IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We don't want octal numbers or overflows.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The second one came with code obsoleting the "BIG NOTE" about 10 years
ago, but that code later wandered off somewhere else.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
No.
That's good and expected because a failure here should fall back to the
next thing in the simple bind pecking order (canonical names).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
By using an ldb.Dn as an intermediary, we get to see which SIDs
Samba thinks are OK but Windows thinks are bad.
It is things like "S-0-5-32-579".
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
As a way of testing the interpretation of a SID string in a remote
server, we search on the base DN "<SID=x>" where x is a non-existent
or malformed SID.
On Windows some or all malformed SIDs are detected before the search
begins, resulting in a complaint about DN syntax rather than one about
missing objects.
From this we can get a picture of what Windows considers to be
a proper SID in this context.
Samba does not make a distinction here, always returning NO_SUCH_OBJECT.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The Samba side is aspirational -- what we actually do is generally
worse. However the Windows behaviour in these cases seems more
surprising still, and seems to be neither documented nor used.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The reason the existing tests send the SID over the wire as SDDL for
defaultSecurityDescriptor is it is one of the few ways to force the
server to reckon with a SID-string as a SID. At least, that's the case
with Windows. In Samba we make no effort to decode the SDDL until it
comes to the time of creating an object, at which point we don't notice
the difference between bad SDDL and missing SDDL.
So here we add a set of dynamic tests that push the strings through our
SDDL parsing code. This doesn't tell us very much more, but it is very
quick and sort of confirms that the other tests are on the right track.
To run against Windows without also running the internal Samba tests,
add `SAMBA_SID_STRINGS_SKIP_LOCAL=1` to your environment variables.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is going to be useful for another test, soon.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We are mostly testing edge cases around the handling of numeric
limits.
These tests are based on ground truth established by running them
against Windows.
Many fail against Samba, because the defaulSecurityDescriptor
attribute is not validated at the time it is set while on Windows it
is.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This will allow e.g. a suite of tests that assert Windows behaviour that
we might not choose to follow.
Because @DynamicTestCase will mangle the class as it finds it, we can't
use SidStringTests itself as a superclass for others.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This removes the slim chance of flapping failures, and makes tracking
the created class back to the SID string theoretically possible.
To maintain uniqueness of the governs-id, we in chuck some of the
timestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We don't care about the exact time of the test, just that we
disambiguate between different runs (each run leaves an immutable scar
on the target server).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It can be useful to know what you're looking for.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The ACE string "(A;CI;RP LCLORC;;;AU)", with a space after "RP", is
currently not parsed well by Samba.
At the moment we parse only the "RP" and ignore the " LCLORC". What
Windows would do is parse it as if it said "RPLCLORC", without the
space, thus using all the flags. It seems very likely we thought this
was happening with Samba.
Soon Samba will have Windows' behaviour here and it will be tested in
python/samba/tests/sddl.py. That means this test can relax and focus
on whatever it was trying to do with upgradeprovision. We thank it for
finding this discrepency.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The wrong string is the wrong value but the right type.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Apart from catching crashes in the actual parsing, we abort if the SD
we end up with will not round trip back through SDDL to an identical
SD.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 09:25:50 UTC 2023 on atb-devel-224
We should give a good warning message one level above.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 27 08:22:58 UTC 2023 on atb-devel-224
This fixes an issue with gdb >= 13:
libndr.so: symbol ndr_transfer_syntax_ndr64 has changed
old_signature: uuid = {
time_low = 1903232307,
time_mid = 48826,
time_hi_and_version = 18743,
clock_seq = "\203\031",
node = "\265\333\357\234\314\066"
}, if_version = 1
new_signature: uuid = {
time_low = 1903232307,
time_mid = 48826,
time_hi_and_version = 18743,
clock_seq = "\203\031",
node = "\265\333\357\234\3146"
}, if_version = 1
\314\066 and \3146 are the same as \066 translates into the char '6'. In order
to address this we should do byte comparison in python.
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Alexander Bokovoy <ab@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:331:37: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
331 | fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME,
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:316:62: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
316 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘test_one’,
inlined from ‘retest’ at source3/torture/locktest2.c:401:8:
source3/torture/locktest2.c:300:60: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=]
300 | fnum[server][fstype][conn][f],
| ~~~~~~~~~~~~^~~~~~~~
source3/torture/locktest2.c: In function ‘retest’:
source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’
390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES],
| ~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In file included from source4/include/includes.h:61,
from dfs_server/dfs_server_ad.c:21:
dfs_server/dfs_server_ad.c: In function ‘get_dcs.constprop’:
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
200 | && (dbgtext body) )
| ~^~~~~~~~~~~~~
dfs_server/dfs_server_ad.c:462:25: note: in expansion of macro ‘DEBUG’
462 | DEBUG(2,(__location__ ": Site: %s %s\n",
| ^~~~~
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Missed two more places originally when introduced ROLE_IPA_DC.
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr 25 07:46:36 UTC 2023 on atb-devel-224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15362
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Apr 24 14:13:35 UTC 2023 on atb-devel-224
This test doesn't work in release tarballs. Skip it if git fails.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 21 13:59:29 UTC 2023 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 20 12:56:53 UTC 2023 on atb-devel-224
This fixes setting veto files to '.*' to not list hidden files and
directories starting with a dot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15360
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 19 22:30:19 UTC 2023 on atb-devel-224
An apply reports the error "NameError: free
variable 'cron_dir' referenced before assignment
in enclosing scope". This only happens when no
policy is defined for this CSE, because existing
policy causes the variable to be defined.
Moved the 'cron_dir' varilable to the correct
scope.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Wed Apr 19 21:21:10 UTC 2023 on atb-devel-224
