The Samba-Bugzilla – Attachment 16879 Details for
Bug 14881
Backport bronze bit fixes, tests, and selftest improvements
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
inter-diff 4.14 -> 4.13
interdiff-4.14-patch-to-4.13-patch.patch (text/plain), 112.53 KB, created by
Andrew Bartlett
on 2021-10-27 21:37:26 UTC
(
hide
)
Description:
inter-diff 4.14 -> 4.13
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2021-10-27 21:37:26 UTC
Size:
112.53 KB
patch
obsolete
>--- /tmp/bronze-bit-samba-4.14-v5.patch 2021-10-28 10:27:49.221713977 +1300 >+++ /tmp/bronze-bit-for-samba-4.13-v3.patch 2021-10-28 10:30:37.015885693 +1300 >@@ -1,7 +1,389 @@ >-From e195e1e8571980edcf6e5e4b8e6185f3ae92363b Mon Sep 17 00:00:00 2001 >+From 04e98669c3e403669505922805ac9feb37b578b8 Mon Sep 17 00:00:00 2001 >+From: David Mulder <dmulder@suse.com> >+Date: Mon, 14 Sep 2020 11:12:37 -0600 >+Subject: [PATCH 001/162] python: Move dsdb_Dn to samdb >+ >+The import dsdb needed for dsdb_Dn causes import >+errors when trying to import get_bytes/get_string >+in some places. >+ >+Signed-off-by: David Mulder <dmulder@suse.com> >+Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >+ >+[abartlet@samba.org backported from commit 85d2ff2f0003b106ca84866b7e7893723f1dd93c >+ as the PY2 compat code is still in place in Samba 4.13] >+--- >+ python/samba/common.py | 79 ------------------------- >+ python/samba/dbchecker.py | 2 +- >+ python/samba/kcc/kcc_utils.py | 2 +- >+ python/samba/kcc/ldif_import_export.py | 3 +- >+ python/samba/samdb.py | 75 +++++++++++++++++++++++ >+ python/samba/tests/common.py | 4 +- >+ source4/torture/drs/python/repl_rodc.py | 2 +- >+ 7 files changed, 81 insertions(+), 86 deletions(-) >+ >+diff --git a/python/samba/common.py b/python/samba/common.py >+index 8876e4f4faa..a8faa90065d 100644 >+--- a/python/samba/common.py >++++ b/python/samba/common.py >+@@ -16,13 +16,6 @@ >+ # along with this program. If not, see <http://www.gnu.org/licenses/>. >+ # >+ >+- >+-import ldb >+-from samba import dsdb >+-from samba.ndr import ndr_pack >+-from samba.dcerpc import misc >+-import binascii >+- >+ from samba.compat import PY3 >+ >+ >+@@ -74,75 +67,3 @@ def normalise_int32(ivalue): >+ return str(ivalue) >+ >+ >+-class dsdb_Dn(object): >+- '''a class for binary DN''' >+- >+- def __init__(self, samdb, dnstring, syntax_oid=None): >+- '''create a dsdb_Dn''' >+- if syntax_oid is None: >+- # auto-detect based on string >+- if dnstring.startswith("B:"): >+- syntax_oid = dsdb.DSDB_SYNTAX_BINARY_DN >+- elif dnstring.startswith("S:"): >+- syntax_oid = dsdb.DSDB_SYNTAX_STRING_DN >+- else: >+- syntax_oid = dsdb.DSDB_SYNTAX_OR_NAME >+- if syntax_oid in [dsdb.DSDB_SYNTAX_BINARY_DN, dsdb.DSDB_SYNTAX_STRING_DN]: >+- # it is a binary DN >+- colons = dnstring.split(':') >+- if len(colons) < 4: >+- raise RuntimeError("Invalid DN %s" % dnstring) >+- prefix_len = 4 + len(colons[1]) + int(colons[1]) >+- self.prefix = dnstring[0:prefix_len] >+- self.binary = self.prefix[3 + len(colons[1]):-1] >+- self.dnstring = dnstring[prefix_len:] >+- else: >+- self.dnstring = dnstring >+- self.prefix = '' >+- self.binary = '' >+- self.dn = ldb.Dn(samdb, self.dnstring) >+- >+- def __str__(self): >+- return self.prefix + str(self.dn.extended_str(mode=1)) >+- >+- def __cmp__(self, other): >+- ''' compare dsdb_Dn values similar to parsed_dn_compare()''' >+- dn1 = self >+- dn2 = other >+- guid1 = dn1.dn.get_extended_component("GUID") >+- guid2 = dn2.dn.get_extended_component("GUID") >+- >+- v = cmp(guid1, guid2) >+- if v != 0: >+- return v >+- v = cmp(dn1.binary, dn2.binary) >+- return v >+- >+- # In Python3, __cmp__ is replaced by these 6 methods >+- def __eq__(self, other): >+- return self.__cmp__(other) == 0 >+- >+- def __ne__(self, other): >+- return self.__cmp__(other) != 0 >+- >+- def __lt__(self, other): >+- return self.__cmp__(other) < 0 >+- >+- def __le__(self, other): >+- return self.__cmp__(other) <= 0 >+- >+- def __gt__(self, other): >+- return self.__cmp__(other) > 0 >+- >+- def __ge__(self, other): >+- return self.__cmp__(other) >= 0 >+- >+- def get_binary_integer(self): >+- '''return binary part of a dsdb_Dn as an integer, or None''' >+- if self.prefix == '': >+- return None >+- return int(self.binary, 16) >+- >+- def get_bytes(self): >+- '''return binary as a byte string''' >+- return binascii.unhexlify(self.binary) >+diff --git a/python/samba/dbchecker.py b/python/samba/dbchecker.py >+index d12833d9390..0085b4a8515 100644 >+--- a/python/samba/dbchecker.py >++++ b/python/samba/dbchecker.py >+@@ -28,7 +28,7 @@ from samba.dcerpc import misc >+ from samba.dcerpc import drsuapi >+ from samba.ndr import ndr_unpack, ndr_pack >+ from samba.dcerpc import drsblobs >+-from samba.common import dsdb_Dn >++from samba.samdb import dsdb_Dn >+ from samba.dcerpc import security >+ from samba.descriptor import get_wellknown_sds, get_diff_sds >+ from samba.auth import system_session, admin_session >+diff --git a/python/samba/kcc/kcc_utils.py b/python/samba/kcc/kcc_utils.py >+index e0712e49c82..9b4a894b743 100644 >+--- a/python/samba/kcc/kcc_utils.py >++++ b/python/samba/kcc/kcc_utils.py >+@@ -30,7 +30,7 @@ from samba.dcerpc import ( >+ drsuapi, >+ misc, >+ ) >+-from samba.common import dsdb_Dn >++from samba.samdb import dsdb_Dn >+ from samba.ndr import ndr_unpack, ndr_pack >+ from collections import Counter >+ >+diff --git a/python/samba/kcc/ldif_import_export.py b/python/samba/kcc/ldif_import_export.py >+index 86453f1e5c9..7ec553edcb9 100644 >+--- a/python/samba/kcc/ldif_import_export.py >++++ b/python/samba/kcc/ldif_import_export.py >+@@ -23,8 +23,7 @@ import os >+ >+ from samba import Ldb, ldb, read_and_sub_file >+ from samba.auth import system_session >+-from samba.samdb import SamDB >+-from samba.common import dsdb_Dn >++from samba.samdb import SamDB, dsdb_Dn >+ >+ >+ class LdifError(Exception): >+diff --git a/python/samba/samdb.py b/python/samba/samdb.py >+index 36d668c4586..0c8880d5c75 100644 >+--- a/python/samba/samdb.py >++++ b/python/samba/samdb.py >+@@ -35,7 +35,9 @@ from samba.common import normalise_int32 >+ from samba.compat import text_type >+ from samba.compat import binary_type >+ from samba.compat import get_bytes >++from samba.common import cmp >+ from samba.dcerpc import security >++import binascii >+ >+ __docformat__ = "restructuredText" >+ >+@@ -1422,3 +1424,76 @@ schemaUpdateNow: 1 >+ if not full_dn.is_child_of(domain_dn): >+ full_dn.add_base(domain_dn) >+ return full_dn >++ >++class dsdb_Dn(object): >++ '''a class for binary DN''' >++ >++ def __init__(self, samdb, dnstring, syntax_oid=None): >++ '''create a dsdb_Dn''' >++ if syntax_oid is None: >++ # auto-detect based on string >++ if dnstring.startswith("B:"): >++ syntax_oid = dsdb.DSDB_SYNTAX_BINARY_DN >++ elif dnstring.startswith("S:"): >++ syntax_oid = dsdb.DSDB_SYNTAX_STRING_DN >++ else: >++ syntax_oid = dsdb.DSDB_SYNTAX_OR_NAME >++ if syntax_oid in [dsdb.DSDB_SYNTAX_BINARY_DN, dsdb.DSDB_SYNTAX_STRING_DN]: >++ # it is a binary DN >++ colons = dnstring.split(':') >++ if len(colons) < 4: >++ raise RuntimeError("Invalid DN %s" % dnstring) >++ prefix_len = 4 + len(colons[1]) + int(colons[1]) >++ self.prefix = dnstring[0:prefix_len] >++ self.binary = self.prefix[3 + len(colons[1]):-1] >++ self.dnstring = dnstring[prefix_len:] >++ else: >++ self.dnstring = dnstring >++ self.prefix = '' >++ self.binary = '' >++ self.dn = ldb.Dn(samdb, self.dnstring) >++ >++ def __str__(self): >++ return self.prefix + str(self.dn.extended_str(mode=1)) >++ >++ def __cmp__(self, other): >++ ''' compare dsdb_Dn values similar to parsed_dn_compare()''' >++ dn1 = self >++ dn2 = other >++ guid1 = dn1.dn.get_extended_component("GUID") >++ guid2 = dn2.dn.get_extended_component("GUID") >++ >++ v = cmp(guid1, guid2) >++ if v != 0: >++ return v >++ v = cmp(dn1.binary, dn2.binary) >++ return v >++ >++ # In Python3, __cmp__ is replaced by these 6 methods >++ def __eq__(self, other): >++ return self.__cmp__(other) == 0 >++ >++ def __ne__(self, other): >++ return self.__cmp__(other) != 0 >++ >++ def __lt__(self, other): >++ return self.__cmp__(other) < 0 >++ >++ def __le__(self, other): >++ return self.__cmp__(other) <= 0 >++ >++ def __gt__(self, other): >++ return self.__cmp__(other) > 0 >++ >++ def __ge__(self, other): >++ return self.__cmp__(other) >= 0 >++ >++ def get_binary_integer(self): >++ '''return binary part of a dsdb_Dn as an integer, or None''' >++ if self.prefix == '': >++ return None >++ return int(self.binary, 16) >++ >++ def get_bytes(self): >++ '''return binary as a byte string''' >++ return binascii.unhexlify(self.binary) >+diff --git a/python/samba/tests/common.py b/python/samba/tests/common.py >+index d326f795f85..b7248b0826e 100644 >+--- a/python/samba/tests/common.py >++++ b/python/samba/tests/common.py >+@@ -20,8 +20,8 @@ >+ import samba >+ import os >+ import samba.tests >+-from samba.common import normalise_int32, dsdb_Dn >+-from samba.samdb import SamDB >++from samba.common import normalise_int32 >++from samba.samdb import SamDB, dsdb_Dn >+ >+ >+ class CommonTests(samba.tests.TestCaseInTempDir): >+diff --git a/source4/torture/drs/python/repl_rodc.py b/source4/torture/drs/python/repl_rodc.py >+index 166ba5ba5db..21e70b8bc6f 100644 >+--- a/source4/torture/drs/python/repl_rodc.py >++++ b/source4/torture/drs/python/repl_rodc.py >+@@ -37,7 +37,7 @@ from samba.join import DCJoinContext >+ from samba.dcerpc import drsuapi, misc, drsblobs, security >+ from samba.drs_utils import drs_DsBind, drs_Replicate >+ from samba.ndr import ndr_unpack, ndr_pack >+-from samba.common import dsdb_Dn >++from samba.samdb import dsdb_Dn >+ from samba.credentials import Credentials >+ >+ import random >+-- >+2.25.1 >+ >+ >+From 5e8db6412bd21808f1136899fcc79ca23b9f9434 Mon Sep 17 00:00:00 2001 >+From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >+Date: Thu, 11 Oct 2018 13:08:38 +1300 >+Subject: [PATCH 002/162] python/join: use the provided krbtgt link in >+ cleanup_old_accounts >+ >+Before we were putting it in an otherwise unused variable, and >+deleting the previous krbtgt_dn, if any. >+ >+Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> >+Reviewed-by: Andreas Schneider <asn@samba.org> >+Reviewed-by: David Mulder <dmulder@samba.org> >+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >+(cherry picked from commit 98f6ece5ad03a822180796873197383c17c3c6d9) >+--- >+ python/samba/join.py | 2 +- >+ 1 file changed, 1 insertion(+), 1 deletion(-) >+ >+diff --git a/python/samba/join.py b/python/samba/join.py >+index 7273f3734d3..a35cf1d9a38 100644 >+--- a/python/samba/join.py >++++ b/python/samba/join.py >+@@ -259,7 +259,7 @@ class DCJoinContext(object): >+ ctx.del_noerror(res[0].dn, recursive=True) >+ >+ if "msDS-Krbtgtlink" in res[0]: >+- new_krbtgt_dn = res[0]["msDS-Krbtgtlink"][0] >++ ctx.new_krbtgt_dn = res[0]["msDS-Krbtgtlink"][0] >+ ctx.del_noerror(ctx.new_krbtgt_dn) >+ >+ res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), >+-- >+2.25.1 >+ >+ >+From 34a8c411c41213870db5cfdb2d207277ac971ba6 Mon Sep 17 00:00:00 2001 >+From: Andrew Bartlett <abartlet@samba.org> >+Date: Fri, 17 Sep 2021 16:43:00 +1200 >+Subject: [PATCH 003/162] autobuild: allow AUTOBUILD_FAIL_IMMEDIATELY=0 (say >+ from a gitlab variable) >+ >+This allows making a push to do a full test ignoring errors without >+needing "HACK!!!" commits on top. >+ >+Use like this: >+ >+git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' >+ >+RN: Samba CI runs can now continue past the first error if AUTOBUILD_FAIL_IMMEDIATELY=0 is set >+ >+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14841 >+BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >+ >+Signed-off-by: Andrew Bartlett <abartlet@samba.org> >+Reviewed-by: Michael Adam <obnox@samba.org >+Reviewed-by: Noel Power <npower@samba.org> >+ >+[abartlet@samba.org backported from commit b81f6f3d71487085bb355392ce7f8eff2db5bb4d >+ due to changes in 4.15 and later for the autobuild dependent jobs work >+ that avoids rebuilding Samba in each task] >+ >+Autobuild-User(v4-14-test): Jule Anger <janger@samba.org> >+Autobuild-Date(v4-14-test): Thu Sep 23 08:54:03 UTC 2021 on sn-devel-184 >+ >+(cherry picked from commit f53c532c2292d07ab3374920bd83c1266663038e) >+--- >+ script/autobuild.py | 9 +++++++-- >+ 1 file changed, 7 insertions(+), 2 deletions(-) >+ >+diff --git a/script/autobuild.py b/script/autobuild.py >+index 0f837d0c109..9cfb4f520bc 100755 >+--- a/script/autobuild.py >++++ b/script/autobuild.py >+@@ -154,7 +154,6 @@ def format_option(name, value=None): >+ >+ def make_test( >+ cmd='make test', >+- FAIL_IMMEDIATELY=1, >+ TESTS='', >+ include_envs=None, >+ exclude_envs=None): >+@@ -169,7 +168,13 @@ def make_test( >+ TESTS = (TESTS + ' ' + ' '.join(test_options)).strip() >+ >+ _options = [] >+- if FAIL_IMMEDIATELY: >++ >++ # Allow getting a full CI with >++ # git push -o ci.variable='AUTOBUILD_FAIL_IMMEDIATELY=0' >++ >++ FAIL_IMMEDIATELY = os.getenv("AUTOBUILD_FAIL_IMMEDIATELY", "1") >++ >++ if int(FAIL_IMMEDIATELY): >+ _options.append('FAIL_IMMEDIATELY=1') >+ if TESTS: >+ _options.append("TESTS='{}'".format(TESTS)) >+-- >+2.25.1 >+ >+ >+From 28b33b5296db0da94bdbd2180af93116acbc7ddf Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:39:19 +1200 >-Subject: [PATCH 001/159] krb5pac.idl: Add ticket checksum PAC buffer type >+Subject: [PATCH 004/162] krb5pac.idl: Add ticket checksum PAC buffer type > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet@samba.org> >@@ -38,10 +420,10 @@ > 2.25.1 > > >-From ca85c935655c243292eaeba06e303a5d906df09d Mon Sep 17 00:00:00 2001 >+From 73592c7bcbee7e00d184b6c425544ac6527a32f7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:40:59 +1200 >-Subject: [PATCH 002/159] security.idl: Add well-known SIDs for FAST >+Subject: [PATCH 005/162] security.idl: Add well-known SIDs for FAST > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet@samba.org> >@@ -53,10 +435,10 @@ > 1 file changed, 3 insertions(+) > > diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl >-index 06bf7449a70..3df96dedbdd 100644 >+index a92e8f1518e..9845becd826 100644 > --- a/librpc/idl/security.idl > +++ b/librpc/idl/security.idl >-@@ -295,6 +295,9 @@ interface security >+@@ -292,6 +292,9 @@ interface security > const string SID_AUTHENTICATION_AUTHORITY_ASSERTED_IDENTITY = "S-1-18-1"; > const string SID_SERVICE_ASSERTED_IDENTITY = "S-1-18-2"; > >@@ -70,10 +452,10 @@ > 2.25.1 > > >-From 0b6008fdf60e3d77cad9eff00c45ddb153e720e4 Mon Sep 17 00:00:00 2001 >+From 46c00bf7f6813525413968380fa9b41f50fe888b Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:46:42 +1200 >-Subject: [PATCH 003/159] tests/krb5: Calculate expected salt if not given >+Subject: [PATCH 006/162] tests/krb5: Calculate expected salt if not given > explicitly > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -111,10 +493,10 @@ > 2.25.1 > > >-From 88e37a8ff8fcc2d2c48a284e42af72f91972150f Mon Sep 17 00:00:00 2001 >+From cc84aeea6d616ef52c9849b9e614f94214151169 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:50:26 +1200 >-Subject: [PATCH 004/159] tests/krb5: Add methods to obtain the length of >+Subject: [PATCH 007/162] tests/krb5: Add methods to obtain the length of > checksum types > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -127,7 +509,7 @@ > 1 file changed, 26 insertions(+) > > diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >-index ce7b00bda4c..4a4a12a66d4 100755 >+index c861e3cc96e..2a72969de00 100755 > --- a/python/samba/tests/krb5/kcrypto.py > +++ b/python/samba/tests/krb5/kcrypto.py > @@ -478,6 +478,7 @@ class _ChecksumProfile(object): >@@ -209,10 +591,10 @@ > 2.25.1 > > >-From e32eba62e59cb11234408fb0878688658aad5026 Mon Sep 17 00:00:00 2001 >+From 83381c7e903def4b7f74ae23bca940de82e152df Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:57:26 +1200 >-Subject: [PATCH 005/159] tests/krb5: Use signed integers to represent key >+Subject: [PATCH 008/162] tests/krb5: Use signed integers to represent key > version numbers in ASN.1 > > As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses >@@ -274,10 +656,10 @@ > 2.25.1 > > >-From ed0c2617186d4f2bd1ef709b0f11c0005d112413 Mon Sep 17 00:00:00 2001 >+From 3935e1befe3e22abf21b715f5adbeb94a9bab5e3 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:05:39 +1200 >-Subject: [PATCH 006/159] tests/krb5: Add KDCOptions flag for constrained >+Subject: [PATCH 009/162] tests/krb5: Add KDCOptions flag for constrained > delegation > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -318,10 +700,10 @@ > 2.25.1 > > >-From 9b856ae2c84fb642ac0c0676175e6067c20d08d9 Mon Sep 17 00:00:00 2001 >+From e6387afe91c35f9ab864dc72c0c32d4bb2f355bf Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:21:55 +1200 >-Subject: [PATCH 007/159] tests/krb5: Use more compact dict lookup >+Subject: [PATCH 010/162] tests/krb5: Use more compact dict lookup > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet@samba.org> >@@ -367,10 +749,10 @@ > 2.25.1 > > >-From 0d1703f344daf86e6914728014ba6b9c5fb4040b Mon Sep 17 00:00:00 2001 >+From 344dd742659be6bccac281a53798dacf6b60a096 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:31:56 +1200 >-Subject: [PATCH 008/159] tests/krb5: Replace expected_cname_private with >+Subject: [PATCH 011/162] tests/krb5: Replace expected_cname_private with > expected_anon parameter > > This is used in the case where the KDC returns 'WELLKNOWN/ANONYMOUS' as >@@ -608,10 +990,10 @@ > 2.25.1 > > >-From 0b1c12cac5d6ec0cd87e8d04843ebc717cb33870 Mon Sep 17 00:00:00 2001 >+From 092a1939d7ccc498a078f942a619ea1e235392cc Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:34:02 +1200 >-Subject: [PATCH 009/159] tests/krb5: Allow specifying an OU to create accounts >+Subject: [PATCH 012/162] tests/krb5: Allow specifying an OU to create accounts > in > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -650,10 +1032,10 @@ > 2.25.1 > > >-From 452a870aba4aaf5fb4eb32faa9b1ba129910e85e Mon Sep 17 00:00:00 2001 >+From 90da0f10baa817f4e89015a4e899cd36617bbf41 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:34:46 +1200 >-Subject: [PATCH 010/159] tests/krb5: Allow specifying additional User Account >+Subject: [PATCH 013/162] tests/krb5: Allow specifying additional User Account > Control flags for account > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -705,10 +1087,10 @@ > 2.25.1 > > >-From 3c2388566f21a640aebb9cf662026b1b1f70505f Mon Sep 17 00:00:00 2001 >+From d8997d65476d8f9789e29d31adf7fcdf285af2ce Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 16:35:58 +1200 >-Subject: [PATCH 011/159] tests/krb5: Keep track of account DN in credentials >+Subject: [PATCH 014/162] tests/krb5: Keep track of account DN in credentials > object > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -771,10 +1153,10 @@ > 2.25.1 > > >-From 08f7c62550d3fd45e3e067437cf35f67a32ea6c6 Mon Sep 17 00:00:00 2001 >+From 2a564b93de1ec94d4988e718afdb87f4fed56461 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 2 Sep 2021 14:27:00 +1200 >-Subject: [PATCH 012/159] tests/krb5: Move padata generation methods to base >+Subject: [PATCH 015/162] tests/krb5: Move padata generation methods to base > class > > This allows them to be used directly from RawKerberosTest. >@@ -849,10 +1231,10 @@ > 2.25.1 > > >-From 78407dac18d71204f1b2d3b1a734dfff92be24cc Mon Sep 17 00:00:00 2001 >+From c54a7c5877cdba3d7025962e7b8fb49ebe0f5d67 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 2 Sep 2021 14:36:42 +1200 >-Subject: [PATCH 013/159] tests/krb5: add options to kdc_exchange_dict to >+Subject: [PATCH 016/162] tests/krb5: add options to kdc_exchange_dict to > specify including PAC-REQUEST or PAC-OPTIONS > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -982,10 +1364,10 @@ > 2.25.1 > > >-From 9af5f1bb152b716f786a26948970d794988ff1a4 Mon Sep 17 00:00:00 2001 >+From 97d0e46aecb9eab71a68201082f2d10a592e02b9 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 2 Sep 2021 14:37:27 +1200 >-Subject: [PATCH 014/159] tests/krb5: Don't create PAC request manually in >+Subject: [PATCH 017/162] tests/krb5: Don't create PAC request manually in > as_req_tests > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1100,10 +1482,10 @@ > 2.25.1 > > >-From d4e20807271e4d220576ecb9c8f9181f5239f03f Mon Sep 17 00:00:00 2001 >+From 1c57d81052e892de4c27814180cd0c2df2cee5d8 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 2 Sep 2021 14:38:33 +1200 >-Subject: [PATCH 015/159] tests/krb5: Don't create PAC request or options >+Subject: [PATCH 018/162] tests/krb5: Don't create PAC request or options > manually in fast_tests > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1192,10 +1574,10 @@ > 2.25.1 > > >-From 1c4fe313794c2714fb6c788d669540a666fc7415 Mon Sep 17 00:00:00 2001 >+From 93457cced299ddaadfe44bd0c5f64e6d45e3f4b3 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 17:46:02 +1200 >-Subject: [PATCH 016/159] tests/krb5: Remove magic constants >+Subject: [PATCH 019/162] tests/krb5: Remove magic constants > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet@samba.org> >@@ -1237,10 +1619,10 @@ > 2.25.1 > > >-From c4b81188694c96d94ab1a8454a2cb4b145b6da8a Mon Sep 17 00:00:00 2001 >+From 444ed2e7b19e7280f59f39aec220bccdaaec0664 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:13:11 +1200 >-Subject: [PATCH 017/159] tests/krb5: Allow specifying ticket flags expected to >+Subject: [PATCH 020/162] tests/krb5: Allow specifying ticket flags expected to > be set or reset > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1407,10 +1789,10 @@ > 2.25.1 > > >-From 4cf6730703b4cf98366b24fbf109e2b9eedd23ea Mon Sep 17 00:00:00 2001 >+From e151496f35eb717da78fa0c079a23259d6c0938f Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:15:17 +1200 >-Subject: [PATCH 018/159] tests/krb5: Make time assertion less strict >+Subject: [PATCH 021/162] tests/krb5: Make time assertion less strict > > This assertion could fail if there was a time difference between the KDC > and the client. >@@ -1441,10 +1823,10 @@ > 2.25.1 > > >-From a5cfaf79ee4344bd20544a8298cb5aba9cbdcfe6 Mon Sep 17 00:00:00 2001 >+From 182015f34f16f018d5357479fa5d02752f70c832 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:34:20 +1200 >-Subject: [PATCH 019/159] tests/krb5: Allow Kerberos requests to be sent to DC >+Subject: [PATCH 022/162] tests/krb5: Allow Kerberos requests to be sent to DC > or RODC > > If run inside the 'rodc' testing environment, 'DC_SERVER' and 'SERVER' >@@ -1602,10 +1984,10 @@ > 2.25.1 > > >-From d39c7bc563486e4cdb0b93cba16be3037fa916f4 Mon Sep 17 00:00:00 2001 >+From 4b1a967f53550d9ebad219e582567dd01cdbfe2b Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:43:41 +1200 >-Subject: [PATCH 020/159] tests/krb5: Check for presence of 'renew-till' >+Subject: [PATCH 023/162] tests/krb5: Check for presence of 'renew-till' > element > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1661,10 +2043,10 @@ > 2.25.1 > > >-From c20a5a1c9a2470946db2f76aff10775b07a8d2a7 Mon Sep 17 00:00:00 2001 >+From 630d758134787c37097e9a10a1e6de219637b267 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:45:57 +1200 >-Subject: [PATCH 021/159] tests/krb5: Check 'caddr' element >+Subject: [PATCH 024/162] tests/krb5: Check 'caddr' element > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet@samba.org> >@@ -1703,10 +2085,10 @@ > 2.25.1 > > >-From 10cf7df564cd14ae98cc6d357ffae783ad732d6a Mon Sep 17 00:00:00 2001 >+From 97ecd7fb8cc74c2040b0dfd0692e30ee1063744d Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:47:27 +1200 >-Subject: [PATCH 022/159] tests/krb5: Check for presence of 'key-expiration' >+Subject: [PATCH 025/162] tests/krb5: Check for presence of 'key-expiration' > element > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1751,10 +2133,10 @@ > 2.25.1 > > >-From 97931026fa0bd052e243eb7b2415cd09985c50b5 Mon Sep 17 00:00:00 2001 >+From 2124821d5c3c770034aaa3522eee50ef38617849 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 3 Sep 2021 09:18:32 +1200 >-Subject: [PATCH 023/159] tests/krb5: Create testing accounts in appropriate >+Subject: [PATCH 026/162] tests/krb5: Create testing accounts in appropriate > containers > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> >@@ -1799,10 +2181,10 @@ > 2.25.1 > > >-From 2f177f9c43f77595221f80e3b023d7e0e8caabf7 Mon Sep 17 00:00:00 2001 >+From 92afc8bdbe96ea9887515c1aa0bc8a4951292bec Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 19:26:43 +1200 >-Subject: [PATCH 024/159] tests/krb5: Allow specifying status code to be >+Subject: [PATCH 027/162] tests/krb5: Allow specifying status code to be > checked > > This allows us to check the status code that may be sent in an error >@@ -1872,10 +2254,10 @@ > 2.25.1 > > >-From 4365b3ed5f800f16ffaf3060cf2f74a6c561d7a2 Mon Sep 17 00:00:00 2001 >+From f02fe473129462610159e5f18943f5fe61eeaf42 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 3 Sep 2021 09:40:02 +1200 >-Subject: [PATCH 025/159] tests/krb5: Get expected cname from TGT for TGS-REQ >+Subject: [PATCH 028/162] tests/krb5: Get expected cname from TGT for TGS-REQ > messages > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -1931,10 +2313,10 @@ > 2.25.1 > > >-From a69fe59d1ca93f35743c332ce3c18e1f86a82bce Mon Sep 17 00:00:00 2001 >+From cd8a71d62d73e438a794d9154a1c79cecd696730 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 3 Sep 2021 09:55:10 +1200 >-Subject: [PATCH 026/159] tests/krb5: Get encpart decryption key from >+Subject: [PATCH 029/162] tests/krb5: Get encpart decryption key from > kdc_exchange_dict > > Instead of using check_padata_fn to get the encpart decryption key, we >@@ -2245,10 +2627,10 @@ > 2.25.1 > > >-From ecfa294660f93327cadce74b1061299631a43b8a Mon Sep 17 00:00:00 2001 >+From 8799fd322a9f4127504ead5d8dc79aae0bdb923d Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 3 Sep 2021 15:36:24 +1200 >-Subject: [PATCH 027/159] tests/krb5: Add get_cached_creds() method to create >+Subject: [PATCH 030/162] tests/krb5: Add get_cached_creds() method to create > persistent accounts for testing > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -2524,10 +2906,10 @@ > 2.25.1 > > >-From 9451573c242bb6fbc28ad128332de5f3467db34b Mon Sep 17 00:00:00 2001 >+From 73990804097d4efdca751e91cc3213bf6d5be0df Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 8 Sep 2021 11:28:52 +1200 >-Subject: [PATCH 028/159] tests/krb5: Generate padata for FAST tests >+Subject: [PATCH 031/162] tests/krb5: Generate padata for FAST tests > > This gives us access to parameters of kdc_exchange_dict and enables us > to simplify the logic. >@@ -2697,10 +3079,10 @@ > 2.25.1 > > >-From b69f9a907388949473c8f6161e797781a8b6ed02 Mon Sep 17 00:00:00 2001 >+From da9144b8aaa815ee60b8e9ffdef599cca53e8e68 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 21:14:18 +1200 >-Subject: [PATCH 029/159] tests/krb5: Sign-extend kvno from 32-bit integer >+Subject: [PATCH 032/162] tests/krb5: Sign-extend kvno from 32-bit integer > > This helps to avoid problems with RODC kvnos that have the high bit set. > >@@ -2733,10 +3115,10 @@ > 2.25.1 > > >-From 56a8d5cc38e842b5f1070c0baf44dfb8b755136c Mon Sep 17 00:00:00 2001 >+From 53c3d8ebc0c13d19fe64d846614c0e22ae207bb3 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 20:20:23 +1200 >-Subject: [PATCH 030/159] tests/krb5: Add method to get RODC krbtgt credentials >+Subject: [PATCH 033/162] tests/krb5: Add method to get RODC krbtgt credentials > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -2852,10 +3234,10 @@ > 2.25.1 > > >-From accdbf65bc4d5b593cd47573e04bac93952c7d1a Mon Sep 17 00:00:00 2001 >+From 5dc89d29003bfa015a4bbedca1ac5c4f90256db7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 20:58:01 +1200 >-Subject: [PATCH 031/159] tests/krb5: Add get_secrets() method to get the >+Subject: [PATCH 034/162] tests/krb5: Add get_secrets() method to get the > secret attributes of a DN > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -2932,10 +3314,10 @@ > 2.25.1 > > >-From dc54b53b9e88101ea682092567578ddeefe847c9 Mon Sep 17 00:00:00 2001 >+From 1d552860666e676e4615ca063e11cefa70a3ae4a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 22:13:24 +1200 >-Subject: [PATCH 032/159] tests/krb5: Allow replicating accounts to the RODC >+Subject: [PATCH 035/162] tests/krb5: Allow replicating accounts to the RODC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -3167,10 +3549,10 @@ > 2.25.1 > > >-From 168c655af8cad05e036e72dd7d577d87922d0ffd Mon Sep 17 00:00:00 2001 >+From 2a6990948b7d5efafc14bdc11751002c0a7f2e51 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 21:24:05 +1200 >-Subject: [PATCH 033/159] tests/krb5: Create RODC account for testing >+Subject: [PATCH 036/162] tests/krb5: Create RODC account for testing > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -3349,10 +3731,10 @@ > 2.25.1 > > >-From df0700ab8f6745474d8185451b7cab9815632de8 Mon Sep 17 00:00:00 2001 >+From c6f6b2a5872d955fd691d0fea483918425d7cf82 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 13 Sep 2021 21:24:31 +1200 >-Subject: [PATCH 034/159] tests/krb5: Allow replicating accounts to the created >+Subject: [PATCH 037/162] tests/krb5: Allow replicating accounts to the created > RODC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -3456,10 +3838,10 @@ > 2.25.1 > > >-From 01afea2d97b889a7acf1cc20ab1ffddf8423c4f8 Mon Sep 17 00:00:00 2001 >+From 8ee93e08f1c8c373fccef67bcf161b11376c050c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 1 Sep 2021 15:42:28 +1200 >-Subject: [PATCH 035/159] python: Don't leak file handles >+Subject: [PATCH 038/162] python: Don't leak file handles > > Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> > Reviewed-by: Noel Power <npower@samba.org> >@@ -3473,10 +3855,10 @@ > 3 files changed, 17 insertions(+), 10 deletions(-) > > diff --git a/python/samba/__init__.py b/python/samba/__init__.py >-index fa047a813e2..b4d141e95c1 100644 >+index d851bf3606c..e87e9c1b371 100644 > --- a/python/samba/__init__.py > +++ b/python/samba/__init__.py >-@@ -217,7 +217,8 @@ class Ldb(_Ldb): >+@@ -218,7 +218,8 @@ class Ldb(_Ldb): > > :param ldif_path: Path to LDIF file. > """ >@@ -3486,7 +3868,7 @@ > > def add_ldif(self, ldif, controls=None): > """Add data based on a LDIF string. >-@@ -279,10 +280,11 @@ def read_and_sub_file(file_name, subst_vars): >+@@ -280,10 +281,11 @@ def read_and_sub_file(file_name, subst_vars): > :param file_name: File to be read (typically from setup directory) > param subst_vars: Optional variables to subsitute in the file. > """ >@@ -3503,10 +3885,10 @@ > > > diff --git a/python/samba/ms_schema.py b/python/samba/ms_schema.py >-index 4b5c4a5df83..b26bbfd4fbd 100644 >+index 4946636cbd4..09dfbdde0f7 100644 > --- a/python/samba/ms_schema.py > +++ b/python/samba/ms_schema.py >-@@ -295,9 +295,9 @@ def __parse_schema_file(filename, objectClass): >+@@ -296,9 +296,9 @@ def __parse_schema_file(filename, objectClass): > out = [] > > from io import open >@@ -3520,7 +3902,7 @@ > return "\n\n".join(out) > > diff --git a/python/samba/schema.py b/python/samba/schema.py >-index 54fc9fc3125..a3adc162fa3 100644 >+index caea7e358ae..083af5f44b0 100644 > --- a/python/samba/schema.py > +++ b/python/samba/schema.py > @@ -110,8 +110,13 @@ class Schema(object): >@@ -3551,10 +3933,10 @@ > 2.25.1 > > >-From 441d25f8b9b476219da132462f60829599d088da Mon Sep 17 00:00:00 2001 >+From 8412926574b6a1b96aa8f9f5098e5c2e30f8be22 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 10 Sep 2021 14:02:22 +1200 >-Subject: [PATCH 036/159] python/join: Check for correct msDS-KrbTgtLink >+Subject: [PATCH 039/162] python/join: Check for correct msDS-KrbTgtLink > attribute > > Previously, the wrong case was used when checking for this attribute, >@@ -3570,10 +3952,10 @@ > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/python/samba/join.py b/python/samba/join.py >-index 59de000a401..79030cdfd29 100644 >+index a35cf1d9a38..a512e18c226 100644 > --- a/python/samba/join.py > +++ b/python/samba/join.py >-@@ -257,8 +257,9 @@ class DCJoinContext(object): >+@@ -258,8 +258,9 @@ class DCJoinContext(object): > > ctx.del_noerror(res[0].dn, recursive=True) > >@@ -3585,7 +3967,7 @@ > ctx.del_noerror(ctx.new_krbtgt_dn) > > res = ctx.samdb.search(base=ctx.samdb.get_default_basedn(), >-@@ -337,7 +338,7 @@ class DCJoinContext(object): >+@@ -338,7 +339,7 @@ class DCJoinContext(object): > attrs=["msDS-krbTgtLink", "userAccountControl", "serverReferenceBL", "rIDSetReferences"]) > if len(res) == 0: > raise Exception("Could not find domain member account '%s' to promote to a DC, use 'samba-tool domain join' instead'" % ctx.samname) >@@ -3598,10 +3980,10 @@ > 2.25.1 > > >-From cd40da7187413f65243d9ce55a1f5528e1db0acd Mon Sep 17 00:00:00 2001 >+From 5c402a5bee9b888ae158e855e2e304a251587879 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 15 Sep 2021 20:56:28 +1200 >-Subject: [PATCH 037/159] tests/krb5: Add helper method for modifying PACs >+Subject: [PATCH 040/162] tests/krb5: Add helper method for modifying PACs > > This method can remove or replace a PAC in an authorization-data > container, while additionally returning the original PAC. >@@ -3684,10 +4066,10 @@ > 2.25.1 > > >-From c3bf406346995b1f192caf7fa0b0aa1c90ccf1b4 Mon Sep 17 00:00:00 2001 >+From 8d23815be4dcebfb11acfe748e039c09717316e2 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:22:28 +1200 >-Subject: [PATCH 038/159] tests/krb5: Check correct flags element >+Subject: [PATCH 041/162] tests/krb5: Check correct flags element > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -3717,10 +4099,10 @@ > 2.25.1 > > >-From cf6b4d369bf9479e6c7586559b489e8b73cdaa6f Mon Sep 17 00:00:00 2001 >+From b84a6daba10fb74bbdc4fed28390ba3a63f2e782 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:13:09 +1200 >-Subject: [PATCH 039/159] tests/krb5: Refactor tgs_req() to use >+Subject: [PATCH 042/162] tests/krb5: Refactor tgs_req() to use > _generic_kdc_exchange > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -3878,10 +4260,10 @@ > self.assertElementEqual(ticket_encpart, 'etype', > ticket_decryption_key.etype) > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index a3f9478059f..c83136d6421 100755 >+index d7fedde94a0..423f48b6921 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -822,22 +822,26 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") >+@@ -800,22 +800,26 @@ planoldpythontestsuite("fl2008r2dc:local", "samba.tests.krb5.xrealm_tests") > planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.test_ccache", > environ={ > 'ADMIN_USERNAME': '$USERNAME', >@@ -3912,7 +4294,7 @@ > }) > > for env in ["ad_dc", smbv1_disabled_testenv]: >-@@ -1427,7 +1431,8 @@ planpythontestsuite( >+@@ -1393,7 +1397,8 @@ planpythontestsuite( > "samba.tests.krb5.kdc_tgs_tests", > environ={ > 'ADMIN_USERNAME': '$USERNAME', >@@ -3922,7 +4304,7 @@ > }) > planpythontestsuite( > "ad_dc", >-@@ -1442,7 +1447,8 @@ planpythontestsuite( >+@@ -1408,7 +1413,8 @@ planpythontestsuite( > "samba.tests.krb5.ms_kile_client_principal_lookup_tests", > environ={ > 'ADMIN_USERNAME': '$USERNAME', >@@ -3936,10 +4318,10 @@ > 2.25.1 > > >-From 1e9b10c884f112b694747fdb6cbb4584b6f7cf33 Mon Sep 17 00:00:00 2001 >+From 798f109408745d283c4866af3b66e59793d4c4d2 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:16:27 +1200 >-Subject: [PATCH 040/159] tests/krb5: Allow tgs_req() to send additional padata >+Subject: [PATCH 043/162] tests/krb5: Allow tgs_req() to send additional padata > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -3990,10 +4372,10 @@ > 2.25.1 > > >-From 2de925001c1b64237512260da5fca88684428cd2 Mon Sep 17 00:00:00 2001 >+From 9660069aaf6e348b09580a041f6e4262fc9e314a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:18:12 +1200 >-Subject: [PATCH 041/159] tests/krb5: Allow tgs_req() to specify different >+Subject: [PATCH 044/162] tests/krb5: Allow tgs_req() to specify different > kdc-options > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4030,10 +4412,10 @@ > 2.25.1 > > >-From 1f80e9cfd2430da7f36b2b895e44640895e16ccd Mon Sep 17 00:00:00 2001 >+From 5b69a82fc2c0f2cd9f23347c62a325707a669fdf Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:25:01 +1200 >-Subject: [PATCH 042/159] tests/krb5: Allow tgs_req() to send requests to the >+Subject: [PATCH 045/162] tests/krb5: Allow tgs_req() to send requests to the > RODC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4075,10 +4457,10 @@ > 2.25.1 > > >-From 1ffcbe53ad098d461b89ff97e32ad25f4f385e06 Mon Sep 17 00:00:00 2001 >+From 8990895caffb47bf687b91e3f61b43c575cd863f Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 11:52:46 +1200 >-Subject: [PATCH 043/159] tests/krb5: Allow as_req() to specify different >+Subject: [PATCH 046/162] tests/krb5: Allow as_req() to specify different > kdc-options > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4114,10 +4496,10 @@ > 2.25.1 > > >-From 7ce1a2b4c2b02464c173e457d6b2db269c1aeee9 Mon Sep 17 00:00:00 2001 >+From ef63d78c29d064a0d0bfffe7c697bed7265c9461 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 12:06:51 +1200 >-Subject: [PATCH 044/159] tests/krb5: Use PAC buffer type constants from >+Subject: [PATCH 047/162] tests/krb5: Use PAC buffer type constants from > krb5pac.idl > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4172,10 +4554,10 @@ > 2.25.1 > > >-From fa0b1a18bfef07791dd99da888306d849efd7edf Mon Sep 17 00:00:00 2001 >+From c5b5795c78b235c087de70197dc77e9f29baee54 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 12:13:51 +1200 >-Subject: [PATCH 045/159] tests/krb5: Don't manually create PAC request and >+Subject: [PATCH 048/162] tests/krb5: Don't manually create PAC request and > options in fast_tests > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4261,10 +4643,10 @@ > 2.25.1 > > >-From 253a50feb5010763447379c75622c16869755b51 Mon Sep 17 00:00:00 2001 >+From ed0073172c10b466f78c6eca637fac6e0b106cf6 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 12:19:28 +1200 >-Subject: [PATCH 046/159] tests/krb5: Set DN of created accounts to ldb.Dn type >+Subject: [PATCH 049/162] tests/krb5: Set DN of created accounts to ldb.Dn type > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -4334,10 +4716,10 @@ > 2.25.1 > > >-From 6bbb01604740dc47ba906d8dc45dbe297ea6e4c3 Mon Sep 17 00:00:00 2001 >+From 87c03f9d02c70382ebd63c0b78554dbdc593cc5e Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 12:38:38 +1200 >-Subject: [PATCH 047/159] tests/krb5: Allow get_service_ticket() to get tickets >+Subject: [PATCH 050/162] tests/krb5: Allow get_service_ticket() to get tickets > from the RODC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4377,10 +4759,10 @@ > 2.25.1 > > >-From ffb969da6e58d03f667d60a93ae0764d3246a4c3 Mon Sep 17 00:00:00 2001 >+From c7830f775c2fa4f8bf57020f698d67486b9c342e Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 12:41:46 +1200 >-Subject: [PATCH 048/159] tests/krb5: Allow get_tgt() to get tickets from the >+Subject: [PATCH 051/162] tests/krb5: Allow get_tgt() to get tickets from the > RODC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4443,10 +4825,10 @@ > 2.25.1 > > >-From e1651b016c79b6f16ebb002a22e6327895fe206a Mon Sep 17 00:00:00 2001 >+From b1e9a0d2d881e3b17535da39041352ed2522d238 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 13:14:06 +1200 >-Subject: [PATCH 049/159] tests/krb5: Allow get_tgt() to specify different >+Subject: [PATCH 052/162] tests/krb5: Allow get_tgt() to specify different > kdc-options > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4492,10 +4874,10 @@ > 2.25.1 > > >-From 2b9e63cca00a3cf1a8c568ba2c92f1554a459017 Mon Sep 17 00:00:00 2001 >+From adb99fa3f3cb2a5746b92c231a0cc9fd86dcf0e7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 13:14:45 +1200 >-Subject: [PATCH 050/159] tests/krb5: Allow get_tgt() to specify expected and >+Subject: [PATCH 053/162] tests/krb5: Allow get_tgt() to specify expected and > unexpected flags > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4536,10 +4918,10 @@ > 2.25.1 > > >-From 3c8751165de2de474496ff5d0cd462102ecbbe98 Mon Sep 17 00:00:00 2001 >+From 9a4def4de24fb5e6c6b4daa4c6d8097c3a388884 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 13:24:46 +1200 >-Subject: [PATCH 051/159] tests/krb5: Move get_tgt() and get_service_ticket() >+Subject: [PATCH 054/162] tests/krb5: Move get_tgt() and get_service_ticket() > to kdc_base_test > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -4872,10 +5254,10 @@ > 2.25.1 > > >-From f07f057d16d462a6824f7eb7d0ec6a4cc23937ec Mon Sep 17 00:00:00 2001 >+From f8c07893d33fe3ec4d4dc6fe777ebf6f6bc7cdd7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 11:51:05 +1200 >-Subject: [PATCH 052/159] tests/krb5: Return encpart from get_tgt() as part of >+Subject: [PATCH 055/162] tests/krb5: Return encpart from get_tgt() as part of > KerberosTicketCreds > > The encpart is already contained in ticket_creds, so it no longer needs >@@ -4960,10 +5342,10 @@ > 2.25.1 > > >-From 97c1f50ab88bd80d009c8c4e92697d9ad0cb2d8e Mon Sep 17 00:00:00 2001 >+From 0ea7045df10e52e8c8517b708c87ced4f5fa79e0 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 11:51:20 +1200 >-Subject: [PATCH 053/159] tests/krb5: Cache obtained tickets >+Subject: [PATCH 056/162] tests/krb5: Cache obtained tickets > > Now tickets obtained with get_tgt() and get_service_ticket() make use of > a cache so they can be reused, unless the 'fresh' parameter is specified >@@ -5049,10 +5431,10 @@ > 2.25.1 > > >-From 9fd4feacc9e9b35b7f6fca69bc5206c2ee21ee3b Mon Sep 17 00:00:00 2001 >+From 48c23938fe62ea370fb0f0f6b1c76ac52bbabc9b Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 16:54:57 +1200 >-Subject: [PATCH 054/159] tests/krb5: Add methods for creating zeroed checksums >+Subject: [PATCH 057/162] tests/krb5: Add methods for creating zeroed checksums > and verifying checksums > > Creating a zeroed checksum is needed for signing a PAC. >@@ -5106,10 +5488,10 @@ > 2.25.1 > > >-From 58347c25364de6c3795b797c99aa5cb0960c69d1 Mon Sep 17 00:00:00 2001 >+From 65051b32d3e60811356c79e4a278dbe505ff0e45 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 16 Sep 2021 17:20:22 +1200 >-Subject: [PATCH 055/159] tests/krb5: Add RodcPacEncryptionKey type allowing >+Subject: [PATCH 058/162] tests/krb5: Add RodcPacEncryptionKey type allowing > for RODC PAC signatures > > Signatures created by an RODC have an RODCIdentifier appended to them >@@ -5209,10 +5591,10 @@ > 2.25.1 > > >-From 5cfcba51d0251f4410e65440d7c28fae8b2a5270 Mon Sep 17 00:00:00 2001 >+From 69aa2a144d60386d8dd58bd7d11938e44685468c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 17 Sep 2021 14:56:51 +1200 >-Subject: [PATCH 056/159] tests/krb5: Add method to verify ticket PAC checksums >+Subject: [PATCH 059/162] tests/krb5: Add method to verify ticket PAC checksums > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -5379,10 +5761,10 @@ > 2.25.1 > > >-From 79800968075d3cd3517e4bbf5811b2e31b536950 Mon Sep 17 00:00:00 2001 >+From b4a53aa05365791db98a28e5784f2e4e26581293 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 17 Sep 2021 15:26:12 +1200 >-Subject: [PATCH 057/159] tests/krb5: Add method for modifying a ticket and >+Subject: [PATCH 060/162] tests/krb5: Add method for modifying a ticket and > creating PAC checksums > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -5644,10 +6026,10 @@ > 2.25.1 > > >-From 717714f91b1eb1bb76f674fd005353ee2f35be39 Mon Sep 17 00:00:00 2001 >+From 8f426d28cfeb8f2171d73a0d646dd6a454322f8e Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 13:33:16 +1200 >-Subject: [PATCH 058/159] tests/krb5: Simplify adding authdata to ticket by >+Subject: [PATCH 061/162] tests/krb5: Simplify adding authdata to ticket by > using modified_ticket() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -5762,10 +6144,10 @@ > 2.25.1 > > >-From 55b266f2f571ec6455fe4739b5ff7bf5e59fccff Mon Sep 17 00:00:00 2001 >+From a80e22b7cbea4e3c99abc33ab331416077cd1003 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 17:01:12 +1200 >-Subject: [PATCH 059/159] tests/krb5: Make get_default_enctypes() return a set >+Subject: [PATCH 062/162] tests/krb5: Make get_default_enctypes() return a set > of enctype constants > > This is often more convenient than a bitfield. >@@ -5817,10 +6199,10 @@ > 2.25.1 > > >-From e3fa88c1c19beb1ff93ce76f46117d6b3b971d5d Mon Sep 17 00:00:00 2001 >+From 1f19c94165cd424e19ec77cd6ad32eae21f7332c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 21:01:46 +1200 >-Subject: [PATCH 060/159] tests/krb5: Add methods to convert between enctypes >+Subject: [PATCH 063/162] tests/krb5: Add methods to convert between enctypes > and bitfields > > These methods are useful for converting a collection of encryption types >@@ -5937,10 +6319,10 @@ > 2.25.1 > > >-From d4114c295fecd0fe07fca34213f945fd25a4b064 Mon Sep 17 00:00:00 2001 >+From a2614f8fa385f00cf6e8b1edf8cc4983d37d90b6 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 17:10:49 +1200 >-Subject: [PATCH 061/159] tests/krb5: Get supported enctypes for credentials >+Subject: [PATCH 064/162] tests/krb5: Get supported enctypes for credentials > from database > > Look up the account's msDS-SupportedEncryptionTypes attribute to get the >@@ -6099,10 +6481,10 @@ > 2.25.1 > > >-From 838f74345f309efc0a68bf417dce28e0ac87f10a Mon Sep 17 00:00:00 2001 >+From d57ff78f799b321a0ce5aee5dbdf53aa89ad3f0b Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 17:11:28 +1200 >-Subject: [PATCH 062/159] tests/krb5: Correctly check PA-SUPPORTED-ENCTYPES >+Subject: [PATCH 065/162] tests/krb5: Correctly check PA-SUPPORTED-ENCTYPES > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -6258,10 +6640,10 @@ > 2.25.1 > > >-From 152132539a07ce92c149a48706a3128b26f5c218 Mon Sep 17 00:00:00 2001 >+From 1b7e570a4e89e1b7051116027ebd7e3556868c88 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 13:54:39 +1200 >-Subject: [PATCH 063/159] tests/krb5: Set key version number for all accounts >+Subject: [PATCH 066/162] tests/krb5: Set key version number for all accounts > created with create_account() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6308,10 +6690,10 @@ > 2.25.1 > > >-From 5c3a7f2dce8bf83d2ba7acd91e3acef6a7ed89bb Mon Sep 17 00:00:00 2001 >+From 2a995642fed6022e4b1bc031808ffecc49f0a3ce Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 13:59:24 +1200 >-Subject: [PATCH 064/159] tests/krb5: Allow tgs_req() to check the returned >+Subject: [PATCH 067/162] tests/krb5: Allow tgs_req() to check the returned > ticket enc-part > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6362,10 +6744,10 @@ > 2.25.1 > > >-From 42dee785c7fccd0172f131885f742c1d6465a73d Mon Sep 17 00:00:00 2001 >+From 5b2376d614e25de22710ac57426209495f804a59 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 13:58:09 +1200 >-Subject: [PATCH 065/159] tests/krb5: Add method to get DC credentials >+Subject: [PATCH 068/162] tests/krb5: Add method to get DC credentials > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -6434,10 +6816,10 @@ > 2.25.1 > > >-From 9ec0873fbc49c874f9b9075e0d0d2f8b34a9b640 Mon Sep 17 00:00:00 2001 >+From 0533b1f8b3a6765bc71800f713d08ea880717875 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 14:08:16 +1200 >-Subject: [PATCH 066/159] tests/krb5: Fix checking for presence of >+Subject: [PATCH 069/162] tests/krb5: Fix checking for presence of > authorization data > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6574,10 +6956,10 @@ > 2.25.1 > > >-From fcbbc7747f52d6f8a583b03b68ed77b240aaee40 Mon Sep 17 00:00:00 2001 >+From 945d6e9ec20e7eed959b83e89a08e0db38a2db7a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 22 Sep 2021 11:41:45 +1200 >-Subject: [PATCH 067/159] tests/krb5: Provide ticket enc-part key to tgs_req() >+Subject: [PATCH 070/162] tests/krb5: Provide ticket enc-part key to tgs_req() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -6735,10 +7117,10 @@ > 2.25.1 > > >-From 101b874203099dbb8b4b59968b1495073e4691dc Mon Sep 17 00:00:00 2001 >+From f9bb0a161157247ef5dfffd2263a4f365429c9f1 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 14:05:58 +1200 >-Subject: [PATCH 068/159] tests/krb5: Simplify account creation >+Subject: [PATCH 071/162] tests/krb5: Simplify account creation > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -6794,10 +7176,10 @@ > 2.25.1 > > >-From e040cad6827843cdf06e6a6c7c0ab5baa3fadc36 Mon Sep 17 00:00:00 2001 >+From 8a1d041941e65b56a9fed9e8034d7bcd71cb170d Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 21 Sep 2021 13:54:47 +1200 >-Subject: [PATCH 069/159] tests/krb5: Add get_rodc_krbtgt_creds() to >+Subject: [PATCH 072/162] tests/krb5: Add get_rodc_krbtgt_creds() to > RawKerberosTest > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6836,10 +7218,10 @@ > 2.25.1 > > >-From 080c3b0d474157f2263357bd29b73566f1dc2181 Mon Sep 17 00:00:00 2001 >+From 27ca6f762a518ee03ec5470be355b3673dcb8b3a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 14:10:07 +1200 >-Subject: [PATCH 070/159] tests/krb5: Verify checksums of tickets obtained from >+Subject: [PATCH 073/162] tests/krb5: Verify checksums of tickets obtained from > the KDC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6915,10 +7297,10 @@ > 2.25.1 > > >-From 0c89db611f0d541201477a3a41f6a63df01825dc Mon Sep 17 00:00:00 2001 >+From 0ec6f8a7977e3ed56ba3e03061175cf2c36bd27e Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 15:06:18 +1200 >-Subject: [PATCH 071/159] tests/krb5: Add method to determine if principal is >+Subject: [PATCH 074/162] tests/krb5: Add method to determine if principal is > krbtgt > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -6959,10 +7341,10 @@ > 2.25.1 > > >-From 681687d95f2bfaec412d9eeeeb64e24363ec1a60 Mon Sep 17 00:00:00 2001 >+From 51e7799ab826b38ebfcf298dac898002dff6a49a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 15:10:35 +1200 >-Subject: [PATCH 072/159] tests/krb5: Add classes for testing invalid checksums >+Subject: [PATCH 075/162] tests/krb5: Add classes for testing invalid checksums > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -7016,10 +7398,10 @@ > 2.25.1 > > >-From b754e69e548e8a61e6bbd42e1ec512debb37b0e1 Mon Sep 17 00:00:00 2001 >+From 44cb91b37a4b86bd8bd6f6299bdd3e0c0b9bcf81 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:16:24 +1300 >-Subject: [PATCH 073/159] tests/krb5: Rename method parameter >+Subject: [PATCH 076/162] tests/krb5: Rename method parameter > > For class methods, the name given to the first parameter is generally 'cls' > rather than 'self'. >@@ -7073,10 +7455,10 @@ > 2.25.1 > > >-From 572ef6db32daba4956f8671193c73b3a60c547f5 Mon Sep 17 00:00:00 2001 >+From e049a8dc8cc535da4c4de050c7e3a9d4a5606ead Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:16:51 +1300 >-Subject: [PATCH 074/159] tests/krb5: Remove unused parameter >+Subject: [PATCH 077/162] tests/krb5: Remove unused parameter > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -7120,10 +7502,10 @@ > 2.25.1 > > >-From 5458bcb9bb60c46ec7f6cff31aa8a95863bb5618 Mon Sep 17 00:00:00 2001 >+From ed813475b9dbbe0160266c1aff245c466ff898a5 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:23:17 +1300 >-Subject: [PATCH 075/159] tests/krb5: Allow for missing msDS-KeyVersionNumber >+Subject: [PATCH 078/162] tests/krb5: Allow for missing msDS-KeyVersionNumber > attribute > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -7157,10 +7539,10 @@ > 2.25.1 > > >-From d1b1da69b8f1daba4681e17566fe1dfeb7d70921 Mon Sep 17 00:00:00 2001 >+From dc33097e4cce158eef762db5070bebdc5e6d0c24 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 30 Sep 2021 10:51:01 +1300 >-Subject: [PATCH 076/159] tests/krb5: Fix sending PA-PAC-OPTIONS and >+Subject: [PATCH 079/162] tests/krb5: Fix sending PA-PAC-OPTIONS and > PA-PAC-REQUEST > > These padata were not being sent if other FAST padata was not specified. >@@ -7198,10 +7580,10 @@ > 2.25.1 > > >-From 0ac26e181af9bf23825551d3dd96fd26b8e13635 Mon Sep 17 00:00:00 2001 >+From e76ad0051a20bfc02d800130ce2074fb8f70c658 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 30 Sep 2021 10:54:33 +1300 >-Subject: [PATCH 077/159] tests/krb5: Fix PA-PAC-OPTIONS checking >+Subject: [PATCH 080/162] tests/krb5: Fix PA-PAC-OPTIONS checking > > Make the check work correctly if bits other than the claims bit are > specified. >@@ -7329,10 +7711,10 @@ > 2.25.1 > > >-From 6f3ef190e4eeab04ec9aafc3ef9fb189b85624fb Mon Sep 17 00:00:00 2001 >+From 93837b635c1a9ecb7ea0356b712b6566ded96270 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:47:39 +1300 >-Subject: [PATCH 078/159] tests/krb5: Rename allowed_to_delegate_to parameter >+Subject: [PATCH 081/162] tests/krb5: Rename allowed_to_delegate_to parameter > for clarity > > This helps to distinguish resourced-based and non-resource-based >@@ -7392,10 +7774,10 @@ > 2.25.1 > > >-From 20a5c954a0b15c060f9a91ba7b42f7118500244d Mon Sep 17 00:00:00 2001 >+From 39f312c100768b2904bc8c705e0d3c55347597aa Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:50:36 +1300 >-Subject: [PATCH 079/159] tests/krb5: Allow created accounts to use >+Subject: [PATCH 082/162] tests/krb5: Allow created accounts to use > resource-based constrained delegation > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -7483,10 +7865,10 @@ > 2.25.1 > > >-From 0d0c2b1a5efe802dd70ef8d64270a41b603f4a35 Mon Sep 17 00:00:00 2001 >+From 86c12bf22b0ce718850ef7bd76d89b20f20458ea Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:52:17 +1300 >-Subject: [PATCH 080/159] tests/krb5: Add assertion to make failures clearer >+Subject: [PATCH 083/162] tests/krb5: Add assertion to make failures clearer > > These failures may occur if tests are not run against an RODC. > >@@ -7516,10 +7898,10 @@ > 2.25.1 > > >-From 36bc124d181ee9c757dfb1d2ef6dd94431d47e51 Mon Sep 17 00:00:00 2001 >+From 6ef06e0fc508b383e65e4621e885101ad78d55c7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:54:49 +1300 >-Subject: [PATCH 081/159] tests/krb5: Introduce helper method for creating >+Subject: [PATCH 084/162] tests/krb5: Introduce helper method for creating > invalid length checksums > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -7566,10 +7948,10 @@ > 2.25.1 > > >-From 523b52e7d931c3df7397cce92ab2438caa3fdb22 Mon Sep 17 00:00:00 2001 >+From 15778005784cd0a1b7419778b78962718f1fb453 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:56:21 +1300 >-Subject: [PATCH 082/159] tests/krb5: Fix method for creating invalid length >+Subject: [PATCH 085/162] tests/krb5: Fix method for creating invalid length > zeroed checksum > > Previously the base class method was being used. >@@ -7602,10 +7984,10 @@ > 2.25.1 > > >-From 3ac077e988b65c31aa9d5637cb0668dcdb8a5bd6 Mon Sep 17 00:00:00 2001 >+From a94085f8bb506d04b2b3ae640d4c1e6390bdc3e6 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 11:59:42 +1300 >-Subject: [PATCH 083/159] tests/krb5: Fix checksum generation and verification >+Subject: [PATCH 086/162] tests/krb5: Fix checksum generation and verification > > The KDC and server checksums may be generated using the same key, but > only the KDC checksum should have an RODCIdentifier. To fix this, >@@ -7763,10 +8145,10 @@ > 2.25.1 > > >-From 22d766e823fcab412b69ba6ed0b673105a379639 Mon Sep 17 00:00:00 2001 >+From 349f9c13b362304446b98f6e04cfea932f0b4177 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 12:03:33 +1300 >-Subject: [PATCH 084/159] tests/krb5: Allow excluding the PAC server checksum >+Subject: [PATCH 087/162] tests/krb5: Allow excluding the PAC server checksum > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -7798,10 +8180,10 @@ > 2.25.1 > > >-From 2dc8ddc9c80756a29e6d629fef414745c6f84f35 Mon Sep 17 00:00:00 2001 >+From a4cedfe59db888129f8e224faf70fff718c880ff Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 12:06:03 +1300 >-Subject: [PATCH 085/159] tests/krb5: Fix handling authdata with missing PAC >+Subject: [PATCH 088/162] tests/krb5: Fix handling authdata with missing PAC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -7847,10 +8229,10 @@ > 2.25.1 > > >-From 623e1c88fb1bb84eb591add09f45423837730364 Mon Sep 17 00:00:00 2001 >+From 27251bc68be942a2995046865a75dfbc7ade398c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 12:16:58 +1300 >-Subject: [PATCH 086/159] tests/krb5: Fix status code checking >+Subject: [PATCH 089/162] tests/krb5: Fix status code checking > > The type used to encode the status code is actually KERB-ERROR-DATA, > rather than PA-DATA. >@@ -8037,10 +8419,10 @@ > 2.25.1 > > >-From 2442fc8337a95942eaca079ed5a4b2f6aaae116e Mon Sep 17 00:00:00 2001 >+From 01a3d358b030bac0151224cf0ec851c17adef123 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 13:01:30 +1300 >-Subject: [PATCH 087/159] tests/krb5: Make expected_sname checking more >+Subject: [PATCH 090/162] tests/krb5: Make expected_sname checking more > explicit > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -8190,10 +8572,10 @@ > 2.25.1 > > >-From f03a675183f15fbbf5992cb86dd691df37ad8e9a Mon Sep 17 00:00:00 2001 >+From 45bd19b51bcb7df3de3ec3f9fb8b7dd26cbab820 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 13:03:49 +1300 >-Subject: [PATCH 088/159] tests/krb5: Fix assertElementFlags() >+Subject: [PATCH 091/162] tests/krb5: Fix assertElementFlags() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -8248,10 +8630,10 @@ > 2.25.1 > > >-From daece552364da4dc00e8ffc585aff25c5627e14e Mon Sep 17 00:00:00 2001 >+From f3745e6f922ae5d952336917feab8c6e1452bcb5 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 14:02:37 +1300 >-Subject: [PATCH 089/159] tests/krb5: Remove unneeded parameters from ticket >+Subject: [PATCH 092/162] tests/krb5: Remove unneeded parameters from ticket > cache key > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -8282,10 +8664,10 @@ > 2.25.1 > > >-From 40aa7f266bdf1f50e4410a9285bbbee9c51c0516 Mon Sep 17 00:00:00 2001 >+From 4e3ade7f737231daa051ea72a786478978d16cf9 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 15:48:58 +1300 >-Subject: [PATCH 090/159] tests/krb5: Fix checking for presence of error data >+Subject: [PATCH 093/162] tests/krb5: Fix checking for presence of error data > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -8562,10 +8944,10 @@ > 2.25.1 > > >-From 4055fc3d8ade7dd706168a955693e459ba4b6646 Mon Sep 17 00:00:00 2001 >+From 963db6229f95e2c5a05d9f66b55fa101338c94f9 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:10:07 +1300 >-Subject: [PATCH 091/159] tests/krb5: Add expect_claims parameter to >+Subject: [PATCH 094/162] tests/krb5: Add expect_claims parameter to > kdc_exchange_dict > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -8618,10 +9000,10 @@ > 2.25.1 > > >-From 31a2b4221ca6ab2508ac76cefd2aedabde049086 Mon Sep 17 00:00:00 2001 >+From cc31f545638e8196d0ea7434b392339809c07def Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:15:26 +1300 >-Subject: [PATCH 092/159] tests/krb5: Check buffer types in PAC with >+Subject: [PATCH 095/162] tests/krb5: Check buffer types in PAC with > STRICT_CHECKING=1 > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -8730,10 +9112,10 @@ > 2.25.1 > > >-From 1ef4641c28ec084ba0b4cb2e40976972581d71d5 Mon Sep 17 00:00:00 2001 >+From 59b129bb590b4b9fd1625bd70e96fd360ca87913 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:26:54 +1300 >-Subject: [PATCH 093/159] tests/krb5: Check constrained delegation PAC buffer >+Subject: [PATCH 096/162] tests/krb5: Check constrained delegation PAC buffer > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -8795,10 +9177,10 @@ > 2.25.1 > > >-From 0f3a5ab6a41a85aa99eb1e225f6515588ff9b781 Mon Sep 17 00:00:00 2001 >+From 1ea174685400761c982d9b1384e3472b59be2d74 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:41:23 +1300 >-Subject: [PATCH 094/159] tests/krb5: Save account SPN >+Subject: [PATCH 097/162] tests/krb5: Save account SPN > > This is useful for testing delegation. > >@@ -8854,10 +9236,10 @@ > 2.25.1 > > >-From b4d1f97a9887ca0d398f5e68f9bbed937fdb67bc Mon Sep 17 00:00:00 2001 >+From a6bfa7318b4f466d08d290dedb1af580ff8e5f5a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:48:50 +1300 >-Subject: [PATCH 095/159] tests/krb5: Allow specifying options and expected >+Subject: [PATCH 098/162] tests/krb5: Allow specifying options and expected > flags when obtaining a ticket > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -8960,10 +9342,10 @@ > 2.25.1 > > >-From d8631f5a28d34a34a7d42f6b47b6b0737bc25889 Mon Sep 17 00:00:00 2001 >+From e4ca6061acb1ce2c2e576dd5098a44caf8c01811 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 16:52:01 +1300 >-Subject: [PATCH 096/159] tests/krb5: Supply supported account enctypes in >+Subject: [PATCH 099/162] tests/krb5: Supply supported account enctypes in > tgs_req() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -9003,10 +9385,10 @@ > 2.25.1 > > >-From 483b623ca8eca70002f0fd493da8f289bc947fc9 Mon Sep 17 00:00:00 2001 >+From 66ec4236cadd1bff830b9dd4838c0fa7aa12c0aa Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 30 Sep 2021 16:53:35 +1300 >-Subject: [PATCH 097/159] tests/krb5: Add parameter to enforce presence of >+Subject: [PATCH 100/162] tests/krb5: Add parameter to enforce presence of > ticket checksums > > This allows existing tests to pass before this functionality is >@@ -9101,10 +9483,10 @@ > 2.25.1 > > >-From 95cc7ea52f62c4c6d44ea47bb45e36e25bc77f0a Mon Sep 17 00:00:00 2001 >+From 2572b6ce3efd78201aed6bc84d1e3957d3e4e81a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 14 Oct 2021 16:43:05 +1300 >-Subject: [PATCH 098/159] tests/krb5: Add compatability tests for ticket >+Subject: [PATCH 101/162] tests/krb5: Add compatability tests for ticket > checksums > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -9213,10 +9595,10 @@ > +# > +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_heimdal_ticket_signature > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index c83136d6421..92e5b8f5946 100755 >+index 423f48b6921..dfd5b271cd2 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -1424,7 +1424,12 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", >+@@ -1390,7 +1390,12 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD' > }) >@@ -9234,10 +9616,10 @@ > 2.25.1 > > >-From 6b06fb1dc61f62dde6619e9845b5e15b5fbef255 Mon Sep 17 00:00:00 2001 >+From 50f5ba15889f33153d6e89a3d998a266f408e638 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 14:37:03 +1300 >-Subject: [PATCH 099/159] tests/krb5: Use correct principal name type >+Subject: [PATCH 102/162] tests/krb5: Use correct principal name type > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -9274,10 +9656,10 @@ > 2.25.1 > > >-From 5e150a9aaabaf31f2eadc9f17b7e5aa2241ff033 Mon Sep 17 00:00:00 2001 >+From 4c6bf1bf929d7edbb40b1959618661b5d459186c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 14:39:26 +1300 >-Subject: [PATCH 100/159] tests/krb5: Clarify checksum type assertion message >+Subject: [PATCH 103/162] tests/krb5: Clarify checksum type assertion message > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -9307,10 +9689,10 @@ > 2.25.1 > > >-From b7d628065e848460318305052e792758e59685f2 Mon Sep 17 00:00:00 2001 >+From 980992e8c8ea3bf2c30c565dc133bf61cb7d2051 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 16:15:43 +1300 >-Subject: [PATCH 101/159] tests/krb5: Fix padata checking at functional level >+Subject: [PATCH 104/162] tests/krb5: Fix padata checking at functional level > 2003 > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -9354,10 +9736,10 @@ > 2.25.1 > > >-From e95adf228ae031ea9281d48466e0d93d8f34677f Mon Sep 17 00:00:00 2001 >+From a5bc3d294ca7172582730cdc23b12ddfa65ef11d Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 12 Oct 2021 11:34:59 +1300 >-Subject: [PATCH 102/159] tests/krb5: Add environment variable to specify KDC >+Subject: [PATCH 105/162] tests/krb5: Add environment variable to specify KDC > FAST support > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -9390,10 +9772,10 @@ > def setUp(self): > super().setUp() > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index 92e5b8f5946..c34d25d81d5 100755 >+index dfd5b271cd2..ae8da7c8e34 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -809,39 +809,47 @@ planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAM >+@@ -787,39 +787,47 @@ planoldpythontestsuite("nt4_dc", "samba.tests.netbios", extra_args=['-U"$USERNAM > planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNAME%$PASSWORD"']) > planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) > >@@ -9448,7 +9830,7 @@ > }) > > for env in ["ad_dc", smbv1_disabled_testenv]: >-@@ -1402,6 +1410,7 @@ for env in ["fl2008r2dc", "fl2003dc"]: >+@@ -1368,6 +1376,7 @@ for env in ["fl2008r2dc", "fl2003dc"]: > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -9456,7 +9838,7 @@ > }) > > >-@@ -1422,22 +1431,26 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: >+@@ -1388,22 +1397,26 @@ for env in ["rodc", "promoted_dc", "fl2000dc", "fl2008r2dc"]: > planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", > environ={ > 'ADMIN_USERNAME': '$USERNAME', >@@ -9486,7 +9868,7 @@ > }) > planpythontestsuite( > "ad_dc", >-@@ -1446,6 +1459,7 @@ planpythontestsuite( >+@@ -1412,6 +1425,7 @@ planpythontestsuite( > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -9494,7 +9876,7 @@ > }) > planpythontestsuite( > "ad_dc", >-@@ -1453,7 +1467,8 @@ planpythontestsuite( >+@@ -1419,7 +1433,8 @@ planpythontestsuite( > environ={ > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', >@@ -9508,10 +9890,10 @@ > 2.25.1 > > >-From b2e245b90f10c1cfc98e555dfc6234dc62078790 Mon Sep 17 00:00:00 2001 >+From bb248ff2b2458da767b193aa78cfdbbeb13a0ea7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 14:45:45 +1300 >-Subject: [PATCH 103/159] tests/krb5: Check padata types when STRICT_CHECKING=0 >+Subject: [PATCH 106/162] tests/krb5: Check padata types when STRICT_CHECKING=0 > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -9607,10 +9989,10 @@ > 2.25.1 > > >-From 27bb27a4460ffc3c3ac61d2c74d00e0e8258cb07 Mon Sep 17 00:00:00 2001 >+From 4f6ca6e7c6b2e89aa8aef86bbad1dddf1381581b Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 14:48:03 +1300 >-Subject: [PATCH 104/159] tests/krb5: Check logon name in PAC >+Subject: [PATCH 107/162] tests/krb5: Check logon name in PAC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -9643,10 +10025,10 @@ > 2.25.1 > > >-From 6913a289a5433b526b48b3f6069d6f2beb50899a Mon Sep 17 00:00:00 2001 >+From b2fa01bcae41c7cf6c0e474eaa2833e78ba1a7b0 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 11 Oct 2021 14:49:34 +1300 >-Subject: [PATCH 105/159] tests/krb5: Simplify padata checking >+Subject: [PATCH 108/162] tests/krb5: Simplify padata checking > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -9883,10 +10265,10 @@ > 2.25.1 > > >-From beb9319d983f0ae0ba2875b308c4fa977a1ab86b Mon Sep 17 00:00:00 2001 >+From 3ef3de37f21877d154594a366a048e3afc449332 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 11:48:41 +1300 >-Subject: [PATCH 106/159] tests/krb5: Disable debugging output for tests >+Subject: [PATCH 109/162] tests/krb5: Disable debugging output for tests > > This reduces the time spent running the tests in a testenv. > >@@ -10085,10 +10467,10 @@ > 2.25.1 > > >-From 35a5a29c7ccca0ef9c3d4917240fb8003d1c38b0 Mon Sep 17 00:00:00 2001 >+From c9222f4faf454e72a868fcaf75f85b44fc4cdce7 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 5 Oct 2021 19:47:22 +1300 >-Subject: [PATCH 107/159] tests/krb5: Provide clearer assertion messages for >+Subject: [PATCH 110/162] tests/krb5: Provide clearer assertion messages for > test failures > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -10123,10 +10505,10 @@ > 2.25.1 > > >-From b8a1f5192d9726df85ab360073cfdca8086a89e1 Mon Sep 17 00:00:00 2001 >+From e38096812777ce3109b1122f181e7614963b5704 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 5 Oct 2021 16:32:01 +1300 >-Subject: [PATCH 108/159] tests/krb5: Fix sha1 checksum type >+Subject: [PATCH 111/162] tests/krb5: Fix sha1 checksum type > > Previously, sha1 signatures were being designated as rsa-md5-des3 > signatures. >@@ -10142,7 +10524,7 @@ > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/python/samba/tests/krb5/kcrypto.py b/python/samba/tests/krb5/kcrypto.py >-index 4a4a12a66d4..4bf38d3c36b 100755 >+index 2a72969de00..a919b785ad1 100755 > --- a/python/samba/tests/krb5/kcrypto.py > +++ b/python/samba/tests/krb5/kcrypto.py > @@ -81,8 +81,8 @@ class Cksumtype(object): >@@ -10159,10 +10541,10 @@ > 2.25.1 > > >-From 1ed3af883f6d7b93583104738a669e8f8a9a7192 Mon Sep 17 00:00:00 2001 >+From 0d6554253af915680d9abb7cb519148201ca6589 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 13 Oct 2021 12:26:22 +1300 >-Subject: [PATCH 109/159] selftest/dbcheck: Fix up RODC one-way links >+Subject: [PATCH 112/162] selftest/dbcheck: Fix up RODC one-way links > > Test accounts were replicated to the RODC and then deleted, causing > state links to remain in the database. >@@ -10194,10 +10576,10 @@ > 2.25.1 > > >-From 202ba79036c22a96987da0635ba8b68cbf89c3e4 Mon Sep 17 00:00:00 2001 >+From a3977b4e784cc00f5f3db35836011300c4224936 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 14 Oct 2021 16:58:15 +1300 >-Subject: [PATCH 110/159] tests/krb5: Add TKT_SIG_SUPPORT environment variable >+Subject: [PATCH 113/162] tests/krb5: Add TKT_SIG_SUPPORT environment variable > > This lets us indicate that service tickets should be issued with ticket > checksums in the PAC. >@@ -10232,10 +10614,10 @@ > super().setUp() > self.do_asn1_print = False > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index c34d25d81d5..f7b34baba8a 100755 >+index ae8da7c8e34..4432ce2fbdc 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -810,46 +810,54 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNA >+@@ -788,46 +788,54 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNA > planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) > > have_fast_support = int('SAMBA_USES_MITKDC' in config_hash) >@@ -10297,7 +10679,7 @@ > }) > > for env in ["ad_dc", smbv1_disabled_testenv]: >-@@ -1410,7 +1418,8 @@ for env in ["fl2008r2dc", "fl2003dc"]: >+@@ -1376,7 +1384,8 @@ for env in ["fl2008r2dc", "fl2003dc"]: > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -10307,7 +10689,7 @@ > }) > > >-@@ -1432,7 +1441,8 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", >+@@ -1398,7 +1407,8 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.as_canonicalization_tests", > environ={ > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', >@@ -10317,7 +10699,7 @@ > }) > planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", > environ={ >-@@ -1440,9 +1450,11 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", >+@@ -1406,9 +1416,11 @@ planpythontestsuite("ad_dc", "samba.tests.krb5.compatability_tests", > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', > 'FAST_SUPPORT': have_fast_support, >@@ -10330,7 +10712,7 @@ > planpythontestsuite( > "ad_dc", > "samba.tests.krb5.kdc_tgs_tests", >-@@ -1450,7 +1462,8 @@ planpythontestsuite( >+@@ -1416,7 +1428,8 @@ planpythontestsuite( > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -10340,7 +10722,7 @@ > }) > planpythontestsuite( > "ad_dc", >-@@ -1459,7 +1472,8 @@ planpythontestsuite( >+@@ -1425,7 +1438,8 @@ planpythontestsuite( > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -10350,7 +10732,7 @@ > }) > planpythontestsuite( > "ad_dc", >-@@ -1468,7 +1482,8 @@ planpythontestsuite( >+@@ -1434,7 +1448,8 @@ planpythontestsuite( > 'ADMIN_USERNAME': '$USERNAME', > 'ADMIN_PASSWORD': '$PASSWORD', > 'STRICT_CHECKING': '0', >@@ -10364,10 +10746,10 @@ > 2.25.1 > > >-From 1ccfb869ed22f8fc32631f4fea505723225863c8 Mon Sep 17 00:00:00 2001 >+From 02852a10be1d9075fd0c86c36aa8616d06c65883 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Tue, 5 Oct 2021 15:39:11 +1300 >-Subject: [PATCH 111/159] tests/krb5: Require ticket checksums if decryption >+Subject: [PATCH 114/162] tests/krb5: Require ticket checksums if decryption > key is available > > We perform this check conditionally, because MIT doesn't currently add >@@ -10409,10 +10791,10 @@ > 2.25.1 > > >-From 4601d2b117f41a3de47c62fb9f98d7c5f252d357 Mon Sep 17 00:00:00 2001 >+From ea284630a167f027e3ed90ead2d15e7ee26dbb83 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 6 Oct 2021 16:35:47 +1300 >-Subject: [PATCH 112/159] tests/krb5: Verify tickets obtained with >+Subject: [PATCH 115/162] tests/krb5: Verify tickets obtained with > get_service_ticket() > > We only require the ticket checksum with Heimdal, because MIT currently >@@ -10451,10 +10833,10 @@ > 2.25.1 > > >-From 100cb097015f2efb1645d69de8a4f3826de1ce71 Mon Sep 17 00:00:00 2001 >+From aef477136f4407c42e741e5d85f7b25ccaa30405 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Thu, 30 Sep 2021 15:03:04 +1300 >-Subject: [PATCH 113/159] tests/krb5: Add constrained delegation tests >+Subject: [PATCH 116/162] tests/krb5: Add constrained delegation tests > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -11573,10 +11955,10 @@ > if __name__ == "__main__": > global_asn1_print = False > diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >-index 7cdf25b48ae..0a9aac1f2cc 100644 >+index 29990ec9511..e1711b532d7 100644 > --- a/python/samba/tests/usage.py > +++ b/python/samba/tests/usage.py >-@@ -103,6 +103,7 @@ EXCLUDE_USAGE = { >+@@ -102,6 +102,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py', > 'python/samba/tests/krb5/as_req_tests.py', > 'python/samba/tests/krb5/fast_tests.py', >@@ -11622,10 +12004,10 @@ > +# > +^samba.tests.krb5.rodc_tests.samba.tests.krb5.rodc_tests.RodcKerberosTests.test_rodc_ticket_signature > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index f7b34baba8a..5d3c4ac4bfd 100755 >+index 4432ce2fbdc..187cdd18132 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -817,9 +817,16 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", >+@@ -795,9 +795,16 @@ planoldpythontestsuite("ad_dc_default", "samba.tests.krb5.simple_tests", > 'FAST_SUPPORT': have_fast_support, > 'TKT_SIG_SUPPORT': tkt_sig_support}) > planoldpythontestsuite("ad_dc_default:local", "samba.tests.krb5.s4u_tests", >@@ -11648,10 +12030,10 @@ > 2.25.1 > > >-From 4e0213ce6607b414b4a126b7a7a0331a1371e521 Mon Sep 17 00:00:00 2001 >+From 2ed907cd2af84e74981de9ef5acc4b23eff5cc2a Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 29 Sep 2021 12:07:40 +1300 >-Subject: [PATCH 114/159] tests/krb5: Don't include empty AD-IF-RELEVANT >+Subject: [PATCH 117/162] tests/krb5: Don't include empty AD-IF-RELEVANT > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -11698,10 +12080,10 @@ > 2.25.1 > > >-From 80bdce644a8e7bb641f27f0f6cfb1fa8e33b1f47 Mon Sep 17 00:00:00 2001 >+From 6860972c1660a8c2599440a05d43ff97d5dd76ec Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 15:41:35 +1300 >-Subject: [PATCH 115/159] tests/krb5: Allow bypassing cache when creating >+Subject: [PATCH 118/162] tests/krb5: Allow bypassing cache when creating > accounts > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -11749,10 +12131,10 @@ > 2.25.1 > > >-From 4e9e106e3906fcf41734519eb5d1d18b418fa0ee Mon Sep 17 00:00:00 2001 >+From 800647adf0fad416291884de960a2f8e5a61a9a3 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 15:40:39 +1300 >-Subject: [PATCH 116/159] tests/krb5: Fix duplicate account creation >+Subject: [PATCH 119/162] tests/krb5: Fix duplicate account creation > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -11812,10 +12194,10 @@ > 2.25.1 > > >-From 27ea32d36b78b2a84a4219981c24319c32feb1d8 Mon Sep 17 00:00:00 2001 >+From 6fa37392eedf04f5aef42468025e5916d4347727 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 16:06:58 +1300 >-Subject: [PATCH 117/159] s4:kdc: Simplify samba_kdc_update_pac_blob() to take >+Subject: [PATCH 120/162] s4:kdc: Simplify samba_kdc_update_pac_blob() to take > ldb_context as parameter > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -11917,10 +12299,10 @@ > 2.25.1 > > >-From 6c36f76f2ae1941100b3380f7185785da8d3bc58 Mon Sep 17 00:00:00 2001 >+From 7f289a20640fe7f12984701ba074a9895a5501e6 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 6 Oct 2021 16:40:21 +1300 >-Subject: [PATCH 118/159] s4:kdc: Fix debugging messages >+Subject: [PATCH 121/162] s4:kdc: Fix debugging messages > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -12030,10 +12412,10 @@ > 2.25.1 > > >-From 0a21ac5ff9ce639751a568876a2bee4e795818c3 Mon Sep 17 00:00:00 2001 >+From ee7f00da9bc590fc48c4a39fb1d534f8df495a94 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 15:42:29 +1300 >-Subject: [PATCH 119/159] s4/torture: Expect ticket checksum PAC buffer >+Subject: [PATCH 122/162] s4/torture: Expect ticket checksum PAC buffer > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -12197,10 +12579,10 @@ > 2.25.1 > > >-From 330ec109145ec100da8104168816dfaddd1fa94d Mon Sep 17 00:00:00 2001 >+From 28dd954461e32719f7d58373a91ae9f4edd9b885 Mon Sep 17 00:00:00 2001 > From: Isaac Boukris <iboukris@gmail.com> > Date: Mon, 28 Dec 2020 22:07:10 +0200 >-Subject: [PATCH 120/159] kdc: remove KRB5SignedPath, to be replaced with PAC >+Subject: [PATCH 123/162] kdc: remove KRB5SignedPath, to be replaced with PAC > > KRB5SignedPath was a Heimdal-specific authorization data element used to > protect the authenticity of evidence tickets when used in constrained >@@ -12673,10 +13055,10 @@ > 2.25.1 > > >-From 24c5c89e7150ce6b0ed24bccba192352223f3bfe Mon Sep 17 00:00:00 2001 >+From a8df96e2baa6cd867c5d1f8e691518f1ad0123ae Mon Sep 17 00:00:00 2001 > From: Isaac Boukris <iboukris@gmail.com> > Date: Fri, 13 Aug 2021 12:44:37 +0300 >-Subject: [PATCH 121/159] kdc: sign ticket using Windows PAC >+Subject: [PATCH 124/162] kdc: sign ticket using Windows PAC > > Split Windows PAC signing and verification logic, as the signing has to be when > the ticket is ready. >@@ -14284,10 +14666,10 @@ > _krb5_pk_kdf; > _krb5_pk_load_id; > diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build >-index 09c525c2957..39e3f5d56e8 100644 >+index 9904b245218..f151788dcfd 100644 > --- a/source4/heimdal_build/wscript_build > +++ b/source4/heimdal_build/wscript_build >-@@ -617,7 +617,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): >+@@ -606,7 +606,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): > KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list( > '''acache.c add_et_list.c > addr_families.c appdefault.c >@@ -14297,10 +14679,10 @@ > changepw.c codec.c config_file.c > constants.c convert_creds.c > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index 5d3c4ac4bfd..c2a6256029f 100755 >+index 187cdd18132..7aba1c6ce55 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -810,7 +810,7 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNA >+@@ -788,7 +788,7 @@ planoldpythontestsuite("ad_dc:local", "samba.tests.gpo", extra_args=['-U"$USERNA > planoldpythontestsuite("ad_dc:local", "samba.tests.dckeytab", extra_args=['-U"$USERNAME%$PASSWORD"']) > > have_fast_support = int('SAMBA_USES_MITKDC' in config_hash) >@@ -14313,10 +14695,10 @@ > 2.25.1 > > >-From 96e065369c397c3b2a0910f3c12fce6bd07dbfd4 Mon Sep 17 00:00:00 2001 >+From 6718286ede5d0a95eb628210802d545fae55a6ae Mon Sep 17 00:00:00 2001 > From: Isaac Boukris <iboukris@gmail.com> > Date: Sun, 19 Sep 2021 15:04:14 +0300 >-Subject: [PATCH 122/159] krb5: allow NULL parameter to krb5_pac_free() >+Subject: [PATCH 125/162] krb5: allow NULL parameter to krb5_pac_free() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -14363,10 +14745,10 @@ > 2.25.1 > > >-From f5e8a2f16a89a2d477bdd4387aa0dd122af998bf Mon Sep 17 00:00:00 2001 >+From 78fa18ee101a2727c0c522aed1e68628878828f9 Mon Sep 17 00:00:00 2001 > From: Isaac Boukris <iboukris@gmail.com> > Date: Sun, 19 Sep 2021 15:16:58 +0300 >-Subject: [PATCH 123/159] krb5: rework PAC validation loop >+Subject: [PATCH 126/162] krb5: rework PAC validation loop > > Avoid allocating the PAC on error. > >@@ -14563,10 +14945,10 @@ > 2.25.1 > > >-From 5c9787564497ba26ac3ed3e607adbbf34308df52 Mon Sep 17 00:00:00 2001 >+From b6e4b6660f4edc0d6ec044f331a5f1c683d073b3 Mon Sep 17 00:00:00 2001 > From: Luke Howard <lukeh@padl.com> > Date: Fri, 17 Sep 2021 13:57:57 +1000 >-Subject: [PATCH 124/159] krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC >+Subject: [PATCH 127/162] krb5: return KRB5KRB_AP_ERR_INAPP_CKSUM if PAC > checksum fails > > Return KRB5KRB_AP_ERR_INAPP_CKSUM instead of EINVAL when verifying a PAC, if >@@ -14609,10 +14991,10 @@ > 2.25.1 > > >-From 3c8070cc255f3fee2dee2fffadf54989e91fde19 Mon Sep 17 00:00:00 2001 >+From 59ac0d07c0b44e0b021d401bb4d3b3dd77bba5fd Mon Sep 17 00:00:00 2001 > From: Luke Howard <lukeh@padl.com> > Date: Sun, 6 Jan 2019 17:54:58 +1100 >-Subject: [PATCH 125/159] kdc: only set HDB_F_GET_KRBTGT when requesting TGS >+Subject: [PATCH 128/162] kdc: only set HDB_F_GET_KRBTGT when requesting TGS > principal > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -14665,10 +15047,10 @@ > 2.25.1 > > >-From b60f9da0c3225dc3101d938e68d33ac638125f67 Mon Sep 17 00:00:00 2001 >+From 1c53dc31f20268c71925ef3d5665a4b736a8896b Mon Sep 17 00:00:00 2001 > From: Luke Howard <lukeh@padl.com> > Date: Thu, 23 Sep 2021 14:39:35 +1000 >-Subject: [PATCH 126/159] kdc: use ticket client name when signing PAC >+Subject: [PATCH 129/162] kdc: use ticket client name when signing PAC > > The principal in the PAC_LOGON_NAME buffer is expected to match the client name > in the ticket. Previously we were setting this to the canonical client name, >@@ -14729,10 +15111,10 @@ > 2.25.1 > > >-From 1d95a5fc6e904426ad683e9b7058ffaff9b320b8 Mon Sep 17 00:00:00 2001 >+From 18ba837a32e9371b5872e66b1ad83d1b490cd53d Mon Sep 17 00:00:00 2001 > From: Luke Howard <lukeh@padl.com> > Date: Thu, 23 Sep 2021 17:51:51 +1000 >-Subject: [PATCH 127/159] kdc: correctly generate PAC TGS signature >+Subject: [PATCH 130/162] kdc: correctly generate PAC TGS signature > > When generating an AS-REQ, the TGS signature was incorrectly generated using > the server key, which would fail to validate if the server was not also the >@@ -14849,10 +15231,10 @@ > 2.25.1 > > >-From 79db1253d80255fc48994971cb147fefff058b3e Mon Sep 17 00:00:00 2001 >+From 62171bed64bceac8053e7d35aca244e987d461f1 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 11 Aug 2021 13:27:11 +1200 >-Subject: [PATCH 128/159] s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match >+Subject: [PATCH 131/162] s4/heimdal/lib/krb5/pac.c: Align PAC buffers to match > Windows > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -14918,10 +15300,10 @@ > 2.25.1 > > >-From 797dd463c02733c899a0925b28147c7c4914aade Mon Sep 17 00:00:00 2001 >+From e915ea464fa5af1162fc43f10f5ff4262bd1daa1 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 15:43:41 +1300 >-Subject: [PATCH 129/159] heimdal: Make _krb5_pac_get_kdc_checksum_info() into >+Subject: [PATCH 132/162] heimdal: Make _krb5_pac_get_kdc_checksum_info() into > a global function > > This lets us call it from Samba. >@@ -14980,10 +15362,10 @@ > 2.25.1 > > >-From b9672524f8eaf4bebf7bc742638734e51031144d Mon Sep 17 00:00:00 2001 >+From 49eaac8b67d633b4ba76297e5fbbf5330ac9f696 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 16:08:39 +1300 >-Subject: [PATCH 130/159] s4:kdc: Check ticket signature >+Subject: [PATCH 133/162] s4:kdc: Check ticket signature > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -15369,10 +15751,10 @@ > 2.25.1 > > >-From d052d76ea7cdd77ff9648441649efef0cd3d72c4 Mon Sep 17 00:00:00 2001 >+From 07585981198226c0e1cb01700e3871f359b60acb Mon Sep 17 00:00:00 2001 > From: Nicolas Williams <nico@twosigma.com> > Date: Sun, 10 Oct 2021 21:55:59 -0500 >-Subject: [PATCH 131/159] krb5: Fix PAC signature leak affecting KDC >+Subject: [PATCH 134/162] krb5: Fix PAC signature leak affecting KDC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -15600,10 +15982,10 @@ > 2.25.1 > > >-From bbe816ff36ba6230abad147e7f1e106faacee9aa Mon Sep 17 00:00:00 2001 >+From 2ec564e67fe132854322e452529a4c281b843759 Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Fri, 15 Oct 2021 13:09:20 +1300 >-Subject: [PATCH 132/159] selftest/dbcheck: Fix up RODC one-way links (use >+Subject: [PATCH 135/162] selftest/dbcheck: Fix up RODC one-way links (use > correct dbcheck rule) > > The previous commit was correct on intention, but it was not noticed >@@ -15649,10 +16031,10 @@ > 2.25.1 > > >-From 911c18e64a6fa6e19323fc21c325e1eb3a2418d6 Mon Sep 17 00:00:00 2001 >+From 9c991d900f691c62b16f40a47a3048e3b78b6cf0 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 15 Oct 2021 12:12:30 +1300 >-Subject: [PATCH 133/159] heimdal:kdc: Fix ticket signing without a PAC >+Subject: [PATCH 136/162] heimdal:kdc: Fix ticket signing without a PAC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -15687,10 +16069,10 @@ > 2.25.1 > > >-From 577aaab559853f6178f9b78d47034bc50b667bbc Mon Sep 17 00:00:00 2001 >+From 6f18441e7541276cd0f4f686a1b985b058ded805 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 15 Oct 2021 14:26:40 +1300 >-Subject: [PATCH 134/159] tests/krb5: Allow get_tgt() to request including or >+Subject: [PATCH 137/162] tests/krb5: Allow get_tgt() to request including or > omitting a PAC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -15743,10 +16125,10 @@ > 2.25.1 > > >-From 6dda5a9cbe4c9eaa7ca71cebd04775033d3f5f65 Mon Sep 17 00:00:00 2001 >+From 27066e1d739ac340a19d7fcf2c8037a9dd499c78 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 15 Oct 2021 14:27:15 +1300 >-Subject: [PATCH 135/159] tests/krb5: Allow specifying whether to expect a PAC >+Subject: [PATCH 138/162] tests/krb5: Allow specifying whether to expect a PAC > with _test_as_exchange() > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -15783,10 +16165,10 @@ > 2.25.1 > > >-From bc9e321e39bb2fc042bf020bacc103334dbdbc27 Mon Sep 17 00:00:00 2001 >+From 27ef24fa2096911c0b765f6b7f2548deb7ac8dda Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 15 Oct 2021 14:27:25 +1300 >-Subject: [PATCH 136/159] tests/krb5: Add method to get the PAC from a ticket >+Subject: [PATCH 139/162] tests/krb5: Add method to get the PAC from a ticket > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -15822,10 +16204,10 @@ > 2.25.1 > > >-From 6e69925b32675462f7a6cba0d14a4578898a26db Mon Sep 17 00:00:00 2001 >+From 4a8278b602d609ce0151b9a1d243a5ed3fdd27e0 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 15 Oct 2021 14:29:26 +1300 >-Subject: [PATCH 137/159] tests/krb5: Add tests for requesting a service ticket >+Subject: [PATCH 140/162] tests/krb5: Add tests for requesting a service ticket > without a PAC > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642 >@@ -16025,10 +16407,10 @@ > 2.25.1 > > >-From c2d7ee5d37dff8fe8141104e31c47e67f104ae5a Mon Sep 17 00:00:00 2001 >+From 4c7ce74f0425f7d32689f419b7c6f360a638eafe Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Mon, 18 Oct 2021 15:21:50 +1300 >-Subject: [PATCH 138/159] kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client >+Subject: [PATCH 141/162] kdc: Remove UF_NO_AUTH_DATA_REQUIRED from client > principals > > Tests against Windows 2019 show that UF_NO_AUTH_DATA_REQUIRED >@@ -16114,10 +16496,10 @@ > 2.25.1 > > >-From 4b19b3713a9590dc78e4be7ed7cc4d97c1430c2a Mon Sep 17 00:00:00 2001 >+From 75b847ed5bc06954c16041607744ead5169c60fe Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Mon, 18 Oct 2021 16:00:45 +1300 >-Subject: [PATCH 139/159] kdc: Correctly strip PAC, rather than error on >+Subject: [PATCH 142/162] kdc: Correctly strip PAC, rather than error on > UF_NO_AUTH_DATA_REQUIRED for servers > > UF_NO_AUTH_DATA_REQUIRED on a server/service account should cause >@@ -16230,10 +16612,10 @@ > 2.25.1 > > >-From 12b500a11b887588455aac5b7288a573b61a481e Mon Sep 17 00:00:00 2001 >+From 6d63f48a94eb1b181e6cf582e5a0c33bb8fbd8b2 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 18 Oct 2021 16:05:19 +1300 >-Subject: [PATCH 140/159] tests/krb5: Ensure PAC is not present if expect_pac >+Subject: [PATCH 143/162] tests/krb5: Ensure PAC is not present if expect_pac > is false > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 >@@ -16282,10 +16664,10 @@ > 2.25.1 > > >-From 5fc8d65cffd859c5d72f53546cc0e9afb72e7a5a Mon Sep 17 00:00:00 2001 >+From 9a453932f2922a626040e86e40d062b54c6644a5 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 18 Oct 2021 16:07:11 +1300 >-Subject: [PATCH 141/159] tests/krb5: Add tests for constrained delegation to >+Subject: [PATCH 144/162] tests/krb5: Add tests for constrained delegation to > NO_AUTH_DATA_REQUIRED service > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14871 >@@ -16483,10 +16865,10 @@ > 2.25.1 > > >-From ec38a49933d42e22d4823a8c4d1005f4a73f80ac Mon Sep 17 00:00:00 2001 >+From 7e66447d134ed8778a67fb80ecdf95eced18e411 Mon Sep 17 00:00:00 2001 > From: Viktor Dukhovni <viktor@twosigma.com> > Date: Wed, 10 Aug 2016 23:31:14 +0000 >-Subject: [PATCH 142/159] HEIMDAL:kdc: Fix transit path validation >+Subject: [PATCH 145/162] HEIMDAL:kdc: Fix transit path validation > CVE-2017-6594 > > Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm >@@ -16577,10 +16959,10 @@ > 2.25.1 > > >-From 5618149ada61adb3ae5858e191096c03e7b1828f Mon Sep 17 00:00:00 2001 >+From bde4bd981c78b89ec556f6d680473c303bbafffa Mon Sep 17 00:00:00 2001 > From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> > Date: Wed, 8 Sep 2021 17:01:26 +1200 >-Subject: [PATCH 143/159] pytest/rodc_rwdc: try to avoid race. >+Subject: [PATCH 146/162] pytest/rodc_rwdc: try to avoid race. > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -16611,10 +16993,10 @@ > 2.25.1 > > >-From d191e00a5fc476781054b12c0370b6740922f8a7 Mon Sep 17 00:00:00 2001 >+From 8f3d5dd7f3fd6cf9d7efedc4d8b0e2ad8a3571ca Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Mon, 20 Sep 2021 16:27:40 +1200 >-Subject: [PATCH 144/159] selftest: Increase account lockout windows to make >+Subject: [PATCH 147/162] selftest: Increase account lockout windows to make > test more realiable > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14868 >@@ -16652,10 +17034,10 @@ > 2.25.1 > > >-From 7c0e2643f585bcdbc5bd4fc3056df969c7c158f7 Mon Sep 17 00:00:00 2001 >+From 7cd0018584ce76323cfab333d11a59fe07249b51 Mon Sep 17 00:00:00 2001 > From: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> > Date: Fri, 6 Aug 2021 11:08:10 +1200 >-Subject: [PATCH 145/159] pytest: dynamic tests optionally add __doc__ >+Subject: [PATCH 148/162] pytest: dynamic tests optionally add __doc__ > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -16668,10 +17050,10 @@ > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py >-index a5a8acdcc41..c75f9c1ebe7 100644 >+index 38f65f17e35..d895802c34f 100644 > --- a/python/samba/tests/__init__.py > +++ b/python/samba/tests/__init__.py >-@@ -69,7 +69,7 @@ class TestCase(unittest.TestCase): >+@@ -71,7 +71,7 @@ class TestCase(unittest.TestCase): > """A Samba test case.""" > > @classmethod >@@ -16680,7 +17062,7 @@ > """ > fnname is something like "test_dynamic_sum" > suffix is something like "1plus2" >-@@ -82,6 +82,7 @@ class TestCase(unittest.TestCase): >+@@ -84,6 +84,7 @@ class TestCase(unittest.TestCase): > """ > def fn(self): > getattr(self, "_%s_with_args" % fnname)(*args) >@@ -16692,10 +17074,10 @@ > 2.25.1 > > >-From ff3f84525837d5fa0fe0372212a33db6a7f6ff52 Mon Sep 17 00:00:00 2001 >+From 7254c308d05eca527c46319522bd671a8ea912cf Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Fri, 8 Oct 2021 15:40:09 +1300 >-Subject: [PATCH 146/159] selftest: krb5 account creation: clarify account type >+Subject: [PATCH 149/162] selftest: krb5 account creation: clarify account type > as an enum > > This makes the code clearer with a symbolic constant rather >@@ -17196,10 +17578,10 @@ > 2.25.1 > > >-From 60683736be7e7d27a6e68c6708b1e89612c49f5d Mon Sep 17 00:00:00 2001 >+From 74fe73c5a8535ce3e22ef2da42be1be3893568cc Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Mon, 18 Oct 2021 20:44:54 +1300 >-Subject: [PATCH 147/159] selftest: Remove duplicate setup of $base_dn and >+Subject: [PATCH 150/162] selftest: Remove duplicate setup of $base_dn and > $ldbmodify > > These are already set up to the same values above for the full >@@ -17217,7 +17599,7 @@ > 1 file changed, 4 deletions(-) > > diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >-index f58190706b1..09cedcb05f1 100755 >+index 99990fea2df..8bd489ea6a5 100755 > --- a/selftest/target/Samba4.pm > +++ b/selftest/target/Samba4.pm > @@ -1108,10 +1108,6 @@ servicePrincipalName: http/testupnspn.$ctx->{dnsname} >@@ -17235,10 +17617,10 @@ > 2.25.1 > > >-From 2fea719852110483c9af0fc55ba2ff240e9248a8 Mon Sep 17 00:00:00 2001 >+From 1b10de86ae8123cc939452faedd192b76256aab0 Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Mon, 18 Oct 2021 11:55:14 +1300 >-Subject: [PATCH 148/159] selftest: Improve error handling and perl style when >+Subject: [PATCH 151/162] selftest: Improve error handling and perl style when > setting up users in Samba4.pm > > This catches errors and avoids using global varibles (the old >@@ -17255,7 +17637,7 @@ > 1 file changed, 53 insertions(+), 19 deletions(-) > > diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm >-index 09cedcb05f1..615e8b240b4 100755 >+index 8bd489ea6a5..7c17060dcb0 100755 > --- a/selftest/target/Samba4.pm > +++ b/selftest/target/Samba4.pm > @@ -239,12 +239,19 @@ sub wait_for_start($$) >@@ -17408,10 +17790,10 @@ > 2.25.1 > > >-From 1460a095fc895cc28d0a3bd4adb69d5f8dad4be1 Mon Sep 17 00:00:00 2001 >+From 56a86c4bc2567282d80e8fbf0bc527ca3b73ad02 Mon Sep 17 00:00:00 2001 > From: Andreas Schneider <asn@samba.org> > Date: Mon, 4 Oct 2021 13:02:35 +0200 >-Subject: [PATCH 149/159] waf: Allow building with MIT KRB5 >= 1.20 >+Subject: [PATCH 152/162] waf: Allow building with MIT KRB5 >= 1.20 > MIME-Version: 1.0 > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: 8bit >@@ -17450,10 +17832,10 @@ > 2.25.1 > > >-From 5534e6e04e3d4c9cd4aaffe04286fd2d4b062d41 Mon Sep 17 00:00:00 2001 >+From 66d7d1808a17e2caede36f5b5b57b7071a64fdde Mon Sep 17 00:00:00 2001 > From: Stefan Metzmacher <metze@samba.org> > Date: Fri, 8 Oct 2021 18:04:55 +0200 >-Subject: [PATCH 150/159] selftest/Samba3: remove unused close(USERMAP); calls >+Subject: [PATCH 153/162] selftest/Samba3: remove unused close(USERMAP); calls > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -17468,10 +17850,10 @@ > 1 file changed, 4 deletions(-) > > diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >-index 4afcc47b82b..f781fe7bf57 100755 >+index c15057fa80b..8679a48dd54 100755 > --- a/selftest/target/Samba3.pm > +++ b/selftest/target/Samba3.pm >-@@ -771,7 +771,6 @@ sub provision_ad_member >+@@ -733,7 +733,6 @@ sub provision_ad_member > > mkdir($_, 0777) foreach(@dirs); > >@@ -17479,7 +17861,7 @@ > $ret->{DOMAIN} = $dcvars->{DOMAIN}; > $ret->{REALM} = $dcvars->{REALM}; > $ret->{DOMSID} = $dcvars->{DOMSID}; >-@@ -920,7 +919,6 @@ sub setup_ad_member_rfc2307 >+@@ -882,7 +881,6 @@ sub setup_ad_member_rfc2307 > > $ret or return undef; > >@@ -17487,7 +17869,7 @@ > $ret->{DOMAIN} = $dcvars->{DOMAIN}; > $ret->{REALM} = $dcvars->{REALM}; > $ret->{DOMSID} = $dcvars->{DOMSID}; >-@@ -1018,7 +1016,6 @@ sub setup_ad_member_idmap_rid >+@@ -980,7 +978,6 @@ sub setup_ad_member_idmap_rid > > $ret or return undef; > >@@ -17495,7 +17877,7 @@ > $ret->{DOMAIN} = $dcvars->{DOMAIN}; > $ret->{REALM} = $dcvars->{REALM}; > $ret->{DOMSID} = $dcvars->{DOMSID}; >-@@ -1118,7 +1115,6 @@ sub setup_ad_member_idmap_ad >+@@ -1078,7 +1075,6 @@ sub setup_ad_member_idmap_ad > > $ret or return undef; > >@@ -17507,10 +17889,10 @@ > 2.25.1 > > >-From 5ce5053e969781b90f328aec11ab1ff800d2cd34 Mon Sep 17 00:00:00 2001 >+From ba314857e07dfac08adb15920f8d9debc63b40e2 Mon Sep 17 00:00:00 2001 > From: Stefan Metzmacher <metze@samba.org> > Date: Tue, 5 Oct 2021 16:42:00 +0200 >-Subject: [PATCH 151/159] selftest/Samba3: replace (winbindd => "yes", >+Subject: [PATCH 154/162] selftest/Samba3: replace (winbindd => "yes", > skip_wait => 1) with (winbindd => "offline") > > This is much more flexible and concentrates the logic in a single place. >@@ -17528,10 +17910,10 @@ > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm >-index f781fe7bf57..4ec95e237a7 100755 >+index 8679a48dd54..8de5fe6a374 100755 > --- a/selftest/target/Samba3.pm > +++ b/selftest/target/Samba3.pm >-@@ -827,7 +827,7 @@ sub provision_ad_member >+@@ -789,7 +789,7 @@ sub provision_ad_member > nmbd => "yes", > winbindd => "yes", > smbd => "yes")) { >@@ -17540,7 +17922,7 @@ > } > > $ret->{DC_SERVER} = $dcvars->{SERVER}; >-@@ -1909,7 +1909,7 @@ sub check_or_start($$) { >+@@ -1874,7 +1874,7 @@ sub check_or_start($$) { > LOG_FILE => $env_vars->{WINBINDD_TEST_LOG}, > PCAP_FILE => "env-$ENV{ENVNAME}-winbindd", > }; >@@ -17549,7 +17931,7 @@ > $daemon_ctx->{SKIP_DAEMON} = 1; > } > >-@@ -3131,13 +3131,17 @@ sub wait_for_start($$$$$) >+@@ -3069,13 +3069,17 @@ sub wait_for_start($$$$$) > } > } > >@@ -17573,10 +17955,10 @@ > 2.25.1 > > >-From 2208433a58c2ab12fef297002d1b56b2da8f9438 Mon Sep 17 00:00:00 2001 >+From 5123a9d724f44ebfeeab1124e7d3e51b0d92df42 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:39:05 +1300 >-Subject: [PATCH 152/159] tests/krb5: Decrease length of test account prefix >+Subject: [PATCH 155/162] tests/krb5: Decrease length of test account prefix > > This allows us more room to test with different account names. > >@@ -17607,10 +17989,10 @@ > 2.25.1 > > >-From 3865de6879342e283835bb3b7cf2d7b58e222b2d Mon Sep 17 00:00:00 2001 >+From 8c3f47a4c95ab6cc6301088c19d35f9350addfe8 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:41:39 +1300 >-Subject: [PATCH 153/159] tests/krb5: Allow specifying prefix or suffix for >+Subject: [PATCH 156/162] tests/krb5: Allow specifying prefix or suffix for > test account names > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 >@@ -17660,10 +18042,10 @@ > 2.25.1 > > >-From 0585dd5f180220957717ff00918d92eb98c1af5a Mon Sep 17 00:00:00 2001 >+From ecdca0b83792e263dd26179bff7dbf25c1733e1f Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:44:19 +1300 >-Subject: [PATCH 154/159] tests/krb5: Allow creating machine accounts without a >+Subject: [PATCH 157/162] tests/krb5: Allow creating machine accounts without a > trailing dollar > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 >@@ -17736,10 +18118,10 @@ > 2.25.1 > > >-From 4dfd80c056f615131382ea477d3050b299fb3c36 Mon Sep 17 00:00:00 2001 >+From d5bea3beb6bbac7c3dcbb5d40a5d70cf096a4672 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:45:08 +1300 >-Subject: [PATCH 155/159] tests/krb5: Allow specifying the UPN for test >+Subject: [PATCH 158/162] tests/krb5: Allow specifying the UPN for test > accounts > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 >@@ -17818,10 +18200,10 @@ > 2.25.1 > > >-From d4cf26226873f9e38a36d2fa6cb6dd78442ff42d Mon Sep 17 00:00:00 2001 >+From ee450c6d09822dbe109ec82ae22b83e5fd11c76c Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:45:47 +1300 >-Subject: [PATCH 156/159] tests/krb5: Fix account salt calculation to match >+Subject: [PATCH 159/162] tests/krb5: Fix account salt calculation to match > Windows > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 >@@ -17867,10 +18249,10 @@ > 2.25.1 > > >-From e96ddf186e906226b94be6077720192f17ae3a1c Mon Sep 17 00:00:00 2001 >+From 6f125af9c21866c43553d03c4d36a240e1372fa3 Mon Sep 17 00:00:00 2001 > From: Joseph Sutton <josephsutton@catalyst.net.nz> > Date: Wed, 20 Oct 2021 12:46:36 +1300 >-Subject: [PATCH 157/159] tests/krb5: Add tests for account salt calculation >+Subject: [PATCH 160/162] tests/krb5: Add tests for account salt calculation > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14881 >@@ -18254,10 +18636,10 @@ > + import unittest > + unittest.main() > diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py >-index 0a9aac1f2cc..af118242a1b 100644 >+index e1711b532d7..4b68a2b798c 100644 > --- a/python/samba/tests/usage.py > +++ b/python/samba/tests/usage.py >-@@ -104,6 +104,7 @@ EXCLUDE_USAGE = { >+@@ -103,6 +103,7 @@ EXCLUDE_USAGE = { > 'python/samba/tests/krb5/as_req_tests.py', > 'python/samba/tests/krb5/fast_tests.py', > 'python/samba/tests/krb5/rodc_tests.py', >@@ -18403,10 +18785,10 @@ > # FAST tests > # > diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py >-index c2a6256029f..c2175486aae 100755 >+index 7aba1c6ce55..0703e5ceddf 100755 > --- a/source4/selftest/tests.py > +++ b/source4/selftest/tests.py >-@@ -1429,6 +1429,14 @@ for env in ["fl2008r2dc", "fl2003dc"]: >+@@ -1395,6 +1395,14 @@ for env in ["fl2008r2dc", "fl2003dc"]: > 'TKT_SIG_SUPPORT': tkt_sig_support > }) > >@@ -18425,10 +18807,10 @@ > 2.25.1 > > >-From bc7e3d0837d3f0c5910a5d16475410c1d3a2b989 Mon Sep 17 00:00:00 2001 >+From ee07da2c75e5e467b3a480a6090c87e0e177c3ea Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Tue, 19 Oct 2021 16:01:36 +1300 >-Subject: [PATCH 158/159] dsdb: Allow special chars like "@" in samAccountName >+Subject: [PATCH 161/162] dsdb: Allow special chars like "@" in samAccountName > when generating the salt > > BUG: https://bugzilla.samba.org/show_bug.cgi?id=14874 >@@ -18451,10 +18833,10 @@ > 6 files changed, 195 insertions(+), 66 deletions(-) > > diff --git a/auth/credentials/credentials_krb5.c b/auth/credentials/credentials_krb5.c >-index d7b1c430841..2338d9f114b 100644 >+index 20e677e521a..61e55f7032d 100644 > --- a/auth/credentials/credentials_krb5.c > +++ b/auth/credentials/credentials_krb5.c >-@@ -1200,12 +1200,12 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, >+@@ -1199,12 +1199,12 @@ _PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, > break; > } > >@@ -18770,10 +19152,10 @@ > -^samba.tests.krb5.salt_tests.samba.tests.krb5.salt_tests.SaltTests.test_salt_double_at_user > ^samba.tests.krb5.salt_tests.samba.tests.krb5.salt_tests.SaltTests.test_salt_upn_at_realm_user > diff --git a/source3/passdb/machine_account_secrets.c b/source3/passdb/machine_account_secrets.c >-index d81f79c705b..1964eb5a448 100644 >+index 5cda8f065c4..7c103d0a6e4 100644 > --- a/source3/passdb/machine_account_secrets.c > +++ b/source3/passdb/machine_account_secrets.c >-@@ -1574,11 +1574,11 @@ NTSTATUS secrets_store_JoinCtx(const struct libnet_JoinCtx *r) >+@@ -1573,11 +1573,11 @@ NTSTATUS secrets_store_JoinCtx(const struct libnet_JoinCtx *r) > if (info->salt_principal == NULL && r->out.domain_is_ad) { > char *p = NULL; > >@@ -18791,10 +19173,10 @@ > status = krb5_to_nt_status(ret); > DBG_ERR("smb_krb5_salt_principal() failed " > diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c >-index 5bdd23c13e9..9f38a31c8dd 100644 >+index bfdfa51595a..82d9e8ebd2e 100644 > --- a/source4/dsdb/samdb/ldb_modules/password_hash.c > +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c >-@@ -688,8 +688,8 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) >+@@ -685,8 +685,8 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) > { > struct ldb_context *ldb; > krb5_error_code krb5_ret; >@@ -18805,7 +19187,7 @@ > krb5_data salt; > krb5_keyblock key; > krb5_data cleartext_data; >-@@ -700,11 +700,11 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) >+@@ -697,11 +697,11 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) > cleartext_data.length = io->n.cleartext_utf8->length; > > uac_flags = io->u.userAccountControl & UF_ACCOUNT_TYPE_MASK; >@@ -18819,7 +19201,7 @@ > &salt_principal); > if (krb5_ret) { > ldb_asprintf_errstring(ldb, >-@@ -718,8 +718,10 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) >+@@ -715,8 +715,10 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) > /* > * create salt from salt_principal > */ >@@ -18832,7 +19214,7 @@ > if (krb5_ret) { > ldb_asprintf_errstring(ldb, > "setup_kerberos_keys: " >-@@ -728,12 +730,17 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) >+@@ -725,12 +727,17 @@ static int setup_kerberos_keys(struct setup_password_fields_io *io) > krb5_ret, io->ac)); > return LDB_ERR_OPERATIONS_ERROR; > } >@@ -18856,10 +19238,10 @@ > 2.25.1 > > >-From f3eeec100f16186fed7cb7a226ac6a5be2475de2 Mon Sep 17 00:00:00 2001 >+From 63558be187c5aad165785fd2937271e3bd065026 Mon Sep 17 00:00:00 2001 > From: Andrew Bartlett <abartlet@samba.org> > Date: Fri, 22 Oct 2021 10:50:36 +1300 >-Subject: [PATCH 159/159] lib/krb5_wrap: Fix missing error check in new salt >+Subject: [PATCH 162/162] lib/krb5_wrap: Fix missing error check in new salt > code > > CID 1492905: Control flow issues (DEADCODE)
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 14881
:
16864
|
16865
|
16868
|
16869
|
16870
|
16871
|
16873
|
16874
|
16875
|
16876
|
16877
| 16879 |
16881
|
16882
|
16883