1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

39652 Commits

Author SHA1 Message Date
Ralph Boehme
f95867e8f5 smbtorture: Directory Leases vs setting access date
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
28e8aae6ad smbtorture: Directory Leases vs setting inode change date
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
b277c32dc1 smbtorture: Directory Leases vs setting modification date
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
1150efd21c smbtorture: Directory Leases vs setting creation date
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
aa50c19e6b smbtorture: Directory Leases vs setting DOS attributes
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
9b6592d696 smbtorture: Directory Leases vs setting EOF
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
dde84e5fd3 smbtorture: check parent leasekey is ignored unless SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET is set
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
9708aebcce smbtorture: check SMB2_LEASE_FLAG_BREAK_IN_PROGRESS when client requests new lease
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
cc5ca053a2 smbtorture: expand Directory Leases test "v2_request
Add three subtests:

- trigger a sharing violation, ack break, create fails with STATUS_SHARING_VIOLATION
- trigger a sharing violation, close conflicting open, create succeeds
- write with valid parent lease key.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
4aa0f90ac2 smbtorture: simplify test_lease_v2_request()
- Add and use test_rearm_dirlease().
- Rename variable "ls2" to "dirlease".
- Simplify lease epoch tracking by using dirlease.lease_epoch as a counter.
- Add comments.
- Zero out a handle after closing it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
9695cda30f smbtorture: add test smb2.dirleases.leases
Checks server accepts "RWH", "RH" and "R" lease request and grants at most
(lease_request & "RH"), so no "W", but "R" without "H" if requested.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
f10bbff928 s4/torture: give smb2_generic_create_share() caller some flexibility
This way callers can either create or open a directory.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
21d0a2a9ff selftest: add "smb2.dirlease" test suite
Move all existing Directory Leases tests to this test suite and require
SMB2_CAP_DIRECTORY_LEASING.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:31 +00:00
Ralph Boehme
a611e6d402 smbtorture: expand test test_lease_v2_rename_target_overwrite()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
5305e36194 smbtorture: add a test for recursive h-lease break when renaming
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
bb940c5bb6 smbtorture: check initial-delete-on-close breaks H-lease for tdis, logoff and disconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
aaa9e60ddb smbtorture: expand test test_lease_unlink() with set-delete-on-close
Currently the test only uses initial-delete-on-close. Expand the test to also
use set-delete-on-close.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13458
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
3ce664243d selftest: run smb2.lease test only against the fileserver environment
...and expect SMB2_CAP_LEASING.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15608

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-05 14:39:30 +00:00
Ralph Boehme
3890ac2faf smbtorture: test rename with other opens on the file
Windows allows this. Samba also already implements this correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Ralph Boehme
42e739ab62 smbtorture: add a bunch of tests for async rename and async interim responses
All tests pass against Windows 2022, we have some bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Ralph Boehme
4932b433ff smbtorture: rename CHECK_VALUE() to CHECK_VAL() in smb2/compound.c
Prepares for using macros from lease_break_handler.h which makes use of
CHECK_VAL() while relying on a definition of CHECK_VAL() in the .c file.

While at it, add a goto done which is always a good thing to get clear failures
from tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15697

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-10-31 11:33:31 +00:00
Stefan Metzmacher
132629ee3a s4:librpc/rpc: make use of netlogon_creds_client_verify()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
d43dc47eb1 libcli/auth: make sure low level crypto function are not used directly
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
834197dafe s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_SendToSam
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
f1c1b8661a s4:rpc_server/netlogon: make use of netlogon_creds_decrypt_samr_CryptPassword
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
7a7cb0d042 s4:rpc_server/netlogon: make use of netlogon_creds_{de,en}crypt_samr_Password()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
172ce406d4 s4:torture/rpc: make use of netlogon_creds_{de,en}crypt_samr_Password
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
2d7a47a175 s4:torture/rpc: make use of netlogon_creds_encrypt_samr_CryptPassword()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
a177d15c87 s4:torture/rpc: make use of netlogon_creds_decrypt_samlogon_validation()
This will make it easier to implement netr_ServerAuthenticateKerberos() later...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
1666d1d74d s4:torture/rpc: make use of netlogon_creds_encrypt_samlogon_logon()
This will make it easier to catch all places where we need to
implement the logic for netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
3d4ea276bd libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_logon()
This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
a56356e399 libcli/auth: pass auth_{type,level} to netlogon_creds_{de,en}crypt_samlogon_validation()
This will be needed when we implement netr_ServerAuthenticateKerberos...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
de8de55a5f netlogon.idl: add netr_ServerAuthenticateKerberos() and related stuff
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
e4132c492d s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticateGeneric()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
f92def2f94 s4:dsdb/common: dsdb_trust_get_incoming_passwords only needs a const ldb_message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
8b972fea09 libcli/auth: also use netlogon_creds_CredentialState_extra_info for the client
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
498fc88c15 s4:torture/rpc: let test_netlogon_capabilities() fail on legacy servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
fd4b027511 s4:rpc_server/netlogon: implement netr_LogonGetCapabilities query_level=2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
dfbc5e5a19 libcli/auth: remember client_requested_flags and auth_time in netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
4533afc9e1 s4:rpc_server/netlogon: make use of creds->ex->client_sid
creds->sid will be removed soon...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
c2ef866fca libcli/auth: pass client_sid to netlogon_creds_server_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
2e8949495f s4:rpc_server/netlogon: add client_sid helper variables
This will make the following changes simpler...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
c9eaf5e22d s4:dsdb/common: samdb_confirm_rodc_allowed_to_repl_to() only needs a const sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
d174b6595a s4:torture/rpc/netlogon: adjust test_netlogon_capabilities query_level=2 to request_flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:36 +00:00
Stefan Metzmacher
0b6ac4b082 s4:librpc/rpc: use netr_LogonGetCapabilities query_level=2 to verify the proposed capabilities
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
25294685b1 s4:librpc/rpc: define required schannel flags and enforce them
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
69b0cbd13d s4:librpc/rpc: don't allow any unexpected upgrades of negotiate_flags
Only remove the unsupported flags from local_negotiate_flags for
the next try...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
24de5d1cbd s4:librpc/rpc: do LogonControl after LogonGetCapabilities downgrade
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
a0bc372dee s4:rpc_server/netlogon: if we require AES there's no need to remove the ARCFOUR flag
With SAMBA_WEAK_CRYPTO_DISALLOWED dcesrv_netr_ServerAuthenticate3_check_downgrade()
will return DOWNGRADE_DETECTED with negotiate_flags = 0, if AES was not
negotiated...

And if AES was negotiated there's no harm in returning the ARCFOUR
flag...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00
Stefan Metzmacher
3dcbc8eea5 s4:torture/rpc: without weak crypto we should require AES
We should check that we can actually negotiated the strong AES
crypto instead of just checking that NETLOGON_NEG_ARCFOUR is not
there...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-10-30 23:08:35 +00:00