IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This demonstrates that we rely on knowning about trusted domains before
we can do krb5_auth in winbindd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This ensures we preserve btime, itime and File-ID.
As the Durable Handles code calls vfs_stat_fsp() in the DH disconnect function,
previously the btime was lost and NOT stored in the cookie. With this change the
cookie will store the correct btime (and iflags), which requires us to call
dos_mode() in the reconnect function to ensure we pass
vfs_default_durable_reconnect_check_stat().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 10 20:22:21 UTC 2019 on sn-devel-184
Note I'm using the share vfs_fruit_xattr because I need a share with both a
streams and a acl_* VFS object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
A new request is first checks against all pending
requests before checking the already granted locks.
Before we retried the lock array of another request
(the first in the list), but then finished current request,
which is wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is similar to multilock3, but uses a read-only
(LOCKING_ANDX_SHARED_LOCK) locks for the 2nd lock
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is similar to multilock3, but uses a read-only
(LOCKING_ANDX_SHARED_LOCK) locks for the first lock
request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is similar to multilock3, but uses read-only
(LOCKING_ANDX_SHARED_LOCK) locks for the blocked
requests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This demonstrates that unrelated lock ranges
are not blocked by other blocked requests on the same
fsp.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This demonstrates that the SMB2 code path doesn't do
any retry for local posix locks.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
For Windows locks we start with LOCK_NOT_GRANTED and use
FILE_LOCK_CONFLICT if we retried after a timeout.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
There should not be a different if the blocker is a posix process
instead of another smbd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
We should evaluate the timeout condition after the very last
retry and not before.
Otherwise we'd fail to retry when waiting for posix locks.
The problem happens if the client provided timeout is smaller
than the 1 sec (for testing temporary 15 secs) retry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is just a temporary commit that shows the bug and its
fix. It will be reverted once the problem is fixed.
The posix lock retry fails if the client specified timeout
is smaller than the hardcoded 1 second retry.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.
It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.
Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.
It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue Sep 3 09:27:22 UTC 2019 on sn-devel-184
Installing downgrade script so people don't need the source tree for it.
Exception added in usage test because running the script without arguments
is valid. (This avoids the need to knownfail it).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Just so that it's slightly less of a mouthful for users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14059
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Turns out macOS mdssvc doesn't fail the RPC request if the policy handle is all
zero. Also, if it fails with a non-all-zero handle, it returns a different RPC
error, namely DCERPC_NCA_S_PROTO_ERROR, not DCERPC_FAULT_CONTEXT_MISMATCH (or
rather their mapped NT_STATUS codes).
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move the implementation of this setting down to the actual search query
processing. macOS has no notion of "spotlight = false" at the DCERPC layer and
the open request will always succeed even on all shares.
When later the client issues search requests on such shares, we ensure we use
the noindex backend.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Taken from macOS. We have to return an empty share_path and an empty policy
handle, but not fail the RPC request.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
len=0 is invalid, len=8 is an empty array, len>8 is an array with members, so
for the len=8 case we must add the empty cnid array.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Non-talloc objects were treated as talloc objects, to no good effect
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the python object is not a talloc object, we will end up
with a NULL pointer. We weren't checking for that properly
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There was no way to call ldb.open without evoking signal 11, so it is
unlikely anyone was using it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
There seems to be no way of using ldb.open without causing a segfault
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
What does it even do? Possibly nothing, not least because nobody ever
runs it.
It was introduced as source4/scripting/bin/autoidl.py in
a2446e5f85 ("initial work for script
that uses probing to figure out IDL"). Since then it has only had
superficial patches, generally aimed at Python 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It is not as simple as running everything executable, because for example
.so library files are marked as executable.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We want to be sure it says *something* and returns success.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Also, use sys.exit() function, not exit(), because sys.exit() reliably
exists.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When a script is run with the wrong arguments, it should at least say
something like this:
Usage: samba-foo [OPTIONS]
For many samba scripts, especially without a server environment, having
no arguments is the wrong arguments.
Here we look for every executable file with '#![...]python[3]' on the
first line, and exclude certain files and directories that have excuses
to fail the test. For example, many selftest scripts are stream-oriented
and will hang forever waiting for stdin, which is not an error. Some
test modules are designed so they can be optionally run from the command
line, but this option is typically only used by the developer who is
writing them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Use clear text arguments strings if possible. Makes it more comfortable
for users to edit the user objects attributes.
Remove test from knownfail:
samba.tests.samba_tool.user_edit.change_attribute_force_no_base64
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Test to edit a user: Change attributes with LDB_FLAG_FORCE_NO_BASE64_LDIF
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Especially test handling of base64 encoded attribute values here.
Add selftest/knownfail.d/samba_tool.user_edit.
Tests fail, because:
- can not work with ldif without a trailing new line
- can not handle base64 strings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14003
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a simplified version of the original patch by:
Felix Botner <botner@univention.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 3 13:52:55 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Cross-partition links could still be dropped if GET_TGT was already
previously set for the replication.
This was due to a slight error in the order of logic. We never want to
ignore cross-partition links (regardless of whether the TARGETS_UPTODATE
/GET_TGT flag is set). We should only be returning early in the
GET_TGT case if the objects are both in the same partition.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
RN: When the AD domain contained a linked attribute that spanned
partitions, DRS replication could drop the link. This dropped link could
then result in subtle differences in behaviour between DCs, as some DCs
would have the link and others wouldn't. When this issue occurred, the
dropped link would be logged in a warning message:
"<target-dn> is Unknown but up to date. Ignoring link from <source-dn>"
This issue would not always occur - it depended a lot on the database
contents. Typically, it would only potentially occur when joining a new
DC to the domain (doing an ldapcmp after the join would also highlight
the problem, if it occurred). This issue has now been resolved.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds a test-case to highlight a bug in the client side GetNCChanges
handling.
These tests mostly exercise the server-side behaviour of sending the
GetNCChanges, however, there's a bug in the client-side code when we try
to handle a missing cross-partition link target *in combination* with
the GET_TGT flag already having been set.
The test is exercising the client-side code by using the 'samba-tool drs
replicate' command. By adding a one-way link to a deleted target object,
we force the client code to retry with the GET_TGT flag set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14022
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain dcpromo" option "backend-store-size".
This allows the lmdb map size to be set during a promotion, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool drs clone-dc-database" option "backend-store-size".
This allows the lmdb map size to be set during a clone, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>'
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain join" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain join" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add a new "samba-tool domain provision" option "backend-store-size".
This allows the lmdb map size to be set during a provision, instead of
hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow the lmdb map size to be specified in the ldb option
"lmdb_env_size".
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the new "samba-tool domain provision" option
"backend-store-size". This allows the lmdb map size to be set during a
provision, instead of hard-wiring it to 8Gb
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
The endian changes are needed in order to get the following result
from the blobs Windows generated (see the torture test):
AddrArray: ARRAY(3)
AddrArray: struct dnsp_dns_addr
family : 0x0002 (2)
port : 0x0035 (53)
ipv4 : 172.31.99.33
ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000
[MS-DNSP] states that the port is supposed to be ignored, but it's still
good to decode it as port '53' (0x0035) instead of '13568' (0x3500).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In future we should use ipv4address, but that would result in a much
larger change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Add a struct option to ndrdump that will allow it to print public
structures.
i.e. binn/ndrdump dns dns_name_packet struct data.file
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add test for the dumping of a public structure with ndrdump. This
removes the need to define decode_* functions in the idl.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new role owner need to replicate from the old role owner.
Before we told the old role owner to replicate from itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Found by LCOV.
Some of the failures should be fixed by setting "restrict anonymous = 2"
as requested by bug 12775
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The samba3.wkssvc test is not as comprehensive, but rpc.wkssvc needs to run against the
ad_member environment to get past a builtin administrators check.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The test already existed but was not run.
Found by LCOV
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This moves the trigger points where AppleDouble file conversion is run by
ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
level VFS entry points.
Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
"file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
what created the file, we call SMB_VFS_FSTAT() on the just created
filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
deletes the file.
This commit moves calling of the conversion funtion to the high level VFS entry
points where the converted metadata is needed:
o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
repurposed fields in the directory entry metadata
o obviously for SMB_VFS_CREATE_FILE() on an macOS stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reveals a bug in the AppleDouble conversion code: the conversion code that
unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):
after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
ad_convert(), finds the resource fork empty and thus deletes the file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows us to replace the implicit limit via data_blob_append()
removed in the previous commit.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This behaviour is Samba-specific, we have not traditionally cut of responses at 1000
or so as Windows does, and we need to change that behaviour carefully.
This triggers this bug in TDB:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184
Test for LDAP request with an empty attribute list. LDB responds with
no attributes, but LDAP responds with all attributes. Fix is attached
to the bug below but we can't push it upstream until we've found all
instances of incorrect empty attribute list usage in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.
Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 1 18:33:00 UTC 2019 on sn-devel-184
We run the tests again, trying to modify as a normal user rather than
Administrator.
It turns out that we do not always return the same error code as
Windows, but in all these tests both Windows and Samba always return
some kind of error (as you might hope).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Do we interpret these the same way as Windows? In many cases, no.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The test was presumably commented out because we fail it, and
known-failing it would have hidden the attr-too-short tests that it
was bundled with. If we disentangle them we can knwn-fail it, which
serves as a TODO list.
(passes against WIN2012R2).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We don't want to see this:
python3 -c "import sys
sys.path.insert(0, 'bin/python')
import ldb
m = ldb.Message()
e = ldb.MessageElement('q')
try:
m.add(e)
except ldb.LdbError:
pass
print(m)
"
Segmentation fault (core dumped)
instead we want this:
Traceback (most recent call last):
File "<string>", line 7, in <module>
ValueError: The element has no name
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Apr 23 19:03:35 UTC 2019 on sn-devel-144
Currently schema info's revision field isn't incremented if relax
control is present. This is so that no increment is done during
provision, but we need the relax control in other situations where
the increment is desired, so we should use the provision control instead
to disable schema info update.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Currently schema info's revision field isn't incremented if relax
control is present. This is so that no increment is done during
provision, but we need the relax control in other situations where the
increment is desired. This patch adds a failing test to expose the
problem.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
mkdir() is the other call that requires a umask of 0 in Samba.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Umask manipulation was added to pysmbd with e146fe5ef9 in 2012
and init_files_struct was split out in 747c3f1fb3 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).
This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.
Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).
Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.
mkdir() will be protected by a umask() bracket, for correctness, in the next patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>