1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

3803 Commits

Author SHA1 Message Date
Andrew Bartlett
334afc7157 pytest:sddl Samba had the wrong value for FA, now fix the tests
The tests that were in SddlWindowsFlagsAreDifferent have the behaviour
we want, and as we aim for Samba flags no longer being different, we
shift them to SddlNonCanonical. The tests in SddlSambaDoesItsOwnThing
are removed because they showed Samba's old behaviour around FA.

This will create knownfails, which will be fixed by the commit fixing the
value of "FA".

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c0d477738e libcli:security:sddl: accept only 8-4-4-4-12 GUIDs
Before we would take strings in a variety of lengths and formats,
which is not what Windows does or [MS-DTYP] says.

This was found by looking at evolved fuzz seeds. Note the 16 and 32
byte sequences in GUID position below:

$ hd $(ls -t seeds/fuzz_sddl_parse/* | head -1)| head
00000000  44 3a 41 52 50 50 50 50  50 28 4f 4c 3b 3b 46 57  |D:ARPPPPP(OL;;FW|
00000010  3b 30 7e ff ff ff ff ff  ff ff 2d 31 38 f5 ff ff  |;0~.......-18...|
00000020  fb 3b 3b 52 43 29 28 4f  44 3b 3b 46 57 3b 3b 3b  |.;;RC)(OD;;FW;;;|
00000030  52 43 29 28 4f 44 3b 3b  46 57 3b 30 30 ff ff ff  |RC)(OD;;FW;00...|
00000040  fb 30 e9 9b 3c cf e6 f5  ff ff fb 3b 3b 52 43 29  |.0..<......;;RC)|
00000050  28 4f 44 3b 3b 46 57 43  52 3b 3b 3b 52 43 29 28  |(OD;;FWCR;;;RC)(|
00000060  4f 44 3b 3b 46 58 47 52  3b 3b 33 43 43 35 38 37  |OD;;FXGR;;3CC587|
00000070  32 35 44 44 44 44 44 44  44 44 44 44 44 44 44 44  |25DDDDDDDDDDDDDD|
00000080  44 44 44 44 44 44 44 44  44 44 3b 52 43 29 28 4f  |DDDDDDDDDD;RC)(O|
00000090  44 3b 3b 46 58 3b 3b 3b  52 43 29 28 4f 44 3b 3b  |D;;FX;;;RC)(OD;;|

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
2e90ba7ec6 pytest:sddl: test we only accept normal GUIDs
By normal GUID, I mean ones like f30e3bbf-9ff0-11d1-b603-0000f80367c1,
with four hyphens and no curly braces.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
46793d384e libcli:security:sddl_decode_access allows spaces between flags
because Windows does.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ec2d2f8ea8 pytest:sddl: tests around spaces in access flags and SIDs
It turns out that in accesss flags Windows will allow leading spaces
and spaces separating flags but not trailing spaces.

We choose to follow this in part because we found it happening in the
wild in our tests for upgradeprovision until a few commits ago.

Windows will also allow spaces in some parts of SIDs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
e7445aa677 libcli:security: sddl_decode_ace: don't allow junk after SID
sddl_decode_sid() will stop at the first non-SID character. Windows
doesn't allow white space here, and nor do we.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c67f2292cb libcli/security: sddl_decode_access rejects trailing rubbish
Before we just ignored things like negative numbers, because they'd
end up being seen as not-numbers, so treated as flags, then as
not-flags.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
faf1b80a90 libcli:security: sddl_map_flags rejects trailing nonsense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1d9712283b pytest:sddl: add tests for long DACLs, differing flag interpretations
Windows converts hex numbers into flags differently, and has different
ideas of what constitutes "FA", and possibly others.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
de6d470063 pytest:sddl: let hex numbers differ in case (0xa == 0xA)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
97353c0091 pytest:sddl: SDDL strings where Windows behaviour differs
These ones we might want to match. They are understandable behaviours,
like matching lowercase flags and coping with whitespace in some
places. These tests are set up to document the differences without
overwhelming the knownfails.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
fb588d768b pytest:sddl: Add negative tests of unparseable strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ba6f401340 pytest:sddl: split each string into it's own test
This of course allows for fine-grained knownfails.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
4652d2766a pytest/sddl: split tests into canonical and non-canonical
The examples in the canonical list are already in the form that
Windows and Samba will use for that SD. We check the round trip.

The examples in the non-canonical list will change in a round trip, so
we also give the string we think they should end up as. These have
been checked on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
ec85c1fdff pytest/sddl: rework to allow multiple lists, no early stop
The test will fail right now because it makes round trip assertions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
67500da148 pytest:posixacl: expect canonical ACE flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
c08959d135 pytest:samba-tool ntacl: expect canonical ACE flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
a655e7e496 py:provision: use canonical representation of ACE flags
This is because in ceetain places we compare strings rather than security
descriptors.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
e521b0a26a pytest:ntacls: adapt for canonical flag format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
82b3281fff s3:test_larg_acl: adapt for the canonical ACE flags format
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
75a089dc46 test:bb/samba-tool ntacl: let return acl flag lack hex padding
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
16d2687cc7 libcli/security: do not pad sddl flags with zeros
We don't see this happening on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
b621c59f64 libcli/sec/sddl decode: allow hex numbers in SIDs
These occur canonically when the indentifier authority is > 2^32, but
also are accepted by Windows for any number.

There is a tricky case with an "O:" or "G:" SID that is immediately
followed by a "D:" dacl, because the "D" looks like a hex digit. When
we detect this we need to subtract one from the length.

We also need to do look out for trailing garbage. This was not an
issue before because any string caught by the strspn(...,
"-0123456789") would be either rejected or fully comsumed by
dom_sid_parse_talloc(), but with hex digits, a string like
"S-1-1-2x0xabcxxx-X" would be successfully parsed as "S-1-1-2", and
the "x0xabcxxx-X" would be skipped over. That's why we switch to using
dom_sid_parse_endp(), so we can compare the consumed length to the
expected length.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
22fe657c8a libcli/sec/sddl decode: don't ignore random junk.
previously a string could have anything in it, so long as every second
character was ':'.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
1149d39159 libcli/security/dom_sid: hex but not octal is OK for sub-auth
Following Windows, the numbers that would be octal (e.g. "0123") are
converted to decimal by skipping over the zeros.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
67ff4ca200 libcli/security: avoid overflow in subauths
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
6f37f8324c libcli/security: avoid overflow in revision number
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
866069172b pytest:sid_strings: test SID DNs with ldb parsing
By using an ldb.Dn as an intermediary, we get to see which SIDs
Samba thinks are OK but Windows thinks are bad.
It is things like "S-0-5-32-579".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
953ad43f15 pytest:sid_strings: test SIDs as search base
As a way of testing the interpretation of a SID string in a remote
server, we search on the base DN "<SID=x>" where x is a non-existent
or malformed SID.

On Windows some or all malformed SIDs are detected before the search
begins, resulting in a complaint about DN syntax rather than one about
missing objects.

From this we can get a picture of what Windows considers to be
a proper SID in this context.

Samba does not make a distinction here, always returning NO_SUCH_OBJECT.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
f66b0f8688 pytest:sid_strings: Windows and Samba divergent tests
The Samba side is aspirational -- what we actually do is generally
worse. However the Windows behaviour in these cases seems more
surprising still, and seems to be neither documented nor used.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
2d75daa9c4 pytest:sid_strings: test the strings with local parsing
The reason the existing tests send the SID over the wire as SDDL for
defaultSecurityDescriptor is it is one of the few ways to force the
server to reckon with a SID-string as a SID. At least, that's the case
with Windows. In Samba we make no effort to decode the SDDL until it
comes to the time of creating an object, at which point we don't notice
the difference between bad SDDL and missing SDDL.

So here we add a set of dynamic tests that push the strings through our
SDDL parsing code. This doesn't tell us very much more, but it is very
quick and sort of confirms that the other tests are on the right track.

To run against Windows without also running the internal Samba tests,
add `SAMBA_SID_STRINGS_SKIP_LOCAL=1` to your environment variables.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
cb356a8d90 pytest:sid_strings: add explicit S-1-* sid tests
We are mostly testing edge cases around the handling of numeric
limits.

These tests are based on ground truth established by running them
against Windows.

Many fail against Samba, because the defaulSecurityDescriptor
attribute is not validated at the time it is set while on Windows it
is.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Douglas Bagnall
708d9896aa pytest:sid_strings: same timestamp for all tests in the run
We don't care about the exact time of the test, just that we
disambiguate between different runs (each run leaves an immutable scar
on the target server).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Andreas Schneider
fad7f77d16 selftest:knownfail: Update S4U knownfail for MIT KRB5 1.20
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-27 07:21:33 +00:00
Andreas Schneider
9eb4430662 s3:lib: Do not try to match '.' and '..' directories in is_in_path()
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 22:30:19 UTC 2023 on atb-devel-224
2023-04-19 22:30:19 +00:00
Andreas Schneider
a2acbd3f3c s3:tests: Add test that veto files works for hidden files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-19 21:29:33 +00:00
Volker Lendecke
526f381f41 shadow_copy2: Fix stream open for streams_depot paths
streams_depot hands us absolute paths with : filename components
instead of having set smb_fname_in->stream_name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Apr 17 18:11:07 UTC 2023 on atb-devel-224
2023-04-17 18:11:07 +00:00
Volker Lendecke
0327334c89 tests: Show that streams_depot and shadow_copy2 don't play together
See the next patch, we assert in shadow_copy2_openat() over paths
passed in from shadow_copy2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15358

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-17 17:14:37 +00:00
Stefan Metzmacher
53f0a292f8 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
The value of NSS_WRAPPER_HOSTNAME needs to match value
we put into the NSS_WRAPPER_HOSTS file.

We had a mismatch of
idmapridmember.samba.example.com
vs.
idmapridmember.addom.samba.example.com

This causes getaddrinfo() in nss_wrapper to fallback to
the libc version, which talks to a dns server.
It's not clear if recent glibc code will reach resolve/socket wrapper.
So it's not unlikely that idmapridmember.samba.example.com will
be passed via the internet, which causes delays up to 20 seconds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15355

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 12 20:29:05 UTC 2023 on atb-devel-224
2023-04-12 20:29:05 +00:00
Joseph Sutton
2ff55b3da7 selftest: Catch error codes from failing testsuites
Testsuites declared with functions such as plantestsuite() are not run
directly, but are piped through filter-subunit. The overall exit code of
the executed test command is that returned by the last command in the
pipeline (that is, filter-subunit), and thus the actual testsuite return
code is lost.

A real consequence of this is that an error in setUpClass() in a Python
testsuite causes the whole testsuite to be skipped silently.

The --fail-on-empty option partially addressed this, but didn't help if
the testsuite contained multiple test classes, only one of which
contained an error.

We now use bash with the pipefail option, which makes the return code of
the last failing command into the return code of the entire pipeline.
That means that we properly fail if a testsuite returns a non-zero exit
code, but doesn't otherwise exhibit any failures in its output.

This doesn't help for cases where a testsuite has other failing tests
that become xfails due to knownfail entries. In that case, the overall
'testsuite-failure' will be turned into 'testsuite-xfail' by
filter-subunit and the silent failures will remain unheeded. Still, this
is better than the existing situation.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 12 14:57:55 UTC 2023 on atb-devel-224
2023-04-12 14:57:55 +00:00
Joseph Sutton
44d03bf479 lib/torture: Don't overwrite test outcomes
If a test fails an assertion, and later calls torture_skip() to skip
part of the test, the TORTURE_SKIP result will overwrite the
TORTURE_FAIL result, and the overall outcome will be successful.

To avoid this, we now arrange possible outcomes in order of priority,
and ensure we always keep the higher priority one.

This reveals some failing tests.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
91ed2f3d5d selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
8e7c7680f3 s3:selftest: Enable winbindd for maptoguest environment
This is required for the samba3.blackbox.guest test to work. Without it,
the test fails to find a group map.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Ralph Boehme
8b23a4a7ec smbd: Prevent creation of vetoed files
The problem is when checking for vetoed names on the last path component in
openat_pathref_fsp_case_insensitive() we return
NT_STATUS_OBJECT_NAME_NOT_FOUND. The in the caller
filename_convert_dirfsp_nosymlink() this is treated as the "file creation case"
causing filename_convert_dirfsp_nosymlink() to return NT_STATUS_OK.

In order to correctly distinguish between the cases

1) file doesn't exist, we may be creating it, return
2) a vetoed a file

we need 2) to return a more specific error to
filename_convert_dirfsp_nosymlink(). I've chosen NT_STATUS_OBJECT_NAME_INVALID
which gets mapped to the appropriate errror NT_STATUS_OBJECT_PATH_NOT_FOUND or
NT_STATUS_OBJECT_NAME_NOT_FOUND depending on which path component was vetoed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr  6 23:03:50 UTC 2023 on atb-devel-224
2023-04-06 23:03:50 +00:00
Ralph Boehme
2e8954d5be CI: add a test creating a vetoed file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15143

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-04-06 22:01:29 +00:00
Andrew Bartlett
ca7b7bde39 selftest: Use "debug syslog format = always" in selftest
Some of the most difficult to debug issues in Samba development are around
timing, so this changes our default logging format in the selftest system
to include a high-resolution timestamp to help correlate bad events with
what else is going on at the same time.

This fits in well with the timestamps already logged into st/subunit
and may assist with correlation.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr  6 13:44:47 UTC 2023 on atb-devel-224
2023-04-06 13:44:47 +00:00
Andreas Schneider
fa591f5223 s3:tests: Correctly implement tests for forceuser/forcegroup
They used the tmp share ...

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Stefan Metzmacher
0ef53b948e net_ads: fill ads->auth.realm from c->creds
We get the realm we use for authentication needs to
the realm belonging to the username we use.

We derive the username from c->creds, so we need to
do the same for the realm.

Otherwise we try to authenticate as the wrong user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-06 12:51:30 +00:00
Stefan Metzmacher
3b585f9e8c testprogs/blackbox: add test_net_ads_search_server.sh
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-06 12:51:30 +00:00
Rob van der Linde
112faff82f dsdb: modify unicodePwd requires encrypted connection
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Apr  6 01:33:05 UTC 2023 on atb-devel-224
2023-04-06 01:33:05 +00:00