IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 12 15:00:10 UTC 2024 on atb-devel-224
If schannel is not used we need to return ACCESS_DENIED and discard
the effect of netlogon_creds_server_step_check().
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Works against Windows 2025 preview:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.115 DC_SERVER=w2025p-115.w2025p-l8.base \
DOMAIN="W2025P-L8" REALM="W2025P-L8.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
NETLOGON_STRONG_KEY_SUPPORT=1 NETLOGON_AUTH_KRB5_SUPPORT=1 \
STRICT_CHECKING=0 python/samba/tests/krb5/netlogon.py
The code still works against Windows 2022 with the
following options:
SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.118 DC_SERVER=w2022-118.w2022-l7.base \
DOMAIN="W2022-L7" REALM="W2022-L7.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
NETLOGON_STRONG_KEY_SUPPORT=1 NETLOGON_AUTH_KRB5_SUPPORT=0 \
STRICT_CHECKING=0 python/samba/tests/krb5/netlogon.py
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This shows that STRONG_KEY without ARCFOUR means no encryption
for ServerPasswordSet2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 5 17:46:49 UTC 2024 on atb-devel-224
This allows returning the POSIX type info from fsctl_get_reparse_point().
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 27 19:32:45 UTC 2024 on atb-devel-224
This already fixes SMB2-GETINFO with POSIX infolevel to return the reparse tag
of reparse points.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Create a symlink reparse point over SMB2. Then query file info over SMB2 and
check the POSIX file type is correctly assigned in the POSIX info levels.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This is needed for samba.tests.krb5.pkinit_tests with sha1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
MS-SMB2 3.3.5.9.11 Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create Context:
If the SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET bit is set in the Flags field of
the request, Lease.ParentLeaseKey MUST be set to the ParentLeaseKey of the
request.
Found by MS-SMB2-Prototocol-Testsuite test "Compare_Zero_LeaseFlag_ParentLeaseKey".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
MS-SMB2 3.3.5.9.11 Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create Context:
The server MUST attempt to locate a Lease by performing a lookup in the
LeaseTable.LeaseList using the LeaseKey ...
If no lease is found, one MUST be allocated with the following values set:
...
* Lease.Breaking is set to FALSE.
...
Ensures we ignore SMB2_LEASE_FLAG_BREAK_IN_PROGRESS. Found by
MS-SMB2-Prototocol-Testsuite "BreakReadLeaseV2TestCaseS0".
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Check for open files recursively when renaming a directory and wait for handle
lease breaks.
As delay_for_handle_lease_break_send() does the same check as
have_file_open_below(), remove have_file_open_below() from can_rename() so it is
not called twice for SMB2 renames, and add calls to have_file_open_below() to the
SMB1 entry rename entry points.
This is a bit ugly, but I don't see any other good way of doing this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This ensures common cleanup code via
smbXsrv_connection_shutdown_send() ->
-> smbXsrv_session_disconnect_xconn()
-> smbXsrv_session_remove_channel()
-> smb2srv_session_shutdown_send()
is used if the last (only) connection goes away as well. In the future this
should be implemented for the
xconn->has_cluster_movable_ip
case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We must also break leases on other opens if the open of the rename doesn't have
a lease itself. The existing test test_lease_v2_rename() that was added
alongside the deferred rename server code didn't cover this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 31 12:47:24 UTC 2024 on atb-devel-224
For a compound related request chain of eg CREATE+NOTIFY+GETINFO, the NOTIFY
will typically go async. When this is noted in smbd_smb2_request_pending_queue()
the pending async tevent_req is cancelled which means we return
NT_STATUS_CANCELLED to the client while Windows returns
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
All tests pass against Windows 2022, we have some bugs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 14 12:23:04 UTC 2024 on atb-devel-224
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This matches Windows (at least Server 2012_R2).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
That what Windows also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Note the ad_member will keep these as expected failures,
as it doesn't provide the netlogon service,
while the knownfail for the ADDC is only temporary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
