1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

38050 Commits

Author SHA1 Message Date
Stefan Metzmacher
fa64f8fa8d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
fde745ec34 CVE-2022-37966 s4:kdc: announce PA-SUPPORTED-ETYPES like windows.
We need to take the value from the msDS-SupportedEncryptionTypes
attribute and only take the default if there's no value or
if the value is 0.

For krbtgt and DC accounts we need to force support for
ARCFOUR-HMAC-MD5 and AES encryption types and add the related bits
in addtition. (Note for krbtgt msDS-SupportedEncryptionTypes is
completely ignored the hardcoded value is the default, so there's
no AES256-SK for krbtgt).

For UF_USE_DES_KEY_ONLY on the account we reset
the value to 0, these accounts are in fact disabled completely,
as they always result in KRB5KDC_ERR_ETYPE_NOSUPP.

Then we try to get all encryption keys marked in
supported_enctypes, and the available_enctypes
is a reduced set depending on what keys are
actually stored in the database.

We select the supported session key enctypes by the available
keys and in addition based on AES256-SK as well as the
"kdc force enable rc4 weak session keys" option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
4ebbe7e407 CVE-2022-37966 s4:libnet: allow python bindings to force setting an nthash via SAMR level 18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
271cd82cd6 CVE-2022-37966 s4:libnet: add support LIBNET_SET_PASSWORD_SAMR_HANDLE_18 to set nthash only
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
9e69289b09 CVE-2022-37966 s4:libnet: initialize libnet_SetPassword() arguments explicitly to zero by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
d7ea197ed1 CVE-2022-37966 s4:kdc: use the strongest possible keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13135
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
621b8c3927 CVE-2022-37966 s4:pydsdb: add ENC_HMAC_SHA1_96_AES256_SK
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
6b46b764fc CVE-2022-37966 s4:kdc: also limit the krbtgt history to their strongest keys
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Joseph Sutton
4bb50c868c CVE-2022-37966 kdc: Assume trust objects support AES by default
As part of matching the behaviour of Windows, assume that trust objects
support AES256, but not RC4, if not specified otherwise.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
975e43fc45 CVE-2022-37966 kdc: Implement new Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this
CVE to indicate that additionally, AES session keys are available. We
set the etypes available for session keys depending on the encryption
types that are supported by the principal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15219

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:30 +00:00
Joseph Sutton
44802c46b1 CVE-2022-37966 selftest: Run S4U tests against FL2003 DC
This shows that changes around RC4 encryption types do not break older
functional levels where only RC4 keys are available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
371d7e63fc CVE-2022-37966 selftest: Add tests for Kerberos session key behaviour since ENC_HMAC_SHA1_96_AES256_SK was added
ENC_HMAC_SHA1_96_AES256_SK is a flag introduced for by Microsoft in this CVE
to indicate that additionally, AES session keys are available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
a50a2be622 CVE-2022-37967 Add new PAC checksum
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15231

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
177334c042 CVE-2022-37966 tests/krb5: Add a test requesting tickets with various encryption types
The KDC should leave the choice of ticket encryption type up to the
target service, and admit no influence from the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
b3ed90a054 CVE-2022-38023 s4:rpc_server/netlogon: implement "server schannel require seal[:COMPUTERACCOUNT]"
By default we'll now require schannel connections with
privacy/sealing/encryption.

But we allow exceptions for specific computer/trust accounts.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15260

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
3c57608e11 CVE-2022-38023 s4:rpc_server/netlogon: add a per connection cache to dcesrv_netr_check_schannel()
It's enough to warn the admin once per connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
689507457f CVE-2022-38023 s4:rpc_server/netlogon: make sure all dcesrv_netr_LogonSamLogon*() calls go through dcesrv_netr_check_schannel()
We'll soon add some additional contraints in dcesrv_netr_check_schannel(),
which are also required for dcesrv_netr_LogonSamLogonEx().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
f43dc4f0bd CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_check_schannel() function
This will allow us to reuse the function in other places.
As it will also get some additional checks soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
43df4be359 CVE-2022-38023 s4:rpc_server/netlogon: debug 'reject md5 servers' and 'allow nt4 crypto' misconfigurations
This allows the admin to notice what's wrong in order to adjust the
configuration if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
69b3654160 CVE-2022-38023 s4:rpc_server/netlogon: add 'server reject md5 schannel:COMPUTERACCOUNT = no' and 'allow nt4 crypto:COMPUTERACCOUNT = yes'
This makes it more flexible when we change the global default to
'reject md5 servers = yes'.

'allow nt4 crypto = no' is already the default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
b09f51eefc CVE-2022-38023 s4:rpc_server/netlogon: defer downgrade check until we found the account in our SAM
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need use the account name from our SAM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
4c7f84798a CVE-2022-38023 s4:rpc_server/netlogon: require aes if weak crypto is disabled
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
b6339fd1dc CVE-2022-38023 s4:rpc_server/netlogon: split out dcesrv_netr_ServerAuthenticate3_check_downgrade()
We'll soon make it possible to use 'reject md5 servers:CLIENTACCOUNT$ = no',
which means we'll need the downgrade detection in more places.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
cfd55a22cd CVE-2022-38023 s4:torture: use NETLOGON_NEG_SUPPORTS_AES by default
For generic tests we should use the best available features.

And AES will be required by default soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
16ee03efc1 CVE-2022-38023 s4:rpc_server/netlogon: improve CVE-2020-1472(ZeroLogon) debug messages
In order to avoid generating useless debug messages during make test,
we will use 'CVE_2020_1472:warn_about_unused_debug_level = 3'
and 'CVE_2020_1472:error_debug_level = 2' in order to avoid schannel warnings.

Review with: git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
ec62151a2f CVE-2022-38023 s4:rpc_server/netlogon: re-order checking in dcesrv_netr_creds_server_step_check()
This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
0e6a2ba83e CVE-2022-38023 s4:rpc_server/netlogon: add talloc_stackframe() to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
7baabbe981 CVE-2022-38023 s4:rpc_server/netlogon: add a lp_ctx variable to dcesrv_netr_creds_server_step_check()
This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
e060ea5b3e CVE-2022-38023 s4:rpc_server/netlogon: 'server schannel != yes' warning to dcesrv_interface_netlogon_bind
This will simplify the following changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Douglas Bagnall
5259926de7 s4/torture/smb2: avoid possibly closing undefined handle
From OSS-Fuzz compilation:

Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1456:2: error: variable 'dir_handle' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
Step #3 - "compile-honggfuzz-address-x86_64":         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
Step #3 - "compile-honggfuzz-address-x86_64":         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:748:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
Step #3 - "compile-honggfuzz-address-x86_64":                 torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
Step #3 - "compile-honggfuzz-address-x86_64":                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:316:6: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
Step #3 - "compile-honggfuzz-address-x86_64":         if (!NT_STATUS_EQUAL(__got, __expected)) { \
Step #3 - "compile-honggfuzz-address-x86_64":             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1582:24: note: uninitialized use occurs here
Step #3 - "compile-honggfuzz-address-x86_64":         smb2_util_close(tree, dir_handle);
Step #3 - "compile-honggfuzz-address-x86_64":                               ^~~~~~~~~~
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1456:2: note: remove the 'if' if its condition is always false
Step #3 - "compile-honggfuzz-address-x86_64":         torture_assert_ntstatus_ok_goto(tctx, status, ret, done,
Step #3 - "compile-honggfuzz-address-x86_64":         ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:748:3: note: expanded from macro 'torture_assert_ntstatus_ok_goto'
Step #3 - "compile-honggfuzz-address-x86_64":                 torture_assert_ntstatus_equal_goto(torture_ctx,expr,NT_STATUS_OK,ret,label,cmt)
Step #3 - "compile-honggfuzz-address-x86_64":                 ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../lib/torture/torture.h:316:2: note: expanded from macro 'torture_assert_ntstatus_equal_goto'
Step #3 - "compile-honggfuzz-address-x86_64":         if (!NT_STATUS_EQUAL(__got, __expected)) { \
Step #3 - "compile-honggfuzz-address-x86_64":         ^
Step #3 - "compile-honggfuzz-address-x86_64": ../../source4/torture/smb2/dir.c:1434:2: note: variable 'dir_handle' is declared here
Step #3 - "compile-honggfuzz-address-x86_64":         struct smb2_handle dir_handle;
Step #3 - "compile-honggfuzz-address-x86_64":         ^

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec 13 07:45:20 UTC 2022 on sn-devel-184
2022-12-13 07:45:20 +00:00
Volker Lendecke
080ded0910 cldap_server: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-12 21:16:33 +00:00
Ralph Boehme
4bb3e4df3e torture: test that a find with a mangled name works
This was spawned by https://bugzilla.samba.org/show_bug.cgi?id=13472 back
then. Samba implement this correctly, just add this test found in the attic.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 10 00:07:09 UTC 2022 on sn-devel-184
2022-12-10 00:07:09 +00:00
Ralph Boehme
08997ac1a7 torture: convert mangling test to a suite
More tests to come...

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
0fa7c3f70c torture: add an interactive test that works out maximum name and path lenghts
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
6e1f58ab7c torture: add a test veryfing timestamps across rename
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
6c997c7fb5 torture: add another large directory enumeration performance test
This one renames one file per iteration and can also be used to torture any
directory caching the server may employ.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
cac95c3bba torture: print duration of smb2.dir.test_large_files
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
c0be0b6873 torture: increase find buffer to 1 MB in multiple_smb2_search()
This is used by performance tests that don't want to measure network latency but
fileserver IO latency.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
9e1c2fedb8 torture: add another simple DOS attributes test
- create file with ARCHIVE
- open file with ARCHIVE+HIDDEN+...
- check DOS attrs are still only ARCHIVE from the initial create

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
fba4b29085 s4:torture: remove remaining checks if alloc_size is 0 on empty files
commit 55b2f247f9 already remove a few of these,
but a few remained.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Douglas Bagnall
c2db7fda4e lib/comression: convert test_lzxpress_plain to cmocka
Mainly so I can go

 make bin/test_lzxpress_plain && bin/test_lzxpress_plain
 valgrind bin/test_lzxpress_plain
 rr bin/test_lzxpress_plain
 rr replay

in a tight loop.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
f6cda06dfb lib/compression: move lzxpress_plain test into tests/
We are going to add more tests for lib/compression, and they can't all
be called "testsuite.c".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Jeremy Allison
088b8a1e3e s4: torture: Add compound_async.read_read test to show we don't go async on the last read in a compound.
Add knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-01 15:04:58 +00:00
Jeremy Allison
ffd9b94fe0 s4: torture: Add compound_async.write_write test to show we don't go async on the last write in a compound.
Add knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-01 15:04:58 +00:00
Jeremy Allison
fc6c76e6da s4: torture: Tweak the compound padding streamfile test to send 3 reads instead of 2, and check the middle read padding.
The protocol allows the last read in a related compound to be split
off and possibly go async (and smbd soon will do this). If the
last read is split off, then the padding is different. By sending
3 reads and checking the padding on the 2nd read, we cope with
the smbd change and are still correctly checking the padding
on a compound related read.

Do this for the stream filename compound padding test.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-01 15:04:58 +00:00
Jeremy Allison
48b12f11a5 s4: torture: Tweak the compound padding basefile test to send 3 reads instead of 2, and check the middle read padding.
The protocol allows the last read in a related compound to be split
off and possibly go async (and smbd soon will do this). If the
last read is split off, then the padding is different. By sending
3 reads and checking the padding on the 2nd read, we cope with
the smbd change and are still correctly checking the padding
on a compound related read.

Do this for the base filename compound padding test.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-01 15:04:58 +00:00
Andreas Schneider
49b40a1334 s4:torture: Fix segfault in multichannel test
The timer for the timeout_cb() handler was created on a memory context
which doesn't get freed, so the timer was still valid when running
the next test and fired there. It was then writing into random memory
leading to segfaults.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec  1 15:03:19 UTC 2022 on sn-devel-184
2022-12-01 15:03:19 +00:00
Ralph Boehme
fdb19ce8aa torture: add a test trying to set FILE_ATTRIBUTE_TEMPORARY on a directory
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15252

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-28 09:19:33 +00:00
Stefan Metzmacher
44192d5f2c s4:kdc: make sure reset_bad_password_netlogon() stops subreq before return
We pass the stack variable 'req' to dcerpc_winbind_SendToSam_r_send(),
so we need to make sure the runtime of the subreq in not longer
than the stack variable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-24 11:01:37 +00:00
Stefan Metzmacher
73ec725313 s4:messaging: add irpc_bh_do_ndr_print() in order to debug irpc calls
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15253

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-24 11:01:37 +00:00