1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

39639 Commits

Author SHA1 Message Date
Ralph Boehme
a611e6d402 smbtorture: expand test test_lease_v2_rename_target_overwrite()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
5305e36194 smbtorture: add a test for recursive h-lease break when renaming
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
bb940c5bb6 smbtorture: check initial-delete-on-close breaks H-lease for tdis, logoff and disconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
aaa9e60ddb smbtorture: expand test test_lease_unlink() with set-delete-on-close
Currently the test only uses initial-delete-on-close. Expand the test to also
use set-delete-on-close.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13458
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
3ce664243d selftest: run smb2.lease test only against the fileserver environment
...and expect SMB2_CAP_LEASING.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
3890ac2faf smbtorture: test rename with other opens on the file
Windows allows this. Samba also already implements this correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Ralph Boehme
42e739ab62 smbtorture: add a bunch of tests for async rename and async interim responses
All tests pass against Windows 2022, we have some bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Ralph Boehme
4932b433ff smbtorture: rename CHECK_VALUE() to CHECK_VAL() in smb2/compound.c
Prepares for using macros from lease_break_handler.h which makes use of
CHECK_VAL() while relying on a definition of CHECK_VAL() in the .c file.

While at it, add a goto done which is always a good thing to get clear failures
from tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Stefan Metzmacher
132629ee3a s4:librpc/rpc: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
d43dc47eb1 libcli/auth: make sure low level crypto function are not used directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
834197dafe s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
f1c1b8661a s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
7a7cb0d042 s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
172ce406d4 s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
2d7a47a175 s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
a177d15c87 s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
1666d1d74d s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
3d4ea276bd libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()
This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
a56356e399 libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
de8de55a5f netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
e4132c492d s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
f92def2f94 s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const ldb_message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
8b972fea09 libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
498fc88c15 s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
fd4b027511 s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
dfbc5e5a19 libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
4533afc9e1 s4:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
c2ef866fca libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
2e8949495f s4:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
c9eaf5e22d s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
d174b6595a s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
0b6ac4b082 s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
25294685b1 s4:librpc/rpc: define required schannel flags and enforce them
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
69b0cbd13d s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from local_negotiate_flags for
the next try...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
24de5d1cbd s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
a0bc372dee s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...

And if AES was negotiated there's no harm in returning the ARCFOUR
flag...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
3dcbc8eea5 s4:torture/rpc: without weak crypto we should require AES
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
36310650ee s4:torture/rpc: check that DOWNGRADE_DETECTED has no bits negotiated
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Ralph Boehme
38b5c8c663 smbd: remove "fruit:posix_rename"
This option of the vfs_fruit VFS module that could be used to enable POSIX
directory rename behaviour for OS X clients has been removed as it could result
in severe problems for Windows clients.

As a possible workaround it is possible to prevent creation of .DS_Store files
(a Finder thingy to store directory view settings) on network mounts by running

  $ defaults write com.apple.desktopservices DSDontWriteNetworkStores true

on the Mac.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2024-10-25 10:42:32 +00:00
Andreas Schneider
c7a98bb3d8 s4:client: Fix memory leaks in smblcient4
==375711==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 20 byte(s) in 1 object(s) allocated from:
    #0 0x7f83838f6880 in strdup ../../../../libsanitizer/asan/asan_interceptors.cpp:578
    #1 0x55a06cc7c244 in main ../../source4/client/client.c:3470
    #2 0x7f837fe2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-10-24 10:54:37 +00:00
Andreas Schneider
a48a1cba19 s4:client: Remove trailing spaces in client.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-10-24 10:54:37 +00:00
Andreas Schneider
c8979f384d s4:torture: Fix memory leak in torture_decode_compare_pac()
Direct leak of 200 byte(s) in 1 object(s) allocated from:
    #0 0x7f42972fc130 in calloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:77
    #1 0x7f4296cf3054 in wbcAllocateMemory ../../nsswitch/libwbclient/wbclient.c:216
    #2 0x7f4296cf386c in wbc_create_auth_info ../../nsswitch/libwbclient/wbc_pam.c:96
    #3 0x7f4296cf59a1 in wbcCtxAuthenticateUserEx ../../nsswitch/libwbclient/wbc_pam.c:561
    #4 0x7f4296cf5d98 in wbcAuthenticateUserEx ../../nsswitch/libwbclient/wbc_pam.c:578
    #5 0x55f8ff6023f1 in torture_decode_compare_pac ../../source4/torture/winbind/winbind.c:120
    #6 0x55f8ff6023f1 in torture_winbind_pac ../../source4/torture/winbind/winbind.c:291
    #7 0x55f8ff603c98 in torture_winbind_pac_gss_spnego ../../source4/torture/winbind/winbind.c:303
    #8 0x7f4295ff560c in wrap_simple_test ../../lib/torture/torture.c:712
    #9 0x7f4295ff748d in internal_torture_run_test ../../lib/torture/torture.c:520
    #10 0x7f4295ff7904 in torture_run_tcase_restricted ../../lib/torture/torture.c:585
    #11 0x7f4295ff7e69 in torture_run_suite_restricted ../../lib/torture/torture.c:439
    #12 0x55f8ff7980ba in run_matching ../../source4/torture/smbtorture.c:96
    #13 0x55f8ff798141 in run_matching ../../source4/torture/smbtorture.c:106
    #14 0x55f8ff798e41 in torture_run_named_tests ../../source4/torture/smbtorture.c:173
    #15 0x55f8ff79cf03 in main ../../source4/torture/smbtorture.c:754
    #16 0x7f4291a2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-10-24 10:54:37 +00:00
Andreas Schneider
1a9ca80960 s4:torture: Remove trailing spaces in winbind.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2024-10-24 10:54:37 +00:00
David Mulder
8ac241017f Add ntstatus_gen for Rust
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-10-23 14:21:33 +00:00
Ralph Boehme
849afe05ad smbtorture: add subtests for overwrite dispositions vs sharemodes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-14 11:09:35 +00:00
Ralph Boehme
4591f27ca8 smbtorture: fix smb2.notify.mask test
The strange function custom_smb2_create() was somehow causing
NT_STATUS_DELETE_PENDING failures:

  failure: mask [
  (../../source4/torture/smb2/notify.c:490) Incorrect status NT_STATUS_DELETE_PENDING - should be NT_STATUS_OK
  ]

I couldn't figure out what was causing this exactly, but after doing these
cleanups the error went away.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-14 11:09:34 +00:00
Ralph Boehme
f88e52a6f4 smbtorture: prepare test_overwrite_read_only_file() for more subtests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15732

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-14 11:09:34 +00:00
Stefan Metzmacher
0acbbeab4d s4:librpc: provide py_schannel bindings
This will be used in the dcerpc.raw_protocol test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-10-10 14:01:04 +00:00
Stefan Metzmacher
be02d4077d dcerpc_util: don't allow auth_padding for BIND, ALTER_CONTEXT and AUTH3 pdus
This is how Windows 2022 (and 2025 preview) behaves...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-10-10 14:01:04 +00:00
Stefan Metzmacher
8e6696b2ac dcesrv_core: return NAK_REASON_PROTOCOL_VERSION_NOT_SUPPORTED for binds without contexts
This is the error Windows 2022 (and 2025 preview) return.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-10-10 14:01:04 +00:00