The branch, master has been updated via e5e1759057a s3: spoolss: Make parameters in call to user_ok_token() match all other uses. via 1e1d8b9c83f tests python krb5: Add python kerberos compatability tests via 5cb5134377f selftest: add heimdal kdc specific known fail via a5052c73c3f lib: talloc: More tests for realloc when used with memlimited pools via 4566ee91b8c lib: talloc: Fix memlimit on pool realloc. via 30a8bea8a34 lib: talloc: Add more debugging text for existing memlimit + pool tests via 6e0aab0b403 lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case. via 86eb6423bdc lib: talloc: Cleanup. Use consistent preprocessor logic macros. from 710196f0cc5 doc: improve --with-shared-modules documentation
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e5e1759057a767f517bf480a2172a36623df2799 Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 5 15:48:08 2020 -0800 s3: spoolss: Make parameters in call to user_ok_token() match all other uses. We already have p->session_info->unix_info->unix_name, we don't need to go through a legacy call to uidtoname(p->session_info->unix_token->uid). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14568 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184 commit 1e1d8b9c83f32c06ecab31214a20b77529ee038e Author: Gary Lockyer <g...@catalyst.net.nz> Date: Wed Nov 4 13:58:24 2020 +1300 tests python krb5: Add python kerberos compatability tests Add new python test to document the differences between the MIT and Heimdal Kerberos implementations. Signed-off-by: Gary Lockyer <g...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5cb5134377f099353e0f91c44cc11e45d548d40f Author: Gary Lockyer <g...@catalyst.net.nz> Date: Wed Nov 4 13:54:46 2020 +1300 selftest: add heimdal kdc specific known fail Add a heimdal kerberos specific known fail, will be needed by subsequent commits. Signed-off-by: Gary Lockyer <g...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a5052c73c3ffdca6b30194223e69a26430f3f989 Author: Arran Cudbard-Bell <a.cudba...@freeradius.org> Date: Tue Oct 20 14:12:17 2020 -0500 lib: talloc: More tests for realloc when used with memlimited pools This requires the previous patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Arran Cudbard-Bell <a.cudba...@freeradius.org> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4566ee91b8c37f62e8b56242a48230db59cd5ff0 Author: Jeremy Allison <j...@samba.org> Date: Tue Oct 20 10:52:55 2020 -0700 lib: talloc: Fix memlimit on pool realloc. We only have to do the memlimit check before any real malloc or realloc. Allocations out of a memory pool have already been counted in the memory limit, so don't check in those cases. This is an application-visible change (although fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Jeremy Allison <j...@samba.org> Signed-off-by: Arran Cudbard-Bell <a.cudba...@freeradius.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 30a8bea8a340dcf9a3120f5ee8041e62fb129d8d Author: Arran Cudbard-Bell <a.cudba...@freeradius.org> Date: Tue Oct 20 14:10:30 2020 -0500 lib: talloc: Add more debugging text for existing memlimit + pool tests BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Arran Cudbard-Bell <a.cudba...@freeradius.org> Reviewed-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6e0aab0b4038255b2d63e8687924a21d77bace91 Author: Jeremy Allison <j...@samba.org> Date: Tue Oct 20 12:14:58 2020 -0700 lib: talloc: Fix pool object accounting when doing talloc_realloc() in the ALWAYS_REALLOC compiled case. tc_alloc_pool() or the fallback malloc can return NULL. Wait until we know we are returning a valid pointer before decrementing pool_hdr->object_count due to reallocing out of the talloc_pool. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 86eb6423bdcedf3433f3dbcf026573a238cf0d87 Author: Jeremy Allison <j...@samba.org> Date: Tue Oct 20 12:18:10 2020 -0700 lib: talloc: Cleanup. Use consistent preprocessor logic macros. Match other use of ALWAYS_REALLOC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: ...oc-util-2.3.0.sigs => pytalloc-util-2.3.2.sigs} | 0 .../ABI/{talloc-2.1.10.sigs => talloc-2.3.2.sigs} | 0 lib/talloc/talloc.c | 78 ++++++++++++-- lib/talloc/testsuite.c | 117 ++++++++++++++++++++ lib/talloc/wscript | 2 +- .../{simple_tests.py => compatability_tests.py} | 120 ++++++++++----------- python/samba/tests/usage.py | 1 + selftest/knownfail_heimdal_kdc | 4 + selftest/knownfail_mit_kdc | 4 + selftest/wscript | 3 + source3/rpc_server/spoolss/srv_spoolss_nt.c | 3 +- source4/selftest/tests.py | 1 + 12 files changed, 260 insertions(+), 73 deletions(-) copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.3.2.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.3.2.sigs} (100%) copy python/samba/tests/krb5/{simple_tests.py => compatability_tests.py} (59%) create mode 100644 selftest/knownfail_heimdal_kdc Changeset truncated at 500 lines: diff --git a/lib/talloc/ABI/pytalloc-util-2.3.0.sigs b/lib/talloc/ABI/pytalloc-util-2.3.2.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util-2.3.0.sigs copy to lib/talloc/ABI/pytalloc-util-2.3.2.sigs diff --git a/lib/talloc/ABI/talloc-2.1.10.sigs b/lib/talloc/ABI/talloc-2.3.2.sigs similarity index 100% copy from lib/talloc/ABI/talloc-2.1.10.sigs copy to lib/talloc/ABI/talloc-2.3.2.sigs diff --git a/lib/talloc/talloc.c b/lib/talloc/talloc.c index e476f3e2d05..078e58ca352 100644 --- a/lib/talloc/talloc.c +++ b/lib/talloc/talloc.c @@ -1833,13 +1833,6 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons return NULL; } - if (tc->limit && (size > tc->size)) { - if (!talloc_memlimit_check(tc->limit, (size - tc->size))) { - errno = ENOMEM; - return NULL; - } - } - /* handle realloc inside a talloc_pool */ if (unlikely(tc->flags & TALLOC_FLAG_POOLMEM)) { pool_hdr = tc->pool; @@ -1898,12 +1891,29 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons */ _talloc_chunk_set_free(tc, NULL); -#if ALWAYS_REALLOC +#if (ALWAYS_REALLOC != 0) if (pool_hdr) { new_ptr = tc_alloc_pool(tc, size + TC_HDR_SIZE, 0); - pool_hdr->object_count--; - if (new_ptr == NULL) { + /* + * Couldn't allocate from pool (pool size + * counts as already allocated for memlimit + * purposes). We must check memory limit + * before any real malloc. + */ + if (tc->limit) { + /* + * Note we're doing an extra malloc, + * on top of the pool size, so account + * for size only, not the difference + * between old and new size. + */ + if (!talloc_memlimit_check(tc->limit, size)) { + _talloc_chunk_set_not_free(tc); + errno = ENOMEM; + return NULL; + } + } new_ptr = malloc(TC_HDR_SIZE+size); malloced = true; new_size = size; @@ -1912,11 +1922,28 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons if (new_ptr) { memcpy(new_ptr, tc, MIN(tc->size,size) + TC_HDR_SIZE); TC_INVALIDATE_FULL_CHUNK(tc); + /* + * Only decrement the object count in the pool once + * we know we're returning a valid new_ptr. + */ + pool_hdr->object_count--; } } else { /* We're doing malloc then free here, so record the difference. */ old_size = tc->size; new_size = size; + /* + * We must check memory limit + * before any real malloc. + */ + if (tc->limit && (size > old_size)) { + if (!talloc_memlimit_check(tc->limit, + (size - old_size))) { + _talloc_chunk_set_not_free(tc); + errno = ENOMEM; + return NULL; + } + } new_ptr = malloc(size + TC_HDR_SIZE); if (new_ptr) { memcpy(new_ptr, tc, MIN(tc->size, size) + TC_HDR_SIZE); @@ -2020,6 +2047,25 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons new_ptr = tc_alloc_pool(tc, size + TC_HDR_SIZE, 0); if (new_ptr == NULL) { + /* + * Couldn't allocate from pool (pool size + * counts as already allocated for memlimit + * purposes). We must check memory limit + * before any real malloc. + */ + if (tc->limit) { + /* + * Note we're doing an extra malloc, + * on top of the pool size, so account + * for size only, not the difference + * between old and new size. + */ + if (!talloc_memlimit_check(tc->limit, size)) { + _talloc_chunk_set_not_free(tc); + errno = ENOMEM; + return NULL; + } + } new_ptr = malloc(TC_HDR_SIZE+size); malloced = true; new_size = size; @@ -2035,6 +2081,18 @@ _PUBLIC_ void *_talloc_realloc(const void *context, void *ptr, size_t size, cons /* We're doing realloc here, so record the difference. */ old_size = tc->size; new_size = size; + /* + * We must check memory limit + * before any real realloc. + */ + if (tc->limit && (size > old_size)) { + if (!talloc_memlimit_check(tc->limit, + (size - old_size))) { + _talloc_chunk_set_not_free(tc); + errno = ENOMEM; + return NULL; + } + } new_ptr = realloc(tc, size + TC_HDR_SIZE); } got_new_ptr: diff --git a/lib/talloc/testsuite.c b/lib/talloc/testsuite.c index 6c9bf203b7c..6f23ad4e18a 100644 --- a/lib/talloc/testsuite.c +++ b/lib/talloc/testsuite.c @@ -1767,28 +1767,145 @@ static bool test_memlimit(void) talloc_free(root); /* Test memlimits with pools. */ + printf("==== talloc_pool(NULL, 10*1024)\n"); pool = talloc_pool(NULL, 10*1024); torture_assert("memlimit", pool != NULL, "failed: alloc should not fail due to memory limit\n"); + + printf("==== talloc_set_memlimit(pool, 10*1024)\n"); talloc_set_memlimit(pool, 10*1024); for (i = 0; i < 9; i++) { + printf("==== talloc_size(pool, 1024) %i/10\n", i + 1); l1 = talloc_size(pool, 1024); torture_assert("memlimit", l1 != NULL, "failed: alloc should not fail due to memory limit\n"); + talloc_report_full(pool, stdout); } /* The next alloc should fail. */ + printf("==== talloc_size(pool, 1024) 10/10\n"); l2 = talloc_size(pool, 1024); torture_assert("memlimit", l2 == NULL, "failed: alloc should fail due to memory limit\n"); + talloc_report_full(pool, stdout); + /* Moving one of the children shouldn't change the limit, as it's still inside the pool. */ + + printf("==== talloc_new(NULL)\n"); root = talloc_new(NULL); + + printf("==== talloc_steal(root, l1)\n"); talloc_steal(root, l1); + + printf("==== talloc_size(pool, 1024)\n"); l2 = talloc_size(pool, 1024); torture_assert("memlimit", l2 == NULL, "failed: alloc should fail due to memory limit\n"); + printf("==== talloc_free_children(pool)\n"); + talloc_free(l1); + talloc_free_children(pool); + + printf("==== talloc_size(pool, 1024)\n"); + l1 = talloc_size(pool, 1024); + + /* try reallocs of increasing size */ + for (i = 1; i < 9; i++) { + printf("==== talloc_realloc_size(NULL, l1, %i*1024) %i/10\n", i, i + 1); + l1 = talloc_realloc_size(NULL, l1, i*1024); + torture_assert("memlimit", l1 != NULL, + "failed: realloc should not fail due to memory limit\n"); + talloc_report_full(pool, stdout); + } + /* The next alloc should fail. */ + printf("==== talloc_realloc_size(NULL, l1, 10*1024) 10/10\n"); + l2 = talloc_realloc_size(NULL, l1, 10*1024); + torture_assert("memlimit", l2 == NULL, + "failed: realloc should fail due to memory limit\n"); + + /* Increase the memlimit */ + printf("==== talloc_set_memlimit(pool, 11*1024)\n"); + talloc_set_memlimit(pool, 11*1024); + + /* The final realloc should still fail + as the entire realloced chunk needs to be moved out of the pool */ + printf("==== talloc_realloc_size(NULL, l1, 10*1024) 10/10\n"); + l2 = talloc_realloc_size(NULL, l1, 10*1024); + torture_assert("memlimit", l2 == NULL, + "failed: realloc should fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + printf("==== talloc_set_memlimit(pool, 21*1024)\n"); + talloc_set_memlimit(pool, 21*1024); + + /* There's now sufficient space to move the chunk out of the pool */ + printf("==== talloc_realloc_size(NULL, l1, 10*1024) 10/10\n"); + l2 = talloc_realloc_size(NULL, l1, 10*1024); + torture_assert("memlimit", l2 != NULL, + "failed: realloc should not fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + /* ...which should mean smaller allocations can now occur within the pool */ + printf("==== talloc_size(pool, 9*1024)\n"); + l1 = talloc_size(pool, 9*1024); + torture_assert("memlimit", l1 != NULL, + "failed: new allocations should be allowed in the pool\n"); + + talloc_report_full(pool, stdout); + + /* But reallocs bigger than the pool will still fail */ + printf("==== talloc_realloc_size(NULL, l1, 10*1024)\n"); + l2 = talloc_realloc_size(NULL, l1, 10*1024); + torture_assert("memlimit", l2 == NULL, + "failed: realloc should fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + /* ..as well as allocs */ + printf("==== talloc_size(pool, 1024)\n"); + l1 = talloc_size(pool, 1024); + torture_assert("memlimit", l1 == NULL, + "failed: alloc should fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + printf("==== talloc_free_children(pool)\n"); + talloc_free_children(pool); + + printf("==== talloc_set_memlimit(pool, 1024)\n"); + talloc_set_memlimit(pool, 1024); + + /* We should still be able to allocate up to the pool limit + because the memlimit only applies to new heap allocations */ + printf("==== talloc_size(pool, 9*1024)\n"); + l1 = talloc_size(pool, 9*1024); + torture_assert("memlimit", l1 != NULL, + "failed: alloc should not fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + l1 = talloc_size(pool, 1024); + torture_assert("memlimit", l1 == NULL, + "failed: alloc should fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + + printf("==== talloc_free_children(pool)\n"); + talloc_free_children(pool); + + printf("==== talloc_set_memlimit(pool, 10*1024)\n"); + talloc_set_memlimit(pool, 10*1024); + + printf("==== talloc_size(pool, 1024)\n"); + l1 = talloc_size(pool, 1024); + torture_assert("memlimit", l1 != NULL, + "failed: alloc should not fail due to memory limit\n"); + + talloc_report_full(pool, stdout); + talloc_free(pool); talloc_free(root); printf("success: memlimit\n"); diff --git a/lib/talloc/wscript b/lib/talloc/wscript index b955d215b80..a767477357f 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'talloc' -VERSION = '2.3.1' +VERSION = '2.3.2' import os import sys diff --git a/python/samba/tests/krb5/simple_tests.py b/python/samba/tests/krb5/compatability_tests.py similarity index 59% copy from python/samba/tests/krb5/simple_tests.py copy to python/samba/tests/krb5/compatability_tests.py index 236fbda1cd5..63bd5269c2b 100755 --- a/python/samba/tests/krb5/simple_tests.py +++ b/python/samba/tests/krb5/compatability_tests.py @@ -1,6 +1,7 @@ #!/usr/bin/env python3 # Unix SMB/CIFS implementation. # Copyright (C) Stefan Metzmacher 2020 +# Copyright (C) Catalyst.Net Ltd 2020 # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -28,6 +29,7 @@ import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1 global_asn1_print = False global_hexdump = False + class SimpleKerberosTests(RawKerberosTest): def setUp(self): @@ -35,10 +37,52 @@ class SimpleKerberosTests(RawKerberosTest): self.do_asn1_print = global_asn1_print self.do_hexdump = global_hexdump - def test_simple(self): - user_creds = self.get_user_creds() - user = user_creds.get_username() - realm = user_creds.get_realm() + def test_mit_EncASRepPart_tag(self): + creds = self.get_user_creds() + (enc, _) = self.as_req(creds) + self.assertEqual(0x7a, enc[0]) + + def test_heimdal_EncASRepPart_tag(self): + creds = self.get_user_creds() + (enc, _) = self.as_req(creds) + self.assertEqual(0x79, enc[0]) + + def test_mit_EncryptedData_kvno(self): + creds = self.get_user_creds() + (_, enc) = self.as_req(creds) + if 'kvno' in enc: + self.fail("kvno present in EncryptedData") + + def test_heimdal_EncryptedData_kvno(self): + creds = self.get_user_creds() + (_, enc) = self.as_req(creds) + if 'kvno' not in enc: + self.fail("kvno absent in EncryptedData") + + def test_mit_EncASRepPart_FAST_support(self): + creds = self.get_user_creds() + (enc, _) = self.as_req(creds) + self.assertEqual(0x7A, enc[0]) + as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncTGSRepPart()) + flags = int(as_rep['flags'], base=2) + # MIT sets enc-pa-rep, flag bit 15 + # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests + self.assertTrue(0x00010000 & flags) + + def test_heimdal_EncASRepPart_FAST_support(self): + creds = self.get_user_creds() + (enc, _) = self.as_req(creds) + self.assertEqual(0x79, enc[0]) + as_rep = self.der_decode(enc, asn1Spec=krb5_asn1.EncASRepPart()) + flags = as_rep['flags'] + flags = int(as_rep['flags'], base=2) + # Heimdal does not set enc-pa-rep, flag bit 15 + # RFC 6806 11. Negotiation of FAST and Detecting Modified Requests + self.assertFalse(0x00010000 & flags) + + def as_req(self, creds): + user = creds.get_username() + realm = creds.get_realm() cname = self.PrincipalName_create(name_type=1, names=[user]) sname = self.PrincipalName_create(name_type=2, names=["krbtgt", realm]) @@ -48,7 +92,7 @@ class SimpleKerberosTests(RawKerberosTest): kdc_options = krb5_asn1.KDCOptions('forwardable') padata = None - etypes=(18,17,23) + etypes = (18, 17, 23) req = self.AS_REQ_create(padata=padata, kdc_options=str(kdc_options), @@ -69,16 +113,20 @@ class SimpleKerberosTests(RawKerberosTest): self.assertEqual(rep['msg-type'], 30) self.assertEqual(rep['error-code'], 25) - rep_padata = self.der_decode(rep['e-data'], asn1Spec=krb5_asn1.METHOD_DATA()) + rep_padata = self.der_decode( + rep['e-data'], + asn1Spec=krb5_asn1.METHOD_DATA()) for pa in rep_padata: if pa['padata-type'] == 19: etype_info2 = pa['padata-value'] break - etype_info2 = self.der_decode(etype_info2, asn1Spec=krb5_asn1.ETYPE_INFO2()) + etype_info2 = self.der_decode( + etype_info2, + asn1Spec=krb5_asn1.ETYPE_INFO2()) - key = self.PasswordKey_from_etype_info2(user_creds, etype_info2[0]) + key = self.PasswordKey_from_etype_info2(creds, etype_info2[0]) (patime, pausec) = self.get_KerberosTimeWithUsec() pa_ts = self.PA_ENC_TS_ENC_create(patime, pausec) @@ -114,59 +162,9 @@ class SimpleKerberosTests(RawKerberosTest): self.assertEqual(msg_type, 11) usage = 3 - enc_part2 = key.decrypt(usage, rep['enc-part']['cipher']) - - # MIT KDC encodes both EncASRepPart and EncTGSRepPart with application tag 26 - try: - enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncASRepPart()) - except Exception: - enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) - - # TGS Request - service_creds = self.get_service_creds(allow_missing_password=True) - service_name = service_creds.get_username() - - sname = self.PrincipalName_create(name_type=2, names=["host", service_name]) - kdc_options = krb5_asn1.KDCOptions('forwardable') - till = self.get_KerberosTime(offset=36000) - ticket = rep['ticket'] - ticket_session_key = self.EncryptionKey_import(enc_part2['key']) - padata = [] - - subkey = self.RandomKey(ticket_session_key.etype) - subkey_usage = 9 - - (ctime, cusec) = self.get_KerberosTimeWithUsec() - - req = self.TGS_REQ_create(padata=padata, - cusec=cusec, - ctime=ctime, - ticket=ticket, - kdc_options=str(kdc_options), - cname=cname, - realm=realm, - sname=sname, - from_time=None, - till_time=till, - renew_time=None, - nonce=0x7ffffffe, - etypes=etypes, - addresses=None, - EncAuthorizationData=None, - EncAuthorizationData_key=None, - additional_tickets=None, - ticket_session_key=ticket_session_key, - authenticator_subkey=subkey) - rep = self.send_recv_transaction(req) - self.assertIsNotNone(rep) - - msg_type = rep['msg-type'] - self.assertEqual(msg_type, 13) - - enc_part2 = subkey.decrypt(subkey_usage, rep['enc-part']['cipher']) - enc_part2 = self.der_decode(enc_part2, asn1Spec=krb5_asn1.EncTGSRepPart()) - - return + enc_part = rep['enc-part'] + enc_as_rep_part = key.decrypt(usage, rep['enc-part']['cipher']) + return (enc_as_rep_part, enc_part) if __name__ == "__main__": diff --git a/python/samba/tests/usage.py b/python/samba/tests/usage.py index 2f813760814..fbb9a06d99e 100644 --- a/python/samba/tests/usage.py +++ b/python/samba/tests/usage.py @@ -90,6 +90,7 @@ EXCLUDE_USAGE = { 'python/samba/tests/krb5/s4u_tests.py', 'python/samba/tests/krb5/xrealm_tests.py', 'python/samba/tests/krb5/as_canonicalization_tests.py', + 'python/samba/tests/krb5/compatability_tests.py', } EXCLUDE_HELP = { diff --git a/selftest/knownfail_heimdal_kdc b/selftest/knownfail_heimdal_kdc new file mode 100644 index 00000000000..7ab56b6721b --- /dev/null +++ b/selftest/knownfail_heimdal_kdc @@ -0,0 +1,4 @@ +# +# We expect all the MIT specific compatability tests to fail on heimdal +# kerberos +^samba.tests.krb5.compatability_tests.samba.tests.krb5.compatability_tests.SimpleKerberosTests.test_mit_ diff --git a/selftest/knownfail_mit_kdc b/selftest/knownfail_mit_kdc index 96d3e51da5c..68eecd1bbfc 100644 --- a/selftest/knownfail_mit_kdc +++ b/selftest/knownfail_mit_kdc @@ -1,4 +1,8 @@ # -- Samba Shared Repository