[SCM] Samba Shared Repository - branch v4-21-test updated

Jule Anger janger at samba.org
Wed Oct 9 10:08:02 UTC 2024 

The branch, v4-21-test has been updated
       via  66a21e46d0b system_mitkrb5: require 1.16 as we use ENCTYPE_AES256_CTS_HMAC_SHA384_192
       via  aca7b7b44b7 netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
      from  bbfc736f268 s3: SIGHUP handlers use consistent log level 3

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test


- Log -----------------------------------------------------------------
commit 66a21e46d0b7d0b4b3cd710ed10d3945706eba87
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Sep 13 22:12:34 2024 +0200

    system_mitkrb5: require 1.16 as we use ENCTYPE_AES256_CTS_HMAC_SHA384_192
    
    commit 8e931fce126e8c1128da893c806702731c08758a introduced that
    implicit dependency, we better make it more clear, which might
    allow relying on more modern stuff in future...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15726
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 5bcaafb757f704b2985057a5d3b1ad5fd42ae9f7)
    
    Autobuild-User(v4-21-test): Jule Anger <janger at samba.org>
    Autobuild-Date(v4-21-test): Wed Oct  9 10:07:54 UTC 2024 on atb-devel-224

commit aca7b7b44b7d19ea9b0508cdbd0d4e16cb538899
Author: Andréas Leroux <aleroux at tranquil.it>
Date:   Wed Sep 25 14:42:25 2024 +0200

    netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692
    Signed-off-by: Andréas Leroux <aleroux at tranquil.it>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
    
    Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
    Autobuild-Date(master): Fri Oct  4 04:01:22 UTC 2024 on atb-devel-224
    
    (cherry picked from commit 3766b6a126f659a43e2e36c66689c136fc22dbc4)

-----------------------------------------------------------------------

Summary of changes:
 python/samba/netcmd/domain/auth/policy/policy.py    | 18 ++++++++++++------
 python/samba/tests/samba_tool/domain_auth_policy.py | 19 +++++++++++++------
 wscript_configure_system_mitkrb5                    |  2 +-
 3 files changed, 26 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/netcmd/domain/auth/policy/policy.py b/python/samba/netcmd/domain/auth/policy/policy.py
index 207aa33c8d3..a1552c20fc5 100644
--- a/python/samba/netcmd/domain/auth/policy/policy.py
+++ b/python/samba/netcmd/domain/auth/policy/policy.py
@@ -26,7 +26,13 @@ from samba.domain.models import (MAX_TGT_LIFETIME, MIN_TGT_LIFETIME,
 from samba.domain.models.exceptions import ModelError
 from samba.netcmd import Command, CommandError, Option
 from samba.netcmd.validators import Range
+from samba.nt_time import NT_TICKS_PER_SEC
 
+def mins_to_tgt_lifetime(minutes):
+    """Convert minutes to the tgt_lifetime attributes unit which is 10^-7 seconds"""
+    if minutes is not None:
+        return minutes * 60 * NT_TICKS_PER_SEC
+    return minutes
 
 class UserOptions(options.OptionGroup):
     """User options used by policy create and policy modify commands."""
@@ -238,14 +244,14 @@ class cmd_domain_auth_policy_create(Command):
             description=description,
             strong_ntlm_policy=StrongNTLMPolicy[strong_ntlm_policy.upper()],
             user_allow_ntlm_auth=useropts.allow_ntlm_auth,
-            user_tgt_lifetime=useropts.tgt_lifetime,
+            user_tgt_lifetime=mins_to_tgt_lifetime(useropts.tgt_lifetime),
             user_allowed_to_authenticate_from=useropts.allowed_to_authenticate_from,
             user_allowed_to_authenticate_to=useropts.allowed_to_authenticate_to,
             service_allow_ntlm_auth=serviceopts.allow_ntlm_auth,
-            service_tgt_lifetime=serviceopts.tgt_lifetime,
+            service_tgt_lifetime=mins_to_tgt_lifetime(serviceopts.tgt_lifetime),
             service_allowed_to_authenticate_from=serviceopts.allowed_to_authenticate_from,
             service_allowed_to_authenticate_to=serviceopts.allowed_to_authenticate_to,
-            computer_tgt_lifetime=computeropts.tgt_lifetime,
+            computer_tgt_lifetime=mins_to_tgt_lifetime(computeropts.tgt_lifetime),
             computer_allowed_to_authenticate_to=computeropts.allowed_to_authenticate_to,
         )
 
@@ -346,7 +352,7 @@ class cmd_domain_auth_policy_modify(Command):
                 StrongNTLMPolicy[strong_ntlm_policy.upper()]
 
         if useropts.tgt_lifetime is not None:
-            policy.user_tgt_lifetime = useropts.tgt_lifetime
+            policy.user_tgt_lifetime = mins_to_tgt_lifetime(useropts.tgt_lifetime)
 
         if useropts.allowed_to_authenticate_from is not None:
             policy.user_allowed_to_authenticate_from = \
@@ -360,7 +366,7 @@ class cmd_domain_auth_policy_modify(Command):
         ##################
 
         if serviceopts.tgt_lifetime is not None:
-            policy.service_tgt_lifetime = serviceopts.tgt_lifetime
+            policy.service_tgt_lifetime = mins_to_tgt_lifetime(serviceopts.tgt_lifetime)
 
         if serviceopts.allowed_to_authenticate_from is not None:
             policy.service_allowed_to_authenticate_from = \
@@ -374,7 +380,7 @@ class cmd_domain_auth_policy_modify(Command):
         ###########
 
         if computeropts.tgt_lifetime is not None:
-            policy.computer_tgt_lifetime = computeropts.tgt_lifetime
+            policy.computer_tgt_lifetime = mins_to_tgt_lifetime(computeropts.tgt_lifetime)
 
         if computeropts.allowed_to_authenticate_to is not None:
             policy.computer_allowed_to_authenticate_to = \
diff --git a/python/samba/tests/samba_tool/domain_auth_policy.py b/python/samba/tests/samba_tool/domain_auth_policy.py
index 864979608ea..d5fa295ecd1 100644
--- a/python/samba/tests/samba_tool/domain_auth_policy.py
+++ b/python/samba/tests/samba_tool/domain_auth_policy.py
@@ -27,12 +27,19 @@ from unittest.mock import patch
 from samba.dcerpc import security
 from samba.domain.models.exceptions import ModelError
 from samba.ndr import ndr_pack, ndr_unpack
+from samba.nt_time import NT_TICKS_PER_SEC
 from samba.samdb import SamDB
 from samba.sd_utils import SDUtils
 
 from .silo_base import SiloTest
 
 
+def mins_to_tgt_lifetime(minutes):
+    """Convert minutes to the tgt_lifetime attributes unit which is 10^-7 seconds"""
+    if minutes is not None:
+        return minutes * 60 * NT_TICKS_PER_SEC
+    return minutes
+
 class AuthPolicyCmdTestCase(SiloTest):
 
     def test_list(self):
@@ -135,7 +142,7 @@ class AuthPolicyCmdTestCase(SiloTest):
         # Check policy fields.
         policy = self.get_authentication_policy(name)
         self.assertEqual(str(policy["cn"]), name)
-        self.assertEqual(str(policy["msDS-UserTGTLifetime"]), "60")
+        self.assertEqual(str(policy["msDS-UserTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -169,7 +176,7 @@ class AuthPolicyCmdTestCase(SiloTest):
         # Check policy fields.
         policy = self.get_authentication_policy(name)
         self.assertEqual(str(policy["cn"]), name)
-        self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), "60")
+        self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -203,7 +210,7 @@ class AuthPolicyCmdTestCase(SiloTest):
         # Check policy fields.
         policy = self.get_authentication_policy(name)
         self.assertEqual(str(policy["cn"]), name)
-        self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), "60")
+        self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -644,7 +651,7 @@ class AuthPolicyCmdTestCase(SiloTest):
 
         # Verify field was changed.
         policy = self.get_authentication_policy(name)
-        self.assertEqual(str(policy["msDS-UserTGTLifetime"]), "120")
+        self.assertEqual(str(policy["msDS-UserTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "modify",
@@ -680,7 +687,7 @@ class AuthPolicyCmdTestCase(SiloTest):
 
         # Verify field was changed.
         policy = self.get_authentication_policy(name)
-        self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), "120")
+        self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "modify",
@@ -716,7 +723,7 @@ class AuthPolicyCmdTestCase(SiloTest):
 
         # Verify field was changed.
         policy = self.get_authentication_policy(name)
-        self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), "120")
+        self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
 
         # check lower bounds (45)
         result, out, err = self.runcmd("domain", "auth", "policy", "modify",
diff --git a/wscript_configure_system_mitkrb5 b/wscript_configure_system_mitkrb5
index d40bb36737e..e1fac843f0c 100644
--- a/wscript_configure_system_mitkrb5
+++ b/wscript_configure_system_mitkrb5
@@ -4,7 +4,7 @@ from waflib import Logs, Options, Errors
 # Check for kerberos
 have_gssapi=False
 
-krb5_min_required_version = "1.9"
+krb5_min_required_version = "1.16"
 
 # Required versions
 krb5_required_version = krb5_min_required_version


-- 
Samba Shared Repository

More information about the samba-cvs mailing list