[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Mon Nov 20 22:52:02 UTC 2023
The branch, master has been updated
via 028c90547e3 python:tests: Add ndrdump test for GMSA Managed Password blobs
via c0e6fe0bff2 tests/ndr: Add tests for GMSA Managed Password blobs
via 21a3f60cfc7 python:tests: Move NDR tests to their own directory
via 19b4fb8b5ac librpc: Add NDR test for GMSA Managed Password blobs
via 35611f2ba0f gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB
via f94b981e864 pidl: Add new ‘u16string’ type
via 436814572d4 pidl: Add a helper function to determine whether a type is a string type
via d1e5a6176c1 s4:librpc: Produce more helpful error message when bytes length is odd
via 4629fc7c610 util/charset: Have talloc_utf16_str[n]dup() accept NULL pointers
via 30dd348823c librpc:ndr: Don’t try to log always‐NULL string
from 34d80fc96fe gitlab-ci: Update Fedora to version 39
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 028c90547e3c7ea6b49de6797579038f6d2f16bd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 20 16:05:13 2023 +1300
python:tests: Add ndrdump test for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Nov 20 22:51:17 UTC 2023 on atb-devel-224
commit c0e6fe0bff2bb692b5405fc6efeb1e362af821fe
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 13 17:08:58 2023 +1300
tests/ndr: Add tests for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 21a3f60cfc783d07994b29696c7a75e2372dd114
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 20 15:46:16 2023 +1300
python:tests: Move NDR tests to their own directory
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 19b4fb8b5ac5aa0a998b7f530a748065cf489b4a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 16 10:54:42 2023 +1300
librpc: Add NDR test for GMSA Managed Password blobs
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 35611f2ba0feb79f78dbb7995a1018b39e2ad005
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Nov 17 14:59:20 2023 +1300
gmsa.idl: Add definition for MANAGEDPASSWORD_BLOB
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f94b981e8641a6b18f72a50b6596e9275bb034e4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 20 10:07:22 2023 +1300
pidl: Add new ‘u16string’ type
This type represents a UTF‐16–encoded string. These strings are kept
UTF‐16–encoded rather than converted to the Unix charset to be stored in
memory; this avoids issues regarding NULL termination and conversion
between character sets. We want to be able to handle strings that are
not valid UTF‐16.
Not bumping the NDR ABI version, because there hasn’t been an NDR
release since commit c4f281e9ae36c225b6003e0fa1cb8fb2e67bf543.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 436814572d435f6de4f3b390f07d0124fc4a7105
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 20 10:03:59 2023 +1300
pidl: Add a helper function to determine whether a type is a string type
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d1e5a6176c1191e46a22319d356fa93b0fee76f3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Nov 17 12:56:17 2023 +1300
s4:librpc: Produce more helpful error message when bytes length is odd
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4629fc7c610a255fda33ae4dce0fd225b01e5c88
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Nov 17 12:52:29 2023 +1300
util/charset: Have talloc_utf16_str[n]dup() accept NULL pointers
This is in line with ‘talloc_str[n]dup()’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 30dd348823c03adcf0e1bbf7adaa5ea1c30ca7a5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Nov 17 10:45:29 2023 +1300
librpc:ndr: Don’t try to log always‐NULL string
Commit c51795c747198f9e002505ffa39ad710beff0358 reorganized
ndr_pull_string() so that when we reach this DEBUG(), we don’t yet have
a string to log — ‘as’ will always be NULL. Attempting to log a NULL
string invokes undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/util/charset/util_unistr.c | 6 +
librpc/ABI/ndr-4.0.0.sigs | 3 +
librpc/idl/gmsa.idl | 44 ++++++
librpc/idl/idl_types.h | 5 +
librpc/idl/wscript_build | 1 +
librpc/ndr/libndr.h | 1 +
librpc/ndr/ndr_string.c | 134 ++++++++++++++++-
librpc/tests/test_ndr_gmsa.c | 159 +++++++++++++++++++++
librpc/wscript_build | 17 ++-
pidl/lib/Parse/Pidl/NDR.pm | 3 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm | 4 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 8 +-
pidl/lib/Parse/Pidl/Samba4/Python.pm | 31 ++++
pidl/lib/Parse/Pidl/Typelist.pm | 14 +-
pidl/tests/typelist.pl | 3 +-
python/samba/tests/blackbox/ndrdump.py | 24 ++++
python/samba/tests/ndr/gmsa.py | 99 +++++++++++++
python/samba/tests/{ndr.py => ndr/wbint.py} | 0
python/samba/tests/usage.py | 2 +
selftest/tests.py | 3 +-
source4/librpc/rpc/pyrpc_util.c | 4 +
source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt | 28 ++++
source4/librpc/wscript_build | 7 +
source4/selftest/tests.py | 2 +
24 files changed, 589 insertions(+), 13 deletions(-)
create mode 100644 librpc/idl/gmsa.idl
create mode 100644 librpc/tests/test_ndr_gmsa.c
create mode 100755 python/samba/tests/ndr/gmsa.py
rename python/samba/tests/{ndr.py => ndr/wbint.py} (100%)
create mode 100644 source4/librpc/tests/gmsa_MANAGEDPASSWORD_BLOB.txt
Changeset truncated at 500 lines:
diff --git a/lib/util/charset/util_unistr.c b/lib/util/charset/util_unistr.c
index 54b7b939b1b..fa1a100e596 100644
--- a/lib/util/charset/util_unistr.c
+++ b/lib/util/charset/util_unistr.c
@@ -280,11 +280,17 @@ uint16_t *talloc_utf16_strlendup(TALLOC_CTX *mem_ctx, const char *str, size_t le
uint16_t *talloc_utf16_strdup(TALLOC_CTX *mem_ctx, const char *str)
{
+ if (str == NULL) {
+ return NULL;
+ }
return talloc_utf16_strlendup(mem_ctx, str, utf16_len(str));
}
uint16_t *talloc_utf16_strndup(TALLOC_CTX *mem_ctx, const char *str, size_t n)
{
+ if (str == NULL) {
+ return NULL;
+ }
return talloc_utf16_strlendup(mem_ctx, str, utf16_len_n(str, n));
}
diff --git a/librpc/ABI/ndr-4.0.0.sigs b/librpc/ABI/ndr-4.0.0.sigs
index f88ca733aa7..66a1b64cf60 100644
--- a/librpc/ABI/ndr-4.0.0.sigs
+++ b/librpc/ABI/ndr-4.0.0.sigs
@@ -81,6 +81,7 @@ ndr_print_svcctl_ServerType: void (struct ndr_print *, const char *, uint32_t)
ndr_print_time_t: void (struct ndr_print *, const char *, time_t)
ndr_print_timespec: void (struct ndr_print *, const char *, const struct timespec *)
ndr_print_timeval: void (struct ndr_print *, const char *, const struct timeval *)
+ndr_print_u16string: void (struct ndr_print *, const char *, const uint16_t *)
ndr_print_udlong: void (struct ndr_print *, const char *, uint64_t)
ndr_print_udlongr: void (struct ndr_print *, const char *, uint64_t)
ndr_print_uid_t: void (struct ndr_print *, const char *, uid_t)
@@ -157,6 +158,7 @@ ndr_pull_time_t: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, time_t *)
ndr_pull_timespec: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, struct timespec *)
ndr_pull_timeval: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, struct timeval *)
ndr_pull_trailer_align: enum ndr_err_code (struct ndr_pull *, size_t)
+ndr_pull_u16string: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, const uint16_t **)
ndr_pull_udlong: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, uint64_t *)
ndr_pull_udlongr: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, uint64_t *)
ndr_pull_uid_t: enum ndr_err_code (struct ndr_pull *, ndr_flags_type, uid_t *)
@@ -232,6 +234,7 @@ ndr_push_time_t: enum ndr_err_code (struct ndr_push *, ndr_flags_type, time_t)
ndr_push_timespec: enum ndr_err_code (struct ndr_push *, ndr_flags_type, const struct timespec *)
ndr_push_timeval: enum ndr_err_code (struct ndr_push *, ndr_flags_type, const struct timeval *)
ndr_push_trailer_align: enum ndr_err_code (struct ndr_push *, size_t)
+ndr_push_u16string: enum ndr_err_code (struct ndr_push *, ndr_flags_type, const uint16_t *)
ndr_push_udlong: enum ndr_err_code (struct ndr_push *, ndr_flags_type, uint64_t)
ndr_push_udlongr: enum ndr_err_code (struct ndr_push *, ndr_flags_type, uint64_t)
ndr_push_uid_t: enum ndr_err_code (struct ndr_push *, ndr_flags_type, uid_t)
diff --git a/librpc/idl/gmsa.idl b/librpc/idl/gmsa.idl
new file mode 100644
index 00000000000..bad9030ce17
--- /dev/null
+++ b/librpc/idl/gmsa.idl
@@ -0,0 +1,44 @@
+/*
+ * Type definitions for Group Managed Service Accounts
+ *
+ * Derived from [MS-ADTS] 2.2.19 MSDS-MANAGEDPASSWORD_BLOB.
+ */
+
+#include "idl_types.h"
+
+[
+ uuid("e43b8cf6-1ead-11ee-aed1-e3597136ce70"),
+ version(0.0),
+ pointer_default(unique),
+ helpstring("Active Directory Group Managed Service Accounts")
+]
+interface gmsa
+{
+ /* Public structures. */
+
+ typedef [gensize] struct {
+ [relative_short] secret_u16string *current;
+ [relative_short] secret_u16string *previous;
+ /*
+ * MS-ADTS states that these fields must be placed on a 64‐bit
+ * boundary, but samples obtained from Windows are found not to
+ * be so. In practice, they’re offset by two bytes. That’s why
+ * we need NOALIGN.
+ */
+ [relative_short, flag(NDR_NOALIGN)] hyper *query_interval;
+ [relative_short, flag(NDR_NOALIGN)] hyper *unchanged_interval;
+ } MANAGEDPASSWORD_BLOB_PASSWORDS;
+
+ typedef [public] struct {
+ [value(1)] uint16 version;
+ [value(0)] uint16 reserved;
+ /*
+ * The size of the entire blob. 8 bytes account for the
+ * ‘version’ field, the ‘reserved’ field, and the ‘length’ field
+ * itself.
+ */
+ [value(8 + ndr_size_MANAGEDPASSWORD_BLOB_PASSWORDS(&passwords,
+ ndr->flags))] uint32 length;
+ MANAGEDPASSWORD_BLOB_PASSWORDS passwords;
+ } MANAGEDPASSWORD_BLOB;
+}
diff --git a/librpc/idl/idl_types.h b/librpc/idl/idl_types.h
index a21893f6562..4f0e69b8d40 100644
--- a/librpc/idl/idl_types.h
+++ b/librpc/idl/idl_types.h
@@ -31,6 +31,11 @@
*/
#define raw8string [flag(STR_RAW8|STR_NULLTERM)] string
+/*
+ a secret null terminated UTF‐16 string (null terminated word sequence)
+*/
+#define secret_u16string [flag(NDR_SECRET|STR_NULLTERM)] u16string
+
/*
a null terminated UCS2 string
*/
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 49b79a74f69..1f4d54c87de 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -131,6 +131,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
dns.idl
dnsp.idl
drsblobs.idl
+ gmsa.idl
idmap.idl
krb5pac.idl
krb5ccache.idl
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 0ccc0d2c33d..adcbdf18c0c 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -806,6 +806,7 @@ NDR_SCALAR_PROTO(DATA_BLOB, DATA_BLOB)
NDR_SCALAR_PROTO(ipv4address, const char *)
NDR_SCALAR_PROTO(ipv6address, const char *)
NDR_SCALAR_PROTO(string, const char *)
+NDR_SCALAR_PROTO(u16string, const uint16_t *)
NDR_SCALAR_PROTO(double, double)
enum ndr_err_code ndr_pull_policy_handle(struct ndr_pull *ndr, ndr_flags_type ndr_flags, struct policy_handle *r);
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index 80054fa9be6..0d18354a5de 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -96,7 +96,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_string(struct ndr_pull *ndr, ndr_flags_type
"Bad string lengths len1=%"PRIu32" ofs=%"PRIu32" len2=%"PRIu32"\n",
len1, ofs, len2);
} else if (len1 != len2) {
- DEBUG(6,("len1[%"PRIu32"] != len2[%"PRIu32"] '%s'\n", len1, len2, as));
+ DEBUG(6,("len1[%"PRIu32"] != len2[%"PRIu32"]\n", len1, len2));
}
conv_src_len = len2 + c_len_term;
break;
@@ -476,6 +476,138 @@ _PUBLIC_ uint32_t ndr_size_string(int ret, const char * const* string, ndr_flags
return ret+strlen(*string)+1;
}
+/**
+ pull a UTF‐16 string from the wire
+*/
+_PUBLIC_ enum ndr_err_code ndr_pull_u16string(struct ndr_pull *ndr,
+ ndr_flags_type ndr_flags,
+ const uint16_t **s)
+{
+ uint16_t *as = NULL;
+ const char *const src_str = (char *)ndr->data + ndr->offset;
+ size_t src_len = 0;
+
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (ndr->flags & LIBNDR_ENCODING_FLAGS) {
+ return ndr_pull_error(
+ ndr,
+ NDR_ERR_STRING,
+ "Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
+ "passed to ndr_pull_u16string()\n",
+ ndr->flags & LIBNDR_STRING_FLAGS);
+ }
+
+ switch (ndr->flags & LIBNDR_STRING_FLAGS) {
+ case LIBNDR_FLAG_STR_NULLTERM:
+ /*
+ * We ensure that src_len cannot equal 0 by
+ * requiring that there be enough bytes for at least
+ * the NULL terminator
+ */
+ NDR_PULL_NEED_BYTES(ndr, 2);
+ src_len = utf16_null_terminated_len_n(src_str,
+ ndr->data_size -
+ ndr->offset);
+ break;
+
+ default:
+ return ndr_pull_error(
+ ndr,
+ NDR_ERR_STRING,
+ "Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
+ "passed to ndr_pull_u16string()\n",
+ ndr->flags & LIBNDR_STRING_FLAGS);
+ }
+
+ NDR_PULL_NEED_BYTES(ndr, src_len);
+ as = talloc_utf16_strlendup(ndr->current_mem_ctx,
+ src_str,
+ src_len);
+ if (as == NULL) {
+ return ndr_pull_error(ndr,
+ NDR_ERR_ALLOC,
+ "Failed to talloc_utf16_strlendup() in "
+ "ndr_pull_u16string()");
+ }
+
+ NDR_CHECK(ndr_pull_advance(ndr, src_len));
+ *s = as;
+
+ return NDR_ERR_SUCCESS;
+}
+
+/**
+ push a UTF‐16 string onto the wire
+*/
+_PUBLIC_ enum ndr_err_code ndr_push_u16string(struct ndr_push *ndr,
+ ndr_flags_type ndr_flags,
+ const uint16_t *s)
+{
+ size_t s_len;
+
+ if (!(ndr_flags & NDR_SCALARS)) {
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (s == NULL) {
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_INVALID_POINTER,
+ "NULL pointer passed to ndr_push_u16string()");
+ }
+
+ s_len = utf16_null_terminated_len(s);
+ if (s_len > UINT32_MAX) {
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_LENGTH,
+ "length overflow in ndr_push_u16string()");
+ }
+
+ if (ndr->flags & LIBNDR_ENCODING_FLAGS) {
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_STRING,
+ "Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
+ "passed to ndr_push_u16string()\n",
+ ndr->flags & LIBNDR_STRING_FLAGS);
+ }
+
+ switch (ndr->flags & LIBNDR_STRING_FLAGS) {
+ case LIBNDR_FLAG_STR_NULLTERM:
+ NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)s, s_len));
+ break;
+
+ default:
+ if (ndr->flags & LIBNDR_FLAG_REMAINING) {
+ NDR_CHECK(ndr_push_bytes(ndr, (const uint8_t *)s, s_len));
+ break;
+ }
+
+ return ndr_push_error(
+ ndr,
+ NDR_ERR_STRING,
+ "Unsupported string flags 0x%" PRI_LIBNDR_FLAGS
+ "passed to ndr_push_u16string()\n",
+ ndr->flags & LIBNDR_STRING_FLAGS);
+ }
+
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_u16string(struct ndr_print *ndr,
+ const char *name,
+ const uint16_t *s)
+{
+ return ndr_print_array_uint8(ndr,
+ name,
+ (const uint8_t *)s,
+ utf16_len(s));
+}
+
static uint32_t guess_string_array_size(struct ndr_pull *ndr, ndr_flags_type ndr_flags)
{
/*
diff --git a/librpc/tests/test_ndr_gmsa.c b/librpc/tests/test_ndr_gmsa.c
new file mode 100644
index 00000000000..9834ce7249a
--- /dev/null
+++ b/librpc/tests/test_ndr_gmsa.c
@@ -0,0 +1,159 @@
+/*
+ * Unit tests for GMSA NDR structures.
+ *
+ * Copyright (C) Catalyst.NET Ltd 2023
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <stdint.h>
+#include "cmocka.h"
+
+#include "lib/replace/replace.h"
+
+#include "lib/util/attr.h"
+#include "librpc/gen_ndr/ndr_gmsa.h"
+#include "librpc/gen_ndr/gmsa.h"
+
+static void assert_utf16_equal(const uint16_t *s1, const uint16_t *s2)
+{
+ uint16_t c1;
+ uint16_t c2;
+
+ assert_non_null(s1);
+ assert_non_null(s2);
+
+ do {
+ c1 = *s1++;
+ c2 = *s2++;
+ assert_int_equal(c1, c2);
+ } while (c1);
+}
+
+static void test_managed_password_blob(void **state)
+{
+ TALLOC_CTX *mem_ctx = NULL;
+
+ enum ndr_err_code err;
+ struct MANAGEDPASSWORD_BLOB managed_password = {};
+
+ /* A sample blob produced by Windows. */
+ uint8_t data[] = {
+ 1, 0, 0, 0, 34, 1, 0, 0, 16, 0, 0, 0, 18,
+ 1, 26, 1, 141, 65, 237, 151, 152, 15, 173, 200, 51, 62,
+ 252, 30, 45, 180, 254, 9, 148, 134, 82, 118, 93, 131, 207,
+ 203, 229, 43, 238, 154, 85, 94, 21, 146, 124, 43, 133, 75,
+ 168, 15, 221, 241, 54, 38, 127, 134, 4, 232, 180, 54, 112,
+ 224, 35, 18, 178, 140, 241, 53, 177, 75, 47, 178, 148, 17,
+ 178, 163, 78, 51, 82, 15, 197, 117, 2, 57, 115, 243, 251,
+ 146, 75, 249, 21, 55, 226, 125, 85, 112, 156, 85, 42, 39,
+ 131, 17, 41, 198, 233, 163, 44, 171, 134, 145, 93, 134, 90,
+ 95, 244, 70, 252, 137, 76, 200, 15, 20, 5, 86, 125, 235,
+ 2, 3, 161, 249, 4, 26, 245, 205, 138, 17, 249, 33, 139,
+ 150, 129, 142, 35, 23, 123, 190, 217, 88, 83, 128, 187, 24,
+ 3, 69, 250, 56, 137, 86, 158, 197, 158, 122, 138, 101, 20,
+ 252, 105, 105, 118, 28, 235, 24, 220, 251, 58, 44, 52, 231,
+ 66, 74, 250, 215, 207, 96, 217, 57, 153, 25, 11, 5, 10,
+ 81, 198, 198, 242, 245, 83, 91, 122, 175, 74, 30, 254, 26,
+ 218, 113, 193, 249, 189, 95, 125, 151, 249, 235, 132, 66, 69,
+ 170, 235, 143, 107, 155, 26, 34, 160, 27, 166, 79, 32, 104,
+ 246, 100, 58, 76, 146, 102, 241, 105, 8, 151, 163, 20, 26,
+ 232, 33, 138, 159, 184, 129, 187, 30, 123, 181, 17, 149, 84,
+ 183, 248, 210, 254, 46, 98, 225, 12, 49, 196, 192, 149, 0,
+ 0, 169, 191, 68, 132, 110, 23, 0, 0, 169, 97, 116, 209,
+ 109, 23, 0, 0,
+ };
+
+ const DATA_BLOB blob = {data, sizeof data};
+
+ /* The UTF‐16 password contained in the blob. */
+ const uint16_t current_password[] = {
+ 16781, 38893, 3992, 51373, 15923, 7932, 46125, 2558, 34452,
+ 30290, 33629, 52175, 11237, 39662, 24149, 37397, 11132, 19333,
+ 4008, 61917, 9782, 34431, 59396, 14004, 57456, 4643, 36018,
+ 13809, 19377, 45615, 4500, 41906, 13134, 3922, 30149, 14594,
+ 62323, 37627, 63819, 14101, 32226, 28757, 21916, 10026, 4483,
+ 50729, 41961, 43820, 37254, 34397, 24410, 18164, 35324, 51276,
+ 5135, 22021, 60285, 770, 63905, 6660, 52725, 4490, 8697,
+ 38539, 36481, 5923, 48763, 22745, 32851, 6331, 17667, 14586,
+ 22153, 50590, 31390, 25994, 64532, 26985, 7286, 6379, 64476,
+ 11322, 59188, 19010, 55290, 24783, 14809, 6553, 1291, 20746,
+ 50886, 62962, 23379, 44922, 7754, 6910, 29146, 63937, 24509,
+ 38781, 60409, 17028, 43589, 36843, 39787, 8730, 7072, 20390,
+ 26656, 25846, 19514, 26258, 27121, 38664, 5283, 59418, 35361,
+ 47263, 48001, 31518, 4533, 21653, 63671, 65234, 25134, 3297,
+ 50225, 38336, 0,
+ };
+
+ DATA_BLOB packed_blob = data_blob_null;
+
+ mem_ctx = talloc_new(NULL);
+ assert_non_null(mem_ctx);
+
+ /* Pull the Managed Password structure. */
+ err = ndr_pull_struct_blob(&blob,
+ mem_ctx,
+ &managed_password,
+ (ndr_pull_flags_fn_t)
+ ndr_pull_MANAGEDPASSWORD_BLOB);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+
+ /* Check the header. */
+ assert_int_equal(1, managed_password.version);
+ assert_int_equal(0, managed_password.reserved);
+ assert_int_equal(sizeof data, managed_password.length);
+
+ /* Check the password fields. */
+ assert_utf16_equal(managed_password.passwords.current,
+ current_password);
+ assert_null(managed_password.passwords.previous);
+
+ /* Check the password query intervals.*/
+ assert_int_equal(0x176e8444bfa9,
+ *managed_password.passwords.query_interval);
+ assert_int_equal(0x176dd17461a9,
+ *managed_password.passwords.unchanged_interval);
+
+ /* Repack the Managed Password structure. */
+ managed_password.length = 0;
+ err = ndr_push_struct_blob(&packed_blob,
+ mem_ctx,
+ &managed_password,
+ (ndr_push_flags_fn_t)
+ ndr_push_MANAGEDPASSWORD_BLOB);
+ assert_int_equal(NDR_ERR_SUCCESS, err);
+
+ /*
+ * Check that the result is identical to the blob produced by Windows.
+ */
+ assert_int_equal(blob.length, packed_blob.length);
+ assert_memory_equal(blob.data, packed_blob.data, blob.length);
+
+ talloc_free(mem_ctx);
+}
+
+int main(void)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_managed_password_blob),
+ };
+ if (!isatty(1)) {
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+ }
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/librpc/wscript_build b/librpc/wscript_build
index b69324477e6..c80c23137ed 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -390,6 +390,10 @@ bld.SAMBA_SUBSYSTEM('NDR_CLAIMS',
source='gen_ndr/ndr_claims.c ndr/ndr_claims.c',
deps='ndr NDR_COMPRESSION LZXPRESS')
+bld.SAMBA_SUBSYSTEM('NDR_GMSA',
+ source='gen_ndr/ndr_gmsa.c',
+ deps='ndr')
+
bld.SAMBA_LIBRARY('ndr-standard',
source='',
vnum='0.0.1',
@@ -634,7 +638,7 @@ bld.SAMBA_LIBRARY('ndr-samba',
NDR_DNSSERVER NDR_EPMAPPER NDR_XATTR NDR_UNIXINFO NDR_NAMED_PIPE_AUTH
NDR_NTPRINTING NDR_FSRVP NDR_WITNESS NDR_MDSSVC NDR_OPEN_FILES NDR_SMBXSRV
NDR_SMB3POSIX
- NDR_KRB5CCACHE NDR_WSP''',
+ NDR_KRB5CCACHE NDR_WSP NDR_GMSA''',
private_library=True,
grouping_library=True
)
@@ -778,3 +782,14 @@ bld.SAMBA_BINARY('test_ndr_dns_nbt',
ndr_nbt
''',
for_selftest=True)
+
+bld.SAMBA_BINARY(
+ 'test_ndr_gmsa',
+ source='tests/test_ndr_gmsa.c',
+ deps='''
+ cmocka
+ talloc
+ NDR_GMSA
+ ''',
+ for_selftest=True,
+)
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index 1f95cdfd739..18db6cfe258 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
--
Samba Shared Repository
More information about the samba-cvs
mailing list