samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

Author	SHA1	Message	Date
David Mulder	f1a72fc63d	samba-tool: Add a gpo command for removing VGP Host Access Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184	2021-03-18 20:02:50 +00:00
David Mulder	90acb3cf99	samba-tool: Test gpo manage access remove command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-18 18:50:28 +00:00
David Mulder	482046c56b	samba-tool: Add a gpo command for adding VGP Host Access Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-18 18:50:28 +00:00
David Mulder	996a0bd2e4	samba-tool: Test gpo manage access add command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-18 18:50:28 +00:00
David Mulder	3f3c2b5b33	samba-tool: Add a gpo command for listing VGP Host Access Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-18 18:50:28 +00:00
David Mulder	76868b50f3	samba-tool: Test gpo manage access list command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-18 18:50:28 +00:00
Douglas Bagnall	467746da0a	knownfail: remove python[23] lines We no longer run any python2 or python3 specific tests, so these knownfail lines are just clutter. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 05:57:34 +00:00
Stefan Metzmacher	8f43c15f62	smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184	2021-03-17 01:56:37 +00:00
Stefan Metzmacher	4ab1b29d5d	smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	7733f98f69	smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER The ACCESS_DENIED errors happened as we didn't expected to signing algo is attached to the session key. So our client calculated the wrong signature. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	fd9191fb9c	smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start When the session is not valid on the current connection it should not be possible to start a reauth. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	d95e90fe46	smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection If someone tries to operate on a session that is not yet valid on the current connection and the current session setup fails, then we should not shutdown the session. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	b8ccd2391a	smb2_server: fallback global session lookup if the session belongs to a different client The key is that we need to have the signing key in order to pass the signing checks and give the correct session bind error status. This should fix the MultipleChannel_Negative_SMB2002 testcase of the Windows Protocol Test Suite (FileServer). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reported-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	c4bec67f06	s3:selftest: pass alice credentials to the smb2.session tests for ad_dc This allows us to test session binds with different users. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	2045008995	s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user} These demonstrate that a failing bind does not destroy the existing session and binding with a different user results in ACCESS_DENIED. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Stefan Metzmacher	457b989881	s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3} 'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test from the Windows Protocol Test Suite. It demonstrates that the server needs to do lookup in the global session table in order to get the signing and error code of invalid session setups correct. In order to work out the details I've added more similar tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-17 00:49:32 +00:00
Ralph Boehme	16a1aefb72	smbd: call set_current_user_info() in smbd_become_authenticated_pipe_user() The current_user_info is updated at the SMB level, but currently not at the RPC level in the RPC impersonation function smbd_become_authenticated_pipe_user(). For RPC services running embedded this is not an issue as the SMB level impersonation has already taken care of current_user_info, but for RPC services running as external daemons, eg spoolssd, the omission of updating current_user_info results in variable expansion of eg %U (username) to be broken. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668 MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834 RN: %U variable expansion not working in spoolsd Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Mar 12 00:54:01 UTC 2021 on sn-devel-184	2021-03-12 00:54:01 +00:00
Ralph Boehme	7662a77c4c	selftest: add a test for %U variable expansion in spoolssd This targets the nt4_dc testenv which luckily already runs with spoolssd enabled. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668 MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-11 23:43:32 +00:00
David Mulder	2d6bed495e	samba-gpupdate: Check sysvol download paths in case-insensitive way https://bugzilla.samba.org/show_bug.cgi?id=14665 Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Björn Baumbach <bb@sernet.de>	2021-03-11 20:29:41 +00:00
David Mulder	554f2134a9	samba-gpupdate: Test that sysvol paths download in case-insensitive way Bug: https://bugzilla.samba.org/show_bug.cgi?id=14665 Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Björn Baumbach <bb@sernet.de>	2021-03-11 20:29:41 +00:00
David Mulder	88c9c291b0	samba-tool: gpo manage sudoers handle missing and dispersed principal names If we don't anticipate a missing principal name, samba-tool crashes. Also, principal names could be in dispersed listelements. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Björn Baumbach <bb@sernet.de>	2021-03-11 20:29:41 +00:00
David Mulder	bba91c462e	samba-tool: Ensure that gpo manage sudoers handles missing/dispersed principal names Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Björn Baumbach <bb@sernet.de>	2021-03-11 20:29:41 +00:00
David Mulder	fed09b307f	samba-tool: Enable pydns without ad dc Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-03-10 21:43:34 +00:00
David Mulder	e5e39a836a	python: Test samdb import Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-03-10 21:43:34 +00:00
David Mulder	77f96a3079	samba-tool: Add a gpo command for setting VGP Issue Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Mar 8 20:57:50 UTC 2021 on sn-devel-184	2021-03-08 20:57:50 +00:00
David Mulder	7593e067fa	samba-tool: Test gpo manage issue set command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	0f5af87fbf	samba-tool: Add a gpo command for listing VGP Issue Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	bb47a68ca9	samba-tool: Test gpo manage issue list command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	2461c89c07	gpo: Apply Group Policy Issue setting from VGP Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	9df279dde6	gpo: Test Group Policy VGP Issue Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	5046912ceb	samba-tool: Add a gpo command for setting VGP MOTD Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	4715a0ee0d	samba-tool: Test gpo manage motd set command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	0fbc5e5414	samba-tool: Add a gpo command for listing VGP MOTD Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	f8d68d9f84	samba-tool: Test gpo manage motd list command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	efc9bce868	gpo: Apply Group Policy MOTD setting from VGP Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	f200c6933b	gpo: Test Group Policy VGP MOTD Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 19:45:30 +00:00
David Mulder	c2ce101bfd	gpo: vgp_sudoers_ext handle missing and dispersed principal names If we don't anticipate a missing principal name, the extension crashes. Also, principal names could be in dispersed listelements. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 17:58:37 +00:00
David Mulder	d771314ee0	gpo: Ensure that vgp_sudoers_ext handles missing/dispersed principal names Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 17:58:37 +00:00
David Mulder	a5928566a0	gpo: Ensure that samba-gpupdate doesn't require ad-dc Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 17:58:37 +00:00
David Mulder	f914b42d27	gpo: Test to ensure that samba-gpupdate doesn't require ad-dc Running samba-gpupdate on a client is causing an error in gp_access_ext, due to it attempting to access sam.ldb before detecting whether we are on an ad-dc. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-08 17:58:37 +00:00
Stefan Metzmacher	f1f5c36581	smbd: make sure that xconn is alive for the lifetime of smbXsrv_connection_shutdown_send/recv BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-06 02:20:05 +00:00
Stefan Metzmacher	2a0626c32a	s4:torture/smb2: add smb2.lease.timeout-disconnect test This reproduces a problem that is triggered when smbd_server_connection_terminate() is called recursively. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14533 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-06 02:20:05 +00:00
Stefan Metzmacher	638c4435a0	smbXsrv_session: set session->db_rec = NULL after session->db_rec = local_rec This actually fixes crashes due to stale pointers. With multi-channel and with 2 (or more) connections, we'll call smbXsrv_session_disconnect_xconn() when a connection gets disconnected, but we'll leave smbXsrv_client and all other connections in place. However smbXsrv_session_disconnect_xconn_callback() left a stale session->db_rec pointer in place, which means a following smbXsrv_session_logoff() will call dbwrap_record_delete(local_rec) on a stale pointer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-06 02:20:05 +00:00
Stefan Metzmacher	2cf1628419	s4:torture/smb2: add a smb2.session.two_logoff test This reproduces a bug where two SMB2_LOGOFF messages kill the whole client smbd when multi-channel is used, instead of just removing the logical session. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-06 02:20:05 +00:00
Stefan Metzmacher	c784f8c9ab	selftest: enable 'server multi channel support = yes' BUG: https://bugzilla.samba.org/show_bug.cgi?id=14534 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-03-06 02:20:05 +00:00
Björn Baumbach	bb00979c08	selftest: fix typos in README files Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2021-03-01 03:50:35 +00:00
David Mulder	85d2406826	samba-tool: Add a gpo command for removing VGP Startup Scripts Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 24 22:01:08 UTC 2021 on sn-devel-184	2021-02-24 22:01:08 +00:00
David Mulder	91655e6d71	samba-tool: Test gpo manage script startup remove command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-02-24 20:51:30 +00:00
David Mulder	e5efe17246	samba-tool: Add a gpo command for adding VGP Startup Scripts Group Policy Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-02-24 20:51:30 +00:00
David Mulder	f6a0bd8b91	samba-tool: Test gpo manage script startup add command Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>	2021-02-24 20:51:30 +00:00

1 2 3 4 5 ...

813 Commits