IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It gets LDAP_STRONG_AUTH_REQUIRED from current AD servers
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 20 18:44:49 UTC 2020 on sn-devel-184
Avoid losing the specific error code with this simple wrapper function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Without this, test_multibind() only gets NULL for userdn and password,
not doing what the test claims. This now fails, because our LDAP
server does not allow plain text binds.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The next commit will make this fail, and we need to detect this in
knownfail.d/ldap. Without subunit output filter-subunit won't find it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We don't need the asn1 struct after this point anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 17 11:10:04 UTC 2020 on sn-devel-184
Slight optimization for the ldap server: We don't need to copy the
client PDU into the ASN1 struct, the decoding process happens
immediately in the same routine.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Commit 810397f89a, and possibly others, broke the build for macOS and
other environments which don't have st_[acm]tim fields on 'struct stat'.
Multiple places in the codebase used the config.h values to determine
how to access the nanosecond or microsecond values of the stat
timestamps, so rather than add more, centralize them all into
lib/util/time.c.
Also allow pvfs_fileinfo.c to read nanosecond-granularity timestamps on
platforms where it didn't before, since its #if branches were not
complete.
Signed-off-by: Matthew DeVore <matvore@google.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Aug 15 08:51:09 UTC 2020 on sn-devel-184
(const excepted)
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Updated to 2020 requirements since changes in
13a2f70a4d
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Other parts of Samba already compile these directly.
This makes these files compile with modern compiler warnings.
The primary difference (other than being built with a newer
flex) is the loss of the #include "config.h" but
this is not used in the other .l files elsewehre and does not
seem to matter on modern systems.
The generated output from compile_et asn1_compile has not changed
(so I think the hx509 case is safe).
The mdssvc case just has changed file locations and line numbers.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This allows us to avoid warnings and errors due to unsued variables
and functions.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Rewrite the extension to be easier to understand,
and to remove references to gp_ext_setter.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This command prints the Resultant Set of Policy
for applicable GPOs, for either the Computer or
User policy (depending on the target specified).
Policy specific output must be implemented for
each client side extension.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
GCC 9.3.0 doesn't like a true array being compared to NULL.
[3628/3972] Compiling source4/torture/smb2/multichannel.c
../../source4/torture/smb2/multichannel.c:1077:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
../../source4/torture/smb2/multichannel.c:1284:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
../../source4/torture/smb2/multichannel.c:2337:7: error: comparison of array 'trees2' equal to a null pointer is always false [-Werror,-Wtautological-pointer-compare]
if (trees2 == NULL || trees2[i] == NULL) {
^~~~~~ ~~~~
3 errors generated.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 17 07:16:31 UTC 2020 on sn-devel-184
We should not crash when the test fails, so we use a 2nd independent
connection to unlink the file at the end.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
It's better to have durable handles and multichannel tested separate:
1. we test both cases in the server
2. it makes it easier to deal with knownfail entries if only one
of these features is active on the server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This is similar to the smb2.multichannel.leases.test5,
but it tests the oplock case instead of leases.
With Oplocks Windows only sends a single break on the latest channel,
this is not what the spec says...
Maybe we should have a similar test that would expect the
behavior from the [MS-SMB2] (3/4/2020 rev 60.0)
"3.3.4.6 Object Store Indicates an Oplock Break":
...
If the server implements the SMB 3.x dialect family, SMB2 Oplock Break
Notification MUST be sent to the client using the first available
connection in Open.Session.ChannelList where Channel.Connection is not
NULL. If the server fails to send the notification to the client, the
server MUST retry the send using an alternate connection, if available,
in Open.Session.ChannelList.
...
Here I add one test that demonstrates the Windows behavior:
smb2.multichannel.oplocks.test3_windows
and a 2nd test that demonstrates the behavior from MS-SMB2.
smb2.multichannel.oplocks.test3_specification
Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.
Against remote servers it's required to run iptables as root:
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.oplocks.test3_windows
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.oplocks.test3_specification
The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.
Samba will get a "smb2 disable oplock break retry" configuration
option to switch between both behaviors, as it's much more common with Samba
that leases are not supported and clients will fallback to
oplocks together with multichannel.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This tests 32 channels, which is the maximum Windows Server
versions support. (Note that Windows 10 (a Client OS as SMB server,
seems to support only 20 channels and may differ in other aspects,
so we ignore that for now).
This works at least against Windows Server 2019
and we see lease break notification retries every ~ 1.3 seconds
with ~ 5 TCP retransmissions. At that rate we see the remaining
5 retries after the conflicting SMB2 Create already returned.
Older Windows Server versions use much longer timeouts in the TCP-stack,
they send lease break notification retries less often and only 4 in
total, all other channels get TCP-RST packets because of missing
TCP keepalive packets before they're used.
The intervals between lease break notification retries are
~19 seconds for 2012[_R2] and ~25 seconds for 2016.
It means that only ~2 lease break notifications arrive before
the open returns after ~35 seconds.
Note that Windows 10 seems to behave differently and it's not
possible to open all 32 channel used by this test.
Against remote servers it's required to run iptables as root:
#> smbtorture //server/torture -Uu%p \
--option="torture:use_iptables=yes" \
--option="torture:iptables_command=sudo /sbin/iptables" \
smb2.multichannel.leases.test4
The test will also work against a Samba server
with 'smbd:FSCTL_SMBTORTURE = yes', and won't require iptables
in that case.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Having a test that would only pass against Samba makes things way
to complex, they're already complex and we should try to behave
like windows as much as possible.
The next commit will add a better test that will work against Windows
Servers and the future Samba servers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
We still receive the break on the blocked channel,
it's only the response ACKs, which we are blocking (or simulate to
block).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
