IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO
after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains
the client capabilities, client guid, security mode and the array of supported
dialects. But if SMB 2.02 is negotiated the doesn't send these values to the
server in the first connection attempt (when the client starts with a SMB1 Negotiate).
Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED
as answer to FSCTL_VALIDATE_NEGOTIATE_INFO.
We should do the same if we just pretend to support SMB 2.02,
as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This reproduces the problem with trying to implement
FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The existing tests did not actually demonstrate what they
thought they did until the credential values were refreshed.
The new test showed this, because Samba fails it (windows passes)
due to the way we keep the last challenge on the connection.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The test_smbclient_tarmode.pl test operates on $LOCAL_PATH by default
and removes everything. So it deletes all precreated files and
directories which the setup_fileserver() function initially set up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12867
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and
O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to
open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform
further checks to be sure. Adjust non_widelink_open() accordingly. This fixes
a regression where symlinks to directories within the same share were no
longer followed for some call paths on systems returning ENOTDIR in the above
case.
Also remove the knownfail added in previous commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860
Signed-off-by: Daniel Kobras <d.kobras@science-computing.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Because making provision faster makes autobuild faster.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is something of a rewrite of ad_dc_performance.py with more
search tests and a rebalancing of others. For example, the users are
added in three lots of 2000 using varying methods rather than 5 of
1000 using ldap, reducing duplication thus clarifying the results.
Links are added in more realistic patterns with groups of varying
size.
To save time, the database is not cleaned up. Usually perftests are
run with TESTS= restriction to a single suite, but in case this is not
done, this suite is run last.
The ad_dc_performance suite is not replaced so that comparisons with
old test sequences are still possible.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Add a String constructor, str and repr methods to the
samba.dcerpc.lsa.String python object
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests for the String constructor, str and repr methods added to
the samba.dcerpc.lsa.String python object
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
I've seen a lot of failures with make testenv telling that stdin returns
EAGAIN. I haven't fully diagnosed it, but this seems to fix it. Now
make testenv is much more reliable.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun 21 03:14:17 CEST 2017 on sn-devel-144
This ensures that the posixacl.py test does not race against winbindd starting up and so
give wrong mappings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is simple enough because we already have the sorted list.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This fails, so we add it to selftest/knownfail.d/
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Not all environments should use the samba workgroup name.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 14 02:53:27 CEST 2017 on sn-devel-144
This avoids issues getting replication going after the DC first starts
as the rest of the domain does not have to wait for samba_dnsupdate to
run successfully
We do not just run samba_dnsupdate as we want to strictly
operate against the DC we just joined:
- We do not want to query another DNS server
- We do not want to obtain a Kerberos ticket for the new DC
(as the KDC we select may not be the DC we just joined,
and so may not be in sync with the password we just set)
- We do not wish to set the _ldap records until we have started
- We do not wish to use NTLM (the --use-samba-tool mode forces
NTLM)
The downside to using DCE/RPC rather than DNS is that these will
be regarded as static entries, and (against windows) have a the ACL
assigned for static entries. However this is still better than no
DNS at all.
Because some tests want a DNS record matching their own name
this fixes some tests and removes entires from knownfail
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Jun 11 02:04:52 CEST 2017 on sn-devel-144
This ensures that samba_dnsupdate can run in the long term against the new DNS entries
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Otherwise, we always report the first server we created/provisioned the AD domain on
which does not match AD behaviour. AD is multi-master so all RW servers are a master.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This will let us check the negative behaviour: that updates against RODCs fail
and un-authenticated updates fail.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Attempting to 'ls' the file server against a single process AD will get
stuck. This also appears as the KDC being busy.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
This makes it easier to add a temporary knownfail to cover a patch
series.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Jun 3 13:55:41 CEST 2017 on sn-devel-144
We eliminate a small race between GUID -> DN and ensure RODC can only
reset bad password count on accounts it is allowed to cache locally.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This requires as a pre-requisite that the auth stack is not run twice.
We remove the knownfail introduced in the earlier patch.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
pdbtest.s4winbind no longer is applicable without a live NETLOGON
connection.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This test passes against Windows 2016 but currently fails against Samba
for some reason. The test does the following:
1. A stat open on a file, then
2. a second open with a RWH-lease request
Windows grants a RWH-lease in step 2, while Samba only grants a
R-lease. Go figure...
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sun May 28 18:52:52 CEST 2017 on sn-devel-144
Enable the DCERPC_SCHANNEL_AUTO option in dceprc bindings. If not enabled
calls to netlogon.netlogon from python fail with NT_STATUS_DOWNGRADE_DETECTED
if schannel bindings are specified.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
The challenge parameter was being treated as a string rather than as a
data blob. This was causing intermittent seg faults. Removed the
server_timestamp parameter as it's not currently used.
Unable to produce a test case to reliably replicate the failure.
However auth_log_samlogon does flap
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Changes to virtualCryptSHA256 and virtualCryptSHA512 attributes.
The values are now calculated as follows:
1) If a value exists in 'Primary:userPassword' with
the specified number of rounds it is returned.
2) If 'Primary:CLEARTEXT, or 'Primary:SambaGPG' with
'--decrypt-samba-gpg'. Calculate a hash with the specified number of rounds
3) Return the first {CRYPT} value in 'Primary:userPassword' with a
matching algorithm
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Tests to ensure that precomputed SHA256 and SHA512 hashes in
'supplementalCredentials Primary:userPassword' are used correctly in the
calculation of virtualCryptSHA256 and virtualCryptSHA512
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Generate sha256 and sha512 password hashes and store them in
supplementalCredentials
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests to verify the generation and storage of sha256 and sha512
password hashes in suplementalCredentials Primary:userPassword
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow the number of rounds to be specified when calculating the
virtualCryptSHA256 and virtualCryptSHA512 attributes.
i.e. --attributes="virtualCryptSHA256;rounds=3000" will calculate the
hash using 3,000 rounds.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests to for the new rounds option for the virtualCryptSHA256 and
virtualCryptSHA512 attributes.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add new virtualWDigest attributes, these return the hashes stored in
supplementalCredentials Primary:WDigest, in a form suitable for
htdigest authentication
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add tests for the new virtualWDigest attributes, these return the hashes
stored in supplementalCredentials Primary:WDigest in a form suitable for
use with htdigest authentication.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
