IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
s4 returns NETWORK_NAME_DELETED if you attempt to use an invalid tree connection
for a lock. This test (correctly I think) happens before we validate the file handle.
That implies that when you pass both a closed handle and a invalid tree you
should get NT_STATUS_NETWORK_NAME_DELETED.
I think the error/success codes returned by windows for these tests
are quite bogus. The ones s4 gives are much more reasonable. The
locking ones returning NT_STATUS_SUCCESS could lead to data loss, as
an application thinks it has a file locked correctly when it fact it
doesn't, so it could do an unsafe modify.
I was stumped for a while as to why the drs test suite was failing for
me. It turned out that it looked for LDB_URL in the environment, and
used it if set. I had it set in my terminal, and it was happily
munching on my sam.ldb while testing. Quite a cute bug really :-)
The passtrhough version of SET_END_OF_FILE_INFO is tested in
RAW-SFILEINFO-END-OF-FILE.
Additionally, the first opener is changed to use SHARE_WRITE for the
share mode since SET_END_OF_FILE_INFO actually writes data to the file
via truncating/extending.
A side effect of this change is that RAW-SFILEINFO now runs the whole
suite instead of just the first test. I changed the name of the first
test to RAW-SFILEINFO-BASE and changed all of the selftest scripts
that call it.
* Ported all tests from raw/notify.c to smb2/notify.c
* Parameterized the max_buffer_size so it can be set on a
per-target basis.
* Fixed CHECK macros to use torture_result
* Created a SMB2-NOTIFY test suite
The BRL tests previously based their results off several bugs in the
W2K8 byte range lock code. I've fixed up the tests to pass against
Win7 which has fixed these bugs, and assume that the Win7 behavior
is the default.
I have inverted the test behavior for >63-bit lock requests. The
tests previously expected NT_STATUS_OK as their default in this
case. I've changed that default to expect STATUS_INVALID_LOCK_RANGE.
This may requires some changing of make test to compensate.
I've also removed a few test scenarios from VALID-REQUEST in preparation
of replacing them with separate tests ported from RAW-LOCK.
I left dumping of decrypted attributes values 'as is'
(using DEBUG and DEBUGADD) as it uses dump_data() function.
dump_data() uses DEBUGADD internally, so I have no way
to redirect its output to torture_context at this point.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
The load of defaultObjectCategory as an extended DN means we need to
use the common parsing functions I just split out, rather than the
GET_DS_DN macro.
The objectGUIDs are loaded so that we can create the extended DN when
we load from LDIF (and are loaded for the other cases for
consistency).
Also adapt callers to API changes needed for common parsing code
Andrew Bartlett
I'm satisfied that the task this test does is already done by the time
we map the incoming schema, and process the objects. If we have the
OID mapping wrong or incomplete, we will get any errors this test
found errors there.
(And this dramaticly reduces the test time, so we can now add
RPC-DSSYNC to 'make test').
Andrew Bartlett
I've left out those for which I could not find an expected value in my
default Windows 2003 server's database, and the values that rely on
the current prefix map at the time.
Andrew Bartlett
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett
The LogonControl tests now are split out to a new RPC-NETLOGON-ADMIN test that
tests the behaviour of that call when called by user, dc or workstation.
Guenther
The responsibility for failing torture_context sould be for the
caller.
This gives better control in for test case driver function.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
"partial drsuapi_prefixMap" is a prefix map without last entry
being special - i.e. map that does not contains schema_info entry.
Test for dsdb_schema_pfm_from_drsuapi_pfm() were also extended to
cover both 'full' and 'partial' map conversion.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
dsdb_schema_pfm_contains_drsuapi_pfm() is part of reimplemented
prefixMap interface.
This name was choosen to clearly show, that this a week verification
in case we want to determine if remote schema is changed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Also, dsdb_load_oid_mappings_drsuapi() was reimplemented to use
dsdb_schema_pfm_from_drsuapi_pfm() function to load
drsuapi_prefixMap into schema->prefixmap
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This allows us to reuse a ldb context if it is open twice, instead
of going through the expensive process of a full ldb open. We can
reuse it if all of the parameters are the same.
The change relies on callers using talloc_unlink() or free of a parent
to close a ldb context.
This patch adds a system_session cache, preventing us from having to
recreate it on every ldb open, and allowing us to detect when the same
session is being used in ldb_wrap
Currenly those tests cover only the main part of the interface,
i.e. dsdb_schema_pfm_new(), dsdb_schema_pfm_make_attid()
and dsdb_schema_pfm_oid_from_attid()
In some cases we were not doing streams tests on s4 that we should. In
others, we were calling tests that are known to fail on s4. Some of
those are a bit puzzling.
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
For KERBEROS applications the realm should be upcase (function "lp_realm") but
for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch
implements the use of both in the right way.
The BENCH-TCON test was leaving the socket open. A smbclie_tdis()
closes the tree connection, but does not close the socket.
This caused the build farm to run out of file descriptors
Four tests were ported from raw/open.c
One new tests added LEADING-SLASH, which tests that a server provides
the proper error when a relative path is given to a CREATE PDU
with a leading "/".
I've added a "--target=onefs" which lists expected deviation in the
OneFS SMB server implementation compared to a Windows machine.
I've added this in a generic way using a list of module specific
parameters. This list currently only contains the absence of
SACL support but will be added to as additional server differences
are defined.
I'd liked to use this abstraction for defining the differences between
a WinXP and Win7 server as well.
Test several thousand permutations of create mask and sharemodes on file
and directory opens.
These tests use a checked-in results table derived from a WinXP server to
verify correct server behavior.
CREATEX_ACCESS
CREATEX_SHAREMODES_FILE
CREATEX_SHAREMODES_DIR
MAXIMUM_ALLOWED
* Add chained NTCREATEX_READX test which first tries to open/read
a non-existant file failing on the open, then attempts the same
operation on a file that does exist, opening and reading
successfully.
* Add test for open_dispositions on directories.
I've ported all applicable SMB oplock torture tests to SMB2, giving us
a good base for SMB2 oplock testing.
There are several differences between oplocks in SMB and SMB2, mostly
because of differences in W2K3 and W2K8. The existing SMB oplock
tests all pass against W2K3, but several fail against W2K8. These
same tests were failing in SMB2, util I reworked them.
BATCH19, BATCH20: In W2K3/SMB a setfileinfo - rename command wouldn't
cause a sharing violation or break an existing oplock. It appears that
in W2K8/SMB2 a sharing violation is raised.
BATCH22: In W2K3/SMB when a second opener was waiting the full timeout
of an oplock break, it would receive NT_STATUS_SHARING_VIOLATION after
about 35 seconds. This bug has been fixed in W2K8/SMB2 and instead
the second opener succeeds.
LEVELII500: Added 1 new test checking that the server returns a proper
error code when a client improperly replies to a levelII to none break
notification.
STREAM1: W2K8 now grants oplocks on alternate data streams.
After this patch DsGetNCChanges() test works fine.
bind_info returned by server is also cached for future use
Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
Previously, the oplock torture tests, being single threaded, required
the server to return oplock break requests, and other SMB packets
in a specific order for us to verify "correctness".
Of course, in several cases the protocol allows the break packets,
especially breaks to levelII to come back in any order. With tevent
we're now able to wait for oplock breaks in the middle of a torture
test.
I've added a helper to do this, and modified all oplock tests to allow
returning of oplock breaks in any order.
When we replicate from a remote DC, we need to note the new uSN that
the local changes have resulted in, and modify the uSN that the notify
task uses to determine if it should send a ReplicaSync message back to
the remote DC. Otherwise we end up always triggering a ReplicaSync
every time we replicate from another DC
DRSUAPI_DS_NAME_FORMAT_UKNOWN added to 'known-to-fail'
responses as this actually means to ask AD to resolve
a name from FQDN format to Unknown format.
* removed all uses of printf, replaced with torture_comment
* replaced custom CHECK macros with new torture_assert_*_todo() helpers
* switched string dir name generation to generate_unique_strs() helper,
to avoid non-deterministic test behavior where generate_rand_str()
would cause file colissions in the same directory.
Through a suggestion pointed out in bug #6622 the test file sometimes doesn't exist on
the last turn anymore. So we haven't to fail here since it could have been deleted by
a concurrent process (e.g. when the same test runs multiple times). Therefore also
NT_STATUS_OBJECT_NAME_NOT_FOUND is an acceptable result.
This is used by at patch to the NTP project to supply authenticated
time as required by MS-SNTP. (ie, to keep windows clients in time sync
in the domain)
Andrew Bartlett
The existing test was only covering files opened underneath the
directory that was being renamed. It is not uncommon for windows
clients to actually hold a read-only handle to a directory open across
the rename, which it turns out doesn't return NT_STATUS_ACCESS_DENIED.
Additionally, holding a handle open to a stream on the directory is
also allowed.
The original patch didn't cope with a NULL target server name - we now key off that to decide it isn't worth checking against LDAP for this host.
I still can't get this to pass against Windows 2008, but mdw was
testing against Windows 2008R2. at least 'make test' is happy, and
the rest should not be too hard...
Andrew Bartlett
This reworks the test to be part of the LDAP tests, to make better use
of the torture API and the ldb API (in particular around adding
controls), and a general cleanup.
This also adds the test to the 'make test' run.
Andrew Bartlett
* Most of the tests were ported from SMB torture tests.
* Added one new tests which checks the behavior of the file_index field
present in SMB2_FIND struct.
* Added one new test to check the enumeration of directories containing
lots of files (~2000 files) with name lengths varying from 1 to 200 char.
This test talks to a DC as a joined workstation member - in the same way
winbindd does, in particular the calls used in this test's query pattern
will all request for SEC_FLAG_MAXIMUM_ALLOWED access_mask
(which pretty much all of samba's client code does as well).
In fact this test verifies that winbind can correctly talk to a samba dc using
samr dcerpc calls.
Guenther
On calls where both NT_STATUS and WERROR results are returned and consulted
we have to make sure to form function results considering both.
This errors have been found through a run against SAMBA 4.
We need to pass down flags to the DCE/RPC layer to allow fallback to
anonymous connections, as we can't log in with an expired password.
The anonymous connection can then change the password with SAMR.
Andrew Bartlett
- Insert a check after the "tsocket" library call to make sure that the call
terminated correctly
- Add a comment to explain why on further calls of "cldap_socket_init" the
destination address hasn't to be specified
Patch for bug #4939
This refactors the NETLOGON code related to this bug:
- Introduces a new "SYNCSTATE" enum required by the "DatabaseSync2" call (acc.
to WSPP)
- Make "DatabaseSync" dependant from "DatabaseSync2" (acc. to WSPP)
- Let "DatabaseSync2" return NT_STATUS_NOT_IMPLEMENTED (I'm not sure if this is
also true when a domain is running in mixed mode)
- Make "LogonControl" and "LogonControl2" dependant form "LogonControl2Ex"
(acc. to WSPP)
- Let "LogonControl2Ex" return WERR_NOT_SUPPORTED for now
