The branch, master has been updated
via 13182e7 s4:dsdb/password_hash: require a "Primary:Kerberos" blob in
supplementalCredentials
via 189ee92 s3:selftest: rpcclient doesn't support smb2
from 9f50dfb s3: ADS support is needed for dns updates
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 13182e792a78c4b32eea95f14c3bc84ca340ef72
Author: Stefan Metzmacher <[email protected]>
Date: Mon Jan 16 15:32:21 2012 +0100
s4:dsdb/password_hash: require a "Primary:Kerberos" blob in
supplementalCredentials
If this is missing a w2k8r2 server will reboot, when someone tries to
change a password.
metze
Autobuild-User: Stefan Metzmacher <[email protected]>
Autobuild-Date: Mon Jan 16 17:10:07 CET 2012 on sn-devel-104
commit 189ee922263a2acab65cd24483c75f2aaad26a36
Author: Stefan Metzmacher <[email protected]>
Date: Sat Jan 14 11:17:33 2012 +0100
s3:selftest: rpcclient doesn't support smb2
metze
-----------------------------------------------------------------------
Summary of changes:
source3/selftest/tests.py | 56 +++++++++++------------
source4/dsdb/samdb/ldb_modules/password_hash.c | 16 +++++++
2 files changed, 43 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index eea9aae..5d5f366 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -272,36 +272,34 @@ for t in tests:
test = 'rpc.lsa.lookupsids'
auth_options = ["", "ntlm", "spnego", "spnego,ntlm" ]
signseal_options = ["", ",connect", ",sign", ",seal"]
-smb_options = ["", ",smb2"]
endianness_options = ["", ",bigendian"]
-for z in smb_options:
- for s in signseal_options:
- for e in endianness_options:
- for a in auth_options:
- binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e)
- options = binding_string + " -U$USERNAME%$PASSWORD"
- plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np
with [%s%s%s%s] ' % (a, s, z, e))
- plantestsuite("samba3.blackbox.rpcclient over ncacn_np with
[%s%s%s%s] " % (a, s, z, e), "s3dc:local", [os.path.join(samba3srcdir,
"script/tests/test_rpcclient.sh"),
- "none",
options, configuration])
-
- if have_ads_support:
- # We should try more combinations in future, but this is all
- # the pre-calculated credentials cache supports at the moment
- e = ""
- a = ""
- binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e)
- options = binding_string + " -k yes
--krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
- plansmbtorturetestsuite(test, "ktest", options, 'krb5 with old
ccache ncacn_np with [%s%s%s%s] ' % (a, s, z, e))
-
- options = binding_string + " -k yes
--krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
- plansmbtorturetestsuite(test, "ktest", options, 'krb5 ncacn_np
with [%s%s%s%s] ' % (a, s, z, e))
-
- auth_options2 = ["krb5", "spnego,krb5"]
- for a in auth_options2:
- binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e)
-
- plantestsuite("samba3.blackbox.rpcclient krb5 ncacn_np with
[%s%s%s%s] " % (a, s, z, e), "ktest:local", [os.path.join(samba3srcdir,
"script/tests/test_rpcclient.sh"),
-
"$PREFIX/ktest/krb5_ccache-3", binding_string, "-k", configuration])
+for s in signseal_options:
+ for e in endianness_options:
+ for a in auth_options:
+ binding_string = "ncacn_np:$SERVER[%s%s%s]" % (a, s, e)
+ options = binding_string + " -U$USERNAME%$PASSWORD"
+ plansmbtorturetestsuite(test, "s3dc", options, 'over ncacn_np with
[%s%s%s] ' % (a, s, e))
+ plantestsuite("samba3.blackbox.rpcclient over ncacn_np with
[%s%s%s] " % (a, s, e), "s3dc:local", [os.path.join(samba3srcdir,
"script/tests/test_rpcclient.sh"),
+ "none", options,
configuration])
+
+ if have_ads_support:
+ # We should try more combinations in future, but this is all
+ # the pre-calculated credentials cache supports at the moment
+ e = ""
+ a = ""
+ binding_string = "ncacn_np:$SERVER[%s%s%s]" % (a, s, e)
+ options = binding_string + " -k yes
--krb5-ccache=$PREFIX/ktest/krb5_ccache-2"
+ plansmbtorturetestsuite(test, "ktest", options, 'krb5 with old ccache
ncacn_np with [%s%s%s] ' % (a, s, e))
+
+ options = binding_string + " -k yes
--krb5-ccache=$PREFIX/ktest/krb5_ccache-3"
+ plansmbtorturetestsuite(test, "ktest", options, 'krb5 ncacn_np with
[%s%s%s] ' % (a, s, e))
+
+ auth_options2 = ["krb5", "spnego,krb5"]
+ for a in auth_options2:
+ binding_string = "ncacn_np:$SERVER[%s%s%s]" % (a, s, e)
+
+ plantestsuite("samba3.blackbox.rpcclient krb5 ncacn_np with
[%s%s%s] " % (a, s, e), "ktest:local", [os.path.join(samba3srcdir,
"script/tests/test_rpcclient.sh"),
+
"$PREFIX/ktest/krb5_ccache-3",
binding_string, "-k", configuration])
if have_ads_support:
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c
b/source4/dsdb/samdb/ldb_modules/password_hash.c
index bf94ba3..553cd68 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -301,6 +301,22 @@ static int password_hash_bypass(struct ldb_module *module,
struct ldb_request *r
data_blob_free(&subblob);
}
+ if (scpp == NULL) {
+ return ldb_error(ldb,
+ LDB_ERR_CONSTRAINT_VIOLATION,
+ "Primary:Packages missing");
+ }
+
+ if (scpk == NULL) {
+ /*
+ * If Primary:Kerberos is missing w2k8r2 reboots
+ * when a password is changed.
+ */
+ return ldb_error(ldb,
+ LDB_ERR_CONSTRAINT_VIOLATION,
+ "Primary:Kerberos missing");
+ }
+
if (scpp) {
struct package_PackagesBlob *p;
uint32_t n;
--
Samba Shared Repository
