IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We should use the default priority list. That is a good practice,
because TLS protocol hardening and phasing out of legacy algorithms,
is easier to co-ordinate when happens at a single place. See crypto
policies of Fedora.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14408
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 17 17:42:02 UTC 2020 on sn-devel-184
If we go to done and call smbc_free_context() the pointer should be
initialized.
Found by clang.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
it has been a long time since we introduced "control", so lets remind
ourselves which control it was.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 13 06:50:12 UTC 2020 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
even if the tgt session key uses different hmac.
Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.
In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.
Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
We test the limits here and leave a 16TB file with zeros.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 5 13:17:55 UTC 2020 on sn-devel-184
Used to fill the unix info in a struct auth_session_info similar to
auth_session_info_fill_unix().
The new auth_session_info_set_unix() receives the uid and gid for
the unix token as an parameter. It does not query the unix token from
winbind (via security_token_to_unix_token()).
This is useful to fill a user session info manually if winbind is not
available.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14400
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>
The test is written for SAMR, but as the handle type is verified by the
server core library it also applies to other RPC services.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Anoop C S <anoopcs@redhat.com>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 15 16:02:47 UTC 2020 on sn-devel-184
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
This reverts commit 5639e973c1.
This is no longer needed as the next commit includes a Python
test for this, without the complexity of being inside krb5.kdc.canon.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reverts commit 151f8c0f31.
This allows a clean revert (and so removal) of the test.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This reverts commit a53fa8ffe3.
This allows a clean revert (and so removal) of the test.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
On (eg) the
DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y
record, in domains that have had a Microsoft Windows DC an attribute:
dNSProperty:: AAAAAAAAAAAAAAAAAQAAAJIAAAAAAAAA
000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 >................<
000010 92 00 00 00 00 00 00 00 >........<
000018
We, until samba 4.12, would parse this as:
pull returned Success
dnsp_DnsProperty: struct dnsp_DnsProperty
wDataLength : 0x00000000 (0)
namelength : 0x00000000 (0)
flag : 0x00000000 (0)
version : 0x00000001 (1)
id : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
data : union dnsPropertyData(case 0)
name : 0x00000000 (0)
dump OK
However, the wDataLength is 0. There is not anything in
[MS-DNSP] 2.3.2.1 dnsProperty to describe any special behaviour
for when the id suggests that there is a value, but wDataLength is 0.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80
We now fail to parse it, because we expect an entry with id DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 2.2.3.2.3).
As context we changed it in our commit fee5c6a424
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.
Microsoft advises that Windows also fails to parse this, but
instead of failing the operation, the value is ignored.
Reported by Alex MacCuish. Many thanks for your assistance in
tracking down the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 07:29:17 UTC 2020 on sn-devel-184
raw.samba3rootdirfid tests with the share root directory as root_dir_fid handle,
that doesn't cover the case where the relative name has more then one path
component. It only works because in unix_convert() we run into the creating file
optimasation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
[MS-FSA] 2.1.5.2 Server Requests a Read and
2.1.5.3 Server Requests a Write define some contraints.
These tests demonstrate that ((int64_t)offset) < 0) is
not allowed for both reads and writes for SMB.
Also the special case for writes at offset -2 is not possible
nor the append mode with offset < 0.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14361
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Review-note: The for loop increment operation was changed and the
trailing i++ was removed from the loop body.
The resulting for statement is equivalent to the original
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 8 11:16:18 UTC 2020 on sn-devel-184
Opens the root of a share over SMB2 with a zero-length
filename and a timewarp token.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon May 4 10:14:28 UTC 2020 on sn-devel-184
Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Add search request size limits to ldap_decode calls.
The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected. Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.
Credit to OSS-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit eb167bc43dbe196ef5b3bfd24160c72c74113dea)
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9437b44668c9f7742d6d4fe0891ac4d9fda7c804)
Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 097df343ce21c8340aee7f42f233fe74b92b47e2)
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3763052c2a95ac9bd60f00458389a5245cf5d58d)
The LDAP backend for the Samba AD DC, aiming to store the AD DC in
an existing LDAP server was largely removed many years aga, but the
other parts were removed in 2b0fc74a09.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr 23 06:12:20 UTC 2020 on sn-devel-184
We need READ_CONTROL, and actually have to ask for
the OWNER|GROUP|DACL bits if we're going to properly
check the SD.
Tested against Windows 10.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 16 20:42:58 UTC 2020 on sn-devel-184
If we open a file without READ_CONTROL, requesting a security
descriptor fails with ACCESS_DENIED if any of the requested
bits OWNER|GROUP|DACL are set.
However, if we send zero as the requested bits then a
security descriptor is returned containing no data,
even though reading an SD should fail based on the
access permissions we have on the handle.
This has been tested against Windows 10, and also
passes on Samba - although in smbd we actually
read the SD off disk first, before nulling out
all the data we read. We shouldn't (we have
no rights to do so) and a subsequent commit
will fix this.
This was discovered when investigating the
smb2.winattr test, which currently relies
on exactly this behavior. It shouldn't
and the next commit will fix that.
I wanted to preserve the current smb2.winattr
behavior in a test though.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Fixes the following flapping test:
UNEXPECTED(failure): samba4.libsmbclient.utimes.SMB3.utimes(nt4_dc)
REASON: Exception: Exception: ../../source4/torture/libsmbclient/libsmbclient.c:1249:
st.st_mtim.tv_nsec / 1000 was 98181 (0x17F85),
expected 1098181 (0x10C1C5): smbc_utimes did not update msec
https://gitlab.com/samba-team/devel/samba/-/jobs/506361470
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Apr 11 12:24:00 UTC 2020 on sn-devel-184
The following tests which fail when run against a test env that
doesn't support SMB1
samba4.rpc.join on ncacn_ip_tcp with bigendian(ad_dc_default)
samba4.rpc.join on ncacn_ip_tcp with seal,padcheck(ad_dc_default)
samba4.rpc.join on ncacn_ip_tcp with validate(ad_dc_default)
samba4.rpc.join on ncacn_np with bigendian(ad_dc_default)
samba4.rpc.join on ncacn_np with seal,padcheck(ad_dc_default)
samba4.rpc.join on ncacn_np with validate(ad_dc_default)
samba4.rpc.join on ncalrpc with bigendian(ad_dc_default:local)
samba4.rpc.join on ncalrpc with seal,padcheck(ad_dc_default:local)
samba4.rpc.join on ncalrpc with validate(ad_dc_default:local)
have been moved to ad_dc_default_smb1
results verified with
VALIDATE="validate" python3 source4/selftest/tests.py | grep "^samba4.rpc.join" | grep ad_dc_default | sort
corrosponding entries have been removed from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test samba4.ldap.passwordsettings fails when run against test env that
doesn't support SMB1 so move to ad_dc_default_smb1
Note: no skip entries to be removed as tests are known failures
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test samba4.ldap.nested-search fails when run against test env
that doesn't support SMB1 so move to ad_dc_default_smb1
Also remove entry from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test was using smbclient4 but this fails when used in environments that
don't support SMB1. We use smbclient(s3) instead. There remains one
failure due to behaviour differences between the smbclients.
The behavioural changes are related not to SMB1/SMB2 but
commits d4ea637eb8 &
fce66b22ea
Perhaps we need to modify s3 smbclient in a similar way? This is however
something that deserves further discussion.
Move this failing part to a knownfail for the moment.
Also the corrosponding entry in skip_smb1_fail has been removed
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
samba4.blackbox.pkinit falls to pass in environments that don't support
SMB2 because of use (s4) smbclient4. Change test to use (s3) smbclient
Additionally a test within the test script test_kinit_trusts_heimdal.sh
explicitly uses smbclient4 which can't negotiate SMB1 in environments
that don't support it. Add knownfail to cater for this & also remove entry
from the skip file
Further reference the smbclient4 specific test is associated with
https://bugzilla.samba.org/show_bug.cgi?id=12554 so maybe we should
keep it for the moment
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test samba.tests.net_join_no_spnego when run in environment
doesn't support SMB1 so move it to ad_dc_smb1 and remove
skip_smb1_fail entry
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test samba.tests.auth_log_pass_change will fail when run against
environments that don't support SMB1 so move this test to ad_dc_smb1
and remove entry from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Test samba.tests.auth_log will fail when run against environments that
don't support SMB1 so move this test to ad_dc_smb1 and removing
entry from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Moving
samba4.smb.spnego.krb5.no_optimistic(ad_dc)
samba4.smb.spnego.ntlmssp.no_optimistic(ad_dc)
and additionally removing the entries from skip_smb1_fails
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Move the following tests from ad_dc to ad_dc_smb1
samba4.rpc.join with bigendian(ad_dc)
samba4.rpc.join with seal,padcheck(ad_dc)
samba4.rpc.join with validate(ad_dc)
and additionally remove the corrosponding entries from skip_smb1_fails
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Move
samba4.rpc.authcontext with bigendian(ad_dc)
samba4.rpc.authcontext with seal,padcheck(ad_dc)
samba4.rpc.authcontext with validate(ad_dc)
to ad_dc_smb1 environment and remove the corrosponding entries in
skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
additionally remove those related entries from skip_smb1_fails
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbclient4 only negotiates smb1, this test should use smbclient(s3)
instead.
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(s4) smbclient doesn't negotiate smb2, (s3) smbclient is what
is used and what we really should be testing.
Additionally remove entry from ski_smb1_fails file
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Additionally we remove the entry from skip_smb1_fails as it is
no longer relevant
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbclient4 only negotiates smb1, tests probably should use smbclient
instead (except for tests that intentionally are testing smbclient4
itself)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will help provide a better memory tree if we ever suspect a problem
here. The tmp_ctx varaible is always freed before the end of this
function.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar 27 19:54:25 UTC 2020 on sn-devel-184
This makes our testing much more realistic and allows
the removal of some knowfail entries.
It also means the testing with network namespaces on Linux
can use the same addresses as our socket wrapper testing.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This was
(PyUnicode_Check(pystr) || PyBytes_Check(pystr))
This allows us to end the use of Python 2/3 compatability macros.
The one caller will be simplified in the next commit
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <nopower@samba.org>
This allows us to end the use of Python 2/3 compatability macros.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
This allows us to end the use of Python 2/3 compatability macros.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
This will allow us to remove some unused code in the PIDL-generated
python bindings.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Previously this would fail with Unsupported critical extension 1.3.6.1.4.1.7165.4.3.2
Reported by Alexander Harm. Many thanks for helping make Samba better
and for your patience with patches and providing debugging information.
REF: https://lists.samba.org/archive/samba/2020-February/228153.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14306
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This type of object was not possible to delete in Samba without first removing
the link.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14306
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The goal is to pass the raw protocol testsuite against s3 RPC server.
To do so we need to enable epmd and lsasd daemons, as the testsuite
connects to the endpoint mapper and lsa endpoints using NCACN_IP_TCP
and NCACN_NP transports.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This was causing samba.tests.net_join_no_spnego(ad_dc) to
core dumps sometimes on tumbleweed with python3.8
with...
===============================================================
INTERNAL ERROR: Signal 11 in pid 1781 (4.12.0)
If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
===============================================================
smb_panic_default: PANIC (pid 1781): internal error
BACKTRACE: 64 stack frames:
7128 #0 bin/shared/libsamba-util.so.0(log_stack_trace+0x1f) [0x7fa541c5b220]
7129 #1 bin/shared/libsamba-util.so.0(+0x1efc8) [0x7fa541c5afc8]
7130 #2 bin/shared/libsamba-util.so.0(log_stack_trace+0) [0x7fa541c5b201]
7131 #3 bin/shared/libsamba-util.so.0(+0x1eed9) [0x7fa541c5aed9]
7132 #4 bin/shared/libsamba-util.so.0(+0x1eeee) [0x7fa541c5aeee]
7133 #5 /lib64/libc.so.6(+0x3bf20) [0x7fa542631f20]
7134 #6 /usr/lib64/libpython3.8.so.1.0(PyObject_GC_UnTrack+0xd) [0x7fa542386c1d]
7135 #7 /usr/lib64/libpython3.8.so.1.0(+0x12d599) [0x7fa542387599]
7136 #8 /usr/lib64/libpython3.8.so.1.0(_PyEval_EvalFrameDefault+0x4d6d) [0x7fa5424269ed]
7137 #9 /usr/lib64/libpython3.8.so.1.0(_PyEval_EvalCodeWithName+0x30c) [0x7fa5423eaf5c]
7138 #10 /usr/lib64/libpython3.8.so.1.0(_PyFunction_Vectorcall+0x18e) [0x7fa5423ebcbe]
7139 #11 /usr/lib64/libpython3.8.so.1.0(_PyEval_EvalFrameDefault+0x4a3a) [0x7fa5424266ba]
etc....
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 19 22:23:52 UTC 2020 on sn-devel-184
insert_dict is used as a convenience to decrement the values to
prevent leaks with orpahaned PyObjects and avoid excessive creation of
temp variables.
if (!dict_insert(parameters,
"rootdn",
PyUnicode_FromString(settings->root_dn_str))) {
status = NT_STATUS_UNSUCCESSFUL;
goto out;
}
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
provision_fn is a borrowed reference we should not
call Py_CLEAR on it
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Verify a close updates the write-time for subsequent writes after an initial
write started the delayed update logic.
This covers a scenario that will become relevant with the two subsequent
commits. The next commit:
smbd: let mark_file_modified() always call trigger_write_time_update()
ensures that trigger_write_time_update() is not only called for the first write
on a file. Without that preaparatory change, the second commit:
smbd: let delayed update handler also update on-disk timestamps
alone would cause this test to fail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Verify close only updates write-time when a delayed update is actually pending.
This scenario is not covered by basic.delaywrite.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test demonstrates that Windows has a timestamp resolution of ~15ms.
When a smaller amount of time than that has passed between modifying operations
on a file, it's not necessarily detectable on a Windows 2019 server that
implements immediate timestamp updates (no delayed magic).
Note that this test relies on a low latency SMB connection. Even with a low
latency connection of eg 1m there's a chance of 1/15 that the first part of the
test expecting no timestamp change fails as the writetime is updated.
Due to this timing dependency this test is skipped in Samba CI, but it is
preserved here for future SMB2 timestamps behaviour archealogists.
See also: https://lists.samba.org/archive/cifs-protocol/2019-December/003358.html
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
ext filesystem has a time_t limit of 15032385535 (0x0x37fffffff). From
Documentation/filesystems/ext4/inodes.rst:
If the inode structure size ``sb->s_inode_size`` is larger than 128 bytes and
the ``i_inode_extra`` field is large enough to encompass the respective
``i_[cma]time_extra`` field, the ctime, atime, and mtime inode fields are
widened to 64 bits. Within this “extra” 32-bit field, the lower two bits are
used to extend the 32-bit seconds field to be 34 bit wide; the upper 30 bits
are used to provide nanosecond timestamp accuracy. Therefore, timestamps
should not overflow until May 2446. ...
Changing the test to use the value 0x37fffffff instead of 100000000000 allows
running the test locally on ext filesytems.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
For adapting unix extensions in our client libraries, we need a fresh start
with additional APIs. We can't change existing application behaviour.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Mar 10 14:46:04 UTC 2020 on sn-devel-184
With MIT library 1.18 the KDC no longer set
KRB5_KDB_FLAG_CANONICALIZE for enterprise principals which allows
us to not canonicalize them (like in Windows / Heimdal).
However, it now breaks the PAC signature verification as it was
wrongly done using canonical client rather than ticket client name.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Found while trying to run winexe against Windows Server 2019.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The talloc_steal() in dsdb_enum_group_mem() is unnecessary, because
members was already allocated from the same mem_ctx.
The talloc_steal() in pdb_samba_dsdb_enum_aliasmem() is also unnecessary
for the same reason, but also incorrect, because it should be
dereferencing pmembers:
talloc_steal(mem_ctx, *pmembers);
Furthermore, we should only assign to *pnum_members on success; otherwise
num_members is used uninitialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14264
Signed-off-by: Jonathon Reinhart <Jonathon.Reinhart@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 5 18:40:16 UTC 2020 on sn-devel-184
The allocated memory for "full_name" must be free'd
before returning to caller.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 4 10:43:54 UTC 2020 on sn-devel-184
A few lines above the mode check we created a file with mode
0666. With unix exensions we expect this back 1:1, without them the
server changes them on the fly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
I had to modify the backend DB to produce this error, but
I would like a clear error anyway.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 2 04:14:22 UTC 2020 on sn-devel-184
The modification into a tombstone should be a pretty reliable operation
so if it fails print lots of info for debugging.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This is required despire the demise of the LDAP backend.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Feb 28 04:42:23 UTC 2020 on sn-devel-184
The LDAP backend is long-removed so we do not need this workaround
for a confused server any longer.
This avoids references to old (but valid) memory after a new ldb_control array is
allocated in ldb_save_controls() and keeps the controls pointer as
constant as possible given the multiple ldb_request structures it
will appear in.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The two string arguments to torture_comment() can be NULL
as the succeeding checks suggest. This is not wanted because a compile
with --enable-developer throws an error of [-Werror=format-overflow=]
in those situations.
Signed-off-by: Swen Schillig <swen@linux.ibm.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The libsmbclient readdir tests are broken just for the unix extension
case. For example they assume our "map archive" behaviour. This will
have to be parameterized once unix extensions become better
implemented in libsmbclient
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 27 19:34:36 UTC 2020 on sn-devel-184
This makes it possible to tell different child tasks apart on linux systems
that have not compiled against libsetproctitle or libbsd-setproctitle.
Use "ps -ef -o pid,comm" to see the tree with these titles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14287
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>