1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

280 Commits

Author SHA1 Message Date
Garming Sam
c94f824170 getncchanges: use the uptodateness_vector to filter links to replicate
This is to mirror the check in get_nc_changes_build_object.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Dec 21 04:37:54 CET 2016 on sn-devel-144
2016-12-21 04:37:54 +01:00
Bob Campbell
5631421143 torture/drs: test link replication with hwm and utdv
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-21 00:47:25 +01:00
Andrew Bartlett
b6fa384471 selftest: test new "lsa over netlogon" smb.conf option
This proves we can act like Windows and over lsarpc over netlogon if we want

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 15 12:11:09 CET 2016 on sn-devel-144
2016-12-15 12:11:09 +01:00
Andrew Bartlett
fee6bb7ca6 idl: Do not listen for lsarpc on \\pipe\netlogon
This prevents making the netlogon process multi-threaded.

This works on Windows becuase NETLOGON is part of lsad

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-15 08:21:11 +01:00
Andrew Bartlett
ecb1f569d7 torture: Add credentials downgrade and challenge reuse test to rpc.netlogon
This test confirms that the challenge set up is available
after the ServerAuthenticate has failed at the NT_STATUS_DOWNGRADE_DETECTED
check.

This is needed for NetApp ONTAP member servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11291

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-12-14 11:55:18 +01:00
Douglas Bagnall
91d5ea2ae9 librpc/ndr/uuid.c: improve speed and accuracy of GUID string parsing
GUID_from_data_blob() was relying on sscanf to parse strings, which was
slow and quite accepting of invalid GUIDs. Instead we directly read a
fixed number of hex bytes for each field.

This now passes the samba4.local.ndr.*.guid_from_string_invalid tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
2016-12-14 08:55:42 +01:00
Douglas Bagnall
6c9a185be2 s4-torture: better, failing, tests for GUID_from_string
These tests reveal that the current implementation accepts all kinds
of invalid GUIDs. In particular, we fail on these ones:

 "00000001-0002-0003-0405--060708090a0"
 "-0000001-0002-0003-0405-060708090a0b"
 "-0000001-0002-0003-04-5-060708090a0b"
 "d0000001-0002-0003-0405-060708090a-b"
 "00000001-  -2-0003-0405-060708090a0b"
 "00000001-0002-0003-0405- 060708090a0"
 "0x000001-0002-0003-0405-060708090a0b"
 "00000001-0x02-0x03-0405-060708090a0b"

This test is added to selftest/knownfail.

The test for valid string GUIDs is extended to test upper and mixed case
GUIDs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-12-14 05:02:24 +01:00
Bob Campbell
4408df2493 dnsserver: add dns name checking
This may also prevent deletion of existing corrupted records through
DNS, but should be resolvable through RPC, or at worst LDAP.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-12 05:00:18 +01:00
Garming Sam
3ba40f6eb1 tests/dnsserver: Check security descriptors
These tests discover that there are some discrepancies between Windows and Samba.
Although there are failures, they do not appear to be critical, however
some of the SD differences will be important for 2012 support.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-12-12 05:00:18 +01:00
Bob Campbell
30faba750f samba-tool/dns: remove use of dns_record_match from add and delete
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-12-12 05:00:18 +01:00
Bob Campbell
64a3825765 python/tests: expand tests for dns server over rpc
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-12-12 05:00:18 +01:00
Bob Campbell
b9c99a3483 python/tests: add tests for samba-tool dns
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-12-12 05:00:18 +01:00
Andrew Bartlett
c503ca302d join.py: Attempt to allocate a RID Set during the join
If we are joining the RID Manager, then we should get a RID Set, but
otherwise we should accept failure with the right error code

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-12-01 05:54:21 +01:00
Andrew Bartlett
f051e5bf00 dbcheck: Be more careful with link checks
Here we are more careful when checking links, flagging errors only
when a non-deleted forward link appears incorrect.  In particular, we
trust the GUID more than we trust the name, as otherwise we can get
caught out if there is a swap of names, (the link should follow the
swap, staying on the same target GUID).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
2016-11-22 02:10:16 +01:00
Andrew Bartlett
8315d4d03a selftest: Add test for link and deleted link behaviour in dbcheck
The other dbcheck tests were getting over-complex, so we start a new test
here based on tombestone-expunge.sh, as we are looking at very similar
problems

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12297
2016-11-22 02:10:16 +01:00
Garming Sam
815658d2db samba_tool/fsmo: Allocate RID Set when seizing RID manager
Seizing the role without allocating a RID set for itself is likely prone
to cause issues.

Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>

Signed-off-by: Clive Ferreira <cliveferreira@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Fri Nov  4 08:37:05 CET 2016 on sn-devel-144
2016-11-04 08:37:04 +01:00
Clive Ferreira
7fd5be535a dbcheck: confirm RID Set presence and consistency
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954
2016-11-04 04:41:19 +01:00
Garming Sam
1b40bb69d1 tests/ridalloc_exop: Add a new suite of tests for RID allocation
This moves some tests from getnc_exop.py regarding RID sets as well as
adding new tests for actions on join.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9954

Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samaba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Clive Ferreira <cliveferreira@catalyst.net.nz>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-11-04 04:41:18 +01:00
Garming Sam
ef7e46d68a collect_tombstones: Allow links to recycled objects to be deleted
The reason we choose to provide the string DN is because extended_dn_in
will try to correct the <GUID=...> by searching on it (despite the fact
it does not exist and then failing on a ldb_dn_validate in
objectclass_attrs).

We can now also remove the dangling link test from the knownfail.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  3 01:46:43 CET 2016 on sn-devel-144
2016-11-03 01:46:43 +01:00
Garming Sam
dba624364c tombstones-expunge: Add a test for deleting links to recycled objects
Currently this fails because we rely on a GUID DN, which fails to
resolve in the case that the GUID no longer exists in the database (i.e.
when that object has been purged after 6 months).

The tests use a made up extended DN built from fred where the GUID has
been tweaked.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12385
2016-11-02 21:58:24 +01:00
Clive Ferreira
79dd22aacb objectclass_attrs: Only abort on a missing attribute when an attribute is both MUST and replicated
If an attribute is not replicated or constructed, it is quite normal for
it to be missing. This is the case with both rIDNextRid and
rIDPreviousAllocationPool. This currently prevents us switching the RID
master. On Windows, missing this attribute does not cause any problems
for the RID manager.

We may now remove the knownfail entry added earlier.

Signed-off-by: Clive Ferreira <cliveferreira@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Bob Campbell <bobcampbell@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12394

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Nov  2 01:28:44 CET 2016 on sn-devel-144
2016-11-02 01:28:44 +01:00
Bob Campbell
37aa11ce5b tests/getnc_exop: Improve the ridalloc test by performing an alloc against a new master
Currently we fail against ourselves due to rIDNextRid and
rIDPreviousAllocationPool normally being unset, despite being mandatory
attributes (being the only attributes in this situation).

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Clive Ferreira <cliveferreira@catalyst.net.nz>
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12394
2016-11-01 21:39:19 +01:00
Stefan Metzmacher
ff947f2765 s4:selftest: run rpc.echo with an object based binding string
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:18 +02:00
Stefan Metzmacher
6d70989c5c python/tests: add presentation context related tests to dcerpc raw protocol tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:14 +02:00
Stefan Metzmacher
450e00a8a7 s4:rpc_server: it's not a protocol error to do an alter context with an unknown transfer syntax
Windows 2012R2 only returns a protocol error if the client wants to change
between supported transfer syntaxes, e.g. from NDR32 to NDR64.

If the proposed transfer syntax is not known to the server,
the request will be silently ignored.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:14 +02:00
Uri Simchoni
3f82db56cb smbd: in ntlm auth, do not map empty domain in case of \user@realm
When mapping user and domain during NTLM authentication, an empty domain
is mapped to the local SAM db. However, an empty domain may legitimately
be used if the user field has both user and domain in upn@realm format.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12375

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-25 01:46:23 +02:00
Uri Simchoni
6e4c66e339 selftest: test NTLM user@realm authentication
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-10-25 01:46:23 +02:00
David Disseldorp
f6f6263f1f torture/ioctl: test compression responses when unsupported
Confirm that Samba matches Windows Server 2016 ReFS behaviour here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144

Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  6 06:14:34 CEST 2016 on sn-devel-144
2016-10-06 06:14:34 +02:00
Günther Deschner
bed0d84550 s4-torture: add test for spoolss_LogJobInfoForBranchOffice
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 19:57:25 +02:00
Andreas Schneider
5ae447e102 testprogs: Test only what the Heimdal kpasswd test should test
The test_password_settings.sh test does test using different password
settings and is not specific to the kpasswd implementation. This
test tests the kpasswd service.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-11 02:58:22 +02:00
Garming Sam
1a96f9329e getncchanges: Compute the partial attribute set from the remote schema
This doesn't fix the partialAttrSetEx case, so the test is left in the
knownfail file.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-08-25 10:32:09 +02:00
Uri Simchoni
f41f439335 vfs_shadow_copy: handle non-existant files and wildcards
During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.

This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
2016-08-25 05:35:29 +02:00
Uri Simchoni
22c3982100 selftest: test listing directories inside snapshots
Verify that directories are also listable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-25 01:38:28 +02:00
Günther Deschner
e99c8b34fe s4-torture: add test for spoolss_GetPrinterDriverPackagePath().
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:25 +02:00
Günther Deschner
54eafcaa12 s4-torture: add test for spoolss_CorePrinterDriver().
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-08-23 01:06:24 +02:00
Uri Simchoni
a6073e6130 smbd: allow reading files based on FILE_EXECUTE access right
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144
2016-08-18 18:58:22 +02:00
Uri Simchoni
5bf11f6f5b s4-smbtorture: pin copychunk exec right behavior
Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Uri Simchoni
55a9d35cab s4-selftest: add test for read access check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-08-16 11:31:27 +02:00
Garming Sam
192e54c91d rpc_server/drsuapi: Don't set msDS_IntId as attid for linked attributes if schema
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:10 +02:00
Garming Sam
0555443213 msds_intid: Add test for schema linked attributes
This test only covers the forward link case.

NOTE: We can't confirm this against Windows because they prevent us from
modifying the schema for the schema classes.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:10 +02:00
Evgeny Sinelnikov
032fc2762e rpc_server/drsuapi: Set msDS_IntId as attid for linked attributes if exists
We got WERR_DS_DRA_SCHEMA_MISMATCH for linked attributes with 8418 error for
extended attributes when using same attid as attribute object.

Signed-off-by: Evgeny Sinelnikov <sin@altlinux.ru>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Garming Sam
e0b6d6bb10 msds_intid: Add test for (non-schema) linked attributes
Prior to this, none of the linked attributes would be checked for their
ids.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-28 10:06:09 +02:00
Stefan Metzmacher
162c1f85bf selftest: don't allow ntlmv1 for 'nt4_member' and 'ad_member'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-22 16:03:26 +02:00
Garming Sam
3eb7fab04b dbcheck: Add a rule regarding replica locations
This fixes any RW DCs with repsFrom without the corresponding link. On
any RODC, this just reports an error (and doesn't fix it).

(the knownfail entry is also now removed)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
56771ec6d0 dbcheck/release-4-1-0rc3: Add a check regarding replica locations
This DC has repsFrom for the DNS partitions, but not the corresponding
link. This ensures that dbcheck has fixed them up. This will currently
fail without the actual changes to dbcheck coming in the following
commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9200

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-21 06:37:08 +02:00
Garming Sam
31ffe97178 extended_dn_out: Force showing of one-way links if they exist
Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Garming Sam
00e828a8a8 link_attrs: Add tests for one way links (and pseudo one-way)
Tested against Win2012R2. The deactivated link control has no effect on either
one way links or pseudo ones (only two-way ones presumably).

Signed-off-by: Garming Sam <garming@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-07-15 10:01:29 +02:00
Andrew Bartlett
89e67e309a Revert selftest: Add knownfail entry required to disable tombstone_reanimation
This reverts e0fa42201b

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul  9 18:41:40 CEST 2016 on sn-devel-144
2016-07-09 18:41:40 +02:00
Andreas Schneider
860d465e2b s4-torture: Add AES and RC4 enctype checks
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul  6 19:06:19 CEST 2016 on sn-devel-144
2016-07-06 19:06:18 +02:00
Andreas Schneider
1be45ab4d5 selftest: Skip the samba4.raw.eas tests
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-29 15:15:06 +02:00