1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

968 Commits

Author SHA1 Message Date
Andreas Schneider
5ade6d20f3 s3:tests: Add substitution test for include directive
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15243

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit ce3d27a9f5)
2022-11-23 12:43:15 +00:00
Andrew Bartlett
584a4c0057 selftest: Enable "old Samba" mode regarding GET_ANC/GET_TGT
The chgdcpass server now emulates older verions of Samba that
fail to implement DRSUAPI_DRS_GET_ANC correctly and totally fails to support
DRSUAPI_DRS_GET_TGT.

We now show this is in effect by the fact that tests now fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit b0bbc94d41)
2022-10-07 08:45:15 +00:00
Ralph Boehme
3e6566222c CI: add a test trying to delete a stream on a pathref ("stat open") handle
When using vfs_streams_xattr, for a pathref handle of a stream the system fd
will be a fake fd created by pipe() in vfs_fake_fd().

For the following callchain we wrongly pass a stream fsp to
SMB_VFS_FGET_NT_ACL():

SMB_VFS_CREATE_FILE(..., "file:stream", ...)
=> open_file():
   if (open_fd):
   -> taking the else branch:
   -> smbd_check_access_rights_fsp(stream_fsp)
      -> SMB_VFS_FGET_NT_ACL(stream_fsp)

This is obviously wrong and can lead to strange permission errors when using
vfs_acl_xattr:

in vfs_acl_xattr we will try to read the stored ACL by calling
fgetxattr(fake-fd) which of course faild with EBADF. Now unfortunately the
vfs_acl_xattr code ignores the specific error and handles this as if there was
no ACL stored and subsequently runs the code to synthesize a default ACL
according to the setting of "acl:default acl style".

As the correct access check for streams has already been carried out by calling
check_base_file_access() from create_file_unixpath(), the above problem is not
a security issue: it can only lead to "decreased" permissions resulting in
unexpected ACCESS_DENIED errors.

The fix is obviously going to be calling
smbd_check_access_rights_fsp(stream_fsp->base_fsp).

This test verifies that deleting a file works when the stored NT ACL grants
DELETE_FILE while the basic POSIX permissions (used in the acl_xattr fallback
code) do not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 23bc760ec5)
2022-09-06 07:54:13 +00:00
Jeremy Allison
81dc0832ee s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file.
Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(backported from commit 238b2cbb8f)
2022-06-23 07:35:08 +00:00
Noel Power
8db232cb6a Add new dfs node msdfs-share pointing to new msdfs-share2
Also add another node within msdfs-share2 pointing to normal share

This patch is in preperation for creating a test for 'del' &
'deltree' on DFS shares. The extra redirection is necessary to
reproduce the bug

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 39672a9676)
2022-06-20 10:00:16 +00:00
Samuel Cabrero
87f5949434 Revert "s3:smbd: Remove NIS support"
This partly reverts commit edda7a329e.

Revert the chunks related to netgroups and skip NIS support related ones.
Use getdomainname() from glibc instead of yp_get_default_domain() from
libnsl to get the NIS domain name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15087

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21796ef8f8)
2022-06-12 09:19:16 +00:00
Pavel Filipenský
2b9d29ceb8 selftest: Add to "username.map" mapping for jackthemappergroup
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041

Only for environment ad_member_idmap_nss.

* !jacknompapper = \@jackthemappergroup
  jackthemaper from group jackthemappergroup is mapped to jacknompapper

* !root = jacknomappergroup
  since there is no '@' or '+' prefix, it is not an UNIX group mapping

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 0feeb6d58a)
2022-04-11 07:49:13 +00:00
Pavel Filipenský
16038d75b2 selftest: Create groups "jackthemappergroup" and "jacknomappergroup"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 26e4268d6e)
2022-04-11 07:49:13 +00:00
Pavel Filipenský
f09dfc53fd selftest: Create users "jackthemapper" and "jacknomapper"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1b01461822)
2022-04-11 07:49:13 +00:00
Ralph Boehme
d67d5bd74f CI: enable "smbd async dosmode" on shadow_write share
Existing tests don't care, upcoming new test needs it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 48f81b4e72)
2022-03-29 09:07:11 +00:00
Ralph Boehme
310e334a59 CI: add test "smb2.async_dosmode"
Verifies async-dosmode sync fallback works with shadow_copy2 which returns
ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ffdb1c3e00)
2022-03-29 09:07:11 +00:00
Ralph Boehme
84504306f1 CI: remove shares referencing removed functionality
The whole "smbd:force sync [user|root] [path|chdir] safe threadpool" stuff was
removed long ago by 29dd6f3e59.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1e3e22cc45)
2022-03-29 09:07:11 +00:00
Jeremy Allison
5242660aa1 s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES.
We currently allow setting the delete on close bit for
a directory containing only explicitly hidden/vetoed files
in the case where "delete veto files = yes" *and*
"delete veto files = no". For the "delete veto files = no"
case we should be denying setting the delete on close bit
when the client tries to set it (that's the only time Windows
looks at the bit and returns an error to the user). We
already do the in the dangling symlink case, we just
missed it in the !is_visible_fsp() case.

Mark SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO as knownfail
for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 5fe341d2d6)
2022-03-24 11:01:10 +00:00
Stefan Metzmacher
e6196c456c selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit f1a71e2486)
2022-03-14 14:27:13 +00:00
Pavel Filipenský
63f6fac589 s3:selftest: Add test for virus scanner
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a25c714c34)
2022-02-14 13:32:15 +00:00
Pavel Filipenský
e95306ed8e selftest: Fix trailing whitespace in Samba3.pm
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 547b4c595a)
2022-02-14 13:32:15 +00:00
Andreas Schneider
2fd16c0cbf selftest: Do not force -d0 for smbd/nmbd/winbindd
We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.

make test TESTS="samba" SERVER_LOG_LEVEL=10

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9693f7ea73)
2022-02-14 13:32:15 +00:00
Jeremy Allison
c6d70dad3a CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.
For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.

Add to knwownfail.d/symlink_traversal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>
2022-01-31 14:26:10 +00:00
Stefan Metzmacher
2232d8408e selftest: set [libdefaults] fcache_strict_checking = false
We're using uid_wrapper so the checks will fail.

NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-01-19 20:50:35 +00:00
Stefan Metzmacher
648b476dcd selftest/Samba3: enable SMB1 for maptoguest
guest authentication is an old school concept,
so we should make sure it also works with SMB1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-12-27 15:45:36 +00:00
Volker Lendecke
730f7dfd61 s3:rpc_server: Delete unused code and doc references
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Volker Lendecke
a7c65958a1 s3:rpc_server: Activate samba-dcerpcd
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
David Mulder
528e5efc17 samba-tool: Test DNS record creation on member join
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-12-06 22:08:31 +00:00
Stefan Metzmacher
66e90b7391 nsswitch: reduce dependecies to private libraries and link static/builtin if possible
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.

One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.

ldd /usr/lib64/sssd/libsss_ad.so| grep samba

   libsamba-util.so.0 => /lib64/libsamba-util.so.0
   libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
   libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
   libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
   libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
   libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
   libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
   libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
   libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
   libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so

When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.

This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.

We have the following libraries, which are in the that category:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so

The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.

In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.

   bld.SAMBA_SUBSYSTEM('replace-hidden',
                       source=REPLACE_SOURCE,
                       group='base_libraries',
                       hide_symbols=True,
                       deps='dl attr' + extra_libs)

It's relatively simple to get to the point where the following are
completely static:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so

But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.

Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.

As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.

Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.

In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.

SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.

While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-11-30 15:53:34 +00:00
Andreas Schneider
28be1acd8e mit-kdc: Use more strict KDC default settings
As we require MIT KRB5 >= 1.19 for the KDC, use more secure defaults.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2021-11-29 08:39:37 +00:00
Joseph Sutton
8a9f2aa2c1 CVE-2020-25717: selftest: turn ad_member_no_nss_wb into ad_member_idmap_nss
In reality environments without 'nss_winbind' make use of 'idmap_nss'.

For testing, DOMAIN/bob is mapped to the local 'bob',
while DOMAIN/jane gets the uid based on the local 'jane'
vis idmap_nss.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

[metze@samba.org avoid to create a new ad_member_idmap_nss environment
and merge it with ad_member_no_nss_wb instead]
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-11-15 18:10:28 +00:00
Stefan Metzmacher
3ed0e5b924 CVE-2020-25717: selftest: configure 'ktest' env with winbindd and idmap_autorid
The 'ktest' environment was/is designed to test kerberos in an active
directory member setup. It was created at a time we wanted to test
smbd/winbindd with kerberos without having the source4 ad dc available.

This still applies to testing the build with system krb5 libraries
but without relying on a running ad dc.

As a domain member setup requires a running winbindd, we should test it
that way, in order to reflect a valid setup.

As a side effect it provides a way to demonstrate that we can accept
smb connections authenticated via kerberos, but no connection to
a domain controller! In order get this working offline, we need an
idmap backend with ID_TYPE_BOTH support, so we use 'autorid', which
should be the default choice.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14646
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Samuel Cabrero
6771b2f211 CVE-2020-25717: selftest: Add ad_member_no_nss_wb environment
This environment creates an AD member that doesn't have
'nss_winbind' configured, while winbindd is still started.

For testing we map a DOMAIN\root user to the local root
account and unix token of the local root user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14801
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:33 +00:00
Stefan Metzmacher
f9b16272d2 CVE-2020-25719 CVE-2020-25717: selftest: remove "gensec:require_pac" settings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14799
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14556
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14561

[jsutton@samba.org Added knownfail entries]

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-11-09 19:45:32 +00:00
Jeremy Allison
942123b959 s3: smbd: Add two tests showing the ability to delete a directory containing a dangling symlink over SMB2 depends on "delete veto files" setting.
Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14879

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-10-29 14:02:34 +00:00
Jeremy Allison
ad0082d79a s3: smbd: Add two tests showing recursive directory delete of a directory containing veto file and msdfs links over SMB2.
Add knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14878

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-10-29 14:02:34 +00:00
Stefan Metzmacher
4dc3c68c9a selftest/Samba3: replace (winbindd => "yes", skip_wait => 1) with (winbindd => "offline")
This is much more flexible and concentrates the logic in a single place.

We'll use winbindd => "offline" in other places soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14870

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-20 12:02:33 +00:00
Stefan Metzmacher
d998f7f8df selftest/Samba3: remove unused close(USERMAP); calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-10-20 12:02:33 +00:00
Andrew Bartlett
459200caba selftest: Improve error handling and perl style when setting up users in Samba4.pm
This catches errors and avoids using global varibles (the old
style file handles are global).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14869

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-10-20 12:02:33 +00:00
Andrew Bartlett
2c0658d408 selftest: Remove duplicate setup of $base_dn and $ldbmodify
These are already set up to the same values above for the full
DC and correct values for the (strange) s4member environment.

By not setting $base_dn again we avoid an error once we start
checking for them.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-10-20 12:02:33 +00:00
Matthew Grant
2a09803097 libcli/dns.c: dns forwarder port test changes
Test harness for the dns fowarder setting in smb.conf. Adds IPv6
forwarder as second target DNS forwarder, listening on port 54.

Signed-off-by: Matthew Grant <grantma@mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-09-28 09:44:35 +00:00
Jeremy Allison
5fdf4219c6 s3: selftest: Add a test for vfs_streams_depot with the target path outside of the share.
Mark as knownfail.d/simpleserver_streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
2021-08-19 16:14:30 +00:00
Volker Lendecke
7818513053 samba-bgqd: Fix samba-bgqd with "clustering=yes"/"include=registry"
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.

Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
2021-07-31 16:58:41 +00:00
Andreas Schneider
696972c832 selftest: Remove fips env variables from client env
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 28 07:12:55 UTC 2021 on sn-devel-184
2021-07-28 07:12:55 +00:00
Jeremy Allison
6e7ffa8da3 s3: tests: Our tests for "smbd async dosmode = yes" haven't been working correctly as the parameter has been set incorrectly.
If must be "smbd async dosmode", not "smbd:async dosmode"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-07-15 05:02:30 +00:00
Ralph Boehme
0a0b438b8a selftest: enable "shadow:fixinodes" in "shadow_write" share
The existing tests don't care and this will be used in a subsequent commit to
demonstrate that this option is currently broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-07-14 08:09:31 +00:00
Andrew Bartlett
595d12ca7b selftest: Print dns_update_cache path into the logs
This sometimes get stuck in a loop and this may help debug it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul  8 12:44:49 UTC 2021 on sn-devel-184
2021-07-08 12:44:49 +00:00
Isaac Boukris
7e9c97ba1c selftest: Add test for one-way trust wbinfo auth
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  7 15:01:22 UTC 2021 on sn-devel-184
2021-07-07 15:01:22 +00:00
Andreas Schneider
a5012df861 selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:29 +00:00
Andreas Schneider
d5a0ba473c selftest: Add the trusted domain realms to krb5.conf
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-07 14:10:28 +00:00
Joseph Sutton
0fd71ed3c3 tests/krb5/as_req_tests.py: Automatically obtain credentials
The credentials for the client and krbtgt accounts are now fetched
automatically rather than using environment variables, and the client
account is now automatically created.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-07-01 17:46:31 +00:00
Stefan Metzmacher
d91665d331 selftest: run new as_req_tests against fl2008r2dc and fl2003dc
There are a lot of things we should improve in our KDC
in order to work like a Windows KDC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-07-01 17:46:31 +00:00
Andreas Schneider
106c2b3977 docs-xml: Enable winbind use krb5 enterprise principals by default
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-06-23 09:56:37 +00:00
Andrew Bartlett
91f5b5f3d0 selftest: Remove -d10 from test startup
It looks like "python:tests: Add SAMR password change tests for fips"
(which is also the title of 9a3ba502d8,
but this is also unrelated) and was a probalby a rebase artifact,
being a debugging aid that should have been omitted.

This reverts commit ebd687335b.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Jun 21 01:46:58 UTC 2021 on sn-devel-184
2021-06-21 01:46:58 +00:00
Joseph Sutton
51afb64d68 selftest: Remove duplicate variable assignment
This line currently produces a warning.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2021-06-11 07:41:38 +00:00