the end.
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 04:11:41 +0000 (17:11 +1300)]
tests/krb5: Test whether the device belongs to some default groups
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 03:23:32 +0000 (16:23 +1300)]
tests/krb5: Work around Samba’s incorrect krbtgt principal handling
These tests fail only because they are using the ‘krbtgt@REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 19 Oct 2023 03:22:28 +0000 (16:22 +1300)]
tests/krb5: Remove unnecessary target_creds variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 07:24:04 +0000 (20:24 +1300)]
s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 22:39:19 UTC 2023 on atb-devel-224
Joseph Sutton [Tue, 17 Oct 2023 07:18:28 +0000 (20:18 +1300)]
s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 07:18:12 +0000 (20:18 +1300)]
s4:kdc: Use HDB flag constants instead of SDB ones
These flags are passed to us by Heimdal, and so they are HDB flags, not
SDB flags.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 17 Oct 2023 01:24:46 +0000 (14:24 +1300)]
s4:kdc: Always regard device info when the client performs RBCD
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 22:18:50 +0000 (11:18 +1300)]
s4:dsdb: Remove reference to non‐existent code
Commit
498542be0bbf4f26558573c1f87b77b8e3509371 removed the code in
question.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:07:30 +0000 (16:07 +1300)]
tests/krb5: Delete connection variable
This avoids a ‘variable set but unused’ warning.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:06:51 +0000 (16:06 +1300)]
tests/krb5: Make ‘services’ parameter required
We use it unconditionally without a check for None.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:05:17 +0000 (16:05 +1300)]
tests/krb5: Remove unreachable exception handlers
‘IOError’ is a subclass of ‘error’, which has already been handled.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:03:45 +0000 (16:03 +1300)]
tests/krb5: Fix RC4‐only Protected Users tests
We forgot to actually use the ‘supported_enctypes’ parameter.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:02:36 +0000 (16:02 +1300)]
tests/krb5: Remove unnecessary f‐strings
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:02:00 +0000 (16:02 +1300)]
tests/krb5: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 02:59:56 +0000 (15:59 +1300)]
tests/krb5: Fix DES3CBC random_to_key()
Because ‘keybytes’ is an immutable bytes object, ‘keybytes[7] = …’ has
no hope of working.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 04:08:01 +0000 (17:08 +1300)]
tests/krb5: Make ‘keybytes’ a bytes object rather than a list
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 02:08:47 +0000 (15:08 +1300)]
tests/krb5: Don’t expect edata if no error is expected
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 01:18:47 +0000 (14:18 +1300)]
tests/krb5: Add parameter to _tgs() specifying whether FAST is to be used
View with ‘git show -b’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 01:17:59 +0000 (14:17 +1300)]
tests/krb5: Use None for the default values of parameters
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 01:15:27 +0000 (14:15 +1300)]
tests/krb5: Move assignments closer to where the variables are used
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 01:06:42 +0000 (14:06 +1300)]
tests/krb5: Remove incorrect functional level check
RBCD has no relevance to a method called _tgs().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 01:05:16 +0000 (14:05 +1300)]
tests/krb5: Update method names to be consistent with other tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 00:53:59 +0000 (13:53 +1300)]
tests/krb5: Have _modify_tgt() accept only keyword arguments
to prevent further accidents.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 00:52:55 +0000 (13:52 +1300)]
tests/krb5: Correctly pass arguments to _modify_tgt()
We were passing the new realm as the ‘renewable’ parameter!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 06:06:31 +0000 (19:06 +1300)]
tests/krb5: Add KDC_ERR_SERVER_NOMATCH error code
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 18 Oct 2023 03:51:24 +0000 (16:51 +1300)]
tests/krb5: Add ‘expect_edata’ parameter to _user2user()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 22:59:40 +0000 (11:59 +1300)]
tests/krb5: Fix comment
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 22:25:43 +0000 (11:25 +1300)]
tests/krb5: Remove marker
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 05:25:36 +0000 (18:25 +1300)]
s4:torture: Check return values of gnutls functions (CID
1547212)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 06:10:56 +0000 (19:10 +1300)]
s4:torture: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>