The branch, master has been updated
via b406b928242 WHATSNEW: Document new GnuTLS 3.4.7 requirement
via 2ee1764ca88 s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
via 454ed53221b libcli:smb: Prefer AES-GCM over AES-CCM with GnuTLS
via f24f26aaa58 libcli:smb: Use gnutls_error_to_ntstatus() in
smb2_signing_encrypt_pdu()
via eb65fe5505e libcli:smb: Use smb2_signing_key in
smb2_signing_encrypt_pdu()
via b9c4990f57a libcli:smb: Use gnutls_error_to_ntstatus() in
smb2_signing_decrypt_pdu()
via 7f56e91dbe4 libcli:smb: Use smb2_signing_key in
smb2_signing_decrypt_pdu()
via 3d2de36d9a0 libcli:smb: Support GnuTLS AES CCM and GCM in
smb2_signing_decrypt_pdu()
via f43da2adf64 libcli:smb: Support GnuTLS AES CCM and GCM in
smb2_signing_encrypt_pdu()
via 10058bcfa16 ldb: Extend the ldb_dn_explode test matrix
via a8a3cef3a76 ldb: Do not read beyond the end of the extended DN
component when printing
via 52bd2dde5ae ldb: Add test with == true or false to boolean if
statements in ldb_dn_explode()
via 3f290e95c2c ldb: Rework all pointer NULL tests to use Samba's
normal style
via a097ddf65ce ldb: add some dn explode tests
via 54f30f2fe3f ldb: don't try to save a value that isn't there
from 1521a22f436 ldb: Call TALLOC_FREE(filtered_msg->elements) on
ldb_filter_attrs() failure
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b406b928242c95d34568a79c10e4b004779da085
Author: Andrew Bartlett <[email protected]>
Date: Mon Aug 26 14:39:40 2019 +1200
WHATSNEW: Document new GnuTLS 3.4.7 requirement
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
Autobuild-User(master): Andrew Bartlett <[email protected]>
Autobuild-Date(master): Tue Aug 27 06:01:50 UTC 2019 on sn-devel-184
commit 2ee1764ca88c882cddcc0a17f7d83950ec709b5d
Author: Andreas Schneider <[email protected]>
Date: Fri Mar 15 16:28:12 2019 +0100
s3:smbd: Prefer AES-GCM over AES-CCM with GnuTLS
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit 454ed53221b1374ad8148e922b64c3788ad4998e
Author: Andreas Schneider <[email protected]>
Date: Fri Mar 15 16:25:28 2019 +0100
libcli:smb: Prefer AES-GCM over AES-CCM with GnuTLS
The AES-GCM implementation in GnuTLS is faster.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit f24f26aaa58b9223e2c0cfd3e5086278b27903f1
Author: Andreas Schneider <[email protected]>
Date: Fri Aug 23 09:28:28 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_encrypt_pdu()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Signed-off-by: Andrew Bartlett <[email protected]>
commit eb65fe5505e32f451d4cf5d0203abce77c05dae4
Author: Andreas Schneider <[email protected]>
Date: Thu Mar 14 10:27:06 2019 +0100
libcli:smb: Use smb2_signing_key in smb2_signing_encrypt_pdu()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adaped to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit b9c4990f57aa778942c310b802437e6df1d17e04
Author: Andreas Schneider <[email protected]>
Date: Fri Aug 23 09:27:35 2019 +0200
libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_decrypt_pdu()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
commit 7f56e91dbe404bc1ee40e4843c4046336945b057
Author: Andreas Schneider <[email protected]>
Date: Thu Mar 14 10:53:23 2019 +0100
libcli:smb: Use smb2_signing_key in smb2_signing_decrypt_pdu()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adaped to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit 3d2de36d9a08354fb775a5d93a9b40012bf6966f
Author: Andreas Schneider <[email protected]>
Date: Tue Feb 26 16:43:36 2019 +0100
libcli:smb: Support GnuTLS AES CCM and GCM in smb2_signing_decrypt_pdu()
This requires GnuTLS >= 3.4.0.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit f43da2adf64a8ff20ce6478f656927e531bc42af
Author: Andreas Schneider <[email protected]>
Date: Mon Feb 25 18:05:16 2019 +0100
libcli:smb: Support GnuTLS AES CCM and GCM in smb2_signing_encrypt_pdu()
This requires GnuTLS >= 3.4.0.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Adapted to remove Samba AES support
Signed-off-by: Andrew Bartlett <[email protected]>
commit 10058bcfa16d5029e61252d64d142a8aab9ec296
Author: Andrew Bartlett <[email protected]>
Date: Tue Aug 27 13:16:50 2019 +1200
ldb: Extend the ldb_dn_explode test matrix
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
commit a8a3cef3a768aaff01227dd7b229fb7b3aef926f
Author: Andrew Bartlett <[email protected]>
Date: Tue Aug 27 13:16:18 2019 +1200
ldb: Do not read beyond the end of the extended DN component when printing
The print functions used in Samba NULL terminate, but do not assume they
will
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
commit 52bd2dde5ae809ecc115f7087e367327f4771e73
Author: Andrew Bartlett <[email protected]>
Date: Thu Aug 22 11:09:55 2019 +1200
ldb: Add test with == true or false to boolean if statements in
ldb_dn_explode()
This is beyond the normal level of clarity we expect in Samba, and is of
course
rudundent, but this is a complex routine that has confusing tests, some of
pointers and some of boolean state values.
This tries to make the code as clear as possible pending a more
comprehensive
rewrite.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
commit 3f290e95c2c133eb2c983ecc984d3dff4809f3d3
Author: Andrew Bartlett <[email protected]>
Date: Thu Aug 22 10:59:07 2019 +1200
ldb: Rework all pointer NULL tests to use Samba's normal style
Also avoid if () without braces
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
commit a097ddf65ce56dcd2e0b072b6dd78f512a77a9da
Author: Douglas Bagnall <[email protected]>
Date: Thu Jul 25 12:09:16 2019 +1200
ldb: add some dn explode tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
commit 54f30f2fe3f03c9640664f9a11260b093fc57a5b
Author: Douglas Bagnall <[email protected]>
Date: Fri Jul 26 09:49:13 2019 +1200
ldb: don't try to save a value that isn't there
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049
Signed-off-by: Douglas Bagnall <[email protected]>
Reviewed-by: Andrew Bartlett <[email protected]>
Reviewed-by: Gary Lockyer <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 22 +++
lib/ldb/common/ldb_dn.c | 135 +++++++++--------
lib/ldb/tests/test_ldb_dn.c | 115 +++++++++++++++
libcli/smb/smb2_signing.c | 343 +++++++++++++++++++++++++++++++-------------
libcli/smb/smb2_signing.h | 4 +-
libcli/smb/smbXcli_base.c | 15 +-
source3/smbd/smb2_negprot.c | 10 +-
source3/smbd/smb2_server.c | 18 ++-
8 files changed, 484 insertions(+), 178 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9abc4538125..c3b99dbee80 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -17,6 +17,28 @@ NEW FEATURES/CHANGES
====================
+GnuTLS 3.4.7 required
+---------------------
+
+Samba is making efforts to remove in-tree cryptographic functionality,
+and to instead rely on externally maintained libraries. To this end,
+Samba has chosen GnuTLS as our standard cryptographic provider.
+
+Samba now requires GnuTLS 3.4.7 to be installed (including development
+headers at build time) for all configurations, not just the Samba AD
+DC.
+
+NOTE WELL: The use of GnuTLS means that Samba will honour the
+system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic
+standard) and so will not operate in many still common situations if
+this system-wide parameter is in effect, as many of our protocols rely
+on outdated cryptography.
+
+A future Samba version will mitigate this to some extent where good
+cryptography effectively wraps bad cryptography, but for now that above
+applies.
+
+
REMOVED FEATURES
================
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 9b2fa966e11..83f94e3b913 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -298,19 +298,21 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
char *parse_dn;
bool is_index;
- if ( ! dn || dn->invalid) return false;
+ if (dn == NULL || dn->invalid == true) {
+ return false;
+ }
- if (dn->components) {
+ if (dn->components != NULL) {
return true;
}
- if (dn->ext_linearized) {
+ if (dn->ext_linearized != NULL) {
parse_dn = dn->ext_linearized;
} else {
parse_dn = dn->linearized;
}
- if ( ! parse_dn ) {
+ if (parse_dn == NULL) {
return false;
}
@@ -322,7 +324,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
}
/* Special DNs case */
- if (dn->special) {
+ if (dn->special == true) {
return true;
}
@@ -333,13 +335,13 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
/* in the common case we have 3 or more components */
/* make sure all components are zeroed, other functions depend on it */
dn->components = talloc_zero_array(dn, struct ldb_dn_component, 3);
- if ( ! dn->components) {
+ if (dn->components == NULL) {
return false;
}
/* Components data space is allocated here once */
data = talloc_array(dn->components, char, strlen(parse_dn) + 1);
- if (!data) {
+ if (data == NULL) {
goto failed;
}
@@ -348,7 +350,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
d = dt = data;
while (*p) {
- if (in_extended) {
+ if (in_extended == true) {
if (!in_ex_name && !in_ex_value) {
@@ -403,7 +405,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
dn->ext_components = ext_comp;
ext_syntax =
ldb_dn_extended_syntax_by_name(dn->ldb, ex_name);
- if (!ext_syntax) {
+ if (ext_syntax == NULL) {
/* We don't know about this type of
extended DN */
goto failed;
}
@@ -435,8 +437,8 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
*d++ = *p++;
continue;
}
- if (in_attr) {
- if (trim) {
+ if (in_attr == true) {
+ if (trim == true) {
if (*p == ' ') {
p++;
continue;
@@ -486,7 +488,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
* with spaces trimmed) */
*d++ = '\0';
dn->components[dn->comp_num].name =
talloc_strdup(dn->components, dt);
- if ( ! dn->components[dn->comp_num].name) {
+ if (dn->components[dn->comp_num].name == NULL) {
/* ouch */
goto failed;
}
@@ -503,7 +505,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
goto failed;
}
- if (is_oid && ( ! (isdigit(*p) || (*p == '.')))) {
+ if (is_oid == true && ( ! (isdigit(*p) || (*p ==
'.')))) {
/* not a digit nor a dot,
* invalid attribute oid */
ldb_dn_mark_invalid(dn);
@@ -519,8 +521,8 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
continue;
}
- if (in_value) {
- if (in_quote) {
+ if (in_value == true) {
+ if (in_quote == true) {
if (*p == '\"') {
if (p[-1] != '\\') {
p++;
@@ -533,7 +535,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
continue;
}
- if (trim) {
+ if (trim == true) {
if (*p == ' ') {
p++;
continue;
@@ -556,7 +558,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
*/
case ',':
- if (escape) {
+ if (escape == true) {
*d++ = *p++;
l++;
escape = false;
@@ -564,7 +566,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
}
/* ok found value terminator */
- if ( t ) {
+ if (t != NULL) {
/* trim back */
d -= (p - t);
l -= (p - t);
@@ -585,7 +587,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
dn->components[dn->comp_num].value.data = \
(uint8_t
*)talloc_memdup(dn->components, dt, l + 1);
dn->components[dn->comp_num].value.length = l;
- if ( ! dn->components[dn->comp_num].value.data)
{
+ if (dn->components[dn->comp_num].value.data ==
NULL) {
/* ouch ! */
goto failed;
}
@@ -600,7 +602,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
dn->components,
struct
ldb_dn_component,
dn->comp_num + 1);
- if ( ! dn->components) {
+ if (dn->components == NULL) {
/* ouch ! */
goto failed;
}
@@ -617,8 +619,10 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
accept the base64 encoded binary index
values, which contain a '+' or '='
which should normally be escaped */
- if (is_index) {
- if ( t ) t = NULL;
+ if (is_index == true) {
+ if (t != NULL) {
+ t = NULL;
+ }
*d++ = *p++;
l++;
break;
@@ -630,7 +634,7 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
case '>':
case ';':
/* a string with not escaped specials is
invalid (tested) */
- if ( ! escape) {
+ if (escape == false) {
ldb_dn_mark_invalid(dn);
goto failed;
}
@@ -639,11 +643,13 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
*d++ = *p++;
l++;
- if ( t ) t = NULL;
+ if (t != NULL) {
+ t = NULL;
+ }
break;
case '\\':
- if ( ! escape) {
+ if (escape == false) {
escape = true;
p++;
continue;
@@ -653,11 +659,13 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
*d++ = *p++;
l++;
- if ( t ) t = NULL;
+ if (t != NULL) {
+ t = NULL;
+ }
break;
default:
- if (escape) {
+ if (escape == true) {
if (isxdigit(p[0]) && isxdigit(p[1])) {
if (sscanf(p, "%02x", &x) != 1)
{
/* invalid escaping
sequence */
@@ -672,14 +680,20 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
escape = false;
l++;
- if ( t ) t = NULL;
+ if (t != NULL) {
+ t = NULL;
+ }
break;
}
if (*p == ' ') {
- if ( ! t) t = p;
+ if (t == NULL) {
+ t = p;
+ }
} else {
- if ( t ) t = NULL;
+ if (t != NULL) {
+ t = NULL;
+ }
}
*d++ = *p++;
@@ -691,37 +705,38 @@ static bool ldb_dn_explode(struct ldb_dn *dn)
}
}
- if (in_attr || in_quote) {
+ if (in_attr == true || in_quote == true) {
/* invalid dn */
ldb_dn_mark_invalid(dn);
goto failed;
}
- /* save last element */
- if ( t ) {
- /* trim back */
- d -= (p - t);
- l -= (p - t);
- }
+ if (in_value == true) {
+ /* save last element */
+ if (t != NULL) {
+ /* trim back */
+ d -= (p - t);
+ l -= (p - t);
+ }
+
+ *d++ = '\0';
+ /*
+ * This talloc_memdup() is OK with the
+ * +1 because *d has been set to '\0'
+ * just above.
+ */
+ dn->components[dn->comp_num].value.length = l;
+ dn->components[dn->comp_num].value.data =
+ (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
+ if (dn->components[dn->comp_num].value.data == NULL) {
+ /* ouch */
+ goto failed;
+ }
+ talloc_set_name_const(dn->components[dn->comp_num].value.data,
+ (const char *)dn->components[dn->comp_num].value.data);
- *d++ = '\0';
- /*
- * This talloc_memdup() is OK with the
- * +1 because *d has been set to '\0'
- * just above.
- */
- dn->components[dn->comp_num].value.length = l;
- dn->components[dn->comp_num].value.data =
- (uint8_t *)talloc_memdup(dn->components, dt, l + 1);
- if ( ! dn->components[dn->comp_num].value.data) {
- /* ouch */
- goto failed;
+ dn->comp_num++;
}
- talloc_set_name_const(dn->components[dn->comp_num].value.data,
- (const char
*)dn->components[dn->comp_num].value.data);
-
- dn->comp_num++;
-
talloc_free(data);
return true;
@@ -856,11 +871,15 @@ char *ldb_dn_get_extended_linearized(TALLOC_CTX *mem_ctx,
struct ldb_dn *dn, int
}
if (i == 0) {
- p = talloc_asprintf(mem_ctx, "<%s=%s>",
- name, val.data);
+ p = talloc_asprintf(mem_ctx, "<%s=%.*s>",
+ name,
+ (int)val.length,
+ val.data);
} else {
- p = talloc_asprintf_append_buffer(p, ";<%s=%s>",
- name, val.data);
+ p = talloc_asprintf_append_buffer(p, ";<%s=%.*s>",
+ name,
+ (int)val.length,
+ val.data);
}
talloc_free(val.data);
diff --git a/lib/ldb/tests/test_ldb_dn.c b/lib/ldb/tests/test_ldb_dn.c
index 4965dcef575..109ee53c8ab 100644
--- a/lib/ldb/tests/test_ldb_dn.c
+++ b/lib/ldb/tests/test_ldb_dn.c
@@ -23,6 +23,7 @@
#include <cmocka.h>
#include <ldb.h>
+#include "ldb_private.h"
static void test_ldb_dn_add_child_fmt(void **state)
{
@@ -105,12 +106,126 @@ static void test_ldb_dn_add_child_val2(void **state)
}
+struct explode_test {
+ const char *strdn;
+ int comp_num;
+ int ext_comp_num;
+ bool special;
+ bool invalid;
+ const char *linearized;
+ const char *ext_linearized_1;
+ bool explode_result;
+};
+
+static int extended_dn_read_ID(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+
+ /* Allow to check we can cope with validity checks */
+ if (in->length != 4) {
+ return -1;
+ }
+
+ *out = *in;
+ out->data = talloc_memdup(mem_ctx, in->data, in->length);
+ if (out->data == NULL) {
+ return -1;
+ }
+
+ return 0;
+}
+
+/* write out (resued for both HEX and clear for now) */
+static int extended_dn_write_ID(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ *out = *in;
+
+ out->data = talloc_memdup(mem_ctx, in->data, in->length);
+ if (out->data == NULL) {
+ return -1;
+ }
+ return 0;
+}
+
+
+static void test_ldb_dn_explode(void **state)
+{
+ size_t i;
+ struct ldb_context *ldb = ldb_init(NULL, NULL);
+ struct explode_test tests[] = {
+ {"A=B", 1, 0, false, false, "A=B", "A=B", true},
+ {"", 0, 0, false, false, "", "", true},
+ {" ", -1, -1, false, false, " ", " ", false},
+ {"<>", 0, 0, false, false, "", NULL, true},
+ {"<", 0, 0, false, false, "", NULL, true},
+ {"<><", 0, 0, false, false, "", NULL, true},
+ {"<><>", 0, 0, false, false, "", NULL, true},
+ {"A=B,C=D", 2, 0, false, false, "A=B,C=D", "A=B,C=D", true},
+ {"<X=Y>A=B,C=D", -1, -1, false, false, "", NULL, false},
+ {"<X=Y>;A=B,C=D", -1, -1, false, false, "A=B,C=D", NULL, false},
+ {"<ID=ABC>;A=B,C=D", -1, -1, false, true, "A=B,C=D", NULL,
false},
+ {"<ID=ABCD>;A=B,C=D", 2, 1, false, false, "A=B,C=D",
"<ID=ABCD>;A=B,C=D", true},
+ {"x=🔥", 1, 0, false, false, "x=🔥", "x=🔥", true},
+ {"@FOO", 0, 0, true, false, "@FOO", "@FOO", true},
+ };
+
+ struct ldb_dn_extended_syntax syntax = {
+ .name = "ID",
+ .read_fn = extended_dn_read_ID,
+ .write_clear_fn = extended_dn_write_ID,
+ .write_hex_fn = extended_dn_write_ID
+ };
+
+ ldb_dn_extended_add_syntax(ldb, 0, &syntax);
+
+ for (i = 0; i < ARRAY_SIZE(tests); i++) {
+ bool result;
+ const char *linear;
+ const char *ext_linear;
+ struct ldb_dn *dn = ldb_dn_new(ldb, ldb, tests[i].strdn);
+
+ /*
+ * special, invalid, linear, and ext_linear are set before
+ * explode
+ */
+ fprintf(stderr, "%zu «%s»: ", i, tests[i].strdn);
+ linear = ldb_dn_get_linearized(dn);
+ assert_true((linear == NULL) == (tests[i].linearized == NULL));
+ assert_string_equal(linear,
+ tests[i].linearized);
+
+ ext_linear = ldb_dn_get_extended_linearized(ldb, dn, 1);
+ assert_true((ext_linear == NULL) ==
+ (tests[i].ext_linearized_1 == NULL));
+
+ if (tests[i].ext_linearized_1 != NULL) {
+ assert_string_equal(ext_linear,
+ tests[i].ext_linearized_1);
+ }
+ assert_true(ldb_dn_is_special(dn) == tests[i].special);
+ assert_true(ldb_dn_is_valid(dn) != tests[i].invalid);
+
+ /* comp nums are set by explode */
+ result = ldb_dn_validate(dn);
+ fprintf(stderr, "res %i lin «%s» ext «%s»\n",
+ result, linear, ext_linear);
+
+ assert_true(result == tests[i].explode_result);
+ assert_int_equal(ldb_dn_get_comp_num(dn),
+ tests[i].comp_num);
+ assert_int_equal(ldb_dn_get_extended_comp_num(dn),
+ tests[i].ext_comp_num);
+ }
+}
+
int main(void) {
const struct CMUnitTest tests[] = {
cmocka_unit_test(test_ldb_dn_add_child_fmt),
cmocka_unit_test(test_ldb_dn_add_child_fmt2),
cmocka_unit_test(test_ldb_dn_add_child_val),
cmocka_unit_test(test_ldb_dn_add_child_val2),
+ cmocka_unit_test(test_ldb_dn_explode),
};
return cmocka_run_group_tests(tests, NULL, NULL);
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index 1ec60a4f9a5..c39f8e4780a 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -386,21 +386,24 @@ NTSTATUS smb2_key_derivation(const uint8_t *KI, size_t
KI_len,
return NT_STATUS_OK;
}
-NTSTATUS smb2_signing_encrypt_pdu(DATA_BLOB encryption_key,
--
Samba Shared Repository
