IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 1 23:21:07 UTC 2019 on sn-devel-184
Now that File-ID calculation goes through the VFS, we can nicely make a
per-share option out of it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 26 19:31:28 UTC 2019 on sn-devel-184
We're going to change the default base schema so this patch changes all
tests and testenvs requiring the current default (2008_R2) to specify it
in all provision commands using --base-schema.
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(Spoiler alert, it breaks the oplock :-).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jun 24 20:05:34 UTC 2019 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184
The endian changes are needed in order to get the following result
from the blobs Windows generated (see the torture test):
AddrArray: ARRAY(3)
AddrArray: struct dnsp_dns_addr
family : 0x0002 (2)
port : 0x0035 (53)
ipv4 : 172.31.99.33
ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000
[MS-DNSP] states that the port is supposed to be ignored, but it's still
good to decode it as port '53' (0x0035) instead of '13568' (0x3500).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
In future we should use ipv4address, but that would result in a much
larger change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Samba aborts the read&x after a blocked, but eventually successful
locking&x call. Both Windows and source4/ntvfs do the read properly,
source3/smbd does not. With later code, this will become possible much
easier. Lets see if it's worth it given that we've got away with this
forever.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Right now we fail this with smbd, we return LOCK_NOT_GRANTED instead
of FILE_LOCK_CONFLICT. This will change with later commits.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"
Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Add a struct option to ndrdump that will allow it to print public
structures.
i.e. binn/ndrdump dns dns_name_packet struct data.file
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add test for the dumping of a public structure with ndrdump. This
removes the need to define decode_* functions in the idl.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.
At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184
This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.
Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When creating the customdc, testparm would default to using
/usr/local/samba sub-directories for creating sockets and lock files.
Instead, pass in the tmpdir we just created as an option to the command.
Normally this didn't cause a noticeable problem, however, if we run the
command with UID-wrapper but without socket-wrapper (i.e.
USE_NAMESPACES=1), then it fails completely.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 31 06:34:36 UTC 2019 on sn-devel-184
If we couldn't determine the realm/domain from the backup file, it's a
lot nicer to fail early with a clear error message (rather than failing
later on with a really obscure message).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In particular, document how to hook up a testenv to a Windows VM
(ideally there should be a helper script to do this, but in the
meantime some instructions are better than nothing).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This patch adds some helper scripts that make talking to a given
testenv's namespace slightly easier.
One of the really cool things about namespaces is you can run multiple
different programs that can all talk to the testenv DC. However, the
command to do this is a bit unweildly, it's based on PID so it changes
everytime you start up a testenv, and you loose all the environment
variables that selftest normally sets up.
This patch adds a couple of helper scripts:
- nsenter-helper.sh: this takes the variables defined in an exports_file
and exports them all. It prints some basic help and then starts a new
shell session (this whole script gets run in the new namespace).
Essentially this achieves something similar to the legacy
selftest-vars.sh script (except this one actually works).
- mk_nsenter.sh: this generates a simple wrapper script that'll run
nsenter and then call nsenter-helper.sh. A separate wrapper script
gets created for each testenv. E.g. to run it, just go:
./st/ad_dc/nsenter.sh
This is a wrapper for a more complicated command underneath like:
nsenter -t 437353 --net --user --preserve-credentials \
/home/timbeale/code/samba/selftest/ns/nsenter-helper.sh \
/home/timbeale/code/samba/st/ad_dc/exports.sh
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This hooks up the selftest/ns/* scripts added earlier with the selftest
system, so developers can optionally run a testenv or test using linux
namespaces instead of socket-wrapper.
The idea is this is experimental functionality that we can extend
further in future, in order to make testing Samba more versatile.
+ The top-level WAF script now does an 'unshare' to create a new
top-level 'selftest' namespace in which to create the testenv(s).
+ selftest.pl creates a common 'selftest0' bridge to connect together
the individual DCs.
+ Update Samba.pm so it can use real IPs instead of loopback addresses.
In fork_and_exec(), we add a couple of hooks so that the binary gets
started in a different namespace (using unshare/start_in_ns.sh), and
the parent process connects the new child namespace up to the common
selftest0 bridge (using add_bridge_iface.sh).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We store the testenv directory path for the 'ctx' hashmap, but not for
the testenv-vars hashmap (and that can be really annoying sometimes).
Add it into the second hashmap that selftest actually keeps track of.
Currently it's only stored in the hashmap, not actually exported as an
environment variable (but we could easily do that if a test-case need
this info).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds the underlying scripts, but they are not actually hooked up to
the selftest code yet, and so are not actually used.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Allow developers to override the default @term_args, as well as the
terminal itself.
Currently, due to the nature of the args we pass to xterm (i.e. 'echo -e
"blah.." && bash'), it doesn't make it very flexible for use with other
terminals. By dropping these additional @term_args, it makes it much
easier to slot in an alternative terminal.
For example, these commands now work (more or less).
TERMINAL="terminator" TERMINAL_ARGS="-x bash" \
SELFTEST_TESTENV=ad_dc make testenv
TERMINAL="bash" TERMINAL_ARGS="" \
SELFTEST_TESTENV=nt4_dc make testenv
TERMINAL="bash" TERMINAL_ARGS="--norc" \
SELFTEST_TESTENV=none make testenv
bash is usable, but a little weird because its output is still being
piped. Also bash with ad_dc is a little weird because we're using tee
for the DC's stdout. (I'd also recommend --norc, as it makes it easier
to differentiate between the testenv shell).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The new role owner need to replicate from the old role owner.
Before we told the old role owner to replicate from itself.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
From Python's point of view, array.AddrArray is a list of byte-valued
integers. In Python 3 we can convert directly using the likes of
bytes(array.AddrArray[i].MaxSa[8:24])
but in 4.10 we need to support both, so we use struct.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The selftest code typically stores hashmaps as scalar variables (i.e.
it only ever uses references to hashmaps). So much so that using a regular
hashmap (and passing it by reference via \%daemon_ctx) looks out of
place.
Using the hashmap directly made more sense when it was only being used
locally, but now the hashmap is being passed by reference into a function
anyway, so storing it as a scalar doesn't make much difference.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Now the code has been refactored, we can move it into a common function.
This reduces code duplication and means we have a common place where we
start samba daemons from.
Note that some daemons behave slightly different, but the $daemon_ctx
allows us to customize their behaviour a bit.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Final refactor to merge the fork-and-exec code into a common function.
We can now use $daemon_ctx{ENV_VARS} to customize differences between
the forked binaries:
- samba: add in extra env variables on top of the defaults.
- dns_hub: there are no ENV variables we need to export.
- winbindd/smbd: these use the defaults, so they pass through an
undefined $daemon_ctx{ENV_VARS} (purely to make the code common across
all 5 places).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Instead of having a special $skip_resolv_conf parameter just for nmbd,
use the get_env_for_process() API and customize the hashmap returned.
Pass the customized hashmap in as an optional part of the daemon_ctx.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This intermediary refactor adds a hashmap that stores the values needed
to run each samba daemon. This adds a bit more code in the short term,
but it basically means the code in 5 different places now becomes
identical, and we can extract it out to a common function.
The converting FULL_CMD from an array reference back to an array is a
bit ugly, but we can clean this up a bit once the code is all in one
place.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The s3 daemons all basically use the same command logic, it's just they
use slightly different environment variables.
This adds a common helper function, which we can pass the specific
environment variables into.
(Note the slight parameter difference for winbind with --stdout vs
--log-stdout).
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is a fairly simple move of code and is the first step in a larger
refactor.
It doesn't matter if we build up the command args prior to the fork (we
only use them in the forked child). But moving the code means the code
to handle the fork-and-exec becomes common code that is repeated in
several places throughout Samba3.pm and Samba4.pm.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Whenever we started a process, we basically used the same code to setup
the ENV variables.
The s4 ENVNAME may now be slightly different in the child process that
runs samba (i.e. '$testenv.samba'), but that ENV var did not appeared to
be used much.
I'm not sure if the current difference in $skip_resolv_wrapper logic for
nmbd was deliberate or accidental, but I've preserved the logic for now.
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Found by LCOV.
Some of the failures should be fixed by setting "restrict anonymous = 2"
as requested by bug 12775
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The samba3.wkssvc test is not as comprehensive, but rpc.wkssvc needs to run against the
ad_member environment to get past a builtin administrators check.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
The test already existed but was not run.
Found by LCOV
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
This moves the trigger points where AppleDouble file conversion is run by
ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
level VFS entry points.
Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
"file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
what created the file, we call SMB_VFS_FSTAT() on the just created
filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
deletes the file.
This commit moves calling of the conversion funtion to the high level VFS entry
points where the converted metadata is needed:
o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
repurposed fields in the directory entry metadata
o obviously for SMB_VFS_CREATE_FILE() on an macOS stream
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reveals a bug in the AppleDouble conversion code: the conversion code that
unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):
after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
ad_convert(), finds the resource fork empty and thus deletes the file.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
get_share (called from 'net conf showshare') does a lookup of the share
name case-insensitively. As the registry stores the share name in the
correct case and 'net conf list' prints the correct case, also lookup
the correct case for get_share.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
