IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This reproduces a regression with
'net ads search -P --server server.of.trusted.domain'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3b585f9e8c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15276
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org The self.set_heuristic(samba.dsdb.DS_HR_ATTR_AUTHZ_ON_LDAP_ADD, b'11')
in the test setUp() is unused in this test but is included as a
clean backport, so the fact that the server does not implement this
is unimportant]
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
This shows that changes around RC4 encryption types do not break older
functional levels where only RC4 keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 44802c46b1)
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit 371d7e63fc)
[jsutton@samba.org Removed unneeded fast_tests.py change, added
non_etype_bits in raw_testcase.py, fixed conflicts in knownfails and
tests.py]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(similar to commit a50a2be622)
[jsutton@samba.org Fixed conflicts in krb5pac.idl and raw_testcase.py]
The KDC should leave the choice of ticket encryption type up to the
target service, and admit no influence from the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 177334c042)
[jsutton@samba.org Fixed conflicts in usage.py, knownfails, tests.py]
later gnutls that support GNUTLS_PBKDF2 currently fail,
we need to conditionally switch test data to reflect use of
'samr_ChangePasswordUser3' or 'samr_ChangePasswordUser4'
depending on whether GNUTLS_PBKDF2 is supported or not
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ce7c418ca4)
Autobuild-User(v4-17-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-17-test): Mon Oct 31 10:08:34 UTC 2022 on sn-devel-184
This test, compared with the direct to RPC tests, will succeed, then fail once the
server is changed to emulate Samba 4.5 and and again succeed once the python code
changes to allow skipping the DRSUAPI_DRS_CRITICAL_ONLY step
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7ff743d65d)
The chgdcpass environment will emulate older verions of Samba
that fail to implement DRSUAPI_DRS_GET_ANC correctly and
totally fails to support DRSUAPI_DRS_GET_TGT.
This will allow testing of a client-side fallback, allowing migration
from sites that run very old Samba versions over DRSUAPI (currently
the only option is to attempt an in-place upgrade).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15189
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 62b426243f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 91e2e5616c)
[jsutton@samba.org Fixed conflicts in usage.py, knownfails, and tests.py
due to not having claims tests]
This way it is easier to select them with 'make test'.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The current test uses the dig tool from bind9 but this tool has been
rewritten in 9.17.7 to use bind's netmgr functions instead of isc_socket
(commit 94b7988efb0f9b96415dd2966e6070450d960263).
The problem is that these 'netmgr' functions use libuv internally, and, on
systems supporting it, they end up using the sendmmsg() syscall which is not
catched by socket wrapper so the test fails.
This commit converts the test to python and uses the dnspython module
instead of the dig tool. Backtraces follow as reference.
Backtrace from dig v9.16.28 (working):
#0 0x00007ffff778edee in sendmsg () from /lib64/libc.so.6
#1 0x00000000005e5dee in cmsgsend (s=s@entry=12, level=level@entry=0, type=type@entry=1, res=<optimized out>) at net.c:515
#2 0x00000000005e616c in try_dscp_v4 () at net.c:623
#3 try_dscp () at net.c:696
#4 0x00007ffff7708ad7 in __pthread_once_slow () from /lib64/libc.so.6
#5 0x00000000005e66d7 in initialize_dscp () at net.c:702
#6 isc_net_probedscp () at net.c:707
#7 0x00000000005e8460 in socket_create (manager=0x6b49c0, pf=2, type=<optimized out>, socketp=0x7ffff0012b00, dup_socket=0x0) at socket.c:2454
#8 0x000000000043cfcd in send_udp (query=0x7ffff00129a8) at dighost.c:2897
#9 0x000000000043f9c7 in onrun_callback (task=<optimized out>, event=<optimized out>) at dighost.c:4271
#10 0x00000000005dfefe in task_run (task=0x6b5c70) at task.c:851
#11 isc_task_run (task=0x6b5c70) at task.c:944
#12 0x00000000005ca0ce in isc__nm_async_task (worker=0x6b8970, ev0=0x716250) at netmgr.c:873
#13 process_netievent (worker=worker@entry=0x6b8970, ievent=0x716250) at netmgr.c:952
#14 0x00000000005ca2ba in process_queue (worker=worker@entry=0x6b8970, type=type@entry=NETIEVENT_TASK) at netmgr.c:1021
#15 0x00000000005caa43 in process_all_queues (worker=0x6b8970) at netmgr.c:792
#16 async_cb (handle=0x6b8cd0) at netmgr.c:821
#17 0x00007ffff7898a4d in ?? () from /lib64/libuv.so.1
#18 0x00007ffff78b4217 in ?? () from /lib64/libuv.so.1
#19 0x00007ffff789e40a in uv_run () from /lib64/libuv.so.1
#20 0x00000000005ca31e in nm_thread (worker0=0x6b8970) at netmgr.c:727
#21 0x00000000005e2315 in isc__trampoline_run (arg=0x6b7c40) at trampoline.c:198
#22 0x00007ffff7703767 in start_thread () from /lib64/libc.so.6
#23 0x00007ffff778dc10 in clone3 () from /lib64/libc.so.6
Backtrace from dig v9.17.7 (not working):
#0 0x00007ffff7684480 in syscall () from /lib64/libc.so.6
#1 0x00007ffff754aed0 in uv__sendmmsg (vlen=0, mmsg=0x0, fd=10) at src/unix/linux-syscalls.c:163
#2 uv__udp_mmsg_init () at src/unix/udp.c:74
#3 0x00007ffff7606ad7 in __pthread_once_slow () from /lib64/libc.so.6
#4 0x00007ffff7541bd9 in uv_once (guard=<optimized out>, callback=<optimized out>) at src/unix/thread.c:440
#5 0x00007ffff7539e9b in uv__udp_sendmsg (handle=0x7ffff50535b8) at src/unix/udp.c:415
#6 uv__udp_send (send_cb=0x7ffff7a41db0 <udp_send_cb>, addrlen=<optimized out>, addr=<optimized out>, nbufs=1, bufs=0x7ffff506c720, handle=0x7ffff50535b8, req=0x7ffff506c878) at src/unix/udp.c:773
#7 uv_udp_send (req=req@entry=0x7ffff506c878, handle=handle@entry=0x7ffff50535b8, bufs=bufs@entry=0x7ffff506c720, nbufs=nbufs@entry=1, addr=<optimized out>, send_cb=send_cb@entry=0x7ffff7a41db0 <udp_send_cb>) at src/uv-common.c:464
#8 0x00007ffff7a42308 in udp_send_direct (peer=0x7ffff5dfa988, req=0x7ffff506c700, sock=0x7ffff5053000) at netmgr/udp.c:839
#9 isc__nm_async_udpsend (worker=<optimized out>, ev0=0x7ffff5dfa950) at netmgr/udp.c:780
#10 0x00007ffff7a47de7 in isc__nm_udp_send (handle=<optimized out>, region=0x7ffff5dfaa90, cb=0x555555566250 <send_done>, cbarg=<optimized out>) at netmgr/udp.c:749
#11 0x0000555555562ac2 in send_udp (query=0x7ffff502a000) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2899
#12 udp_ready (handle=0x7ffff5026180, eresult=ISC_R_SUCCESS, arg=<optimized out>) at /usr/src/debug/bind-9.18.2-1.1.x86_64/bin/dig/dighost.c:2974
#13 0x00007ffff7a37d34 in isc__nm_async_connectcb (worker=worker@entry=0x7ffff622f000, ev0=ev0@entry=0x7ffff5026480) at netmgr/netmgr.c:2704
#14 0x00007ffff7a3ca20 in process_netievent (worker=worker@entry=0x7ffff622f000, ievent=0x7ffff5026480) at netmgr/netmgr.c:940
#15 0x00007ffff7a3d027 in process_queue (worker=worker@entry=0x7ffff622f000, type=type@entry=NETIEVENT_NORMAL) at netmgr/netmgr.c:977
#16 0x00007ffff7a3d203 in process_all_queues (worker=0x7ffff622f000) at netmgr/netmgr.c:733
#17 async_cb (handle=0x7ffff622f360) at netmgr/netmgr.c:762
#18 0x00007ffff7531a4d in uv__async_io (loop=0x7ffff622f010, w=<optimized out>, events=<optimized out>) at src/unix/async.c:163
#19 0x00007ffff754d217 in uv__io_poll (loop=0x7ffff622f010, timeout=<optimized out>) at src/unix/epoll.c:374
#20 0x00007ffff753740a in uv__io_poll (timeout=<optimized out>, loop=0x7ffff622f010) at src/unix/udp.c:122
#21 uv_run (loop=loop@entry=0x7ffff622f010, mode=mode@entry=UV_RUN_DEFAULT) at src/unix/core.c:391
#22 0x00007ffff7a3d624 in nm_thread (worker0=0x7ffff622f000) at netmgr/netmgr.c:664
#23 0x00007ffff7a6c915 in isc__trampoline_run (arg=0x555555599210) at /usr/src/debug/bind-9.18.2-1.1.x86_64/lib/isc/trampoline.c:187
#24 0x00007ffff7601767 in start_thread () from /lib64/libc.so.6
#25 0x00007ffff768bc10 in clone3 () from /lib64/libc.so.6
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 4 00:27:29 UTC 2022 on sn-devel-184
We don't need seperate test suites here, all tests are related to
File-Ids.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
It doesn't make sense to run tests against ad_dc and ad_dc_ntvfs in
those cases.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There is no need to specify the enctype and it isn't supported by MIT Kerberos
anyway.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 21:54:11 UTC 2022 on sn-devel-184
There is no need to specify the enctype and it isn't supported with MIT
Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We want one common test which works against Heimdal and MIT Kerberos.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
There is not difference kerberos-wise between those two envs.
This reverts 661e1a229e.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It's not necessary to repeat the required environment variables for
every test.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
We get the server to decode the SDDL by putting the SID strings in the
defaultSecurityDescriptor of a new class and making an object of that
class. We then check that the resulting SID is what we expect.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The s4member test environment is a historical artifact, provisioned like an
AD DC using sam.ldb and joined using the historical S4 join code.
Once running however it is nothing particualr special in winbindd, so
there is no need to run the tests against ad_member and s4member.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This also addresses CVE-2020-17049.
MIT Kerberos 1.20 is in pre-release state at the time writing this commit. It
will be released in autumn 2022. We need to support MIT Kerberos 1.19 till
enough distributions have been released with MIT Kerberos 1.20.
Pair-Programmed-With: Robbie Harwood <rharwood@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Verifies async-dosmode sync fallback works with shadow_copy2 which returns
ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14955
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
So far we have only been checking padata in error replies and with FAST.
We should also check it in the general success case.
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
smb2.fileid_unique.fileid_unique
smb2.fileid_unique.fileid_unique-dir
Create 100 files or directories as fast as we can
against a "normal" share, then read info on them
and ensure (a) top bit is set (generated from itime)
and (b) uniqueness across all generated objects
(checks poor timestamp resolution doesn't create
duplicate fileids).
This shows that even on ext4, this is enough to
cause duplicate fileids to be returned.
Add knownfail.d/fileid-unique
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14928
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This is currently not checked in several places due to STRICT_CHECKING
being set to 0.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
