1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

111846 Commits

Author SHA1 Message Date
Tim Beale
78ebfcfa86 tests: Add tests for Password Settings Objects
a.k.a Fine-Grained Password Policies

These tests currently all run and pass gainst Windows, but fail against
Samba. (Actually, the permissions test case passes against Samba,
presumably because it's enforced by the Schema permissions).

Two helper classes have been added:
- PasswordSettings: creates a PSO object and tracks its values.
- TestUser: creates a user and tracks its password history
This allows other existing tests (e.g. password_lockout, password_hash)
to easily be extended to also cover PSOs.

Most test cases use assert_PSO_applied(), which asserts:
- the correct msDS-ResultantPSO attribute is returned
- the PSO's min-password-length, complexity, and password-history
settings are correctly enforced (this has been temporarily been hobbled
until the basic constructed-attribute support is working).

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
2018-05-11 06:01:23 +02:00
Tim Beale
d0a9e19114 tests: Split out setUp code into separate function for reuse
Any test that wants to change a password has to set the dSHeuristics
and minPwdAge first in order for the password change to work. The code
that does this is duplicated in several tests. This patch splits it out
into a static method so that the code can be reused rather than
duplicated.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
2018-05-11 06:01:23 +02:00
Tim Beale
597428943b tests: Move repeated code into a helper function
Several tests hang all the objects they create off a unique OU.
Having a common OU makes cleanup easier, and having a unique OU (i.e.
adding some randomness) helps protect against one-off test failures
(Replication between testenvs is happening in the background.
Occasionally, when a test finishes on one testenv and moves onto the
next testenv, that testenv may have received the replicated test
objects from the first testenv, but has not received their deletion
yet).

Rather than copy-n-pasting this code yet again, split it out into a
helper function.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
2018-05-11 06:01:23 +02:00
Christof Schmitt
b07b4e459e loadparm: Remove unused realm_original
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 10 22:47:15 CEST 2018 on sn-devel-144
2018-05-10 22:47:15 +02:00
Gary Lockyer
01fab30a97 samdb: Add transaction id control
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
5c0345ea9b samdb: Add remote address to connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
daa7b60a60 dsdb: pass the remote address to samdb connect
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
8cf4e54696 auth logging tests: Clean up flake8 warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
fdf827553a auth logging tests: Add tests for sessionId
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:23 +02:00
Gary Lockyer
52a3318be8 auth log: Log the unique session GUID
Log the unique_session_token GUID on successful Authorizations.
This patch adds the "sessionID" attribute to the Authorization object
and increments the version to 1.1

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:22 +02:00
Gary Lockyer
1488723a11 auth: Add unique session GUID identifier
Generate a GUID for each successful authorization, this will allow the
tying of events in the logs back to a specific session.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:22 +02:00
Gary Lockyer
79ba530aaf dsdb: refactor password attibutes to constant
The password attributes are defined as literal in two places in the
password_hash code.  They will also be needed to support password change
logging. This patch replaces the individual definitions with a shared
constant.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-05-10 20:02:22 +02:00
Jeremy Allison
52dc959bb2 s3: smbd: Remove unused counters for outstanding aio calls.
Only a debug message used this.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  9 22:24:38 CEST 2018 on sn-devel-144
2018-05-09 22:24:38 +02:00
David Disseldorp
f0e6453b04 vfs_ceph: add fake async pwrite/pread send/recv hooks
As found by Jeremy, VFS modules that don't provide pread_send() or
pwrite_send() hooks result in vfs_default fallback, which is
catastrophic for VFS modules with non-mounted filesystems such as
vfs_ceph.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13425

Reported-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-05-09 19:30:15 +02:00
Ralph Boehme
bc2beedfa2 libcli: remove unused se_create_child_secdesc_buf()
Commit e2c9ad93cb removed the last caller
of this.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  9 19:18:44 CEST 2018 on sn-devel-144
2018-05-09 19:18:43 +02:00
Simo Sorce
4b793d9764 Fix Jean François name to be UTF-8
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  9 10:38:57 CEST 2018 on sn-devel-144
2018-05-09 10:38:57 +02:00
Andrew Bartlett
ba33d90ed6 ldb: Ensure we can open a new LDB after a fork()
Based on work for an mdb-specific test by Gary Lockyer

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May  9 07:27:24 CEST 2018 on sn-devel-144
2018-05-09 07:27:24 +02:00
Andrew Bartlett
f891b8dc32 ldb: Add tests for ldb_tdb use after a fork()
We need to show that despite the internal cache of TDB pointers that it
is safe to open a ldb_tdb after a fork()

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-09 04:29:48 +02:00
Andrew Bartlett
2136664941 ldb_tdb: Allow use of a TDB for ldb_tdb after as fork()
Otherwise we rely on the caller doing tdb_reopen_all() which should
not be their job.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-09 04:29:48 +02:00
Andrew Bartlett
3b06915663 ldb: Reset errno before checking it in ltdb_connect()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-09 04:29:48 +02:00
Gary Lockyer
daf79e5b35 ldb/tests: add tests for transaction_{start,commit}/lock_read across forks
(Split from a larger commit by Andrew Bartlett)

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-09 04:29:48 +02:00
Andrew Bartlett
1174b52b91 ldb_tdb: Prevent ldb_tdb reuse after a fork()
We may relax this restriction in the future, but for now do not assume
that the caller has done a tdb_reopen_all() at the right time.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-09 04:29:48 +02:00
Vandana Rungta
4e78aeedb8 s3: VFS: Fix memory leak in vfs_ceph.
Centralize error handling.

https://bugzilla.samba.org/show_bug.cgi?id=13424

Signed-off-by: Vandana Rungta <vrungta@amazon.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May  9 04:28:11 CEST 2018 on sn-devel-144
2018-05-09 04:28:11 +02:00
Volker Lendecke
233d22138b samba-tool: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May  8 23:48:07 CEST 2018 on sn-devel-144
2018-05-08 23:48:07 +02:00
Amitay Isaacs
2073fd0956 third_party: Update popt to 1.16 release
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May  8 12:55:04 CEST 2018 on sn-devel-144
2018-05-08 12:55:04 +02:00
Volker Lendecke
df16777ce4 dsdb: Fix CID 1435453 Null pointer dereferences
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-05-08 10:03:16 +02:00
Douglas Bagnall
2073635d58 traffic: ensure we are using the same division in py 2 and 3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat May  5 07:25:13 CEST 2018 on sn-devel-144
2018-05-05 07:25:13 +02:00
Douglas Bagnall
cb40e2bbc8 autobuild: do not try to send email to no recipient
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
406284be95 samba_kcc: remove an unused variable
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
2c6cac990e sambatool tests: make assertMatch use assertIn
With a note to tidy this up at some point

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
ac053b1493 .gitignore .agignore
.agingore is used by "the silver searcher", ag, which is a form of
grep with more useful defaults and prettier colours for searching
source trees.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
e6669d1264 gitignore .gdb_history anywhere in the tree
For when you run gdb in places like lib/ldb/ and it decides to leave
behind a history file.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
6b7494f5e7 perftest: ad_dc_medley failing base search failed to catch exception
This meant it only happened once.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
4eeb43d06c autobuild: add compiler version to results tarball
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
f94c9a1357 auth/ntlmssp_client: correct spelling of response
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Douglas Bagnall
a66f941619 auth/pycredentials: correct spelling of reponse
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2018-05-05 04:32:42 +02:00
Jeremy Allison
54f2989109 tests: libsmbclient: Add a readdirplus() test suite.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May  5 04:31:18 CEST 2018 on sn-devel-144
2018-05-05 04:31:18 +02:00
Puran Chand
2166c2d3ee s3: libsmbclient: Add new function SMBC_readdirplus_ctx().
New ABI function, move to library version 0.33.

Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-05-05 01:39:40 +02:00
Puran Chand
dd3f019d58 s3: libsmbclient: Add function add_dirplus() to fill the list from a returned file info.
Not yet externally visible.

Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-05-05 01:39:40 +02:00
Puran Chand
3fc5a79750 s3: libsmbclient: Add readdirplus cleanup code on directory close.
Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-05-05 01:39:40 +02:00
Puran Chand
bf13fe0f22 s3: libsmbclient: Add internal/external structures needed for readdirplus.
Not yet used.

Signed-off-by: Puran Chand <pchand@vmware.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-05-05 01:39:40 +02:00
Jeremy Allison
abb80ce44c s3: client: Add btime_ts to struct finfo.
Fill it in when available, else return it as zero.

Based on a patch from Puran Chand <pchand@vmware.com>.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-05-05 01:39:40 +02:00
Jeremy Allison
30e6b5999b s3: VFS: Remove SMB_VFS_WRITE() function and all implementations.
All code in Samba now uses SMB_VFS_PWRITE or SMB_VFS_PWRITE_SEND.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May  5 01:38:07 CEST 2018 on sn-devel-144
2018-05-05 01:38:07 +02:00
Jeremy Allison
98f03064f7 s3: torture: Remove the last user of SMB_VFS_WRITE.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
532ff3a5b9 s3: VFS: ceph: Replace the lseek/write ftruncate extend with pwrite.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
25bad32993 s3: VFS: Remove vfs_write_data(). No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
394ac908c1 s3: smbd: Remove the handling of offset == -1 in real_write_file().
All SMB1/2/3 offsets over the wire are absolute.

The only caller with offset == -1 is on a print-spool file
in reply_printwrite(), and write_file() redirects this
to print_spool_write(), which correctly handles the -1.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
23f4b3f0ed s3: VFS: default: Remove recursion into the VFS inside the default pwrite call.
We already know we're at the POSIX level here.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
90bd74640f s3: VFS: default: Remove fallback if we don't have HAVE_PWRITE set. Samba doesn't work without pwrite.
Start of the changes to remove synchronous VFS write.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00
Jeremy Allison
c1bcf1e7fd s3: VFS: Remove SMB_VFS_READ() function and all implementations.
All code in Samba now uses SMB_VFS_PREAD or SMB_VFS_PREAD_SEND.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-05-04 22:34:25 +02:00