IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Move the implementation of this setting down to the actual search query
processing. macOS has no notion of "spotlight = false" at the DCERPC layer and
the open request will always succeed even on all shares.
When later the client issues search requests on such shares, we ensure we use
the noindex backend.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Taken from macOS. We have to return an empty share_path and an empty policy
handle, but not fail the RPC request.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so
for the len=8 case we must add the empty cnid array.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This now removed comment describes the bug correctly:
/*
* As this timer event is owned by req, it will
* disappear if req it talloc_freed.
*/
In smb1, "req" disappears once the reply_whatever routine is done. Thus
the timer goes away and we never look at "req" again.
This change moves the valid data (xconn and mid) to
deferred_open_record, and changes the talloc hierarchy such that the
timer is now a child of open_rec, which is a child of the deferred
message.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14060
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 31 00:12:34 UTC 2019 on sn-devel-184
Show that the current smb1 server does not properly retry a nonblocking
open of a kernel-oplocked file
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14060
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Non-talloc objects were treated as talloc objects, to no good effect
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the python object is not a talloc object, we will end up
with a NULL pointer. We weren't checking for that properly
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously the restart back off tests were disabled for MIT Kerberos, as
they used the kdc, which is not run in that case. Tests now use the
echo server.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 16 10:10:23 UTC 2019 on sn-devel-184
There was no way to call ldb.open without evoking signal 11, so it is
unlikely anyone was using it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
There seems to be no way of using ldb.open without causing a segfault
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is the current default and what 'make test' assumes currently.
The next commit will change the default to "illegal".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is the current default and what 'make test' assumes currently.
The next commit will change the default to disable SMB1.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is the current default and what 'make test' assumes currently.
The next commit will change the default to disable SMB1.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Allow to manually issue the FSCTL_ZERO_DATA call and verify the
state of the file in the file system.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows for manual testing of changing the sparse setting on a file
and verifying the flag in the file system.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This has been turned off by default for 10 years
(since 26e114b83c), and is only interesting for
nostalgia purposes.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
What does it even do? Possibly nothing, not least because nobody ever
runs it.
It was introduced as source4/scripting/bin/autoidl.py in
a2446e5f85 ("initial work for script
that uses probing to figure out IDL"). Since then it has only had
superficial patches, generally aimed at Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is not as simple as running everything executable, because for example
.so library files are marked as executable.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We want to be sure it says *something* and returns success.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also, use sys.exit() function, not exit(), because sys.exit() reliably
exists.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When a script is run with the wrong arguments, it should at least say
something like this:
Usage: samba-foo [OPTIONS]
For many samba scripts, especially without a server environment, having
no arguments is the wrong arguments.
Here we look for every executable file with '#![...]python[3]' on the
first line, and exclude certain files and directories that have excuses
to fail the test. For example, many selftest scripts are stream-oriented
and will hang forever waiting for stdin, which is not an error. Some
test modules are designed so they can be optionally run from the command
line, but this option is typically only used by the developer who is
writing them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Use clear text arguments strings if possible. Makes it more comfortable
for users to edit the user objects attributes.
Remove test from knownfail:
samba.tests.samba_tool.user_edit.change_attribute_force_no_base64
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Test to edit a user: Change attributes with LDB_FLAG_FORCE_NO_BASE64_LDIF
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Especially test handling of base64 encoded attribute values here.
Add selftest/knownfail.d/samba_tool.user_edit.
Tests fail, because:
- can not work with ldif without a trailing new line
- can not handle base64 strings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14003
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 13:52:55 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds a test-case to highlight a bug in the client side GetNCChanges
handling.
These tests mostly exercise the server-side behaviour of sending the
GetNCChanges, however, there's a bug in the client-side code when we try
to handle a missing cross-partition link target *in combination* with
the GET_TGT flag already having been set.
The test is exercising the client-side code by using the 'samba-tool drs
replicate' command. By adding a one-way link to a deleted target object,
we force the client code to retry with the GET_TGT flag set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Remove the sub domain option from join, as it currently does not work.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain join" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain join" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain provision" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow the lmdb map size to be specified in the ldb option
"lmdb_env_size".
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain provision" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 1 23:21:07 UTC 2019 on sn-devel-184
Now that File-ID calculation goes through the VFS, we can nicely make a
per-share option out of it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 26 19:31:28 UTC 2019 on sn-devel-184
We're going to change the default base schema so this patch changes all
tests and testenvs requiring the current default (2008_R2) to specify it
in all provision commands using --base-schema.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(Spoiler alert, it breaks the oplock :-).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 24 20:05:34 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
The endian changes are needed in order to get the following result
from the blobs Windows generated (see the torture test):
AddrArray: ARRAY(3)
AddrArray: struct dnsp_dns_addr
family : 0x0002 (2)
port : 0x0035 (53)
ipv4 : 172.31.99.33
ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000
[MS-DNSP] states that the port is supposed to be ignored, but it's still
good to decode it as port '53' (0x0035) instead of '13568' (0x3500).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In future we should use ipv4address, but that would result in a much
larger change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samba aborts the read&x after a blocked, but eventually successful
locking&x call. Both Windows and source4/ntvfs do the read properly,
source3/smbd does not. With later code, this will become possible much
easier. Lets see if it's worth it given that we've got away with this
forever.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Right now we fail this with smbd, we return LOCK_NOT_GRANTED instead
of FILE_LOCK_CONFLICT. This will change with later commits.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Add a struct option to ndrdump that will allow it to print public
structures.
i.e. binn/ndrdump dns dns_name_packet struct data.file
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add test for the dumping of a public structure with ndrdump. This
removes the need to define decode_* functions in the idl.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When creating the customdc, testparm would default to using
/usr/local/samba sub-directories for creating sockets and lock files.
Instead, pass in the tmpdir we just created as an option to the command.
Normally this didn't cause a noticeable problem, however, if we run the
command with UID-wrapper but without socket-wrapper (i.e.
USE_NAMESPACES=1), then it fails completely.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 31 06:34:36 UTC 2019 on sn-devel-184
If we couldn't determine the realm/domain from the backup file, it's a
lot nicer to fail early with a clear error message (rather than failing
later on with a really obscure message).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In particular, document how to hook up a testenv to a Windows VM
(ideally there should be a helper script to do this, but in the
meantime some instructions are better than nothing).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This patch adds some helper scripts that make talking to a given
testenv's namespace slightly easier.
One of the really cool things about namespaces is you can run multiple
different programs that can all talk to the testenv DC. However, the
command to do this is a bit unweildly, it's based on PID so it changes
everytime you start up a testenv, and you loose all the environment
variables that selftest normally sets up.
This patch adds a couple of helper scripts:
- nsenter-helper.sh: this takes the variables defined in an exports_file
and exports them all. It prints some basic help and then starts a new
shell session (this whole script gets run in the new namespace).
Essentially this achieves something similar to the legacy
selftest-vars.sh script (except this one actually works).
- mk_nsenter.sh: this generates a simple wrapper script that'll run
nsenter and then call nsenter-helper.sh. A separate wrapper script
gets created for each testenv. E.g. to run it, just go:
./st/ad_dc/nsenter.sh
This is a wrapper for a more complicated command underneath like:
nsenter -t 437353 --net --user --preserve-credentials \
/home/timbeale/code/samba/selftest/ns/nsenter-helper.sh \
/home/timbeale/code/samba/st/ad_dc/exports.sh
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This hooks up the selftest/ns/* scripts added earlier with the selftest
system, so developers can optionally run a testenv or test using linux
namespaces instead of socket-wrapper.
The idea is this is experimental functionality that we can extend
further in future, in order to make testing Samba more versatile.
+ The top-level WAF script now does an 'unshare' to create a new
top-level 'selftest' namespace in which to create the testenv(s).
+ selftest.pl creates a common 'selftest0' bridge to connect together
the individual DCs.
+ Update Samba.pm so it can use real IPs instead of loopback addresses.
In fork_and_exec(), we add a couple of hooks so that the binary gets
started in a different namespace (using unshare/start_in_ns.sh), and
the parent process connects the new child namespace up to the common
selftest0 bridge (using add_bridge_iface.sh).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We store the testenv directory path for the 'ctx' hashmap, but not for
the testenv-vars hashmap (and that can be really annoying sometimes).
Add it into the second hashmap that selftest actually keeps track of.
Currently it's only stored in the hashmap, not actually exported as an
environment variable (but we could easily do that if a test-case need
this info).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds the underlying scripts, but they are not actually hooked up to
the selftest code yet, and so are not actually used.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow developers to override the default @term_args, as well as the
terminal itself.
Currently, due to the nature of the args we pass to xterm (i.e. 'echo -e
"blah.." && bash'), it doesn't make it very flexible for use with other
terminals. By dropping these additional @term_args, it makes it much
easier to slot in an alternative terminal.
For example, these commands now work (more or less).
TERMINAL="terminator" TERMINAL_ARGS="-x bash" \
SELFTEST_TESTENV=ad_dc make testenv
TERMINAL="bash" TERMINAL_ARGS="" \
SELFTEST_TESTENV=nt4_dc make testenv
TERMINAL="bash" TERMINAL_ARGS="--norc" \
SELFTEST_TESTENV=none make testenv
bash is usable, but a little weird because its output is still being
piped. Also bash with ad_dc is a little weird because we're using tee
for the DC's stdout. (I'd also recommend --norc, as it makes it easier
to differentiate between the testenv shell).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new role owner need to replicate from the old role owner.
Before we told the old role owner to replicate from itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The selftest code typically stores hashmaps as scalar variables (i.e.
it only ever uses references to hashmaps). So much so that using a regular
hashmap (and passing it by reference via \%daemon_ctx) looks out of
place.
Using the hashmap directly made more sense when it was only being used
locally, but now the hashmap is being passed by reference into a function
anyway, so storing it as a scalar doesn't make much difference.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now the code has been refactored, we can move it into a common function.
This reduces code duplication and means we have a common place where we
start samba daemons from.
Note that some daemons behave slightly different, but the $daemon_ctx
allows us to customize their behaviour a bit.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Final refactor to merge the fork-and-exec code into a common function.
We can now use $daemon_ctx{ENV_VARS} to customize differences between
the forked binaries:
- samba: add in extra env variables on top of the defaults.
- dns_hub: there are no ENV variables we need to export.
- winbindd/smbd: these use the defaults, so they pass through an
undefined $daemon_ctx{ENV_VARS} (purely to make the code common across
all 5 places).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of having a special $skip_resolv_conf parameter just for nmbd,
use the get_env_for_process() API and customize the hashmap returned.
Pass the customized hashmap in as an optional part of the daemon_ctx.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This intermediary refactor adds a hashmap that stores the values needed
to run each samba daemon. This adds a bit more code in the short term,
but it basically means the code in 5 different places now becomes
identical, and we can extract it out to a common function.
The converting FULL_CMD from an array reference back to an array is a
bit ugly, but we can clean this up a bit once the code is all in one
place.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The s3 daemons all basically use the same command logic, it's just they
use slightly different environment variables.
This adds a common helper function, which we can pass the specific
environment variables into.
(Note the slight parameter difference for winbind with --stdout vs
--log-stdout).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a fairly simple move of code and is the first step in a larger
refactor.
It doesn't matter if we build up the command args prior to the fork (we
only use them in the forked child). But moving the code means the code
to handle the fork-and-exec becomes common code that is repeated in
several places throughout Samba3.pm and Samba4.pm.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Whenever we started a process, we basically used the same code to setup
the ENV variables.
The s4 ENVNAME may now be slightly different in the child process that
runs samba (i.e. '$testenv.samba'), but that ENV var did not appeared to
be used much.
I'm not sure if the current difference in $skip_resolv_wrapper logic for
nmbd was deliberate or accidental, but I've preserved the logic for now.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Found by LCOV.
Some of the failures should be fixed by setting "restrict anonymous = 2"
as requested by bug 12775
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The samba3.wkssvc test is not as comprehensive, but rpc.wkssvc needs to run against the
ad_member environment to get past a builtin administrators check.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The test already existed but was not run.
Found by LCOV
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This moves the trigger points where AppleDouble file conversion is run by
ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
level VFS entry points.
Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
"file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
what created the file, we call SMB_VFS_FSTAT() on the just created
filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
deletes the file.
This commit moves calling of the conversion funtion to the high level VFS entry
points where the converted metadata is needed:
o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
repurposed fields in the directory entry metadata
o obviously for SMB_VFS_CREATE_FILE() on an macOS stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reveals a bug in the AppleDouble conversion code: the conversion code that
unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):
after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
ad_convert(), finds the resource fork empty and thus deletes the file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
get_share (called from 'net conf showshare') does a lookup of the share
name case-insensitively. As the registry stores the share name in the
correct case and 'net conf list' prints the correct case, also lookup
the correct case for get_share.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add a test to verify that 'net [rpc] conf showshare' returns the correct
upper/lower case.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Opening a file with a stale (smbd died) LEVEL_II oplock makes
vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default
trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.
Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.
This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.
The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184
This allows us to replace the implicit limit via data_blob_append()
removed in the previous commit.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 17 20:44:36 UTC 2019 on sn-devel-184
This behaviour is Samba-specific, we have not traditionally cut of responses at 1000
or so as Windows does, and we need to change that behaviour carefully.
This triggers this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
Add a --undefined-sanitizer option to configure, this causes the tests
to be run with the undefined behaviout sanitizer enabled.
Errors can be suppressed by adding entries to selftest/ubsan.supp
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue May 14 07:20:28 UTC 2019 on sn-devel-184
We want to enable gcov for all tasks, move it to global wscript.
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Test for LDAP request with an empty attribute list. LDB responds with
no attributes, but LDAP responds with all attributes. Fix is attached
to the bug below but we can't push it upstream until we've found all
instances of incorrect empty attribute list usage in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.
Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 1 18:33:00 UTC 2019 on sn-devel-184
We run the tests again, trying to modify as a normal user rather than
Administrator.
It turns out that we do not always return the same error code as
Windows, but in all these tests both Windows and Samba always return
some kind of error (as you might hope).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Do we interpret these the same way as Windows? In many cases, no.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test was presumably commented out because we fail it, and
known-failing it would have hidden the attr-too-short tests that it
was bundled with. If we disentangle them we can knwn-fail it, which
serves as a TODO list.
(passes against WIN2012R2).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
fl2008r2dc already has a trusted domain. That will be used to use
idmap_ad for querying idmap attributes from the trusted domain.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We don't want to see this:
python3 -c "import sys
sys.path.insert(0, 'bin/python')
import ldb
m = ldb.Message()
e = ldb.MessageElement('q')
try:
m.add(e)
except ldb.LdbError:
pass
print(m)
"
Segmentation fault (core dumped)
instead we want this:
Traceback (most recent call last):
File "<string>", line 7, in <module>
ValueError: The element has no name
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 23 19:03:35 UTC 2019 on sn-devel-144
Also Skip MC tests for s4 ntvfs fileserver, it's not supported at all.
Use knownfail for s3 fileserver for the time being (until socketwrapper
supports fd-passing).
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
The username should always be returned in the DOMAISHORTNAME/USERNAME
format.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is needed because the name of the autobuild job and
the name of the selftest env end up in the socket path
for ncalrpc sockets.
The challenge is that (for example)
/memdisk/autobuild/fl/b2424063/samba-schemaupgrade/bin/ab/schemaupgrade_pair_dc/ncalrpc/np/protected_storage
does not fit in a struct sockaddr_un.
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 12 05:41:36 UTC 2019 on sn-devel-144
This adds a new 2-DC testenv that:
1. Provisions an AD DC with 2008R2 schema
2. Joins another AD DC with 2008R2 schema
3. Starts Samba
4. Performs a live schema upgrade on the PDC
Testenv targetting in tests.py files for this testenv required that we
extend the environment dependencies system to include optional post-startup
dependencies specified in ENV_DEPS_POST maps.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Currently schema info's revision field isn't incremented if relax
control is present. This is so that no increment is done during
provision, but we need the relax control in other situations where
the increment is desired, so we should use the provision control instead
to disable schema info update.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Currently schema info's revision field isn't incremented if relax
control is present. This is so that no increment is done during
provision, but we need the relax control in other situations where the
increment is desired. This patch adds a failing test to expose the
problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
mkdir() is the other call that requires a umask of 0 in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Umask manipulation was added to pysmbd with e146fe5ef9 in 2012
and init_files_struct was split out in 747c3f1fb3 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).
This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.
Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).
Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.
mkdir() will be protected by a umask() bracket, for correctness, in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).
As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.
This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 8 03:09:42 UTC 2019 on sn-devel-144
The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.
We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.
This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144
Currently setting maxPwdAge doesn't work at all.
While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We like to use "TESTS=medley" for the old ad_dc_medley.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add samba3.smb2.notify until Metze gets time to follow it up.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The "oLschema2ldif" program contained multiple bugs triggered by
malformed inputs:
* Iteration beyond list of recognized dsdb syntax OIDs when value wasn't
found (bug 9567)
* NULL pointer dereference when input didn't define a name
* Heap buffer overflows for unterminated token values
Tests are added to reproduce all identified bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9567
Signed-off-by: Michael Hanselmann <public@hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Then adapted to use ARRAY_SIZE() consistently as suggested by
metze.
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 3 02:43:07 UTC 2019 on sn-devel-144
The prefork restart tests use the kdc to test restart back off. These
tests need to use a process that has not been restarted to ensure that
the process restart counters are sitting at 0 when the tests start.
As MIT kerberos is experimental the heimdal builds will still ensure
that this functionality is tested.
At some stage the echo server should be converted to run in pre-fork and
this process can then be used to test the restart backoff.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
