1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

487 Commits

Author SHA1 Message Date
Andrew Bartlett
b6913830bf librpc/ndr: Do not follow a client-supplied NULL pointer in _print_drsuapi_DsAttributeValue_attid()
This is not a security issue as it only happens when printing the structure
during debugging, not normal production.

Found by Michael Hanselmann using an NDR fuzzer and Hongfuzz.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-10 02:53:34 +00:00
Andrew Bartlett
f786cdf5e8 selftest: Add ndrdump tests for malformed drsuapi traffic
Thanks to Douglas Bagnall for the samples, produced from seeds
generated by Samba's make test traffic, fuzzed by ndr_fuzz_X
and Hongfuzz.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-10 02:53:34 +00:00
Volker Lendecke
9c81aa9dab smbd: Fix a share_entries.tdb record leak
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:32 +00:00
Volker Lendecke
8435128582 smbd: Test cleanup of disconnected durable handle records
Right now this panics the scavenger daemon, preventing it from doing
its work. The reopen we expect to fail with
NT_STATUS_OBJECT_NAME_NOT_FOUND thus succeeds. I know that we should
more precisely detect the scavenger crash and with Jeremy's pattern in
46899ecf83 this would be possible. However, this is C code right now,
and scanning the logfile for the panic is more I have time for right
now. The test successfully indicates failure, as the next commit will
show.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-08 20:24:32 +00:00
Ralph Boehme
69691dd0cd smbd: fix handling of sentinel timestamp values
This implements two core changes:

* use NTTIME instead of struct timespec at the database layer

* use struct timespec { .tv_nsec = SAMBA_UTIME_OMIT } as special sentinel
  value in smbd when processing timestamps

Using NTTIME at the database layer is only done to avoid storing the special
struct timespec sentinel values on disk. Instead, with NTTIME the sentinel value
for an "unset" timestamp is just 0 on-disk.

The NTTIME value of 0 gets translated by nt_time_to_full_timespec() to the
struct timespec sentinel value { .tv_nsec = SAMBA_UTIME_OMIT }.

The function is_omit_timespec() can be used to check this.

Beside nt_time_to_full_timespec(), there are various other new time conversion
functions with *full* in their name that can be used to safely convert between
different types with the changed sentinel value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-06 00:17:36 +00:00
Ralph Boehme
2a82caf57e smbclient: use full_timespec_to_nt_time()
Needed to support dates corresponding to (time_t)0 and (time_t)-1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-06 00:17:36 +00:00
Ralph Boehme
02f18a3980 s3:lib: use nt_time_to_full_timespec() in interpret_long_date()
interpret_long_date() is now only used in the client. To enable correct
processing of dates before the UNIX epoch, call nt_time_to_full_timespec().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-06 00:17:36 +00:00
Ralph Boehme
7c1d895735 torture: add a timestamps torture testsuite
Add a test that shows that setting timestamps to the special
values (time_t) 4294967295, 0, -1 and anything below is broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-06 00:17:35 +00:00
Ralph Boehme
d95be91358 s3:tests: add a blackbox test that confirms broken timestamp behaviour
This blackbox test confirms that Samba returns NTTIME=0 when a filesystem object
has a UNIX timestamp value of 0, ie UNIX epoch start 1.1.1970.

Here's an example output from running smbstatus allinfo on such a file:

  $ bin/smbclient -U slow%x //localhost/test -c "allinfo time_0_1970"
  altname: T11662~T
  create_time:    NTTIME(0)
  access_time:    NTTIME(0)
  write_time:     NTTIME(0)
  change_time:    NTTIME(0)
  attributes:  (80)
  stream: [::$DATA], 0 bytes

If you look at it with smbclient ls command, it munges the output to be 1970 so
you don't notice the problem:

  $ bin/smbclient -U slow%x //localhost/test -c "ls time_0_1970"
    time_0_1970                         N        0  Thu Jan  1 01:00:00 1970

The test also test other time_t values -1 and 4294967295 that are used as
sentinel values in Samba code and shows that handling these values is equally
broken.

Same for time_t values < -1.

Note that I'm adding a blackbox test *and* a torture test, as with this blackbox
test I can directly control the server side, but with smbtorture I have to go
through the SMB stack to create the files which doesn't work currently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7771

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-12-06 00:17:35 +00:00
Jeremy Allison
8db0c1bff6 s3: smbd: Only set xconn->smb1.negprot.done = true after supported_protocols[protocol].proto_reply_fn() succeeds.
Otherwise we can end up with negprot.done set, but
without smbXsrv_connection_init_tables() being called.

This can cause a client self-crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec  4 21:27:24 UTC 2019 on sn-devel-184
2019-12-04 21:27:24 +00:00
Jeremy Allison
46899ecf83 python: tests. Add test for fuzzing smbd crash bug.
Mark knownfail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-04 20:02:40 +00:00
Andrew Bartlett
d15a3797c7 librpc: Avoid spinning on string_array elements with a short input
Without this protection we will spin during decode of a string_array or nstring_array
that is terminated by only a single NUL byte, not two as required by UTF-16.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-12-04 05:10:31 +00:00
Gary Lockyer
bf8063e369 librpc ndr: Tests for ndr_pull_string
Tests to ensure that ndr_pull_string handles zero and one byte length
data correctly for both character strings and UTF-16 strings.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-04 05:10:31 +00:00
Gary Lockyer
7127a615cb librpc ndr: Infinite loop parsing Suplemental creds
Fuzzing by Michael Hanselmann found an infinite loop parsing a malformed
supplemental credentials structure.  There are no server-side
network-accessible calls using this code.

This patch adds an ndrdump blackbox test to replicate the issue.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13874

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-12-04 05:10:30 +00:00
Christof Schmitt
ff35160dc6 net: Delete share ACL from 'net conf delshare'
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 26 22:55:38 UTC 2019 on sn-devel-184
2019-11-26 22:55:38 +00:00
Christof Schmitt
9dddb28a17 selftest: Add test for 'net conf delshare' also removing share ACL
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-11-26 21:28:31 +00:00
Andrew Bartlett
f7f92803f6 librpc: Check for NULL pointer in value() in ntlmssp_AUTHENTICATE
This allows ndrdump --validate to avoid following a NULL pointer when re-pushing
a valid but unusual input.

It also avoids an issue if the Samba server code were to provide a response
without an EncryptedRandomSessionKey.

At this stage ntlmssp.idl is not used for this, instead the packets are
generated with msrpc_gen().

Found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 06:06:29 UTC 2019 on sn-devel-184
2019-11-20 06:06:29 +00:00
Andrew Bartlett
33e9021cbe selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE
This demonstrates a bug found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer where the value() evaluatuion could segfault if it was made to follow a NULL
pointer.

This also demonstrates that the --base64 mode works on file inputs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Douglas Bagnall
1aec742575 pidl: check the size of pulled arrays of arrays
We were accidentally checking the memory just past the array instead of
checking each member.

This could have led to the size of some arrays not being checked.

Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13877

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
b1eda993b6 selftest: Confirm that --base64-input and --input work and a PIDL bug is fixed.
The PIDL bug is in the handling of arrays of arrays.

Test input provided by Michael Hanselmann and found using Hongfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-20 04:41:28 +00:00
Andrew Bartlett
f38077ea5e pidl: Handle obtaining objects from a fixed-size array
Previously we would assume the array head was the talloc context
however this is not the case if the array is a fixed size inline array
within the parent struct.

In that case the overall object's talloc context is the correct
context to reference.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Nov 14 17:36:49 UTC 2019 on sn-devel-184
2019-11-14 17:36:49 +00:00
Douglas Bagnall
1261894eca pidl/python: allocate objects with ref pointers
Struct members that are marked as ref pointers need to have an object
allocated for them.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
2019-11-14 16:12:40 +00:00
Douglas Bagnall
7e19779b66 pytests/segfault: pidl inline arrays
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-11-14 16:12:40 +00:00
Douglas Bagnall
272e20adbb pytests/segfaults: dcerpc ref elements segfault
These are just a couple of examples.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
2019-11-14 16:12:40 +00:00
Andrew Bartlett
3b9e983b64 ndrdump: Fix new "struct" feature
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-progammed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:37 +00:00
Andrew Bartlett
88373c472c selftest: Add expected-output tests for the ndrdump struct mode
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-11-13 00:32:36 +00:00
Andrew Bartlett
03205663b3 CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with dirsync
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Oct 31 23:29:15 UTC 2019 on sn-devel-184
2019-10-31 23:29:14 +00:00
Andrew Bartlett
e62c535d5b CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results style attributes and dirsync
Incremental results are provided by a flag on the dirsync control, not
by changing the attribute name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-10-31 22:07:40 +00:00
Ralph Boehme
f3df83a2c3 lib/adouble: pass filesize to ad_unpack()
ad_unpack() needs the filesize, not the capped IO size we're using in the caller
to read up to "size" bystem from the ._ AppleDouble file.

This fixes a regression introduced by bdc257a1cb
for bug 13968.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
RN: vfs_fruit returns capped resource fork length

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184
2019-10-30 14:52:33 +00:00
Ralph Boehme
b63069db9f torture: expand test "vfs.fruit.resource fork IO" to check size
Reveals a bug where the resource fork size is capped at 65454 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-30 13:23:42 +00:00
Björn Baumbach
ef58222616 CVE-2019-14833 dsdb: send full password to check password script
utf8_len represents the number of characters (not bytes) of the
password. If the password includes multi-byte characters it is required
to write the total number of bytes to the check password script.
Otherwise the last bytes of the password string would be ignored.

Therefore we rename utf8_len to be clear what it does and does
not represent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438

Signed-off-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Oct 29 11:58:45 UTC 2019 on sn-devel-184
2019-10-29 11:58:45 +00:00
Andrew Bartlett
d524c7ddee CVE-2019-14833: Use utf8 characters in the unacceptable password
This shows that the "check password script" handling has a bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-10-29 10:04:45 +00:00
Stefan Metzmacher
d0f566c4ad s4:dirsync: fix interaction of dirsync and extended_dn controls
Azure AD connect reports discovery errors:
  reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
RN: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
2019-10-24 11:06:58 +00:00
Stefan Metzmacher
6d43d82b49 s4:tests/dirsync: add tests for dirsync with extended_dn
This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the SDDL format for GUID/SID
components.

Azure AD connect reports discovery errors:
  reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-10-24 09:46:28 +00:00
Stefan Metzmacher
fd5cf415a7 s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blob
We need the target service without realm, but the proxy services with realm.

I have a domain with an w2008r2 server and a samba and now both generate
the same S4U_DELEGATION_INFO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-21 14:40:38 +00:00
Isaac Boukris
90bdaaf09d selftest: add a test for PAC delegation-info blob in S4U2Proxy
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2019-10-21 14:40:38 +00:00
Andreas Schneider
123584294c s3:libads: Do not turn on canonicalization flag for MIT Kerberos
This partially reverts 303b7e59a2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155

Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 17:39:13 UTC 2019 on sn-devel-184
2019-10-12 17:39:13 +00:00
Andreas Schneider
93c2b44675 testprogs: Add test for kinit with canonicalization
Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-12 16:18:39 +00:00
Andreas Schneider
46068d5f28 gitlab-ci: Run several AD tests with MIT KDC
This will avoid introducing regressions in either client or server code.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-12 16:18:39 +00:00
Isaac Boukris
23ea12e98e spnego: fix server handling of no optimistic exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
2019-10-12 15:51:42 +00:00
Isaac Boukris
8a96359977 python/tests/gensec: add spnego downgrade python tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-12 14:33:33 +00:00
Isaac Boukris
02f538816b selftest: add tests for no optimistic spnego exchange
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-12 14:33:33 +00:00
Isaac Boukris
90f557f3a1 selftest: s3: add a test for spnego downgrade from krb5 to ntlm
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106

Signed-off-by: Isaac Boukris <iboukris@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-10-12 14:33:32 +00:00
Ralph Boehme
90a14c90c4 s3:smbd: ensure a created stream picks up the File-ID from the basefile
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-02 08:01:40 +00:00
Ralph Boehme
49a754b82d s3:smbd: when storing DOS attribute call dos_mode() beforehand
This is required to ensure File-ID info is populated with the correct on-disk
value, before calling file_set_dosmode() which will update the on-disk value.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-02 08:01:39 +00:00
Ralph Boehme
300b47442b torture:smb2: add a File-ID test on directories
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-02 08:01:39 +00:00
Ralph Boehme
432202413f torture:smb2: extend test for File-IDs
This now hopefully covers most possible combinations of creating and opening
files plus, checking the file's File-ID after every operation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-10-02 08:01:39 +00:00
Michael Adam
63c9147f86 winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)
https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e
originally introduced the above feature.

This functionality was undone as part of "winbind: Restructure get_pwsid"
https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.

This patch undoes the semantic change and re-establishes the
functionality.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
2019-09-27 17:25:29 +00:00
Christof Schmitt
485874d6bb selftest: Test ID_TYPE_BOTH with idmap_rid module
ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid and gid can be mapped to a
name. Establish a test to verify that the expected information is
returned.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2019-09-27 16:07:40 +00:00
Stefan Metzmacher
0ee085b594 selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ad_member
This demonstrates that can do krb5_auth in winbindd without knowning about trusted domains.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Sep 24 19:51:29 UTC 2019 on sn-devel-184
2019-09-24 19:51:29 +00:00