IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Previously, this algorithm was preferring RC4 over AES for machine
accounts in the preauth case. This is because AES keys for machine
accounts in Active Directory use a non-default salt, while RC4 keys do
not use a salt. To avoid this behaviour, only prefer keys with default
salt for the des-cbc-crc enctype.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14864
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This adds two options that are used by the Spotlight query parser to optionally
ignore unknown attributes or types in a query.
elasticsearch:ignore unknown attribute = yes | no (default: no)
elasticsearch:ignore unknown type = yes | no (default: no)
Example Spotlight query with unknown attributes and type:
kMDItemContentType=="public.calendar-event"||kMDItemSubject=="Kalender*"cdw||
kMDItemTitle=="Kalender*"cdw||kMDItemTopic=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cd||*=="Kalender*"cdw||
kMDItemTextContent=="Kalender*"cdw
The unknown attributes are "kMDItemTopic" and "kMDItemSubject". The unkown type
is "public.calendar-event".
Currently the parser will outright fail to parse the query and the search will
enter an error state.
To give users some control over the mapping the above options can be used to
tell the parser to simply ignore such unknown attributes and types.
(meta.title:Kalender* OR content:Kalender* OR Kalender* OR content:Kalender*)
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
This will ensure we *always* call into the VFS_SMB_CHDIR backends
on security context switch. The $cwd was an optimization that
was only looking at the raw filesystem path. We could delete it
completely but that is a patch for another day.
Remove knownfail on regression test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14682
RN: vfs_shadow_copy2: core dump in make_relative_path
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 8 21:28:04 UTC 2021 on sn-devel-184
Test harness for the dns fowarder setting in smb.conf. Adds IPv6
forwarder as second target DNS forwarder, listening on port 54.
Signed-off-by: Matthew Grant <grantma@mattgrant.net.nz>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously, containment testing using the 'in' operator was handled by
performing an equality comparison between the chosen object and each of
the message's keys in turn. This behaviour was prone to errors due to
not considering differences in case between otherwise equal elements, as
the indexing operations do.
Containment testing should now be more consistent with the indexing
operations and with the get() method of ldb.Message.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These tests verify that the 'in' operator on ldb.Message is consistent
with indexing and the get() method. This means that the 'dn' element
should always be present, lookups should be case-insensitive, and use of
an invalid type should result in a TypeError.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previously, a TypeError was raised and subsequently overridden by a
KeyError.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14845
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
In samba3 it is possible to disable RPC services, for exapmle:
rpc_server:netlogon = disabled
If a service is disabled do not register the interface neither create its
endpoint.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This gets us closer to passing against Windows 2019, without
making major changes to what was tested. More tests are needed,
but it is important to get what was being tested tested again.
Account types (eg UF_NORMAL_ACCOUNT, UF_WORKSTATION_TRUST_ACCOUNT)
are now required on all objects, this can't be omitted any more.
Also for UF_NORMAL_ACCOUNT for these accounts without a password
set |UF_PASSWD_NOTREQD must be included.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 15 08:49:11 UTC 2021 on sn-devel-184
Make a deep copy of the message elements in msg_diff() so that if either
of the input messages are deallocated early, the result does not refer
to non-existing elements.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14642
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14836
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest: Remove knownfail for smb2.lock.replay_smb3_specification_durable
With the changed default for "kernel share modes", this test can now
acquire durable handles and succeed.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Fix setting errno on all failure modes of
tsocket_address_inet_from_strings.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 13 22:27:59 UTC 2021 on sn-devel-184
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 9 20:42:35 UTC 2021 on sn-devel-184
Remove skip test for the DISABLE_OPATH case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
RN: Fix pathref open of a filesystem fifo in the DISABLE_OPATH build
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Sep 6 09:51:54 UTC 2021 on sn-devel-184
Currently we hang when trying to list a directory
containing a fifo when configured with DISABLE_OPATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14816
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This allows our code to still pass with the error code that
MIT and Heimdal have chosen
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 2 14:28:31 UTC 2021 on sn-devel-184
If missing cname or sname in AS-REQ, return KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN and
KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN. This matches MIT behaviour.
[abartlet@samba.org Backported from Heimdal commit 892a1ffcaad98157e945c540b81f65edb14d29bd
and knownfail added]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note: the test 'test_fast_tgs_inner_no_sname' crashes the MIT KDC.
This is fixed in MIT Krb5 commit d775c95af7606a51bf79547a94fa52ddd1cb7f49
and was given CVE-2021-37750
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
A test in a TestCase class should not return a value, the
test is determined by the assertions raised.
Other changes will shortly cause kdc_exchange_dict[preauth_etype_info2]
to not always be filled, so we need to remove this
rudundent code.
This also fixes a *lot* of tests against the MIT KDC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note: Without the previous patch, 'test_fast_tgs_outer_no_sname' would
crash the Heimdal KDC.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note: This test crashed the MIT KDC prior to MIT commit
fc98f520caefff2e5ee9a0026fdf5109944b3562 which was given
CVE-2021-36222.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Without this additional 'self.strict_checking' check, the tests in the
following patches do not get far enough to trigger a crash with the MIT
KDC, instead failing when obtaining a TGT for the user or machine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14770
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
This test, and the rpcclient getwpuid call on a "real" system
with nss_winbind (under docker in my test) also works fine.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14691
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 31 00:12:53 UTC 2021 on sn-devel-184
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Aug 30 21:57:09 UTC 2021 on sn-devel-184
This avoid shipping untested code and aligns with the version
used in GitLab CI for all the MIT builds.
The "bronze bit" (CVE-2020-17049) security fixes will need
a new MIT KDB version in any case, this prepares the ground
by removing the older version support.
(knownfail_mit_kdc updates taken from a patch by
Andreas Schneider <asn@samba.org> that did this optionally)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
As we're dealing with absolute paths here, we just need
to temporarily replace the connectpath whilst enumerating
streams.
Remove knownfail file.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14760
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 19 17:04:44 UTC 2021 on sn-devel-184
Example command:
SERVER=addc STRICT_CHECKING=0 SMB_CONF_PATH=/dev/null \
KRB5_CONFIG=krb5.conf DOMAIN=ADDOMAIN REALM=ADDOM.SAMBA.EXAMPLE.COM \
ADMIN_USERNAME=Administrator ADMIN_PASSWORD=locDCpass1 \
PYTHONPATH=bin/python python/samba/tests/krb5/fast_tests.py
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 18 23:20:14 UTC 2021 on sn-devel-184
Currently incomplete, and tested only against MIT Kerberos.
[abartlet@samba.org
Originally "WIP inital FAST tests"
Samba's general policy that we don't push WIP patches, we polish
into a 'perfect' patch stream.
However, I think there are good reasons to keep this patch distinct
in this particular case.
Gary is being modest in titling this WIP (now removed from the title
to avoid confusion). They are not WIP in the normal sense of
partially or untested code or random unfinished thoughts. The primary
issue is that at that point where Gary had to finish up he had
trouble getting FAST support enabled on Windows, so couldn't test
against our standard reference. They are instead good, working
initial tests written against the RFC and tested against Samba's AD DC
in the mode backed by MIT Kerberos.
This preserves clear authorship for the two distinct bodies of work,
as in the next patch Joseph was able to extend and improve the tests
significantly. ]
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Remove knownfails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769
RN: smbd panic on force-close share during offload write
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 11 20:02:57 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14783
RN: smbd "deadtime" parameter doesn't work anymore
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 18:41:43 UTC 2021 on sn-devel-184
With the above combination, some flavor of lp_load() already
initializes global_event_ctx, for which the closeall_except() later on
will happily close the epoll fd for. If we want to close all file
descriptors at startup, this must be the very first thing overall.
Can't really write a proper test for this with knownfail that is
removed with the fix, because if we have clustering+include=registry,
the whole clusteredmember environment does not even start up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jul 31 16:58:41 UTC 2021 on sn-devel-184
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 28 07:12:55 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 20 16:13:28 UTC 2021 on sn-devel-184
Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done()
as it was exactly introduced for a similar problem see:
commit 4c6c71e137
Author: Stefan Metzmacher <metze@samba.org>
AuthorDate: Thu Jan 14 17:32:15 2021 +0100
Commit: Volker Lendecke <vl@samba.org>
CommitDate: Fri Jan 15 08:36:34 2021 +0000
libcli/smb: allow unexpected padding in SMB2 IOCTL responses
A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.
RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184
RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184
This turns the 'smb2.read.bug14607' test from 'skip' into 'xfailure',
as the 2nd smb2cli_read() function will now return
NT_STATUS_INVALID_NETWORK_RESPONSE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We already have a valid smb_fname->fsp, don't drop
it when returning from smbd_dirptr_lanman2_entry()
to allow it to be reused inside dos_mode_at_send().
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
If must be "smbd async dosmode", not "smbd:async dosmode"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14758
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This brings us closer to what a Windows Server with GMAC signing
returns.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This tests all kind of signing/encryption algorithm mismatches
and passes against Windows with GMAC signing support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The motivation is to get the same error responses as a windows server.
We already fallback to smb2srv_session_lookup_global() in other places
where we don't have a valid session in the current smbd process.
If signing is failing while verifying a session setup request,
we should do the same if we don't have a valid channel binding
for the connection yet.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When we used a fake session structure from
smb2srv_session_lookup_global() there's no point in updating
any database.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When we make use of this we only in order to provide the correct
error codes anyway.
This actually fixes even more error codes.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Testing also with a different client guid between channels
triggers (at least in samba) a different code path compaired
to the tests using the same client guid.
Testing both already revealed a bug.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This checks the result of a 2nd session setup without the BIND flags
and also without signing being already enabled.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The deprecation warnings are filling the logs and make it hard to
find/see real problems.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 14 21:57:11 UTC 2021 on sn-devel-184
shadow_copy2_strip_snapshot() will happily return without modifying the passed
timestamp=0 if the path is already converted and refers to an object in a
snapshot, eg (first debug line from extra debugging patch [1]):
[10 2021/07/02 08:19:28.811424 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1303 shadow_copy2_fstat]
shadow_copy2_fstat: fsp [test.txt {@GMT-2000.01.02-03.04.05}]
[10 2021/07/02 08:19:28.811449 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:607 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: [from shadow_copy2_fstat()] Path 'test.txt {@GMT-2000.01.02-03.04.05}'
[10 2021/07/02 08:19:28.811474 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:619 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: abs path '/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt'
[10 2021/07/02 08:19:28.811496 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1924 shadow_copy2_snapshot_to_gmt]
shadow_copy2_snapshot_to_gmt: match @GMT-%Y.%m.%d-%H.%M.%S: @GMT-2000.01.02-03.04.05
[10 2021/07/02 08:19:28.811536 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:566 check_for_converted_path]
check_for_converted_path: path |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt| is already converted. connect path = |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05|
As check_for_converted_path() detects an "already converted path",
_shadow_copy2_strip_snapshot_internal() just returns without modifying the value
of the timestamp.
By using shadow_copy2_strip_snapshot_converted() instead of
shadow_copy2_strip_snapshot() we can check if the path is in fact referring to a
VSS object by checking the "converted" bool.
An alternative way would have been directly checking fsp->fsp_name->twrp != 0,
but that would be a new semantic in the module, I'll leave this excersize for
the future when we clean up the usage of shadow_copy2_strip_snapshot() in the
whole module.
This change also switches to using the absolute paths in both place where
convert_sbuf() is called.
[1]
@@ -1309,8 +1348,16 @@ static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp,
saved_errno = errno;
}
+ DBG_DEBUG("fsp [%s]\n", fsp_str_dbg(fsp));
RN: vfs_shadow_copy2 fixinodes not correctly updating inode numbers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This will fail with
Failed to open file \@GMT-2015.10.31-19.40.30\subdir\hardlink. NT_STATUS_ACCESS_DENIED
The open is failing in openat_pathref_fsp():
[2021/07/06 04:58:17.677104, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:541(openat_pathref_fsp)
openat_pathref_fsp: file [subdir/hardlink {@GMT-2015.10.31-19.40.30}] - dev/ino mismatch. Old (dev=64770, ino=3826943444). New (dev=64770, ino=1746568660).
[2021/07/06 04:58:17.677114, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:568(openat_pathref_fsp)
openat_pathref_fsp: Opening pathref for [subdir/hardlink {@GMT-2015.10.31-19.40.30}] failed: NT_STATUS_ACCESS_DENIED
The reason is subtle:
shadow_copy2 calculates inode numbers of snapshot files based on the path of the
file. The result of that when doing a path based stat() from filename_convert()
was
[2021/07/06 04:58:17.676159, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/filename.c:1945(filename_convert_internal)
filename_convert_internal: XXX smb_fname [subdir/hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=3826943444).
which is the "Old" inode shown above.
Later in the open code called from openat_pathref_fsp() -> fd_openat() ->
non_widelink_open() since 4.14 we call SMB_VFS_FSTAT() where fsp->fsp_name will
be set to the new relative *basename* of the file:
[2021/07/06 04:58:17.676917, 10, pid=95070, effective(1000, 1000), real(1000, 0), class=vfs] ../../source3/modules/vfs_default.c:1302(vfswrap_fstat)
vfswrap_fstat: XXX fsp [hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=3826943444)
So for stat() the hash function in called with the full path relative to the share
root:
subdir/hardlink
while for fstat() the hash function will used
hardlink
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The existing tests don't care and this will be used in a subsequent commit to
demonstrate that this option is currently broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This sometimes get stuck in a loop and this may help debug it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 8 12:44:49 UTC 2021 on sn-devel-184
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 15:01:22 UTC 2021 on sn-devel-184
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is the observed behaviour on Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Because neither filling out the struct will not necessarily tell you
you got it wrong, and the RPC could succeed in setting an arbitrary
wrong address (typically, an IPv6 address would set an A record to
"255.255.255.255").
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Currently in master when we call into openat() in the VFS
we violate the invarient:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp.
The reason for this is subtle. Inside open.c:non_widelink_open()
we change the fsp->base_fsp to be relative to the new $cwd.
We do this by the following code in open.c:non_widelink_open():
/* Also setup base_fsp to be relative to the new cwd */
if (fsp->base_fsp != NULL) {
base_smb_fname_rel = (struct smb_filename) {
.base_name = smb_fname_rel->base_name,
};
orig_base_fsp_name = fsp->base_fsp->fsp_name;
fsp->base_fsp->fsp_name = &base_smb_fname_rel;
}
Note that fsp->base_fsp->fsp_name now points at a
stack variable struct smb_filename, with smb_fname->fsp == NULL.
This fixes that problem by removing the horrid
stack based smb_filename and changing to use a
talloc'ed fsp->base_fsp->fsp_name, with
correctly linked fsp->base_fsp->fsp_name-> pointer.
Remove the selftest/knownfail.d/fruit_vfs_invariant
file as all vfs_fruit tests now pass again.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
vfs_fruit isn't the bad guy here. It's just a convenient
place to show that non_widelink_open() violates:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient
Add selftest/knownfail.d/fruit_vfs_invariant to show
what this breaks. Next patch will fix the non_widelink_open()
code and remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This matches Windows KDCs, which was demonstrated by the
krb5.as_req_tests tests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 1 18:37:14 UTC 2021 on sn-devel-184
This enables us to more easily switch to a different algorithm to find
the strongest key in _kdc_find_etype().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The credentials for the client and krbtgt accounts are now fetched
automatically rather than using environment variables, and the client
account is now automatically created.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
There are a lot of things we should improve in our KDC
in order to work like a Windows KDC.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is not correct, but it gets closer. We need to save the updated
serial number in the SOA.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We have been refusing to handle the case where the replaced record
matches the replacement according to dns_record_match() (meaning the
wType and data are semantically identical). In Windows this is
explicitly used for changing TTL.
There are further changes we need to properly handle this case.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With Windows, when aging is off, the record timestamps are updated
anyway, but the timestamp change is not replicated.
We are not going to do it like that. With aging off, our records will
keep their first timestamp.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When records are added and deleted and added again, Windows gets all
kinds of ideas about what should happen, and many of our tests explore
that. Here we focus the simplest case with a variety of timestamp
combinations.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We know this should work from tests of the underlying RPC calls on
Windows (see dns_aging).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Using dns.DNS_QCLASS_ANY we can delete all the records of a certain
type. What happens to other timestamps? The answer should be nothing.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It looks like "python:tests: Add SAMR password change tests for fips"
(which is also the title of 9a3ba502d8,
but this is also unrelated) and was a probalby a rebase artifact,
being a debugging aid that should have been omitted.
This reverts commit ebd687335b.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon Jun 21 01:46:58 UTC 2021 on sn-devel-184
Before we were comparing hours to 1e-7 second units.
Now we do it both ways. That's because in dns_tombstone_records (in
this same file) we have been putting hour timestamps in EntombedTime,
but this field is supposed to have NTTIME timestamps, and those
timestamps won't have updated themselves.
This wouldn't matter much in pure Samba networks if we weren't also
using the correct timestamp in dns_common_replace().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We have always used hours where we are meant to use NTTIME. Let's make
sure we don't break old tombstones.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We can't make scavenging happen on demand on Windows, so we just
concentrate on Samba here.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If we allow a string that encodes say '\0' as a multi-byte sequence,
we are open to confusion where we mix NUL terminated strings with
sized data blobs, which is to say EVERYWHERE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
If we allow overly long UTF-8 sequences (in the tests, encoding '\0'
as 2, 3, or 4 bytes), it might be possible for bad strings to slip
through.
We fail. But wait for the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14684
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Discovered by Semmle code analysis:
https://lgtm.com/projects/g/samba-team/samba
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Tidy up fsp == NULL checks. Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Jun 16 11:58:00 UTC 2021 on sn-devel-184
This ensure we never blunder into indirecting a NULL fsp pointer
in the server. Currently this crashes the server in several info
levels.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14742
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jun 16 01:25:28 UTC 2021 on sn-devel-184
This incorporates tests from various dns*.py files, but makes them
correct.
All but one of these tests pass against Windows 2012r2.
Further patches will remove the broken tests in other files, and fix
Samba so it passes these.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 11 09:29:23 UTC 2021 on sn-devel-184
subunithelper.py keeps track of tests that have been started, and
displays an error message if a test reports an outcome without having
previously been started. However, it makes the assumption that a test
has finished once it has reported a single outcome. This means that a
misleading error message will be displayed if it receives multiple
outcomes from the same test (which can happen if a test using the Python
unittest framework does not complete successfully, and the cleanup
subsequently fails), and any actual errors from the cleanup remain
undisplayed.
This commit ensures that only a single outcome is reported for each
test, and only after the test has finished. Outcomes are buffered up
until the stopTest() function is called, when a single outcome is
determined and all errors received for that test are output.
FilterOps still needs to output test outcomes immediately rather than
buffering them, otherwise they are never picked up and passed on to the
remote test case by subunithelper.parse_results(). This would result in
an error as the test would be considered to have never finished.
Example subunitrun output before the change:
time: 2021-04-28 01:28:49.862123Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:28:49.862215Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862407Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:28:49.862467Z
time: 2021-04-28 01:28:49.862510Z
and after:
time: 2021-04-28 01:29:19.949347Z
test: samba.tests.example.ExampleTests.test
time: 2021-04-28 01:29:19.949440Z
time: 2021-04-28 01:29:19.949590Z
time: 2021-04-28 01:29:19.949640Z
failure: samba.tests.example.ExampleTests.test [
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 28, in test
self.fail()
AssertionError: None
Traceback (most recent call last):
File "bin/python/samba/tests/example.py", line 31, in tearDown
self.fail()
AssertionError: None
]
time: 2021-04-28 01:29:19.949702Z
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This means we won't get errors if the DC doesn't have a rIDNextRID
attribute, but we will still error if there is no RID Set or if all its
pools are exhausted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This currently fails due to the DC not having a rIDNextRID attribute,
which is required for the restore process.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14669
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Previously, message elements were being freed before the call to
Py_BuildValue(), resulting in an exception being raised. Additionally,
only the first element of the returned list was ever assigned to.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
This line currently produces a warning.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
The provision_ad_member() function is reused by different
setup_ad_member*() functions. Each environment needs to have unique
netbios aliases as they are all in the same network.
The aliases should only be set for the 'ad_member' environment.
Signed-Off-By: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 11 01:26:36 UTC 2021 on sn-devel-184
See 18 or so lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 10 01:17:52 UTC 2021 on sn-devel-184
Prior to 572d4e3a56 it was sufficient to
initialize struct timespec to zero to return NTTIME 0 (ie not set) over
SMB.
This fixes the same problem from bug 14714 where the timestamps in an SMB2 CLOSE
response.
Windows of course does return *some* timestamps, but as it's neither documented
nor was I able to figure out where they would be coming from, as well as the
Windows client apparently doesn't care, I didn't bother with implementing some
sophisticated heuristic to return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 9 20:38:02 UTC 2021 on sn-devel-184
The expected DOS attributes are taken from a Windows 2016 server. The expected
timestamps are what Samba has returned before commit 572d4e3a56:
NTTIME(0), ie no value.
The upcoming fix will restore this behaviour. Windows of course does
return *some* timestamps, but as it's neither documented nor was I able to
figure out where they would be coming from, as well as the Windows client apparently
doesn't care, I didn't bother with implementing some sophisticated heuristic to
return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 9 17:44:25 UTC 2021 on sn-devel-184
The full path to the winbindd socket must fit within a struct sockaddr_un and this helps us work
where this is quite deep on the server.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jun 2 04:46:39 UTC 2021 on sn-devel-184
In many cases these can and should be consumed as soon as
they are used.
This is not a complete fix, we don't clean up the array_size
token after using it split between an NDR_SCALARS and
an NDR_BUFFERS pass, but it is much better than it was
and helps the winbind case with a large number of groups
(eg 100,000) as otherwise we hit the 65535 NDR token limit.
(This is an arbitary Samba-only limit to avoid DoS conditions)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
These patches are to address an issue unpacking a very large
winbind.wbint_Principals array (100,000).
We need the NDR_TOKEN_MAX_LIST_SIZE value exposed as
otherwise a well-meaning incrase of this value would
invalidate the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14710
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
When obtaining a reference to items in an assigned-from list, ensure
that we do not try to use the first element of the inline array as a
talloc context, but instead use the talloc context associated with the
Python object.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 28 09:50:02 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14065
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 27 19:51:57 UTC 2021 on sn-devel-184
Remove knownfail. Only in master, so no bug number needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon May 24 17:47:40 UTC 2021 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 24 16:56:22 UTC 2021 on sn-devel-184
The server must set all fields to 0 if postqueryattrib is not set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14714
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 19 20:01:00 UTC 2021 on sn-devel-184
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14708
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed May 19 09:22:56 UTC 2021 on sn-devel-184
Now we catch errors for unknown sections or parameters and turn them
into CommandErrors.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pass the correct parameters into LoadparmService.dump() so that
--section-name works properly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14143
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The initialize_winbindd_cache() function uses tdb_fetch_uint32_byblob()
to check if the cache version is valid and up to date. As
tdb_fetch_uint32_byblob() returns false for a successful fetch, we
always remove the winbind cache database. This breaks the winbind
offline logon feature.
This also affects other caches and pdb.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14702
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 12 21:19:03 UTC 2021 on sn-devel-184
We should use long options in tests to make clear what we are trying to
do.
Also the -s short option will be removed for --configfile later.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should use long options in tests to make clear what we are trying to
do.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This made Python 2's print behave like Python 3's print().
In some cases, where we had:
from __future__ import print_function
"""Intended module documentation..."""
this will have the side effect of making the intended module documentation
work as the actual module documentation (i.e. becoming __doc__), because
it is once again the first statement in the module.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Otherwise for example contacts wouldn't be listed when the
--hide-expired option is used. Contacts typically do not have the
accountExpires attribute.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Mon Apr 26 13:21:43 UTC 2021 on sn-devel-184
Make sure that contacts are listed as group members, even if the
--hide-expired option is used.
Expect failure. Fix follows up.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Rowland penny <rpenny@samba.org>
The s4 member join code has been broken for some
time. Modify samba-tool to instead use the
working s3 member join code.
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Wed Apr 21 21:40:13 UTC 2021 on sn-devel-184
Remove selftest/knownfail.d/symlink_chmod.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 08:23:42 UTC 2021 on sn-devel-184
Shows we must protect against a null fsp handle when doing POSIX chmod on a symlink,
whether the symlink points to a real object or is dangling.
Add to knownfail for now. Commit 9722732b18
removed the fsp == NULL protection for POSIX, and we need to put it back.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Indexing the config hash table fails for PAM related values:
Traceback (most recent call last):
File "/src/samba/samba/selftest/tests.py", line 49, in <module>
pam_set_items_so_path = config_hash["PAM_SET_ITEMS_SO_PATH"]
KeyError: 'PAM_SET_ITEMS_SO_PATH'
Error creating recipe from python3 /src/samba/samba/selftest/tests.py| at /src/samba/samba/selftest/selftest.pl line 645.
which prevents the test suite from running when built
--without-pam. Access those values using the get() method
instead.
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Apr 16 10:27:41 UTC 2021 on sn-devel-184
Tests of [MS-KILE]: Kerberos Protocol Extensions
section 3.3.5.6.1 Client Principal Lookup
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184
Issue:
We have a scenario where an application sends a Compound Related chain
consisting of:
SMB2_CREATE
SMB2_IOCTL
SMB2_SET_INFO
SMB2_CLOSE
SMB2_CREATE failed with NT_STATUS_ACCESS_DENIED and subsequent
requests all fail. In Samba they return NT_STATUS_FILE_CLOSED.
When I tried the same against a Win2k12 server, I noticed that all the
failed requests of the chain would return NT_STATUS_ACCESS_DENIED.
I believe this behaviour is also mentioned in the [MS-SMB2] Specs
3.3.5.2.7.2: Handling Compounded Related Requests
"When the current operation requires a FileId and the previous
operation either contains or generates a FileId, if the previous
operation fails with an error, the server SHOULD<223> fail the current
operation with the same error code returned by the previous
operation."
Fix:
Save NTATUS of a failed Create request. When we process subsequent
requests of the chain we check if the previous Create has failed. In
case of a Create failure we returned the saved NTSTATUS.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 8 17:30:50 UTC 2021 on sn-devel-184
This verifies that if the initial create fails with
NT_STATUS_OBJECT_NAME_NOT_FOUND, compount related operations fail with the same
error.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We want to verify what Windows does when the first request of the
chain has failed and an async request is part of the chain. We see
Windows fails the async request with the same error. Also the async
request is immediately failed.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We already pass samba3.smb2.compound.related5, but mark related4 as knownfail.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We know that the parent name must
exist, and the name has been canonicalized
even if this was a POSIX pathname.
Ensure that we follow symlinks for
the parent. See the torture test
POSIX-SYMLINK-PARENT for details.
Remove knownfail entry.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Apr 7 15:39:45 UTC 2021 on sn-devel-184
This creates a directory, then a symlink to a directory,
and then checks we can POSIX create and delete file, directory,
symlink and hardlink filesystem objects under the symlink
parent directory.
Mark as knownfail until next commit.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Add a test to check if a RPC handle can be used from a different connection
than the one where it was created, when the same association group is
requested in the bind operation of the second connection.
The association group handling is one of the differences between the S3
and S4 RPC server implementations provided by the implementation
callbacks after the merge.
Association groups work fine in the S4 implementation as the RPC server
runs in one process, except for the 'smbd' embedded services provided
by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()).
In the S3 implementation, association groups should work in the same
process, but the merge introduced a bug where a new association group is
always created even when it already exists in the same process.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Since the length of the krbtgt password after conversion to UTF-8 form is
typically greater than the maximum accepted by crypt(), the call usually
fails. This commit disables generation of crypt() passwords for this specific
account, as it's not necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
I haven't figured out how to properly add a crashing test to
"knownfail", so this is added after the fix.
Signed-off-by: Volker Lendecke <vl@samba.org>
This allows to set the 'log level' for clients on the command line:
make test TESTS=wurst CLIENT_LOG_LEVEL=10
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 31 21:20:23 UTC 2021 on sn-devel-184
As this is done on existing files, we know that
fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1
(i.e. it's a pathref fd) for stream handles.
When getting and setting ACLs on stream handles,
use the fsp->base_fsp instead (as Windows does).
This not only fixes streams_xattr, but will
allow us to later analyze and remove all
special casing code for get/set ACLs on streams
handles.
Remove the knownfail.d/stream-acl file.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184
It shows this isn't done correctly for streams_xattr.
A common config is:
vfs_objects = streams_xattr acl_xattr
to store both streams and Windows ACLs in xattrs.
Unfortunately getting and setting ACLs using handles
opened on stream files isn't being done correctly
in Samba.
This test passes against Windows 10.
This adds tests that prove this doesn't work. Next
patch will add the fix and remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
In order to allow replays of requests on a channel failure, we should
not cancel pending requests, the strategie that seems to make windows
clients happy is to let the requests running and return
NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still
pending.
Here we introduce xconn->transport.shutdown_wait_queue, this is used
to keep the xconn alive for the lifetime of pending requests.
Now we only cancel pending requests if the disconnected connection
is the last channel for a session.
In that case smbXsrv_session_remove_channel() and
smb2srv_session_shutdown_send() will take care of it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Before processing an open we need to reserve the replay cache entry
in order to signal that we're still in progress.
If a reserved record is already present we need to return
FILE_NOT_AVAILABLE in order to let the client retry again.
[MS-SMB2] contains this:
<152> Section 3.2.5.1: For the following error codes, Windows-based clients
will retry the operation up to three times and then retry the operation every 5
seconds until the count of milliseconds specified by Open.ResilientTimeout is
exceeded:
- STATUS_SERVER_UNAVAILABLE
- STATUS_FILE_NOT_AVAILABLE
- STATUS_SHARE_UNAVAILABLE
This works fine for windows clients, but current windows servers seems to
return ACCESS_DENIED instead of FILE_NOT_AVAILABLE.
A Windows server doesn't do any replay detection on pending opens,
which wait for a HANDLE lease to be broken (because of a
SHARING_VIOLATION), at all.
As this is not really documented for the server part of the current [MS-SMB2],
I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)"
on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE
as long as the original request is still in progress. See:
https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011
A Windows client is unhappy with the current windows server behavior if it
such a situation happens. There's also a very strange interaction with oplock
where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with
the original open.
I think it's good to follow the intial design from the 2011 presentation and
make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows).
I'll report that to dochelp@microsoft.com in order to get this hopefully fixed in
their server too).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
There's nothing special regarding the last channel,
as the smb2.session.bind2 test demonstrates.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This demonstrates that a session and it's open handles is destroyed
when the last explicitly bound channel gets disconnected.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These demonstrate that the replay detection for pending opens
either doesn't exist (for the share_access=NONE => SHARING_VIOLATION
case) or return the wrong status code => ACCESS_DENIED instead of
FILE_NOT_AVAILABLE.
Windows clients transparently retry after FILE_NOT_AVAILABLE,
while they pass ACCESS_DENIED directly to the application.
I'll report that to dochelp@microsoft.com in order to
clarify the situation.
In the meantime I added tests with a '-windows' suffix,
which demostrate the current windows server behavior,
while the tests with a '-sane' suffix expect the behavior
that whould make windows clients happy.
For Samba I'll implement the '-sane' behavior that
detects all replays and returns FILE_NOT_AVAILABLE
if the original request is still pending.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.
When a DN string has a value represented with trailing spaces,
like this
"CN=foo ,DC=bar"
the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.
"CN=foo ,DC= " ==> "foo "
^ ^ ^
t p d
--l---
The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.
Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:
"CN=foo ,DC= " ==> ""
^ ^ ^
t p d
l=0
where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:
"CN=foo ,DC= " ==> ? ""
^ ^ ^
t p d
l ~= SIZE_MAX - 8
At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.
However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.
What about a longer DN with more attributes? For example,
"CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.
So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.
An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.
The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.
Found with the help of Honggfuzz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The old behaviour attempted to check for and remove files with duplicate
names, but did not do so due to a bug, and would have left undetermined
which files were given priority when duplicate filenames were present.
Now when hardlinks are present, only one instance of each file is
chosen, with files in the private directory having priority. If one
backup dir is nested inside another, the files contained in the nested
directory are only added once. Additionally, the BIND DNS database is
omitted from the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
This test verifies that when performing an offline backup of a domain
where one of the directories to be backed up is nested inside another,
the contained files are only included once in the backup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
This test verifies that when performing an offline backup of a domain
where the directories to be backed up contain hardlinks, only one
instance of each file is backed up, and that files in the private
directory take precedence.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 07:03:27 UTC 2021 on sn-devel-184
We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184
The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
When the session is not valid on the current connection it should not be
possible to start a reauth.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.
This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reported-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows us to test session binds with different users.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.
It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.
In order to work out the details I've added more similar tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The current_user_info is updated at the SMB level, but currently not at the RPC
level in the RPC impersonation function smbd_become_authenticated_pipe_user().
For RPC services running embedded this is not an issue as the SMB level
impersonation has already taken care of current_user_info, but for RPC services
running as external daemons, eg spoolssd, the omission of updating
current_user_info results in variable expansion of eg %U (username) to be
broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834
RN: %U variable expansion not working in spoolsd
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 12 00:54:01 UTC 2021 on sn-devel-184
If we don't anticipate a missing principal name,
samba-tool crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184
If we don't anticipate a missing principal name,
the extension crashes. Also, principal names could
be in dispersed listelements.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Running samba-gpupdate on a client is causing an
error in gp_access_ext, due to it attempting to
access sam.ldb before detecting whether we are on
an ad-dc.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reproduces a problem that is triggered when
smbd_server_connection_terminate() is called recursively.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This actually fixes crashes due to stale pointers.
With multi-channel and with 2 (or more) connections,
we'll call smbXsrv_session_disconnect_xconn() when a connection
gets disconnected, but we'll leave smbXsrv_client and all other
connections in place.
However smbXsrv_session_disconnect_xconn_callback() left
a stale session->db_rec pointer in place, which means
a following smbXsrv_session_logoff() will call
dbwrap_record_delete(local_rec) on a stale pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This reproduces a bug where two SMB2_LOGOFF messages kill the whole
client smbd when multi-channel is used, instead of just removing the
logical session.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This test should be independent of the protocol in order to be
independent of multi-channel support of the server.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 24 22:01:08 UTC 2021 on sn-devel-184
