[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Sat Nov 12 01:35:01 UTC 2022
The branch, master has been updated
via 2ea3adfd04b gp: Test that Password and Kerberos policies fail on unknown key
via 3ad8e8d4d43 gp: Password and Kerberos policies fail on unknown key
from 09e9dd576da torture: Test the "server addresses" parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2ea3adfd04b07c6d449904b81d132ad3858f72fb
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 11 10:04:44 2022 -0700
gp: Test that Password and Kerberos policies fail on unknown key
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 12 01:34:17 UTC 2022 on sn-devel-184
commit 3ad8e8d4d43b08cf1747da048c2fcc16d45a59c5
Author: David Mulder <dmulder at samba.org>
Date: Fri Nov 11 09:41:52 2022 -0700
gp: Password and Kerberos policies fail on unknown key
If unrecognized keys are set in the GptTmpl.inf,
the extensions would fail to apply.
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/gp/gp_sec_ext.py | 4 ++++
python/samba/tests/gpo.py | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/gp/gp_sec_ext.py b/python/samba/gp/gp_sec_ext.py
index 667bc4cd48b..16cbc4c7013 100644
--- a/python/samba/gp/gp_sec_ext.py
+++ b/python/samba/gp/gp_sec_ext.py
@@ -67,6 +67,8 @@ class gp_krb_ext(gp_inf_ext):
for section in inf_conf.sections():
if section == str(self):
for key, value in inf_conf.items(section):
+ if key not in gp_krb_ext.apply_map:
+ continue
att = gp_krb_ext.apply_map[key]
value_func = self.mapper().get(att)
self.set_kdc_tdb(att, value_func(value))
@@ -153,6 +155,8 @@ class gp_access_ext(gp_inf_ext):
for section in inf_conf.sections():
if section == str(self):
for key, value in inf_conf.items(section):
+ if key not in gp_access_ext.apply_map:
+ continue
att = gp_access_ext.apply_map[key]
(update_samba, value_func) = self.mapper().get(att)
update_samba(att, value_func(value))
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index c620a1270f7..7ba193884a1 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -7336,7 +7336,8 @@ class GPOTests(tests.TestCase):
if ads.connect():
gpos = ads.get_gpo_list(machine_creds.get_username())
- stage = '[Kerberos Policy]\nMaxTicketAge = %d\n'
+ # Include MaxClockSkew to ensure we don't fail on a key we ignore
+ stage = '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
opts = [100, 200]
for i in range(0, 2):
gpttmpl = gpofile % (local_path, guids[i])
--
Samba Shared Repository
More information about the samba-cvs
mailing list