IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The spec lists the following as requiring special access:
- for requiring FILE_READ_ATTRIBUTES:
FileBasicInformation
FileAllInformation
FileNetworkOpenInformation
FileAttributeTagInformation
- for requiring FILE_READ_EA:
FileFullEaInformation
All other infolevels are unrestricted.
We ignore the IPC related infolevels:
FilePipeInformation
FilePipeLocalInformation
FilePipeRemoteInformation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184
Passes against Windows. Shows that Windows allows a durable handle
on a leased open for READ_ATTRUBUTES only (a stat open).
Mark as knownfail for now.
NB. Not sure why we are testing smb2.durable-open against ad_dc
as that provisioning has "smb2 leases = no" which precludes
granting durable handles. Not changing for this bug but this
should be looked at in future.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
RAP is SMB1, the password change routine requires LM hashes and so everything
here is going away or has now gone, so remove the test.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The most important case is that we still have a previous
password cached at the RODC and the inbound replication
hasn't wiped the cache yet and we also haven't triggered
a new replication yet.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is the big switch to use samba-dcerpcd for the RPC services in
source3/. It is a pretty big and unordered patch, but I don't see a
good way to split this up into more manageable pieces without
sacrificing bisectability even more. Probably I could cut out a few
small ones, but a major architechtural switch like this will always be
messy.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
In samba3 it is possible to disable RPC services, for exapmle:
rpc_server:netlogon = disabled
If a service is disabled do not register the interface neither create its
endpoint.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
selftest: Remove knownfail for smb2.lock.replay_smb3_specification_durable
With the changed default for "kernel share modes", this test can now
acquire durable handles and succeed.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This enables us to more easily switch to a different algorithm to find
the strongest key in _kdc_find_etype().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The expected DOS attributes are taken from a Windows 2016 server. The expected
timestamps are what Samba has returned before commit 572d4e3a56:
NTTIME(0), ie no value.
The upcoming fix will restore this behaviour. Windows of course does
return *some* timestamps, but as it's neither documented nor was I able to
figure out where they would be coming from, as well as the Windows client apparently
doesn't care, I didn't bother with implementing some sophisticated heuristic to
return some timestamps.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14731
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Right now a new association group is created for each connection
assigning the legacy 0x53F0 id, but it is not stored anywhere. When a
second client request to join an association group by its id it is not
found and a new one is created with the same ID.
In practise, it means the association groups are not working even in the
same server process.
This commit stores the created association group in the idtree, but to
make use of it assigns a random id instead of the historical 0x53F0.
The test assoc_group_ok2 was wrongly passing before this change because
the same id 0x53F0 was assigned to all association groups.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Add an extension that applies smb.conf params
applied via the smb.conf admx files.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
It's better to have durable handles and multichannel tested separate:
1. we test both cases in the server
2. it makes it easier to deal with knownfail entries if only one
of these features is active on the server.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
batch22a tests the timeout on a valid connection
and batch22b tests the timeout on a broken/blocked connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jul 7 13:43:14 UTC 2020 on sn-devel-184
E.g. passing 'smb2.multichannel.generic' to smbtorture results in
- interface_info
- num_channels
While passing 'smb2.multichannel' to smbtorture results in:
- generic.interface_info
- genetic.num_channels
- oplocks.test1
...
- leases.test1
...
Before we got this:
- interface_info
- num_channels
- test1
...
- test1
That made it impossible to add knownfail entries for
leases.test1 vs. oplocks.test1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This test doesn't need multi-channel. But we need to
force using the channel_sequence, as our client libraries
only use them for multi-channel connections or persistent handles.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This means we can test the lock sequence checking via the
'samba3.smb2.lock aio(nt4_dc)' test.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
even if the tgt session key uses different hmac.
Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is
always HMAC_MD5, and that's what windows 7 client
and MIT client send.
In heimdal both the client and kdc use the checksum of
the tgt key instead and therefore work with each other
but windows and MIT clients fail against heimdal KDC.
Windows KDC allows either checksum (HMAC_MD5 or from
tgt) so we should do the same to support all clients.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
To test the CRC32 I reverted the unkeyed-checksum fix (43958af1)
and the weak-crypto fix (389d1b97). Note that the unkeyed-md5
still worked even with weak-crypto disabled, and that the
unkeyed-sha1 never worked but I left it anyway.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
Lists the two existing subtests indidivually in preparation of adding a third
that is going to pass against ad_dc_ntvfs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14375
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)
Test was using smbclient4 but this fails when used in environments that
don't support SMB1. We use smbclient(s3) instead. There remains one
failure due to behaviour differences between the smbclients.
The behavioural changes are related not to SMB1/SMB2 but
commits d4ea637eb8 &
fce66b22ea
Perhaps we need to modify s3 smbclient in a similar way? This is however
something that deserves further discussion.
Move this failing part to a knownfail for the moment.
Also the corrosponding entry in skip_smb1_fail has been removed
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr from
ad_dc to ad_dc_smb1. Also update flapping and knownfail entries to cater
for the new env.
no entries in skip files to be removed as flapping & knownfail negate
the need for this.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Move tests raw.samba3hide, raw.samba3checkfsp & raw.samba3closeerr from
simpleserver to fileserver. Also need a knownfail for raw.samba3closeerr
which fails in envs that NT ACLs enabled. We will get extra coverage
from ad_dc_smb1 when the same tests are moved there.
Remove the associated entries from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Move samba3.smbtorture_s3.crypt_client.* tests which fail against
environments that don't support SMB1.
The following tests have been moved from nt4_dc -> nt4_dc_smb1
samba3.smbtorture_s3.crypt_client.ATTR
samba3.smbtorture_s3.crypt_client.BROWSE
samba3.smbtorture_s3.crypt_client.CASE-INSENSITIVE-CREATE
samba3.smbtorture_s3.crypt_client.CHAIN1
samba3.smbtorture_s3.crypt_client.CHAIN2
samba3.smbtorture_s3.crypt_client.CHAIN3
samba3.smbtorture_s3.crypt_client.CHKPATH
samba3.smbtorture_s3.crypt_client.CLEANUP1
samba3.smbtorture_s3.crypt_client.CLEANUP2
samba3.smbtorture_s3.crypt_client.CLEANUP4
samba3.smbtorture_s3.crypt_client.CLI_SPLICE
samba3.smbtorture_s3.crypt_client.DELETE
samba3.smbtorture_s3.crypt_client.DELETE-LN
samba3.smbtorture_s3.crypt_client.DELETE-STREAM
samba3.smbtorture_s3.crypt_client.DIR
samba3.smbtorture_s3.crypt_client.DIR-CREATETIME
samba3.smbtorture_s3.crypt_client.FDPASS
samba3.smbtorture_s3.crypt_client.FDSESS
samba3.smbtorture_s3.crypt_client.IOCTL
samba3.smbtorture_s3.crypt_client.LARGE_READX
samba3.smbtorture_s3.crypt_client.LOCK1
samba3.smbtorture_s3.crypt_client.LOCK10
samba3.smbtorture_s3.crypt_client.LOCK11
samba3.smbtorture_s3.crypt_client.LOCK13
samba3.smbtorture_s3.crypt_client.LOCK2
samba3.smbtorture_s3.crypt_client.LOCK3
samba3.smbtorture_s3.crypt_client.LOCK4
samba3.smbtorture_s3.crypt_client.LOCK5
samba3.smbtorture_s3.crypt_client.LOCK6
samba3.smbtorture_s3.crypt_client.LOCK7
samba3.smbtorture_s3.crypt_client.LOCK9A
samba3.smbtorture_s3.crypt_client.LOCK9B
samba3.smbtorture_s3.crypt_client.NTTRANS-FSCTL
samba3.smbtorture_s3.crypt_client.OPEN
samba3.smbtorture_s3.crypt_client.OPLOCK1
samba3.smbtorture_s3.crypt_client.OPLOCK2
samba3.smbtorture_s3.crypt_client.OWNER-RIGHTS
samba3.smbtorture_s3.crypt_client.PIDHIGH
samba3.smbtorture_s3.crypt_client.PROPERTIES
samba3.smbtorture_s3.crypt_client.RENAME
samba3.smbtorture_s3.crypt_client.RENAME-ACCESS
samba3.smbtorture_s3.crypt_client.RW1
samba3.smbtorture_s3.crypt_client.RW2
samba3.smbtorture_s3.crypt_client.RW3
samba3.smbtorture_s3.crypt_client.RW-SIGNING
samba3.smbtorture_s3.crypt_client.SHORTNAME-TEST
samba3.smbtorture_s3.crypt_client.STREAMERROR
samba3.smbtorture_s3.crypt_client.TCON
samba3.smbtorture_s3.crypt_client.TCON2
samba3.smbtorture_s3.crypt_client.TCONDEV
samba3.smbtorture_s3.crypt_client.TORTURE
samba3.smbtorture_s3.crypt_client.TRANS2
samba3.smbtorture_s3.crypt_client.UID-REGRESSION-TEST
samba3.smbtorture_s3.crypt_client.UNLINK
samba3.smbtorture_s3.crypt_client.W2K
samba3.smbtorture_s3.crypt_client.WILDDELETE
samba3.smbtorture_s3.crypt_client.XCOPY
and have been removed from skip_smb1_fail
list of tests modified has been verified with
python3 source3/selftest/tests.py | grep "^samba3.smbtorture_s3." | grep nt4_dc_smb1 | cut -f1 -d\( | sort -u
addionally any knownfail entries have been updated as appropriate.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Tests samba3.raw.samba3checkfsp, samba3.raw.samba3hide &
samba3.raw.samba3closeerr fail in test environments that don't support
SMB1 so move to nt4_dc_smb1. Additionally samba3.raw.samba3closeer was
a known fail in nt4_dc so this also needs to be adjusted for the new
env.
Remove the remaining entries from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Tests samba3.raw.acls* don't succeed in environments that don't
support SMB1 so move them to nt4_dc_smb1
Also need to adjust knownfail for samba3.raw.acls nfs4acl_xattr*
Additionally remove the entries for test from skip_smb1_fail
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
The following tests which fail in environments that dont support
SMB1 have been moved to ad_dc_smb1
samba3.unix.whoami
samba3.unix.whoami kerberos connection
samba3.unix.whoami anonymous connection
samba3.unix.whoami ntlm user@realm
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Tests:
samba3.rap.basic
samba3.rap.rpc
have been moved to ad_dc_smb1, nt4_dc_smb1
verified by
python3 source3/selftest/tests.py | grep ad_dc_smb1 | grep "^samba3.rap"
these tests have been removed from skip_smb1_fails
Additionally
samba3.rap.basic.netsessiongetinfo was already marked as knownfail
in ad_dc so in ad_dc_smb1 also true
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit finally switches the RPC server implementation.
At the same we have to do other related changes to keep code compiling
and test environments running.
First avoid moving the session_info into the allocated pipes_struct memory
context as it is owned now by the core RPC server, and the s3compat pidl
compiler will update the pipes_struct session_info before dispatching
the call with dcesrv_call->auth_state->session_info.
Also, fix a segfault in the endpoint mapper daemon when it tries to delete
the endpoints previously registered over a NCALRPC connection.
If we have:
rpc_server : epmapper = external
rpc_server : lsarpc = external
rpc_daemon : epmd = fork
rpc_daemon : lsasd = fork
The sequence is:
* The endpoint mapper starts (start_epmd in source3/smbd/server.c)
* The lsarpc daemon starts (start_lsasd in source3/smbd/server.c)
* The lsarpc daemon creates the sockets and registers its endpoints
(rpc_ep_register in source3/rpc_server/lsasd.c)
* The endpoint registration code opens a NCALRPC connection to the
endpoint mapper daemon (ep_register in source3/librpc/rpc/dcerpc_ep.c)
and keeps it open to re-register if the endpoint mapper daemon dies
(rpc_ep_register_loop in source3/rpc_server/rpc_ep_register.c)
* When the endpoint mapper daemon accepts a NCALRPC connection it sets a
termination function (srv_epmapper_delete_endpoints)
* Suppose the lsarpc daemon exits. The NCALRPC connection termination
function is called.
* The termination function tries to delete all endpoints registered by that
connection by calling _epm_Delete
* _epm_Delete calls is_privileged_pipe which access to
pipes_struct->session_info.
As the call to _epm_Delete occurs outside of the PIDL generated code,
the pipes_stuct->session_info is NULL. This commit also sets
pipes_struct->session_info from the dcerpc_connection before calling
_epm_Delete. As the core rpc server supports security context multiplexing we
need to pass the dcesrv_connection to the termination function and let the
implementation pick a auth context. In the case of the endpoint mapper
the termination function has to pick one of type NCALRPC_AS_SYSTEM to
check if the connection is privileged and delete the endpoints
registered by the connection being closed.
Finally, the samba.tests.dcerpc.raw_protocol testsuite passes against
the ad_member environment.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Keep the s3 server behaviour for now and return always the same
association group ID, 0x53F0.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>