[SCM] Samba Shared Repository - branch v4-12-test updated
Karolin Seeger
kseeger at samba.org
Thu Aug 6 11:01:02 UTC 2020
The branch, v4-12-test has been updated
via 4f6356a5bf8 kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
via 9055634ddff Add a test with old msDS-SupportedEncryptionTypes
from b0d00ee45c1 s3:smbd: make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWD
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test
- Log -----------------------------------------------------------------
commit 4f6356a5bf8e966506f8fa98754bd89c45113c25
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Apr 23 11:56:54 2020 +0200
kdc:db-glue: ignore KRB5_PROG_ETYPE_NOSUPP also for Primary:Kerberos
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Isaac Boukris <iboukris at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
(cherry picked from commit 4baa7cc8e473f6b63316b4ae5db34796c0f864c3)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-12-test): Thu Aug 6 11:00:25 UTC 2020 on sn-devel-184
commit 9055634ddff26cde878982fdb18a3604a9180fd6
Author: Isaac Boukris <iboukris at gmail.com>
Date: Mon Apr 27 14:00:38 2020 +0200
Add a test with old msDS-SupportedEncryptionTypes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Isaac Boukris <iboukris at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 07399831794e28c7c2cf0140d0f1d1b5538b5f60)
-----------------------------------------------------------------------
Summary of changes:
source4/kdc/db-glue.c | 18 ++++++---
source4/selftest/tests.py | 2 +
testprogs/blackbox/test_old_enctypes.sh | 68 +++++++++++++++++++++++++++++++++
3 files changed, 82 insertions(+), 6 deletions(-)
create mode 100755 testprogs/blackbox/test_old_enctypes.sh
Changeset truncated at 500 lines:
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 023ae7b580d..d2a79920ab5 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -631,18 +631,18 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
pkb4->keys[i].value->data,
pkb4->keys[i].value->length,
&key.key);
- if (ret == KRB5_PROG_ETYPE_NOSUPP) {
- DEBUG(2,("Unsupported keytype ignored - type %u\n",
- pkb4->keys[i].keytype));
- ret = 0;
- continue;
- }
if (ret) {
if (key.salt) {
smb_krb5_free_data_contents(context, &key.salt->salt);
free(key.salt);
key.salt = NULL;
}
+ if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+ DEBUG(2,("Unsupported keytype ignored - type %u\n",
+ pkb4->keys[i].keytype));
+ ret = 0;
+ continue;
+ }
goto out;
}
@@ -693,6 +693,12 @@ static krb5_error_code samba_kdc_message2entry_keys(krb5_context context,
free(key.salt);
key.salt = NULL;
}
+ if (ret == KRB5_PROG_ETYPE_NOSUPP) {
+ DEBUG(2,("Unsupported keytype ignored - type %u\n",
+ pkb3->keys[i].keytype));
+ ret = 0;
+ continue;
+ }
goto out;
}
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 1d965c751a4..f88f064b713 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -464,6 +464,8 @@ plantestsuite("samba4.blackbox.net_rpc_user(ad_dc)", "ad_dc", [os.path.join(bbdi
plantestsuite("samba4.blackbox.test_primary_group", "ad_dc:local", [os.path.join(bbdir, "test_primary_group.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$DOMAIN', '$PREFIX_ABS'])
+plantestsuite("samba4.blackbox.test_old_enctypes", "fl2003dc:local", [os.path.join(bbdir, "test_old_enctypes.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$NETBIOSNAME', '$PREFIX_ABS'])
+
if have_heimdal_support:
for env in ["ad_dc_ntvfs", "ad_dc"]:
plantestsuite("samba4.blackbox.pkinit", "%s:local" % env, [os.path.join(bbdir, "test_pkinit_heimdal.sh"), '$SERVER', 'pkinit', '$PASSWORD', '$REALM', '$DOMAIN', '$PREFIX/%s' % env, "aes256-cts-hmac-sha1-96", smbclient4, configuration])
diff --git a/testprogs/blackbox/test_old_enctypes.sh b/testprogs/blackbox/test_old_enctypes.sh
new file mode 100755
index 00000000000..794a265940e
--- /dev/null
+++ b/testprogs/blackbox/test_old_enctypes.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+if [ $# -lt 5 ]; then
+cat <<EOF
+Usage: test_primary_group.sh SERVER USERNAME PASSWORD NETBIOSNAME PREFIX_ABS
+EOF
+exit 1;
+fi
+
+SERVER=$1
+USERNAME=$2
+PASSWORD=$3
+NETBIOSNAME=$4
+PREFIX_ABS=$5
+shift 5
+failed=0
+
+samba4bindir="$BINDIR"
+samba4srcdir="$SRCDIR/source4"
+
+samba_tool="$samba4bindir/samba-tool"
+
+ldbmodify="ldbmodify"
+if [ -x "$samba4bindir/ldbmodify" ]; then
+ ldbmodify="$samba4bindir/ldbmodify"
+fi
+
+ldbsearch="ldbsearch"
+if [ -x "$samba4bindir/ldbsearch" ]; then
+ ldbsearch="$samba4bindir/ldbsearch"
+fi
+
+. `dirname $0`/subunit.sh
+. `dirname $0`/common_test_fns.inc
+
+out="${PREFIX_ABS}/tmpldbsearch.out"
+$ldbsearch -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 sAMAccountName="$NETBIOSNAME\$" dn msDS-SupportedEncryptionTypes > $out
+testit_grep "find my dn" msDS-SupportedEncryptionTypes cat $out || failed=`expr $failed + 1`
+
+my_dn=$(cat $out | sed -n 's/^dn: //p')
+my_encs=$(cat $out | sed -n 's/^msDS-SupportedEncryptionTypes: //p')
+my_test_encs=`expr $my_encs + 3`
+
+ldif="${PREFIX_ABS}/tmpldbmodify.ldif"
+
+cat > $ldif <<EOF
+dn: $my_dn
+changetype: modify
+replace: msDS-SupportedEncryptionTypes
+msDS-SupportedEncryptionTypes: $my_test_encs
+EOF
+
+testit "Change msDS-SupportedEncryptionTypes to $my_test_encs" $VALGRIND $ldbmodify -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 < $ldif || failed=`expr $failed + 1`
+kt=${PREFIX_ABS}/tmp_host_out_keytab
+testit "Export keytab while old enctypes are supported" $samba_tool domain exportkeytab --principal=$NETBIOSNAME\$ $kt
+
+cat > $ldif <<EOF
+dn: $my_dn
+changetype: modify
+replace: msDS-SupportedEncryptionTypes
+msDS-SupportedEncryptionTypes: $my_encs
+EOF
+
+testit "Change msDS-SupportedEncryptionTypes back to $my_encs" $VALGRIND $ldbmodify -H ldap://$SERVER -U$USERNAME%$PASSWORD -d0 < $ldif || failed=`expr $failed + 1`
+
+rm -rf $kt $out $ldif
+
+exit $failed
--
Samba Shared Repository
More information about the samba-cvs
mailing list