1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

160 Commits

Author SHA1 Message Date
Günther Deschner
14cbc791ee selftest: re-enable nss_winbind via nss_wrapper in the test-envs.
Without exporting these new variables, we can never access or test nss_winbind
from the selftest environments.

This shows that our posixacl test probably needs fixing since now
two subtests fail against plugin_s4_dc:local. This env was just
not complete without winbind in nsswitch. The test failure is
probably due to the strangeness of the AD/DC setup that the
domain administrator uses the same uid as the root user, which
in the selftest case is overridden to be the calling user.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Feb 13 20:57:12 CET 2015 on sn-devel-104
2015-02-13 20:57:11 +01:00
Michael Adam
fd783b04bb selftest: run the samba.nss tests against :local environments
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-02-13 18:25:41 +01:00
Michael Adam
6cab59e016 selftest/knownfail: add newline to end of file.
git always complains about what vim does to the file...

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-02-13 18:25:40 +01:00
Andrew Bartlett
a07598db9c torture: Extend KDC test to cover more options and modes
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-01-23 05:42:07 +01:00
Jeremy Allison
7eae9460a3 selftest:Samba3: use "smb2 leases = yes"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-04 05:45:10 +01:00
Garming Sam
58b343be47 idmap: return the correct id type to *id_to_sid methods
We have a pointer to a unixid which is sent down instead of a uid or
gid. We can use this as an in-out variable so that pdb_samba_dsdb can be
returned ID_TYPE_BOTH to cache correctly instead of leaving it as
ID_TYPE_UID or ID_TYPE_GID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10720

Change-Id: I0cef2e419cbb337531244b7b41c708cf2ab883e3
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-12-03 04:21:09 +01:00
Garming Sam
9cef81db97 wbinfo: create a more comprehensive test for sids2xids
In particular, this tests that ID_TYPE_BOTH is cached correctly.

Change-Id: I2475f22d3f4506c93b15d82b0d337d3729bbbd4c
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu Nov 27 05:16:53 CET 2014 on sn-devel-104
2014-11-27 05:16:53 +01:00
Jeremy Allison
8db5150143 s4:torture: Add smb2.oplock test batch9a and raw.oplock test batch9a
Shows attribute(stat) access open can create a file,
and subsequent attribute(stat) opens don't break oplocks.

Can be extended to explore more varients.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-11-07 20:13:09 +01:00
Volker Lendecke
8334428666 s4:torture/smb2: test rename dir deny with open files
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-31 03:47:40 +01:00
Anubhav Rakshit
17f87297cd s4:torture/smb2/lock: Add Lock Replay detection test case.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Stefan Metzmacher
6975ff05ab s3:selftest: run the smb2.replay test against the //$SERVER_IP/durable share
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Volker Lendecke
bc5a75a83c ntvfs: Skip the new smb2.oplock.batch26 test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 12 14:39:00 CEST 2014 on sn-devel-104
2014-09-12 14:39:00 +02:00
Christof Schmitt
52630eb78f selftest: Add readx test for dc to known fail
The new 16bit alignment check will fail.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-08-30 00:27:13 +02:00
Garming Sam
4b68871ae8 ntlm_auth: added require-membership tests
(updated by abartlet to fix knownfail changes due to AD DC winbindd
use in master)
Change-Id: Iec41fbfc0f501888fd16323bf78da61aa549b4de
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by:
Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Tue Jul 15 15:59:49 CEST 2014 on sn-devel-104
2014-07-15 15:59:49 +02:00
Volker Lendecke
21d09dc7b8 torture4: Add trivial epoch test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul  7 18:36:37 CEST 2014 on sn-devel-104
2014-07-07 18:36:37 +02:00
Volker Lendecke
8b9f96e83b torture4: Add smb2.lease.nobreakself
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-07 16:08:12 +02:00
Volker Lendecke
b597d47241 torture4: Add a test to break a handle twice
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-07 16:08:12 +02:00
Volker Lendecke
296739d655 torture4: Make sure we copy the parent_lease_key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-07-07 16:08:12 +02:00
Andrew Bartlett
f3710320ce s4-winbind: Use winbindd in the AD DC by default
(Including changes to knownfail to match the new winbindd in use in each environment)

Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul  4 05:19:54 CEST 2014 on sn-devel-104
2014-07-04 05:19:54 +02:00
Garming Sam
5d069a04fc selftest: Make the wbinfo userinfo tests work properly with the qualified name
This eliminates a knownfail.

Change-Id: I7331a4e62ef8c1f2a9999a78865023ae19beeaca
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-04 02:52:35 +02:00
Garming Sam
95a55df021 winbindd: Allow the AD-DC to call getdcname
This is particularly useful for RODC and eliminates a knownfail.

Change-Id: Ia5089761dcabb1620eadd530dbc9b05580cddd1f
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>
2014-07-04 02:52:35 +02:00
Volker Lendecke
4709373cdf torture: Add a check to verify MS-SMB2 3.3.5.14.2
If we have more than one lock and there is any blocking lock, we need
to fail with NT_STATUS_INVALID_PARAMETER. At a quick glance I did not
find this tested, so add it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-07-02 00:11:23 +02:00
Jeremy Allison
937d35bd18 s4: torture : Add test case to show that a bad impersonation level causes an error on a regular file open.
An invalid impersonation level is only allowed for durable handle reopen.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 18 09:42:43 CEST 2014 on sn-devel-104
2014-06-18 09:42:42 +02:00
Jeremy Allison
d84d0fc379 s3: torture test. We now pass "samba3.smb2.create.leading-slash" so remove from knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
2014-06-18 07:15:13 +02:00
Andrew Bartlett
26ab17fa01 s4-winbind: Use winbindd in the AD DC for fl2003dc and plugin_s4_dc
(Including changes to knownfail to match the new winbindd in use in each environment)

Change-Id: I9e08086eba98e95e05a99afef28315e2857aae56
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jun 16 02:53:49 CEST 2014 on sn-devel-104
2014-06-16 02:53:48 +02:00
Andrew Bartlett
d62e0f8a25 selftest: Add knownfail entries for wbinfo --user-info tests only on the failing environments
This is better than skipping on every environment in the test

Andrew Bartlett

Change-Id: Ib4b114059d8f8bb05a9bdc2eca0f71310fc5a3bc
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
5f29774071 selftest: move all winbind test rules to one place
We now run wbinfo_simple additionally against plugin_s4_dc and dc

This also extends many of the tests to run against more environments,
hence the additional knownfail entries.

For winbind.wbclient, the fl2003dc environment has been selected not
to run with password history so as to allow the winindd.wbinfo test to
complete (once switched to running winbindd).

Andrew Bartlett

Change-Id: I475fd9937e515796b5e47c042a8bfa85f76441ca
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
6add082461 selftest: Make test_wbinfo.sh work with s3-winbindd
Change-Id: I41ed850b6424eac3fb8b6603d5b87c66bb77dd51
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:26 +02:00
Andrew Bartlett
2b558f2096 selftest: Set winbind separator = /
This avoids a pile of shell-script escape pain, and fixes some tests.

Andrew Bartlett

Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2014-06-04 03:22:25 +02:00
Andrew Bartlett
85f57ebda3 torture-samr: Add testing of account lockout and password change behaviour
This is the regression test to avoid a repeat of CVE-2013-4496

This includes confirming that badPwdCount is updated on login, not just on first failure

However the badPwdCount is not updated if the account is disabled

Note: that samr_QueryUserInfo return the effective bad_password_count in level
5, 16 and 21, while it returns the raw value in level 3.

(Sadly the s3 code does not do this correctly, so a knownfail is added)

Change-Id: I4fd8ac5c3b1357e7a98386756dac2a43eb778ecf
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr  2 19:30:59 CEST 2014 on sn-devel-104
2014-04-02 19:30:59 +02:00
Andrew Bartlett
311de5fb4a selftest: Run rpc.samr.passwords.badpwdcount against s3dc
Change-Id: I9529def954521bf8ab05212759a2ef6bbe9913f8
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:48 +02:00
Andrew Bartlett
f557f82acc s4-auth: Support password history correctly, including allowing NTLM logins using the old password
This is only done during a 1 hour allowed period, by default.

We only update bad password count when not one of the last 3 passwords

Andrew Bartlett

Change-Id: I76fd8010ce273a21efb55f9601d17b9978a0acf0
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:47 +02:00
Andrew Bartlett
7e653f5ae2 s4-auth: Add authsam_zero_bad_pwd_count to zero out badPwdCount and lockoutTime on successful login
Change-Id: I2530f08a91f9b6484203dbdaba988f2df1a04ea1
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-04-02 17:12:47 +02:00
Michael Adam
9fb943819c selftets: durable-open.reopen4 succeeds now.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 30 23:32:13 CET 2014 on sn-devel-104
2014-01-30 23:32:13 +01:00
Stefan Metzmacher
dd42daa98d s3:rpcclient: add support for DCERPC_AUTH_LEVEL_CONNECT
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2014-01-16 16:22:52 +01:00
Jeremy Allison
48f426b22d smbtorture: New torture test for bug #9870.
Not fetching the latest modification time on a folder if we have read locks on it.

Prove we should just rely on the mtime value from the underlying
filesystem, even with an open handle.

  BUG: https://bugzilla.samba.org/show_bug.cgi?id=9870

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Dec  5 10:05:06 CET 2013 on sn-devel-104
2013-12-05 10:05:06 +01:00
Jeremy Allison
65882152cc Add regression test for bug #10229 - No access check verification on stream files.
Checks against a file with attribute READONLY, and
a security descriptor denying WRITE_DATA access.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov  4 23:10:10 CET 2013 on sn-devel-104
2013-11-04 23:10:10 +01:00
Volker Lendecke
4061954990 torture: Add smb2.rename.rename_dir_bench
This is a little benchmark test excercising parallel directory renames. With
lots of open files directory renames get pretty slow against some SMB server
implementations.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-11-04 12:06:05 -08:00
Volker Lendecke
6c3b41cfc2 smbd: Fix breaking level2 on OVERWRITE create_disposition
This is shown by the new raw.oplock.level_ii_1 test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23 12:05:43 +02:00
Volker Lendecke
64e734019f torture: Add a test showing we have to break L2 at open time
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23 11:59:58 +02:00
Volker Lendecke
20669d4a75 smbd: Fix raw.batch.exclusive[59]
The level we have to break to depend on the breakers create_disposition:
If we overwrite, we have to break to none.

This patch overloads the "op_type" field in the break message we send
across to the smbd holding the oplock with the oplock level we want to
break to. Because it depends on the create_disposition in the breaking
open, only the breaker can make that decision. We might want to use
a different mechanism for this in the future, but for now using the
op_type field seems acceptable to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23 11:58:56 +02:00
Volker Lendecke
9d3e3a736c torture: Add oplock break to l2/none tests
The level we have to break to depends on the create disposition of the
second opener. If it's overwriting, break to none. If it's not, break
to level2.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23 11:51:19 +02:00
Volker Lendecke
96faaf6c1e torture: Check break level in raw.oplock.exclusive5
This is what Windows does in this case, we don't survive that. We break
to LEVEL2 here. Fixes and more precise test to follow.

We don't survive this anymore. Re-enable later.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-10-23 11:49:05 +02:00
Volker Lendecke
672c228310 torture: Extend the smb2.oplock.doc1 test
If delete_on_close is set, there is no oplock break. Check that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11 15:07:37 -07:00
Volker Lendecke
6fbbf94def torture: Extend the raw.oplock.doc1 test
If delete_on_close is set, there is no oplock break. Check that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-11 15:07:34 -07:00
Volker Lendecke
5e450f5ba9 smbd: Fix breaking level2 on allocate
This needs doing even if we don't have strct allocate set. The client
should not know that we lied. Fixes smb2.oplock.batch12.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-05 13:42:05 -07:00
Volker Lendecke
6e3650edd3 torture: Add buffercheck tests
Make sure we get the smb2 infolevel fixed portions right

I could not find correct #defines for the infolevels

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10106
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 29 01:27:11 CEST 2013 on sn-devel-104
2013-08-29 01:27:11 +02:00
Volker Lendecke
3ddb77f7d8 torture: Split the fsinfo check into a separate test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 23 20:53:12 CEST 2013 on sn-devel-104
2013-08-23 20:53:12 +02:00
Volker Lendecke
8f96d48971 torture: Change smb2.getinfo into a suite
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-23 09:48:48 -07:00
Matthieu Patou
3de2547e29 Remove the knownfail flag on cracknames as it didn't fail anymore
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06 21:22:12 -07:00