IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This allows us to test session binds with different users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.
It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.
In order to work out the details I've added more similar tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The current_user_info is updated at the SMB level, but currently not at the RPC
level in the RPC impersonation function smbd_become_authenticated_pipe_user().
For RPC services running embedded this is not an issue as the SMB level
impersonation has already taken care of current_user_info, but for RPC services
running as external daemons, eg spoolssd, the omission of updating
current_user_info results in variable expansion of eg %U (username) to be
broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834
RN: %U variable expansion not working in spoolsd
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 12 00:54:01 UTC 2021 on sn-devel-184
If we don't anticipate a missing principal name,
samba-tool crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184
If we don't anticipate a missing principal name,
the extension crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reproduces a problem that is triggered when
smbd_server_connection_terminate() is called recursively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This actually fixes crashes due to stale pointers.
With multi-channel and with 2 (or more) connections,
we'll call smbXsrv_session_disconnect_xconn() when a connection
gets disconnected, but we'll leave smbXsrv_client and all other
connections in place.
However smbXsrv_session_disconnect_xconn_callback() left
a stale session->db_rec pointer in place, which means
a following smbXsrv_session_logoff() will call
dbwrap_record_delete(local_rec) on a stale pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reproduces a bug where two SMB2_LOGOFF messages kill the whole
client smbd when multi-channel is used, instead of just removing the
logical session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test should be independent of the protocol in order to be
independent of multi-channel support of the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 24 22:01:08 UTC 2021 on sn-devel-184
There are tests in this environment that kill processes with SEGV
signals, which causes a backtrace that is entirely spurious from a
debugging point of view.
We can turn that off, saving processor time and moments of developer
confusion.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Sometime you know a test is going to crash and produce a LOT of
backtrace, and you already know what it will look like. For those
times you can set
PLEASE_NO_GDB_BACKTRACE=1
and there will be no backtrace, which can save quite a bit of time and
thousands of lines of log file. (In particular, backtraces of Python
programs can take over a minute to complete).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@suse.com>
Replace it with the VGP command for removing
sudoers entries from an xml file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb 14 00:53:41 UTC 2021 on sn-devel-184
Replace it with the VGP command for adding
sudoers entries in an xml file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Replace it with the VGP command for listing
sudoers entries in an xml file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
The rsop should only list the policies from
that extension, not from all policies in the
same file.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 11 18:28:09 UTC 2021 on sn-devel-184
Failing to remove the empty section causes tests
to fail, and is also just bad practice.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ensure that empty sections are removed when
calling samba-tool gpo manage security set.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
We may have bugs in socket_wrapper and others, we don't want
to inject these bugs into the debugger.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 9 21:24:14 UTC 2021 on sn-devel-184
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Feb 8 23:36:57 UTC 2021 on sn-devel-184
Not that it really makes sense to set FILE_ATTRIBUTE_NORMAL for symlinks in
POSIX client context, but that's what we had before 4.14.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14629
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb 3 10:57:01 UTC 2021 on sn-devel-184
These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.
We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 3 05:29:11 UTC 2021 on sn-devel-184
libasan.so needs to be the first library which is preloaded or it wont
work.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.
As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.
This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.
Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.
Remove the knownfail.d entry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 2 21:05:25 UTC 2021 on sn-devel-184
Subtle extra test. Mark as knownfail for now.
'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This uses the more widespread python-dateutil instead of python-iso8601.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Feb 2 19:53:35 UTC 2021 on sn-devel-184
That makes it possible to run tests from a read only source tree.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This way we can use it on even in some special cases, where we combine
variables from multiple environments.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This simplifies the code a lot and makes it much easier to
add new environment variables in future.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We only want to match/replace only a '.' pathname component
not any single character pathname compoment!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 27 07:32:03 UTC 2021 on sn-devel-184
This adds a Group Policy extension which applies
symlink policies set by Vintela Group Policy in the
SYSVOL.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
There's a correctly set up session_info at fsp->conn->session_info, we can just
use that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184
For some reason the join fails to register the DNS records when provisioning the
member env:
Using short domain name -- SAMBA2008R2
Joined 'IDMAPADMEMBER' to dns domain 'samba2008r2.example.com'
DNS Update for idmapadmember.samba.example.com failed: ERROR_DNS_UPDATE_FAILED
At the same time the hosts file used by the wrappers contains the wrong fqdn. As
a result the test that the next commit is going do add fails due do the broken
DNS resolution:
...
UNEXPECTED(failure): samba3.blackbox.winbind_ignore_domain.test_winbind_ignore_domains_ok_krb5(ad_member_idmap_ad:local)
REASON: Exception: Exception: do_connect: Connection to idmapadmember.samba2008r2.example.com failed (Error NT_STATUS_UNSUCCESSFUL)
...
Checking DNS in the testenv, first the working record for the main DC:
testenv$ dig @10.53.57.64 dc7.samba2008r2.example.com +short
10.53.57.27
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com dc7 A -U Administrator%locDCpass7
Name=, Records=1, Children=0
A: 10.53.57.27 (flags=f0, serial=1, ttl=900)
Now the failing idmapadmember:
testenv$ dig @10.53.57.64 idmapadmember.samba2008r2.example.com +short
testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com idmapadmember A -U Administrator%locDCpass7
ERROR: Record or zone does not exist.
Fixing the hosts file lets the tests work, fixing the broken DNS record
registration is a task for another day.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
This adds a Group Policy extension which applies
Sudo rights set by Vintela Group Policy in the
SYSVOL.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 19 08:11:50 UTC 2020 on sn-devel-184
This option can be used to make use of the change notify privilege.
By default notify results are not checked against the file system
permissions.
If "honor change notify privilege" is enabled, a user will only
receive notify results, if he has change notify privilege or sufficient
file system permissions. If a user has the change notify privilege, he
will receive all requested notify results, even if the user does not
have the permissions on the file system.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 17 15:01:53 UTC 2020 on sn-devel-184
That share will get the "honor change notify privilege = yes" option
once it's implemented. For now it's marked as knownfail.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The logic is basically a copy from planoldpythontestsuite().
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Note that uses SMB2 for the "Windows client" (aka non-POSIX) connection as SMB1
directory listing code translates a directory listing with a search mask that
matches an existing file to a CREATE which won't cut it for our test as we're
targetting the directory listing code.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Python idioms for iterating over a line and closing it have improved,
and we should keep up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
samba3.blackbox.smbclient_tar & samba3.blackbox.smbclient_tar
need separate shares with own xattr tdb(s)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14581
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add tests that set the server name to the client name for the machine
account in the kerberos AS_REQ. This replicates the TEST_AS_REQ_SELF
test phase in source4/torture/krb5/kdc-canon-heimdal.c.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 30 05:21:42 UTC 2020 on sn-devel-184
In smb2_setinfo.c the call to smbd_do_setfilepathinfo() to perform the
rename takes place while holding a share mode lock. The function
check_parent_access() called below tries to query the destination
directory's locking.tdb entry to check whether the delete on close
flag is set on the destination directory. This fails because the
file to be renamed already has the share mode entry locked, we can't
lock two share mode entries simultaneously.
Convert the check to use fetch_share_mode_unlocked(). This might
introduce races, but this whole check is racy anyway. It does not
really matter whether we do the check for delete_on_close under a lock
or not, fetch_share_mode_unlocked() retrieves a consistent status of
the locking.tdb entry at some point in time as well.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 20 00:20:06 UTC 2020 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 11 22:43:46 UTC 2020 on sn-devel-184
It should not be enough that a line ends with ']\n' is accident,
subunit DETAILS are terminated with '\n]\n'!
This gives a much higher chance to see the actual problem
without having them filtered by various 'filter-subunit' invocations.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This is documented in MS-KILE.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Nov 11 02:38:46 UTC 2020 on sn-devel-184
This test passed against Samba but failed against Windows when
an enterprise principal (user@domain.com@REALM) was encoded as
NT_PRINCIPAL.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 9 10:22:51 UTC 2020 on sn-devel-184
Add new python test to document the differences between the MIT and
Heimdal Kerberos implementations.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a heimdal kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Originally copied from 'source4/scripting/devel/createtrust'
(had to drop the TRUST_AUTH_TYPE_VERSION part though, as it
fails against samba DC).
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Add python canonicalization tests, loosely based on the code in
source4/torture/krb5/kdc-canon-heimdal.c. The long term goal is to move
the integration level tests out of kdc-canon-heimdal, leaving it as a
heimdal library unit test.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a MIT kerberos specific known fail, will be needed by subsequent
commits.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is an a bit subtle patch: The main trick is that the previous
code a DFS-style \\server\share\dir1\dir2 path ended up in the list of
directories to enumerate. This was then processed by do_list again,
passing it to cli_resolve_path. However, cli_resolve_path always
expects non-DFS style paths as input. This patch passes the original,
non-DFS path to do_list_helper(), so that it ends up without the DFS
style \\server\share prefix in the directory queue.
From general failure it just fails on the SMB1-based environments,
like the other smbclient_s3 ones in knownfail.d/smb1-tests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
chown the socket. The chown is no longer done in test mode so remove
this confusing hack.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 29 15:41:37 UTC 2020 on sn-devel-184
Just don't run the tests instead of retrofitting them to the skiplist.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
I tried to avoid any possible overhead for the common cases:
- SEC_ADS_LIST (List Children) is already granted by default
- fDoListObject is off by default
Overhead is only added if the administrator turned on
the fDoListObject feature and removed SEC_ADS_LIST (List Children)
from a parent object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
We may need to return child objects even if the base dn
is invisible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:
- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns
This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.
It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Extending testsuite for option 'valid/invalid users' from smb.conf.
Signed-off-by: Denis Karpelevich <dkarpele@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 16 18:30:18 UTC 2020 on sn-devel-184
Ensure that a maximum length password (512) is still accepted
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes it more clear what we want. 'smb encrypt' is a synonym for
'server smb encrypt'.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pass in the original source last component to rename_internals()
from reply_mv().
Change the wildcard detection in rename_internals() to
look at the correct thing for the source path.
This is now correctly set only from the unmangled last component
of the source path sent to reply_mv().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
Add a 'bool have_wcard' to unlink_internals().
Move the wildcard detection out of unlink_internals() as it
was looking at the wrong thing.
This is now correctly set only from the unmangled last component
of the path sent to reply_unlink().
We now pass:
Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
so remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
foo
fo*
The 'fo*' file has a mangled name of FSHCRD~2.
SMB1rename("dir/FSHCRD~2", "dir/ba*") will rename *both* files
as the new 'rename has wildcard' check is done after
the name unmangle.
SMB2 doesn't allow wildcard renames so doesn't have this problem.
Fix to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1)
samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1)
knownfail for now.
The recent wildcard changes broke something that used to work.
Consider a directory with 2 files:
dir/
a
*
The '*' file has a mangled name of _2X68P~X.
SMB1unlink("_2X68P~X") will delete *both* files
as the new 'unlink has wildcard' check is done after
the name unmangle.
SMB2 doesn't suffer from this problem, as it doesn't
allow wildcard unlinks.
Fix to follow.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
The remaining compat code (get_string, get_bytes,
cmp) are useful helper routines which we should
simply merge into common (especially since there
is some duplication here).
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
These tests do not need to be repeated over and over on multiple
distributions. This just wastes CI resources.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Make do_mget rely on do_list() already doing the recursion in a
breadth-first manner. The previous code called do_list() from within
its callback. Unfortunately the recent simplifications of do_list()
broke this, leading to recursive mget to segfault. Instead of figuring
out how this worked before the simplifications in do_list() (I did
spend a few hours on this) and fixing it, I chose to restructure
do_mget() to not recursively call do_list() anymore but instead rely
on do_list() to do the recursion. Saves quite a few lines of code and
complexity.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 30 17:23:45 UTC 2020 on sn-devel-184
Set a pid file directory to avoid the following testparm error:
ERROR: pid directory /usr/local/samba/var/run does not exist
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Make sure that unix_primary_group and unix_nss_info idmap_ad options
work. We have two domains here and test wbinfo -i for both domains, so
we also run the test without those options for the trusted domain.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
These parameters were missed by mistake when exts
were modified to be initialized within the rsop
command. Fixes an exception thrown when executing
samba-gpupdate --rsop:
Traceback (most recent call last):
File "/usr/sbin/samba-gpupdate", line 99, in <module>
rsop(lp, creds, gp_extensions, opts.target)
File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop
ext = ext(logger, lp, creds, store)
NameError: name 'logger' is not defined
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
This fixes one possible trigger for "PANIC: assert failed in get_lease_type()"
https://bugzilla.samba.org/show_bug.cgi?id=14428
This is no longer enough to remove the record:
d->have_share_modes = false;
d->modified = true;
Note that we can remove it completely from
share_mode_cleanup_disconnected() as
share_mode_forall_entries() already sets it
when there are no entries left.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This reproduces the origin of "PANIC: assert failed in get_lease_type()"
(https://bugzilla.samba.org/show_bug.cgi?id=14428).
share_mode_cleanup_disconnected() removes disconnected entries from
leases.tdb and brlock.tdb but not from locking.tdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
