1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

488 Commits

Author SHA1 Message Date
Ralph Boehme
c73d666e5a smbtorture: turn maximum_allowed test into a test suite
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-29 17:22:32 +00:00
Ralph Boehme
6d493a9d56 smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1
The spec lists the following as requiring special access:

- for requiring FILE_READ_ATTRIBUTES:

  FileBasicInformation
  FileAllInformation
  FileNetworkOpenInformation
  FileAttributeTagInformation

- for requiring FILE_READ_EA:

  FileFullEaInformation

All other infolevels are unrestricted.

We ignore the IPC related infolevels:

  FilePipeInformation
  FilePipeLocalInformation
  FilePipeRemoteInformation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
2022-08-23 12:54:08 +00:00
Ralph Boehme
9b2d281571 smbtorture: check required access for SMB2-GETINFO
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-08-23 11:52:29 +00:00
Ralph Boehme
b5848d391b smbtorture: rename smb2.streams.attributes to smb2.streams.attributes1
A subsequent commit adds another streams test named "attributes2", this change
avoids matching the new testname with the existing knownfail entries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15126
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2643

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-08-22 08:02:35 +00:00
Jeremy Allison
bb329d4de5 s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).

Mark as knownfail for now.

NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-04-29 14:57:29 +00:00
Andrew Bartlett
faea2f8a6b selftest: Remove auth_log test for RAP password change
RAP is SMB1, the password change routine requires LM hashes and so everything
here is going away or has now gone, so remove the test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-03-17 01:57:38 +00:00
Stefan Metzmacher
0f5d7ff1a9 s4:kdc: redirect pre-authentication failures to an RWDC
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-03-06 23:05:40 +00:00
Volker Lendecke
a7c65958a1 s3:rpc_server: Activate samba-dcerpcd
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-12-10 14:02:30 +00:00
Samuel Cabrero
99bf0c1b26 pidl:NDR/ServerCompat.pm: Do not register disabled services
In samba3 it is possible to disable RPC services, for exapmle:

rpc_server:netlogon = disabled

If a service is disabled do not register the interface neither create its
endpoint.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2021-09-21 10:15:34 +00:00
Christof Schmitt
54fe40836b loadparm: Set default of "kernel share modes" to "no"
selftest: Remove knownfail for smb2.lock.replay_smb3_specification_durable

With the changed default for "kernel share modes", this test can now
acquire durable handles and succeed.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-09-14 23:14:36 +00:00
Jeremy Allison
7e7ea761a3 s4: torture: Add test for smb2.ioctl.bug14769.
Add knownfails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2021-08-11 19:16:29 +00:00
Joseph Sutton
bf71fa038e s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against
This enables us to more easily switch to a different algorithm to find
the strongest key in _kdc_find_etype().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2021-07-01 17:46:31 +00:00
Andreas Schneider
a40bc1d0ee s4:torture: Migrate smbtorture to new cmdline option parser
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2021-06-16 00:34:38 +00:00
Ralph Boehme
1e338d5160 smbtorture: verify attributes on fake quota file handle
The expected DOS attributes are taken from a Windows 2016 server. The expected
timestamps are what Samba has returned before commit 572d4e3a56:
NTTIME(0), ie no value.

The upcoming fix will restore this behaviour. Windows of course does
return *some* timestamps, but as it's neither documented nor was I able to
figure out where they would be coming from, as well as the Windows client apparently
doesn't care, I didn't bother with implementing some sophisticated heuristic to
return some timestamps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-06-09 19:47:34 +00:00
Samuel Cabrero
aac8be5419 s3: rpc_server: Store new association groups in the id tree
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.

In practise, it means the association groups are not working even in the
same server process.

This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.

The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-04-07 09:18:30 +00:00
Douglas Bagnall
467746da0a knownfail: remove python[23] lines
We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-17 05:57:34 +00:00
Stefan Metzmacher
c784f8c9ab selftest: enable 'server multi channel support = yes'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2021-03-06 02:20:05 +00:00
Björn Jacke
985042d391 dnsupdates: clean up all RRSets and not only type A
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14244

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-23 12:45:35 +00:00
Björn Jacke
98caa173b2 tests: also test net ads dns (un)register with IPv6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13706

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-12-23 12:45:35 +00:00
David Mulder
1544929fee gpo: Apply Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
b76d55cc90 gpo: Test Group Policy Login Prompt Message
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
a4f598fde8 gpo: Apply Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
e8757e0d36 gpo: Test Group Policy Message of the day
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
3303869c4b gpo: Add CSE for applying smb.conf
Add an extension that applies smb.conf params
applied via the smb.conf admx files.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
37661d1aac gpo: Test Group Policy smb.conf Extension
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-27 15:59:34 +00:00
David Mulder
88b6266168 gpo: Apply Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
David Mulder
9679ba9577 gpo: Test Group Policy Sudo Rights
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2020-08-06 16:38:36 +00:00
Stefan Metzmacher
3fa9c3d5bb s4:torture/smb2: split replay_smb3_specification into durable handle and multichannel
It's better to have durable handles and multichannel tested separate:
1. we test both cases in the server
2. it makes it easier to deal with knownfail entries if only one
   of these features is active on the server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2020-07-14 13:38:35 +00:00
Stefan Metzmacher
31e2b7f04b s4:torture/smb2: split smb2.oplock.batch22 into a and b
batch22a tests the timeout on a valid connection
and batch22b tests the timeout on a broken/blocked connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2020-07-08 15:54:39 +00:00
Samuel Cabrero
61e93698e5 s4:rpc_server: Implement epmapper LookupHandleFree
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jul  7 13:43:14 UTC 2020 on sn-devel-184
2020-07-07 13:43:14 +00:00
Samuel Cabrero
054f58e468 selftest: Split samba4 epmapper expected failures into individual tests
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-07-07 12:17:30 +00:00
Stefan Metzmacher
0e0d89b55c lib/torture: fix subunit names of nested suites
E.g. passing 'smb2.multichannel.generic' to smbtorture results in

- interface_info
- num_channels

While passing 'smb2.multichannel' to smbtorture results in:

- generic.interface_info
- genetic.num_channels
- oplocks.test1
...
- leases.test1
...

Before we got this:

- interface_info
- num_channels
- test1
...
- test1

That made it impossible to add knownfail entries for

leases.test1 vs. oplocks.test1

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2020-07-07 10:30:40 +00:00
Stefan Metzmacher
c603a50a48 s4:torture/smb2: remove MULTI_CHANNEL checking from smb2.replay.channel-sequence
This test doesn't need multi-channel. But we need to
force using the channel_sequence, as our client libraries
only use them for multi-channel connections or persistent handles.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-27 04:20:39 +00:00
Stefan Metzmacher
f1ecaa75a2 selftest/Samba3: support durable handles on the 'aio' share
This means we can test the lock sequence checking via the
'samba3.smb2.lock aio(nt4_dc)' test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-27 04:20:39 +00:00
Isaac Boukris
6095a4f0d5 kdc: allow checksum of PA-FOR-USER to be HMAC_MD5
even if the tgt session key uses different hmac.

Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.

In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.

Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
2020-06-11 02:48:58 +00:00
Isaac Boukris
8b5e764413 selftest: add python S4U2Self tests including unkeyed checksums
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
2020-05-15 12:25:40 +00:00
Ralph Boehme
c83ef1d905 selftest: split a knownfail entry
Lists the two existing subtests indidivually in preparation of adding a third
that is going to pass against ad_dc_ntvfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2020-05-12 18:15:30 +00:00
Ralph Boehme
4371c62f2c s4/torture: add a comprehensive "non-oplock-break-trigger" access mask test case
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2020-04-30 19:32:44 +00:00
David Mulder
67e589c111 Convert samba4.base.maximum_allowed to smb2
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)
2020-04-28 18:09:39 +00:00
Noel Power
c83fafacbb s4/selftest: Modify samba4.blackbox.chgdcpass to use smbclient(s3)
Test was using smbclient4 but this fails when used in environments that
don't support SMB1. We use smbclient(s3) instead. There remains one
failure due to behaviour differences between the smbclients.

The behavioural changes are related not to SMB1/SMB2 but
commits d4ea637eb8 &
fce66b22ea

Perhaps we need to modify s3 smbclient in a similar way? This is however
something that deserves further discussion.

Move this failing part to a knownfail for the moment.

Also the corrosponding entry in skip_smb1_fail has been removed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:32 +00:00
Noel Power
9161cf7495 s3/selftest: Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr
Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr from
ad_dc to ad_dc_smb1. Also update flapping and knownfail entries to cater
for the new env.

no entries in skip files to be removed as flapping & knownfail negate
the need for this.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:32 +00:00
Noel Power
2b1cca4c51 s3/selftest: Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr
Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr from
simpleserver to fileserver. Also need a knownfail for raw.samba3closeerr
which fails in envs that NT ACLs enabled. We will get extra coverage
from ad_dc_smb1 when the same tests are moved there.

Remove the associated entries from skip_smb1_fail

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:32 +00:00
Noel Power
a20ad8674b s3/selftest: Move samba3.smbtorture_s3.crypt_client.* to nt4_dc_smb1
Move samba3.smbtorture_s3.crypt_client.* tests which fail against
environments that don't support SMB1.

The following tests have been moved from nt4_dc -> nt4_dc_smb1

samba3.smbtorture_s3.crypt_client.ATTR
samba3.smbtorture_s3.crypt_client.BROWSE
samba3.smbtorture_s3.crypt_client.CASE-INSENSITIVE-CREATE
samba3.smbtorture_s3.crypt_client.CHAIN1
samba3.smbtorture_s3.crypt_client.CHAIN2
samba3.smbtorture_s3.crypt_client.CHAIN3
samba3.smbtorture_s3.crypt_client.CHKPATH
samba3.smbtorture_s3.crypt_client.CLEANUP1
samba3.smbtorture_s3.crypt_client.CLEANUP2
samba3.smbtorture_s3.crypt_client.CLEANUP4
samba3.smbtorture_s3.crypt_client.CLI_SPLICE
samba3.smbtorture_s3.crypt_client.DELETE
samba3.smbtorture_s3.crypt_client.DELETE-LN
samba3.smbtorture_s3.crypt_client.DELETE-STREAM
samba3.smbtorture_s3.crypt_client.DIR
samba3.smbtorture_s3.crypt_client.DIR-CREATETIME
samba3.smbtorture_s3.crypt_client.FDPASS
samba3.smbtorture_s3.crypt_client.FDSESS
samba3.smbtorture_s3.crypt_client.IOCTL
samba3.smbtorture_s3.crypt_client.LARGE_READX
samba3.smbtorture_s3.crypt_client.LOCK1
samba3.smbtorture_s3.crypt_client.LOCK10
samba3.smbtorture_s3.crypt_client.LOCK11
samba3.smbtorture_s3.crypt_client.LOCK13
samba3.smbtorture_s3.crypt_client.LOCK2
samba3.smbtorture_s3.crypt_client.LOCK3
samba3.smbtorture_s3.crypt_client.LOCK4
samba3.smbtorture_s3.crypt_client.LOCK5
samba3.smbtorture_s3.crypt_client.LOCK6
samba3.smbtorture_s3.crypt_client.LOCK7
samba3.smbtorture_s3.crypt_client.LOCK9A
samba3.smbtorture_s3.crypt_client.LOCK9B
samba3.smbtorture_s3.crypt_client.NTTRANS-FSCTL
samba3.smbtorture_s3.crypt_client.OPEN
samba3.smbtorture_s3.crypt_client.OPLOCK1
samba3.smbtorture_s3.crypt_client.OPLOCK2
samba3.smbtorture_s3.crypt_client.OWNER-RIGHTS
samba3.smbtorture_s3.crypt_client.PIDHIGH
samba3.smbtorture_s3.crypt_client.PROPERTIES
samba3.smbtorture_s3.crypt_client.RENAME
samba3.smbtorture_s3.crypt_client.RENAME-ACCESS
samba3.smbtorture_s3.crypt_client.RW1
samba3.smbtorture_s3.crypt_client.RW2
samba3.smbtorture_s3.crypt_client.RW3
samba3.smbtorture_s3.crypt_client.RW-SIGNING
samba3.smbtorture_s3.crypt_client.SHORTNAME-TEST
samba3.smbtorture_s3.crypt_client.STREAMERROR
samba3.smbtorture_s3.crypt_client.TCON
samba3.smbtorture_s3.crypt_client.TCON2
samba3.smbtorture_s3.crypt_client.TCONDEV
samba3.smbtorture_s3.crypt_client.TORTURE
samba3.smbtorture_s3.crypt_client.TRANS2
samba3.smbtorture_s3.crypt_client.UID-REGRESSION-TEST
samba3.smbtorture_s3.crypt_client.UNLINK
samba3.smbtorture_s3.crypt_client.W2K
samba3.smbtorture_s3.crypt_client.WILDDELETE
samba3.smbtorture_s3.crypt_client.XCOPY

and have been removed from skip_smb1_fail

list of tests modified has been verified with

python3 source3/selftest/tests.py | grep "^samba3.smbtorture_s3." | grep nt4_dc_smb1 | cut -f1 -d\( | sort -u

addionally any knownfail entries have been updated as appropriate.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:31 +00:00
Noel Power
9fab393a9c s3/selftest: Move raw.samba3checkfsp, raw.samba3hide & raw.samba3closeerr
Tests samba3.raw.samba3checkfsp, samba3.raw.samba3hide &
samba3.raw.samba3closeerr fail in test environments that don't support
SMB1 so move to nt4_dc_smb1. Additionally samba3.raw.samba3closeer was
a known fail in nt4_dc so this also needs to be adjusted for the new
env.

Remove the remaining entries from skip_smb1_fail

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:31 +00:00
Noel Power
c9b13ca09f s3/selftest: Move samba3.raw.acls* to nt4_dc_smb1
Tests samba3.raw.acls* don't succeed in environments that don't
support SMB1 so move them to nt4_dc_smb1

Also need to adjust knownfail for samba3.raw.acls nfs4acl_xattr*
Additionally remove the entries for test from skip_smb1_fail

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:31 +00:00
Noel Power
9f152ae85e s3/selftest: Move samba3.unix.whoami* tests to ad_dc_smb1
The following tests which fail in environments that dont support
SMB1 have been moved to ad_dc_smb1

samba3.unix.whoami
samba3.unix.whoami kerberos connection
samba3.unix.whoami anonymous connection
samba3.unix.whoami ntlm user@realm

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:29 +00:00
Noel Power
25efadd5f3 s3/selftest: Move samba3.rap.basic & samba3.rap.rpc to _smb1 env
Tests:
  samba3.rap.basic
  samba3.rap.rpc

have been moved to ad_dc_smb1, nt4_dc_smb1

verified by
  python3 source3/selftest/tests.py  | grep ad_dc_smb1 | grep "^samba3.rap"

these tests have been removed from skip_smb1_fails
Additionally
samba3.rap.basic.netsessiongetinfo was already marked as knownfail
in ad_dc so in ad_dc_smb1 also true

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:28 +00:00
Noel Power
f3ae2dcec1 s3/selftest: Move samba3.smbtorture_s3.plain.* tests to fileserver_smb1
with the exception of tests containing
  "SMB2", "BAD-NBT-SESSION", "DIR1", "LOCK12", "OPLOCK4"

so the following tests have been moved

output below from
   python3 source3/selftest/tests.py | grep samba3.smbtorture_s3.plain |
sort -u

samba3.smbtorture_s3.plain.ATTR
samba3.smbtorture_s3.plain.BROWSE
samba3.smbtorture_s3.plain.CASE-INSENSITIVE-CREATE
samba3.smbtorture_s3.plain.CHAIN1
samba3.smbtorture_s3.plain.CHAIN2(
samba3.smbtorture_s3.plain.CHAIN3
samba3.smbtorture_s3.plain.CHKPATH
samba3.smbtorture_s3.plain.CLEANUP1
samba3.smbtorture_s3.plain.CLEANUP2
samba3.smbtorture_s3.plain.CLEANUP4
samba3.smbtorture_s3.plain.CLI_SPLICE
samba3.smbtorture_s3.plain.DELETE
samba3.smbtorture_s3.plain.DELETE-LN
samba3.smbtorture_s3.plain.DELETE-STREAM
samba3.smbtorture_s3.plain.DIR-CREATETIME
samba3.smbtorture_s3.plain.DIR(
samba3.smbtorture_s3.plain.FDPASS
samba3.smbtorture_s3.plain.FDSESS
samba3.smbtorture_s3.plain.IOCTL
samba3.smbtorture_s3.plain.LARGE_READX
samba3.smbtorture_s3.plain.LOCK10
samba3.smbtorture_s3.plain.LOCK11
samba3.smbtorture_s3.plain.LOCK13
samba3.smbtorture_s3.plain.LOCK1
samba3.smbtorture_s3.plain.LOCK2
samba3.smbtorture_s3.plain.LOCK3
samba3.smbtorture_s3.plain.LOCK4
samba3.smbtorture_s3.plain.LOCK5
samba3.smbtorture_s3.plain.LOCK6
samba3.smbtorture_s3.plain.LOCK7
samba3.smbtorture_s3.plain.LOCK9A
samba3.smbtorture_s3.plain.LOCK9B
samba3.smbtorture_s3.plain.NTTRANS-FSCTL
samba3.smbtorture_s3.plain.OPEN
samba3.smbtorture_s3.plain.OPLOCK1
samba3.smbtorture_s3.plain.OPLOCK2
samba3.smbtorture_s3.plain.OPLOCK5
samba3.smbtorture_s3.plain.OWNER-RIGHTS
samba3.smbtorture_s3.plain.PIDHIGH
samba3.smbtorture_s3.plain.RENAME
samba3.smbtorture_s3.plain.RW1
samba3.smbtorture_s3.plain.RW2
samba3.smbtorture_s3.plain.RW3
samba3.smbtorture_s3.plain.RW-SIGNING
samba3.smbtorture_s3.plain.SHORTNAME-TEST
samba3.smbtorture_s3.plain.STREAMERROR
samba3.smbtorture_s3.plain.TCON2
samba3.smbtorture_s3.plain.TCONDEV
samba3.smbtorture_s3.plain.TCON
samba3.smbtorture_s3.plain.TRANS2
samba3.smbtorture_s3.plain.UID-REGRESSION-TEST
samba3.smbtorture_s3.plain.UNLINK
samba3.smbtorture_s3.plain.W2K
samba3.smbtorture_s3.plain.WILDDELETE
samba3.smbtorture_s3.plain.XCOPY

corrosponding entries removed from skip_smb1_fail

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2020-04-03 15:08:28 +00:00
Samuel Cabrero
9bdf3ccde6 s3:rpc_server: Switch to core dcerpc server loop
This commit finally switches the RPC server implementation.

At the same we have to do other related changes to keep code compiling
and test environments running.

First avoid moving the session_info into the allocated pipes_struct memory
context as it is owned now by the core RPC server, and the s3compat pidl
compiler will update the pipes_struct session_info before dispatching
the call with dcesrv_call->auth_state->session_info.

Also, fix a segfault in the endpoint mapper daemon when it tries to delete
the endpoints previously registered over a NCALRPC connection.

If we have:

rpc_server : epmapper = external
rpc_server : lsarpc = external
rpc_daemon : epmd = fork
rpc_daemon : lsasd = fork

The sequence is:

* The endpoint mapper starts (start_epmd in source3/smbd/server.c)
* The lsarpc daemon starts (start_lsasd in source3/smbd/server.c)
  * The lsarpc daemon creates the sockets and registers its endpoints
    (rpc_ep_register in source3/rpc_server/lsasd.c)
  * The endpoint registration code opens a NCALRPC connection to the
    endpoint mapper daemon (ep_register in source3/librpc/rpc/dcerpc_ep.c)
    and keeps it open to re-register if the endpoint mapper daemon dies
    (rpc_ep_register_loop in source3/rpc_server/rpc_ep_register.c)
* When the endpoint mapper daemon accepts a NCALRPC connection it sets a
  termination function (srv_epmapper_delete_endpoints)
* Suppose the lsarpc daemon exits. The NCALRPC connection termination
  function is called.
* The termination function tries to delete all endpoints registered by that
  connection by calling _epm_Delete
* _epm_Delete calls is_privileged_pipe which access to
  pipes_struct->session_info.

As the call to _epm_Delete occurs outside of the PIDL generated code,
the pipes_stuct->session_info is NULL. This commit also sets
pipes_struct->session_info from the dcerpc_connection before calling
_epm_Delete. As the core rpc server supports security context multiplexing we
need to pass the dcesrv_connection to the termination function and let the
implementation pick a auth context. In the case of the endpoint mapper
the termination function has to pick one of type NCALRPC_AS_SYSTEM to
check if the connection is privileged and delete the endpoints
registered by the connection being closed.

Finally, the samba.tests.dcerpc.raw_protocol testsuite passes against
the ad_member environment.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:35 +00:00
Samuel Cabrero
4e7670ed12 s3:rpc_server: Implement association group find callback
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-20 15:36:33 +00:00