IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Currently we only ignore KRB5_PROG_ETYPE_NOSUPP for
Primary:Kerberos-Newer-Keys, but not for Primary:Kerberos.
If a service account has msDS-SupportedEncryptionTypes: 31
and DES keys stored in Primary:Kerberos, we'll pass the
DES key to smb_krb5_keyblock_init_contents(), but may get
KRB5_PROG_ETYPE_NOSUPP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14354
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 28 14:04:26 UTC 2020 on sn-devel-184
When reading entries from gencache, wb_cache_rids_to_names() can
return STATUS_SOME_UNMAPPED, which _wbint_LookupRids() does not handle
correctly.
This test enforces this situation by filling gencache with one wbinfo
-R and then erasing the winbindd_cache.tdb. This forces winbind to
enter the domain helper process, which will then read from gencache
filled with the previous wbinfo -R.
Without having the entries cached this does not happen because
wb_cache_rids_to_names() via the do_query: path calls deep inside
calls dcerpc_lsa_lookup_sids_noalloc(), which hides the
STATUS_SOME_UNMAPPED that came in as lsa_LookupSids result value.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
ldap-starttls-response.dat is a reply to a starttls extended
operation. Right now ldap_decode() does not handle this correctly.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This makes sure the lease/oplock break retry logic based on
missing TCP acks is tested.
We're still not able to run multichannel tests automatically,
as socket wrapper doesn't support fd-passing yet.
But this testing this with single channels is a good start.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
batch22a tests the timeout on a valid connection
and batch22b tests the timeout on a broken/blocked connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
smbcacls does not handle DFS paths correctly. This is beacuse once the
command encounters a path which returns STATUS_PATH_NOT_COVERED, it does
not attempt a GET REFERRAL.
We use cli_resolve_path API to perform a DFS path resolution to solve
the above problem.
Additionally this removes the known fail against smbcacls tests
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 7 23:03:00 UTC 2020 on sn-devel-184
The commit creates a dfs link in existing 'fileserver' env
share msdfs_share. Additionally we create a new dfs target in
a new share (with associated directory)
Additionally add a known fail as smbcacls doesn't not yet navigate DFS links.
A subsequent commit will fix smcacls to handle DFS (and remove the
knownfail)
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is what all consumers of conn->cwd_fsp->fh->fd expect!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
An empty UDP packet put the nbt server into a busy loop that consumes
100% of a cpu.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Thu Jul 2 10:26:24 UTC 2020 on sn-devel-184
NBT has a funny thing where it sometimes needs to send a trailing dot as
part of the last component, because the string representation is a user
name. In DNS, "example.com", and "example.com." are the same, both
having three components ("example", "com", ""); in NBT, we want to treat
them differently, with the second form having the three components
("example", "com.", "").
This retains the logic of e6e2ec0001.
Also DNS compression cannot be turned off for NBT.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The empty subdomain component is reserved for the root domain, which we
should only (and always) see at the end of the list. That is, we expect
"example.com.", but never "example..com".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These time the push and pull function in isolation.
Timing should be under 0.0001 seconds on even quite old hardware; we
assert it must be under 0.2 seconds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The client libraries don't allow us to make packets that are broken in
certain ways, so we need to construct them as byte strings.
These tests all fail at present, proving the server is rendered
unresponsive, which is the crux of CVE-2020-10745.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 27 05:42:05 UTC 2020 on sn-devel-184
The process is exiting now so pthreads will never complete to cause
problems.
Remove the knownfail.d/aio_outstanding entry.
Followup-bugfix for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 24 20:14:15 UTC 2020 on sn-devel-184
Shows smbd panics if connection is terminated (torn down)
by killing the client with outstanding aio requests in the
queue. As we're closing smbd we should cope with this.
Followup-bugfix for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Windows DC adds short names for each specified msDS-AdditionalDnsHostName
attribute, but these have a suffix of "\0$" and thus fail with
ldap_get_values(), use ldap_get_values_len() instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Thu Jun 18 16:43:47 UTC 2020 on sn-devel-184
Like the short names added implicitly by Windows DC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Match Windows behavior and allow the forwardable flag to be
set in cross-realm tickets. We used to allow forwardable to
any server, but now that we apply disallow-forwardable policy
in heimdal we need to explicitly allow in the corss-realm case
(and remove the workaround we have for it the MIT plugin).
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Remove the knownfail.d/msdfs-attr file.
Everything now passes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Jun 3 06:19:21 UTC 2020 on sn-devel-184
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14367
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 29 09:55:10 UTC 2020 on sn-devel-184
On (eg) the
DC=_msdcs.X.Y,CN=MicrosoftDNS,DC=ForestDnsZones,DC=X,DC=Y
record, in domains that have had a Microsoft Windows DC an attribute:
dNSProperty:: AAAAAAAAAAAAAAAAAQAAAJIAAAAAAAAA
000000 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 >................<
000010 92 00 00 00 00 00 00 00 >........<
000018
We, until samba 4.12, would parse this as:
pull returned Success
dnsp_DnsProperty: struct dnsp_DnsProperty
wDataLength : 0x00000000 (0)
namelength : 0x00000000 (0)
flag : 0x00000000 (0)
version : 0x00000001 (1)
id : DSPROPERTY_ZONE_NS_SERVERS_DA (146)
data : union dnsPropertyData(case 0)
name : 0x00000000 (0)
dump OK
However, the wDataLength is 0. There is not anything in
[MS-DNSP] 2.3.2.1 dnsProperty to describe any special behaviour
for when the id suggests that there is a value, but wDataLength is 0.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dnsp/445c7843-e4a1-4222-8c0f-630c230a4c80
We now fail to parse it, because we expect an entry with id DSPROPERTY_ZONE_NS_SERVERS_DA
to therefore have a valid DNS_ADDR_ARRAY (section 2.2.3.2.3).
As context we changed it in our commit fee5c6a424
because of bug https://bugzilla.samba.org/show_bug.cgi?id=14206
which was due to the artificial environment of the fuzzer.
Microsoft advises that Windows also fails to parse this, but
instead of failing the operation, the value is ignored.
Reported by Alex MacCuish. Many thanks for your assistance in
tracking down the issue.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 07:29:17 UTC 2020 on sn-devel-184
These have been known to be given by Windows DCs that share the same domain
as while invalid, they are not format-checked inbound when set by the DNS
Manager MMC applet over the dnsserver pipe to Windows.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14310
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
With share_infos.tdb this is a locking order violation:
share_infos.tdb is level 4, brlock.tdb is level 2. Avoid this by first
walking the share_infos.tdb and then fetching all the brlock entries.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=14355
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu May 14 22:06:32 UTC 2020 on sn-devel-184
The only two callers that pass a root_dir_fid != 0 are reply_ntcreate_and_X()
and call_nt_transact_create(). By moving root_dir_fid processing outside of
SMB_VFS_CREATE_FILE() we can avoid rewriting get_relative_fid_filename() to work
with *AT semantics and dirfsps.
Bonus points: the previous code in both functions passed fname to
filename_convert() which can't really have worked as it is relative to
root_dir_fid so filename_convert() will not be able to stat() the relative path
and it's components.
The only test I can find that uses a root dir_fid is raw.samba3rootdirfid and
that uses a handle on the share root which will work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
raw.samba3rootdirfid tests with the share root directory as root_dir_fid handle,
that doesn't cover the case where the relative name has more then one path
component. It only works because in unix_convert() we run into the creating file
optimasation.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14380
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
On bad name conversion, exit the directory listing with an error, but leave the
connection intact. We were already checking for finfo->name == NULL here,
but were ignoring it and not reporting an error.
Remove the knownfail.d/bad_iconv file as we now
behave the same across CORE/NT1/SMB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184
SMB2 and NT1 fail this, CORE already returns NT_STATUS_INVALID_NETWORK_RESPONSE
on bad conversion.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>