1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

2875 Commits

Author SHA1 Message Date
David Mulder
09a8f409e5 samba-tool: Replace gpo command for removing Sudoers Group Policy
Replace it with the VGP command for removing
sudoers entries from an xml file.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb 14 00:53:41 UTC 2021 on sn-devel-184
2021-02-14 00:53:41 +00:00
David Mulder
430e065fa9 samba-tool: Test gpo manage vgp sudoers remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
30e0ba2ed8 samba-tool: Replace gpo command for adding Sudoers Group Policy
Replace it with the VGP command for adding
sudoers entries in an xml file.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
7f3c2b69be samba-tool: Test VGP sudoers add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
777173923c samba-tool: Replace gpo command for listing Sudoers Group Policy
Replace it with the VGP command for listing
sudoers entries in an xml file.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
ca60a0cb17 samba-tool: Test gpo manage vgp sudoers list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
35cf85d213 gpo: VGP Sudoers policy must handle group principals
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
7c2f2d31c3 gpo: Test that VGP Sudoers policy handles group principals
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-13 23:50:36 +00:00
David Mulder
8fa5398592 gpo: Security gpext rsop list only own policies
The rsop should only list the policies from
that extension, not from all policies in the
same file.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 11 18:28:09 UTC 2021 on sn-devel-184
2021-02-11 18:28:09 +00:00
David Mulder
55d432248c gpo: Test that Security gpext rsop lists only own policies
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-11 17:21:33 +00:00
David Mulder
ff4279575f gpo: Ensure empty Security sections are removed
Failing to remove the empty section causes tests
to fail, and is also just bad practice.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-11 17:21:33 +00:00
David Mulder
c27c97ab55 gpo: Test that empty Security sections are removed
Ensure that empty sections are removed when
calling samba-tool gpo manage security set.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-11 17:21:33 +00:00
Stefan Metzmacher
9178e72dcc selftest/gdb_backtrace: use 'unset LD_PRELOAD'
We may have bugs in socket_wrapper and others, we don't want
to inject these bugs into the debugger.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-02-10 14:00:32 +00:00
David Mulder
d052968260 samba-tool: Add a gpo command for setting VGP OpenSSH Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  9 21:24:14 UTC 2021 on sn-devel-184
2021-02-09 21:24:14 +00:00
David Mulder
be8f0d8ddb samba-tool: Test gpo manage openssh set command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09 20:22:36 +00:00
David Mulder
3c47a81472 samba-tool: Add a gpo command for listing VGP OpenSSH Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09 20:22:36 +00:00
David Mulder
61394e5dd1 samba-tool: Test gpo manage openssh list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09 20:22:36 +00:00
David Mulder
ddf1cbd345 gpo: Apply Group Policy OpenSSH settings from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09 20:22:36 +00:00
David Mulder
e9c1cc4e74 gpo: Test Group Policy OpenSSH for VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-09 20:22:36 +00:00
David Mulder
d6f9172c92 samba-tool: Add a gpo command for removing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb  8 23:36:57 UTC 2021 on sn-devel-184
2021-02-08 23:36:57 +00:00
David Mulder
c1d67b2742 samba-tool: Test gpo manage files remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
6334307ae7 samba-tool: Add a gpo command for adding VGP Files Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
a974cd94af samba-tool: Test gpo manage files add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
a786e30fda samba-tool: Add a gpo command for listing VGP Files Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
926cdeb10f samba-tool: Test gpo manage files list command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
0b66bf6512 gpo: Apply Group Policy Files Policy from VGP
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
David Mulder
f7ef066f7f gpo: Test Group Policy VGP Files Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-08 22:33:14 +00:00
Ralph Boehme
d78964c40b smbd: don't overwrite _mode if neither a msdfs symlink nor get_dosmode is requested
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-05 06:22:35 +00:00
Ralph Boehme
5572ae296e CI: verify a symlink has FILE_ATTRIBUTE_NORMAL set
Not that it really makes sense to set FILE_ATTRIBUTE_NORMAL for symlinks in
POSIX client context, but that's what we had before 4.14.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-05 06:22:35 +00:00
Andreas Schneider
0bdbe50fac lib:util: Avoid free'ing our own pointer
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb  3 10:57:01 UTC 2021 on sn-devel-184
2021-02-03 10:57:01 +00:00
Andreas Schneider
00543ab3b2 lib:util: Add cache oversize test for memcache
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-02-03 09:53:32 +00:00
Andreas Schneider
bebbf621d6 lib:util: Add basic memcache unit test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-02-03 09:53:32 +00:00
Andrew Bartlett
da627106cd dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.

We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  3 05:29:11 UTC 2021 on sn-devel-184
2021-02-03 05:29:11 +00:00
Andrew Bartlett
1ec1c35a3a selftest: Confirm that we fix any errors on the Deleted Objects container itself
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-02-03 04:19:36 +00:00
Andreas Schneider
12ca2e37b7 selftest: Fix libasan preload
libasan.so needs to be the first library which is preloaded or it wont
work.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-02-03 04:19:36 +00:00
Jeremy Allison
4f80f5f904 s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.

As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.

This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.

Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.

Remove the knownfail.d entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  2 21:05:25 UTC 2021 on sn-devel-184
2021-02-02 21:05:25 +00:00
Jeremy Allison
068f4a977f s3: tests: Add regression test for bug 13992.
Subtle extra test. Mark as knownfail for now.

'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-02-02 19:54:34 +00:00
Andreas Schneider
35459b753a selftest: Add support for python-dateutil >= 2.7.1
This uses the more widespread python-dateutil instead of python-iso8601.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb  2 19:53:35 UTC 2021 on sn-devel-184
2021-02-02 19:53:35 +00:00
Andreas Schneider
273a3c089d selftest: Directly import python-iso8601
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-02-02 18:48:35 +00:00
Andreas Schneider
9d82f90b26 selftest: Disable detection of ODR violations
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-02-01 21:50:32 +00:00
Stefan Metzmacher
86343125a5 selftest: make/use a copy of GNUPGHOME
That makes it possible to run tests from a read only source tree.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-01-27 17:07:09 +00:00
Stefan Metzmacher
568c7d38de selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary
This way we can use it on even in some special cases, where we combine
variables from multiple environments.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-01-27 09:56:29 +00:00
Stefan Metzmacher
dce0bdc39e selftest/Samba4: correctly pass KRB5CCNAME to provision
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-01-27 09:56:29 +00:00
Stefan Metzmacher
15b3916040 selftest/Samba4: make more use of get_cmd_env_vars()
This simplifies the code a lot and makes it much easier to
add new environment variables in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-01-27 09:56:29 +00:00
Stefan Metzmacher
719eccd445 selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()
While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-01-27 09:56:29 +00:00
Stefan Metzmacher
0230122238 selftest: allow a prefix under /m/username/
We only want to match/replace only a '.' pathname component
not any single character pathname compoment!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-01-27 09:56:29 +00:00
David Mulder
709a6d6491 samba-tool: Add a gpo command for removing VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 27 07:32:03 UTC 2021 on sn-devel-184
2021-01-27 07:32:03 +00:00
David Mulder
5794c670ff samba-tool: Test gpo manage symlink remove command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27 06:30:31 +00:00
David Mulder
3fc89829a9 samba-tool: Add a gpo command for adding VGP Symbolic Link Group Policy
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27 06:30:31 +00:00
David Mulder
7b2ecefd55 samba-tool: Test gpo manage symlink add command
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-01-27 06:30:31 +00:00