[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
       via  2ea3adfd04b gp: Test that Password and Kerberos policies fail on 
unknown key
       via  3ad8e8d4d43 gp: Password and Kerberos policies fail on unknown key
      from  09e9dd576da torture: Test the "server addresses" parameter

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 2ea3adfd04b07c6d449904b81d132ad3858f72fb
Author: David Mulder <dmul...@samba.org>
Date:   Fri Nov 11 10:04:44 2022 -0700

    gp: Test that Password and Kerberos policies fail on unknown key
    
    Signed-off-by: David Mulder <dmul...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>
    
    Autobuild-User(master): Jeremy Allison <j...@samba.org>
    Autobuild-Date(master): Sat Nov 12 01:34:17 UTC 2022 on sn-devel-184

commit 3ad8e8d4d43b08cf1747da048c2fcc16d45a59c5
Author: David Mulder <dmul...@samba.org>
Date:   Fri Nov 11 09:41:52 2022 -0700

    gp: Password and Kerberos policies fail on unknown key
    
    If unrecognized keys are set in the GptTmpl.inf,
    the extensions would fail to apply.
    
    Signed-off-by: David Mulder <dmul...@samba.org>
    Reviewed-by: Jeremy Allison <j...@samba.org>

-----------------------------------------------------------------------

Summary of changes:
 python/samba/gp/gp_sec_ext.py | 4 ++++
 python/samba/tests/gpo.py     | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/gp/gp_sec_ext.py b/python/samba/gp/gp_sec_ext.py
index 667bc4cd48b..16cbc4c7013 100644
--- a/python/samba/gp/gp_sec_ext.py
+++ b/python/samba/gp/gp_sec_ext.py
@@ -67,6 +67,8 @@ class gp_krb_ext(gp_inf_ext):
                 for section in inf_conf.sections():
                     if section == str(self):
                         for key, value in inf_conf.items(section):
+                            if key not in gp_krb_ext.apply_map:
+                                continue
                             att = gp_krb_ext.apply_map[key]
                             value_func = self.mapper().get(att)
                             self.set_kdc_tdb(att, value_func(value))
@@ -153,6 +155,8 @@ class gp_access_ext(gp_inf_ext):
                 for section in inf_conf.sections():
                     if section == str(self):
                         for key, value in inf_conf.items(section):
+                            if key not in gp_access_ext.apply_map:
+                                continue
                             att = gp_access_ext.apply_map[key]
                             (update_samba, value_func) = self.mapper().get(att)
                             update_samba(att, value_func(value))
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index c620a1270f7..7ba193884a1 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -7336,7 +7336,8 @@ class GPOTests(tests.TestCase):
         if ads.connect():
             gpos = ads.get_gpo_list(machine_creds.get_username())
 
-        stage = '[Kerberos Policy]\nMaxTicketAge = %d\n'
+        # Include MaxClockSkew to ensure we don't fail on a key we ignore
+        stage = '[Kerberos Policy]\nMaxTicketAge = %d\nMaxClockSkew = 5'
         opts = [100, 200]
         for i in range(0, 2):
             gpttmpl = gpofile % (local_path, guids[i])


-- 
Samba Shared Repository