[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Dec 7 04:55:01 UTC 2021
The branch, master has been updated
via 8bd7b316bd6 kdc: Canonicalize realm for enterprise principals
via dc2222eee8f heimdal_build: Do not build samba4kinit unless building embedded Heimdal
via a0d75b1cce4 lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators
via 2701293f48a s4:torture: Remove pre-send and post-receive callbacks
from 7eb1e1cc949 s4:torture: Remove test combination with enterprise principal without canonicalize flag
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8bd7b316bd61ef35f6e0baa0b65f0ef00910112c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 7 13:15:38 2021 +1300
kdc: Canonicalize realm for enterprise principals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 7 04:54:35 UTC 2021 on sn-devel-184
commit dc2222eee8f62ace1b7a67401d502d2b3c4a1e17
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Dec 7 11:30:10 2021 +1300
heimdal_build: Do not build samba4kinit unless building embedded Heimdal
We should not attempt to build local copies of Heimdal utilities against
a system krb5 library.
Inspired by a WIP commit by Stefan Metzmacher <metze at samba.org> in his
lorikeet-heimdal import branch of patches to upgrade to a modern Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14924
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit a0d75b1cce4b97e1d6b78ba2b7adf96988d55608
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Jul 6 12:26:44 2021 +1200
lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators
This provides the defines that may be needed to use the
compiler-provided atomics, rather than a fallback.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
commit 2701293f48a9e4014f9ba1e925d458fe25865bfb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 3 11:58:53 2021 +1300
s4:torture: Remove pre-send and post-receive callbacks
The client-side testing done by these callbacks is no longer needed, and
the server-side testing is covered by Python-based tests. Removing these
leaves us with a more manageable test of the Kerberos API.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/replace/wscript | 7 +
selftest/knownfail.d/kdc-enterprise | 63 --
selftest/knownfail_heimdal_kdc | 3 -
selftest/knownfail_mit_kdc | 36 +
source4/heimdal_build/wscript_build | 31 +-
source4/kdc/db-glue.c | 24 +-
source4/torture/krb5/kdc-canon-heimdal.c | 1069 +-----------------------------
7 files changed, 71 insertions(+), 1162 deletions(-)
delete mode 100644 selftest/knownfail.d/kdc-enterprise
Changeset truncated at 500 lines:
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 53cb5d4fa76..a928b80f2f7 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -298,6 +298,13 @@ def configure(conf):
'HAVE___SYNC_FETCH_AND_ADD',
msg='Checking for __sync_fetch_and_add compiler builtin')
+ conf.CHECK_CODE('''
+ int i;
+ (void)__sync_add_and_fetch(&i, 1);
+ ''',
+ 'HAVE___SYNC_ADD_AND_FETCH',
+ msg='Checking for __sync_add_and_fetch compiler builtin')
+
conf.CHECK_CODE('''
int32_t i;
atomic_add_32(&i, 1);
diff --git a/selftest/knownfail.d/kdc-enterprise b/selftest/knownfail.d/kdc-enterprise
deleted file mode 100644
index c9b6c98a2ee..00000000000
--- a/selftest/knownfail.d/kdc-enterprise
+++ /dev/null
@@ -1,63 +0,0 @@
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\(
-samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_UserCredentials_Enterprise_UpperUserName_UPN\(
-
-
-
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_AsReqSelf\(
-^samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\(
diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc
index e9a560555da..692b9ecdd72 100644
--- a/selftest/knownfail_heimdal_kdc
+++ b/selftest/knownfail_heimdal_kdc
@@ -5,9 +5,6 @@
#
# Heimdal currently fails the following MS-KILE client principal lookup
# tests
-^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_1_3
-^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_4
-^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_5
^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_enterprise_principal_step_6_a
^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_enterprise_principal_step_6_b
^samba.tests.krb5.ms_kile_client_principal_lookup_tests.samba.tests.krb5.ms_kile_client_principal_lookup_tests.MS_Kile_Client_Principal_Lookup_Tests.test_nt_principal_step_4_a
diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc
index 912111416dd..5434a2aa160 100644
--- a/selftest/knownfail_mit_kdc
+++ b/selftest/knownfail_mit_kdc
@@ -56,17 +56,53 @@ samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Canonicalize_UpperUserName_UPN_RemoveDollar\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UPN_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperRealm_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_NetbiosRealm_UPN_RemoveDollar_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_AsReqSelf\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar\(
+samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_Enterprise_UpperUserName_UPN_RemoveDollar_AsReqSelf\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_RemoveDollar\(
samba.tests.krb5.as_canonicalization_tests.samba.tests.krb5.as_canonicalization_tests.KerberosASCanonicalizationTests.test_MachineCredentials_NetbiosRealm_UPN\(
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index 77519356575..04628e5d7ae 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -901,23 +901,24 @@ if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'):
)
bld.env['COMPILE_ET'] = os.path.join(bld.bldnode.parent.abspath(), 'compile_et')
-HEIMDAL_BINARY('samba4kinit',
- 'kuser/kinit.c',
- deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
- install=False
- )
+if bld.CONFIG_SET('USING_EMBEDDED_HEIMDAL'):
+ HEIMDAL_BINARY('samba4kinit',
+ 'kuser/kinit.c',
+ deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
+ install=False
+ )
-HEIMDAL_BINARY('samba4kgetcred',
- 'kuser/kgetcred.c',
- deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1',
- install=False
- )
+ HEIMDAL_BINARY('samba4kgetcred',
+ 'kuser/kgetcred.c',
+ deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto asn1',
+ install=False
+ )
-HEIMDAL_BINARY('samba4kpasswd',
- 'kpasswd/kpasswd.c',
- deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
- install=False
- )
+ HEIMDAL_BINARY('samba4kpasswd',
+ 'kpasswd/kpasswd.c',
+ deps='krb5 heimntlm roken HEIMDAL_VERS hcrypto',
+ install=False
+ )
# Alias subsystem to allow common kerberos code that will
# otherwise link against MIT's gssapi_krb5 and k5crypto
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index 4c56e6cbadd..22106bf8665 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -945,19 +945,17 @@ static krb5_error_code samba_kdc_message2entry(krb5_context context,
goto out;
}
- if (smb_krb5_principal_get_type(context, principal) != KRB5_NT_ENTERPRISE_PRINCIPAL) {
- /* While we have copied the client principal, tests
- * show that Win2k3 returns the 'corrected' realm, not
- * the client-specified realm. This code attempts to
- * replace the client principal's realm with the one
- * we determine from our records */
-
- /* this has to be with malloc() */
- ret = smb_krb5_principal_set_realm(context, entry_ex->entry.principal, lpcfg_realm(lp_ctx));
- if (ret) {
- krb5_clear_error_message(context);
- goto out;
- }
+ /* While we have copied the client principal, tests
+ * show that Win2k3 returns the 'corrected' realm, not
+ * the client-specified realm. This code attempts to
+ * replace the client principal's realm with the one
+ * we determine from our records */
+
+ /* this has to be with malloc() */
+ ret = smb_krb5_principal_set_realm(context, entry_ex->entry.principal, lpcfg_realm(lp_ctx));
+ if (ret) {
+ krb5_clear_error_message(context);
+ goto out;
}
}
diff --git a/source4/torture/krb5/kdc-canon-heimdal.c b/source4/torture/krb5/kdc-canon-heimdal.c
index 85c38546310..59ae750e206 100644
--- a/source4/torture/krb5/kdc-canon-heimdal.c
+++ b/source4/torture/krb5/kdc-canon-heimdal.c
@@ -71,30 +71,12 @@ struct test_data {
const char *krb5_hostname;
};
-enum test_stage {
- TEST_AS_REQ = 0,
- TEST_TGS_REQ_KRBTGT_CANON = 1,
- TEST_TGS_REQ_CANON = 2,
- TEST_SELF_TRUST_TGS_REQ = 3,
- TEST_TGS_REQ = 4,
- TEST_TGS_REQ_KRBTGT = 5,
- TEST_TGS_REQ_HOST = 6,
- TEST_TGS_REQ_HOST_SRV_INST = 7,
- TEST_TGS_REQ_HOST_SRV_HST = 8,
- TEST_DONE = 9
-};
-
struct torture_krb5_context {
struct smb_krb5_context *smb_krb5_context;
struct torture_context *tctx;
struct addrinfo *server;
struct test_data *test_data;
int packet_count;
- enum test_stage test_stage;
- AS_REQ as_req;
- AS_REP as_rep;
- TGS_REQ tgs_req;
- TGS_REP tgs_rep;
};
struct pac_data {
@@ -213,948 +195,6 @@ static bool test_accept_ticket(struct torture_context *tctx,
return true;
}
-/*
- * TEST_AS_REQ - SEND
- *
- * Confirm that the outgoing packet meets certain expectations. This
- * should be extended to further assert the correct and expected
- * behaviour of the krb5 libs, so we know what we are sending to the
- * server.
- *
- * Additionally, this CHANGES the request to remove the canonicalize
- * flag automatically added by the krb5 libs when an enterprise
- * principal is used, so we can test what the server does in this
- * combination.
- *
- */
-
-static bool torture_krb5_pre_send_as_req_test(struct torture_krb5_context *test_context,
- const krb5_data *send_buf,
- krb5_data *modified_send_buf)
-{
- size_t used;
- torture_assert_int_equal(test_context->tctx, decode_AS_REQ(send_buf->data, send_buf->length,
- &test_context->as_req, &used),
- 0, "decode_AS_REQ for TEST_AS_REQ failed");
- torture_assert_int_equal(test_context->tctx, used, send_buf->length, "length mismatch");
- torture_assert_int_equal(test_context->tctx, test_context->as_req.pvno,
- 5, "Got wrong as_req->pvno");
- if (test_context->test_data->canonicalize
- || test_context->test_data->enterprise) {
- torture_assert(test_context->tctx,
- test_context->as_req.req_body.kdc_options.canonicalize,
- "krb5 libs did not set canonicalize!");
- } else {
- torture_assert_int_equal(test_context->tctx,
- test_context->as_req.req_body.kdc_options.canonicalize,
- false,
- "krb5 libs unexpectedly set canonicalize!");
- }
-
- if (test_context->test_data->as_req_spn) {
- if (test_context->test_data->upn) {
- torture_assert_int_equal(test_context->tctx,
- test_context->as_req.req_body.cname->name_type,
- KRB5_NT_PRINCIPAL,
- "krb5 libs unexpectedly "
- "did not set principal "
- "as NT_PRINCIPAL!");
- } else {
- torture_assert_int_equal(test_context->tctx,
- test_context->as_req.req_body.cname->name_type,
- KRB5_NT_SRV_HST,
- "krb5 libs unexpectedly "
- "did not set principal "
- "as NT_SRV_HST!");
- }
- } else if (test_context->test_data->enterprise) {
- torture_assert_int_equal(test_context->tctx,
- test_context->as_req.req_body.cname->name_type,
- KRB5_NT_ENTERPRISE_PRINCIPAL,
- "krb5 libs did not pass principal as enterprise!");
- } else {
- torture_assert_int_equal(test_context->tctx,
- test_context->as_req.req_body.cname->name_type,
- KRB5_NT_PRINCIPAL,
- "krb5 libs unexpectedly set principal as enterprise!");
- }
-
- *modified_send_buf = *send_buf;
-
- return true;
-}
-
-/*
- * TEST_AS_REQ - RECV
- *
- * Confirm that the reply packet from the KDC meets certain
- * expectations as part of TEST_AS_REQ. This uses a packet count to
- * work out what packet we are up to in the multiple exchanged
- * triggerd by krb5_get_init_creds_password().
- *
- */
-
-static bool torture_krb5_post_recv_as_req_test(struct torture_krb5_context *test_context,
- const krb5_data *recv_buf)
-{
- KRB_ERROR error;
- size_t used;
- if (test_context->packet_count == 0) {
- krb5_error_code k5ret;
- /*
- * The client libs obtain the salt by attempting to
- * authenticate without pre-authentication and getting
- * the correct salt with the
- * KRB5KDC_ERR_PREAUTH_REQUIRED error. If we are in
- * the test (netbios_realm && upn) that deliberatly
- * has an incorrect principal, we check we get the
- * correct error.
- */
- k5ret = decode_KRB_ERROR(recv_buf->data, recv_buf->length,
- &error, &used);
- if (k5ret != 0) {
- AS_REP as_rep;
- k5ret = decode_AS_REP(recv_buf->data, recv_buf->length,
- &as_rep, &used);
- if (k5ret == 0) {
- if (test_context->test_data->netbios_realm && test_context->test_data->upn) {
- torture_assert(test_context->tctx, false,
- "expected to get a KRB_ERROR packet with "
- "KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, got valid AS-REP");
- } else {
- torture_assert(test_context->tctx, false,
- "expected to get a KRB_ERROR packet with "
- "KRB5KDC_ERR_PREAUTH_REQUIRED, got valid AS-REP");
- }
- } else {
- if (test_context->test_data->netbios_realm && test_context->test_data->upn) {
- torture_assert(test_context->tctx, false,
- "unable to decode as KRB-ERROR or AS-REP, "
- "expected to get a KRB_ERROR packet with KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN");
- } else {
- torture_assert(test_context->tctx, false,
- "unable to decode as KRB-ERROR or AS-REP, "
- "expected to get a KRB_ERROR packet with KRB5KDC_ERR_PREAUTH_REQUIRED");
- }
- }
- }
- torture_assert_int_equal(test_context->tctx, used, recv_buf->length,
- "length mismatch");
- torture_assert_int_equal(test_context->tctx, error.pvno, 5,
- "Got wrong error.pvno");
- if (test_context->test_data->netbios_realm && test_context->test_data->upn) {
- torture_assert_int_equal(test_context->tctx,
- error.error_code,
- KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN - KRB5KDC_ERR_NONE,
- "Got wrong error.error_code");
- } else if (test_context->test_data->as_req_spn && !test_context->test_data->spn_is_upn) {
- torture_assert_int_equal(test_context->tctx,
- error.error_code,
- KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN - KRB5KDC_ERR_NONE,
- "Got wrong error.error_code");
- } else {
- torture_assert_int_equal(test_context->tctx,
- error.error_code,
- KRB5KDC_ERR_PREAUTH_REQUIRED - KRB5KDC_ERR_NONE,
- "Got wrong error.error_code");
- }
-
- free_KRB_ERROR(&error);
- } else if ((decode_KRB_ERROR(recv_buf->data, recv_buf->length, &error, &used) == 0)
- && (test_context->packet_count == 1)) {
- /*
- * The Windows 2012R2 KDC will always respond with
- * KRB5KRB_ERR_RESPONSE_TOO_BIG over UDP as the ticket
- * won't fit, because of the PAC. (It appears to do
- * this always, even if it will). This triggers the
- * client to try again over TCP.
- */
- torture_assert_int_equal(test_context->tctx,
- used, recv_buf->length,
- "length mismatch");
- torture_assert_int_equal(test_context->tctx,
- error.pvno, 5,
- "Got wrong error.pvno");
- torture_assert_int_equal(test_context->tctx,
- error.error_code,
- KRB5KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE,
- "Got wrong error.error_code");
- free_KRB_ERROR(&error);
- } else {
- /*
- * Finally the successful packet.
- */
- torture_assert_int_equal(test_context->tctx,
- decode_AS_REP(recv_buf->data, recv_buf->length,
- &test_context->as_rep, &used), 0,
- "decode_AS_REP failed");
- torture_assert_int_equal(test_context->tctx, used, recv_buf->length,
- "length mismatch");
- torture_assert_int_equal(test_context->tctx,
- test_context->as_rep.pvno, 5,
- "Got wrong as_rep->pvno");
- torture_assert_int_equal(test_context->tctx,
- test_context->as_rep.ticket.tkt_vno, 5,
- "Got wrong as_rep->ticket.tkt_vno");
- torture_assert(test_context->tctx,
- test_context->as_rep.ticket.enc_part.kvno,
- "Did not get a KVNO in test_context->as_rep.ticket.enc_part.kvno");
-
- /*
- * We can confirm that the correct proxy behaviour is
- * in use on the KDC by checking the KVNO of the
- * krbtgt account returned in the reply.
- *
- * A packet passed to the full RW DC will not have a
- * KVNO in the upper bits, while a packet processed
- * locally on the RODC will have these bits filled in
- * the msDS-SecondaryKrbTgtNumber
- */
- if (torture_setting_bool(test_context->tctx, "expect_cached_at_rodc", false)) {
- torture_assert_int_not_equal(test_context->tctx,
- *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
- 0, "Did not get a RODC number in the KVNO");
- } else {
- torture_assert_int_equal(test_context->tctx,
- *test_context->as_rep.ticket.enc_part.kvno & 0xFFFF0000,
- 0, "Unexpecedly got a RODC number in the KVNO");
- }
- free_AS_REP(&test_context->as_rep);
- }
- torture_assert(test_context->tctx, test_context->packet_count < 3, "too many packets");
- free_AS_REQ(&test_context->as_req);
- return true;
-}
-
-/*
- * TEST_TGS_REQ_KRBTGT_CANON
- *
- *
- * Confirm that the outgoing TGS-REQ packet from krb5_get_creds()
- * for the krbtgt/realm principal meets certain expectations, like
- * that the canonicalize bit is not set
- *
- */
-
--
Samba Shared Repository
More information about the samba-cvs
mailing list