IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
I implemented this referral test in C since the LDB python API isn't capable
to extract referrals from search result sets (there the result sets are simple
lists which contain only the matching entries).
First I enhanced the RootDSE test to return all partition base DNs in a new
null-terminated list "partitions". Then I used this in my referrals test which
I've implemented in the LDB api since I needed some certain DN functions.
After looking at the s4 side of the (s)channel :) I found out that it makes
more sense to simply make it use the tdb based code than redo the same changes
done to s3 to simplify the interface.
Ldb is slow, to the point it needs haks to pre-open the db to speed it up, yet
that does not solve the lookup speed, with ldb it is always going to be slower.
Looking through the history it is evident that the schannel database doesn't
really need greate expanadability. And lookups are always done with a single
Key. This seem a perfet fit for tdb while ldb looks unnecessarily complicated.
The schannel database is not really a persistent one. It can be discared during
an upgrade without causing any real issue. all it contains is temproary session
data.
In addition I removed a "talloc_free(req)" since we never free elsewhere the
requests explicitly and do it only indirectly with freeing the "conn" object
when the testsuite terminates.
Fix the names of the drsuapi_DsReplicaInfoType enum and rebuild the .idl
The get_info_obj_metadata implementation is ported from implementation
i developed and tested at the samba io lab 2009
Used in several places.
(Note: The _level suffix in the function name is just because
test_QueryDomainInfo2() already exists as an overall test for all levels.)
Michael
Signed-off-by: Günther Deschner <gd@samba.org>
This tests account lockout features.
Windows 2003r2 and Windows 2008r2 survice this test.
Note: Windows does not set the ACB_AUTOLOCK account flag when it
locks out an account.
One thing that could/should be added to this test is a check of
the lockout time property.
Michael
A handle obtained with spoolss_ReplyOpenPrinter will be closed with
spoolss_ReplyClosePrinter when we call spoolss_ClosePrinter on the remote side.
Guenther
The documentation shows that all these functions in fact use the same
flags variable type. To be consistent between functions, and to allow
easy reference to the WSPP docs, it is better for us to also use this
generic DrsOptions bitfield rather than one per operations.
If there's no groups in the database, there are no entries in extra_data. This
caused WINBINDD_LIST_GROUPS test to fail. Use the fact that
WINBINDD_LIST_GROUPS now reports the number of groups in data.num_entries to
identify the "no groups" case.
The WINBINDD_GETDCNAME test expected an NSS_STATUS_SUCCESS return from all
calls. However, this does not apply for BUILTIN and the DC's own domain.
Make the test work again by skipping those two.
This test checks the behavior (since w2k3 sp1) of the badPwdCount samr attribute
in relation to password history and successfull and unsucessful netlogon
samlogons.
Michael, please check. This should help verifiying Bug #4347.
Guenther
Two new torture parameters:
* smbexit_pdu_support: if the Server supports the Exit command
* range_not_locked_on_file_close: whether the server returns the
NT_STATUS_RANGE_NOT_LOCKED error when a file is closed which has a
pending lock request. Windows returns this error, though per the
spec, this error should only be returned to an unlock request.
It appears some newer versions of windows return
NT_STATUS_OBJECT_NAME_NOT_FOUND on a createfile when access is denied
rather than NT_STATUS_ACCESS_DENIED. I'm not sure how this translates
to directory enumeration yet, but for now make this a parameter that
can be checked in the various torture tests.
This also gets RAW-ACLS and SMB2-CREATE passing against win7.
- The smblsa calls had to be commented out for now and should be fixed
later, but they aren't crucial to the test.
- The first two tests from RAW-ACLS were already ported to
torture_smb2_setinfo() and test_create_acl(). Modifications were
made similar to the RAW-ACLS changes.
- test_sd_get_set() was ported, but does not pass against XP or Vista;
it is not added to the SMB2-ACLS test suite.
- printf -> torture_comment / torture_warning / torture_result
- Change RAW-ACLS test suite so each test can be run individually.
- Add verify_sd() and verify_attrib() helper functions.
- Change test_nttrans_create() to work for both files and directories.
- Fix a segfault in test_inheritance() when the test errors out early.
- test_sd_get_set() does not pass against XP or Vista, so it is no longer added
to the RAW-ACLS test suite.
- Minor fixes to test_inheritance().
- New INHERITFLAGS test, which tests the auto inheritance flags a bit more.
- printf -> torture_comment / torture_warning / torture_result
Try a rename with a wide-open share mode on an already open file
and the there is still share mode contention. For the reason why
see:
http://social.msdn.microsoft.com/Forums/en-US/os_fileservices/thread/3ca14dc9-da1f-4786-a8f7-a86e9903db0c
Msft's anser:
After further review, The reason for server to fail with sharing
violation is that the windows server that executes a path-based
rename request opens the file for DELETE access, but only with
FILE_SHARED_READ as ShareAccess . Therefore, the existing
open(frame 76), which has shared read/write/delete , is compatible
with the Windows servers access mode (DELETE), but Windows servers
open is not compatible with access mode in existing open.
Note that it is correct to state that the logic in Windows server
could have been written to allow shared read/write/delete in which
case it would succeed as you mention. The behavior here is
historical based on the existing implementation.
Some servers choose to mark a client as bad if they fail an oplock
break request by timing out (win7 is an example). Once the client is
marked as bad, future oplock requests will timeout instantly. This
causes subsequent runs of this test to fail, so rather than erroring
out as a failure, a warning is printed instead.
There is also a bug in w2k3 where it was incorrectly returning
contending a share mode lock. It worked in XP and has been re-fixed
in win7.
This can also now be run against samba3.
See what happens when we have multiple outstanding lock requests and
we try to cancel both of them within a single LockingAndX.
On Windows, it seems only the first lock in the array is cancelled,
and the second is left pending. Though, this behavior goes against
the MS-CIFS spec.
* test that 2 locks in a single LockAndX are transactional
* test that 1 unlock and 1 lock in a single LockAndX are not
transactional
* test that SMB2 doesn't like mixed lock/unlock in a single
PDU
Abstract the server requirements to pass some BRL tests.
* The new default for >64bit lock tests, is that the server should
return STATUS_INVALID_LOCK_RANGE.
* Add parameter for targets that don't implement DENY_DOS
In light of the INVALID_LEVEL that is seen for RAW_SFILEINFO_END_OF_FILE_INFO
requests on a path, I'm changing these back to using the passthrough
RAW_SFILEINFO_END_OF_FILE_INFORMATION to test the oplock break behavior as
originally intended
It turns out setting the end-of-file with Trans2SetPathInfo using the
snia spec's info level will attempt to open the file, enforcing share
modes, but then subsequentlys fail the setpathinfo with a dos error of
INVALID_LEVEL. Doing a Trans2SetFileInfo with either end-of-file info
level succeeds as expected.
s4 returns NETWORK_NAME_DELETED if you attempt to use an invalid tree connection
for a lock. This test (correctly I think) happens before we validate the file handle.
That implies that when you pass both a closed handle and a invalid tree you
should get NT_STATUS_NETWORK_NAME_DELETED.
I think the error/success codes returned by windows for these tests
are quite bogus. The ones s4 gives are much more reasonable. The
locking ones returning NT_STATUS_SUCCESS could lead to data loss, as
an application thinks it has a file locked correctly when it fact it
doesn't, so it could do an unsafe modify.
I was stumped for a while as to why the drs test suite was failing for
me. It turned out that it looked for LDB_URL in the environment, and
used it if set. I had it set in my terminal, and it was happily
munching on my sam.ldb while testing. Quite a cute bug really :-)
The passtrhough version of SET_END_OF_FILE_INFO is tested in
RAW-SFILEINFO-END-OF-FILE.
Additionally, the first opener is changed to use SHARE_WRITE for the
share mode since SET_END_OF_FILE_INFO actually writes data to the file
via truncating/extending.
A side effect of this change is that RAW-SFILEINFO now runs the whole
suite instead of just the first test. I changed the name of the first
test to RAW-SFILEINFO-BASE and changed all of the selftest scripts
that call it.
* Ported all tests from raw/notify.c to smb2/notify.c
* Parameterized the max_buffer_size so it can be set on a
per-target basis.
* Fixed CHECK macros to use torture_result
* Created a SMB2-NOTIFY test suite
The BRL tests previously based their results off several bugs in the
W2K8 byte range lock code. I've fixed up the tests to pass against
Win7 which has fixed these bugs, and assume that the Win7 behavior
is the default.
I have inverted the test behavior for >63-bit lock requests. The
tests previously expected NT_STATUS_OK as their default in this
case. I've changed that default to expect STATUS_INVALID_LOCK_RANGE.
This may requires some changing of make test to compensate.
I've also removed a few test scenarios from VALID-REQUEST in preparation
of replacing them with separate tests ported from RAW-LOCK.
I left dumping of decrypted attributes values 'as is'
(using DEBUG and DEBUGADD) as it uses dump_data() function.
dump_data() uses DEBUGADD internally, so I have no way
to redirect its output to torture_context at this point.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
