1
0
mirror of https://github.com/samba-team/samba.git synced 2025-03-16 06:50:24 +03:00

1422 Commits

Author SHA1 Message Date
Isaac Boukris
80ea4bde85 samba-tool: add user-sensitive command to set not-delegated flag
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
2019-11-29 11:55:44 +01:00
Andrew Bartlett
90073f0abc CVE-2019-14861: Test to demonstrate the bug
This test does not fail every time, but when it does it casues a segfault which
takes out the rpc_server master process, as this hosts the dnsserver pipe.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-11-29 11:55:44 +01:00
Andrew Bartlett
9501741466 CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in dcesrv_DnssrvEnumRecords
The sort behaviour for child records is not correct in Samba so
we add a flapping entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2019-11-29 11:55:44 +01:00
Aaron Haslett
b74fde880d undoguididx: blackbox test
This test confirms that running undoguididx causes all GUID keys to be
replaced with DN keys at the KV level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

(backported from commits 74d15c9bf76f0a2fb5fa7b7b1d80971d10c4fe45,
ab376a97c972d2d5ebfb912ed90664c787860dc8 and 56400153c8c7052fe319f273c30c6d59556102dc
to avoid changes to TestCaseInTempDir).

ab376a97c972d2d5ebfb912ed90664c787860dc8 was:

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

56400153c8c7052fe319f273c30c6d59556102dc was:

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-08-28 07:36:29 +00:00
Björn Baumbach
db44860c93 samba-tool: add 'import samba.drs_utils' to fsmo.py
On some systems we're seeing this:

 ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 185, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 533, in run
     transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 136, in transfer_dns_role
     except samba.drs_utils.drsException as e:

E.g. it happens on debian stretch (9.9) with python 2.7.13 (on 4.10.4)

While it doesn't happen on ubuntu 18.04 with python 2.7.15rc1 or
with python 3.6.7.

There were also some reports on the mailing lists, see:
https://lists.samba.org/archive/samba-technical/2019-May/133624.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Björn Baumbach <bbaumbach@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 30 08:27:24 UTC 2019 on sn-devel-184

(cherry picked from commit 320a5c5425e6ced18b1a9bf19b4f361ee16821ed)
2019-08-08 07:32:21 +00:00
Stefan Metzmacher
f1eeb8e63a samba-tool: use only one LDAP modify for dns partition fsmo role transfer
We should not risk that we end with no role owner.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(similar to commit 6a2e3a15585086bcceb18283216978a2fcb30da3)
2019-08-08 07:32:21 +00:00
Stefan Metzmacher
6b9d7481fe samba-tool: fix replication after dns partition fsmo role transfer
The new role owner need to replicate from the old role owner.

Before we told the old role owner to replicate from itself.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4793f8ed584a4e6d8a26b06b691ec636e77d8f2a)
2019-08-08 07:32:21 +00:00
Stefan Metzmacher
4fd604b165 dbcheck: fallback to the default tombstoneLifetime of 180 days
If a domain was provisioned by Windows 2000 this value is missing in the
database.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13967

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 28 08:32:10 UTC 2019 on sn-devel-184

(cherry picked from commit 2ef79a4c1d695a3e498b142810a1317d85b9b6da)
2019-08-08 07:32:20 +00:00
Björn Baumbach
38d6dd6ae9 python/ntacls: use correct "state directory" smb.conf option instead of "state dir"
samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"

Signed-off-by: Björn Baumbach <bb@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002

Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Wed Jun 26 11:40:27 UTC 2019 on sn-devel-144
2019-06-26 11:40:27 +00:00
Gary Lockyer
670b864e90 ldap tests: test scheme for referrals
Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)
2019-06-21 07:56:17 +00:00
Karolin Seeger
01f22365af samba: tag release samba-4.9.9
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXQNWMAAKCRBvM5FbZWi3
 6pdwAKCJ+oUkdvgeTIrgq4wOFmMlbXOOsgCZAR5y7yJpmAOpxqibFfjzEKciTBQ=
 =wbIZ
 -----END PGP SIGNATURE-----

Merge tag 'samba-4.9.9' into v4-9-test

samba: tag release samba-4.9.9
2019-06-19 09:07:05 +02:00
Stefan Metzmacher
77de9567d9 python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 15032ec6df1abbb53f1b1d5377aab369f83ae707)
2019-06-13 10:21:59 +00:00
Stefan Metzmacher
2434353a69 python/provision: use provision and relax controls for schema provision
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 7652439fa1aab92945f5540a43fc49568d446917)
2019-06-13 10:21:58 +00:00
Stefan Metzmacher
cea297403d s4:provision: split out provision_self_join_modify_schema.ldif
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 5ea84af2d69e0b3a2a801ea0cc3f4ffc66bf1764)
2019-06-13 10:21:58 +00:00
Stefan Metzmacher
54d9a47536 ldapcmp: ignore 'schemaInfo' if two domains are compared
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit b5b572d5f71e2b9783ddb25c21ac32904fbfd661)
2019-06-13 10:21:57 +00:00
Douglas Bagnall
c242365565 CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-13 11:26:43 +02:00
Douglas Bagnall
09818693ac CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation
We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2019-06-13 11:26:43 +02:00
Douglas Bagnall
bba9f06500 pytests/dns: use 2.6 compatible syntax
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13886
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2019-05-17 07:18:27 +00:00
Douglas Bagnall
d78118d0af py/provision: fix for Python 2.6
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Tue Apr  9 13:52:03 UTC 2019 on sn-devel-144
2019-04-09 13:52:03 +00:00
Karolin Seeger
8ee7959784 samba: tag release samba-4.9.6
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXKcI+gAKCRBvM5FbZWi3
 6vt5AJ9WzVoD/By4HzUAnNngkW037CFc2gCfU0deL28KFqMiH4fDjAf/yBJYg6Q=
 =K5vP
 -----END PGP SIGNATURE-----

Merge tag 'samba-4.9.6' into v4-9-test

samba: tag release samba-4.9.6
2019-04-08 12:29:09 +02:00
Andrew Bartlett
65a175aac0 CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2019-04-05 09:48:18 +02:00
Tim Beale
b708ce3f1a CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten
The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

(This backport to Samba 4.9 by Andrew Bartlett was not a pure
cherry-pick due to merge conflicts)
2019-04-05 09:48:18 +02:00
Douglas Bagnall
87ffad41af py/kcc_utils: py2.6 compatibility
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2019-03-28 08:35:22 +00:00
Douglas Bagnall
d44f2157a7 py/graph: use 2.6 compatible check for set membership
It is better this way anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144

(cherry picked from commit c0aca17a4c9ec06f0127d5c972f3fa979a87a77f)
2019-03-28 08:35:22 +00:00
Stefan Metzmacher
42b62465fc dbcheck: use the str() value of the "name" attribute
We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)
2019-03-28 08:35:22 +00:00
Stefan Metzmacher
693c349874 dbcheck: don't check expired tombstone objects by default anymore
These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144

(cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)
2019-03-28 08:35:22 +00:00
Stefan Metzmacher
02f3d0a1a2 dbcheck: add --selftest-check-expired-tombstones cmdline option
This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6f9c5ed8de47bb98e21e8064d8e90f963f2f71ca)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
aebf46d957 python/samba/netcmd: provide SUPPRESS_HELP via Option class
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b61d580fb7dba8ff94e9e98c958e324865cd2f1d)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
107883dff6 dbcheck: detect the change after deletion bug
Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.

When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a1658b306d85452407388b91a745078c9c1f7dc7)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
45850169a9 dbcheck: add find_repl_attid() helper function
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 598e38d2a5e0832429ba65b4e55bf7127618f894)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
7402d9cfcf dbcheck: don't remove dangling one-way links on already deleted objects
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e388e599495b6d7c38b8b6966332e27f8b958783)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
07ebd654a0 dbcheck: don't move already deleted objects to LostAndFound
This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 6d50ee74920c39cdb18b427bfaaf200775bf2d73)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
76de43f052 dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9afcd5331ce567bd80d35175f8e4e21c506e9347)
2019-03-28 08:35:21 +00:00
Stefan Metzmacher
0aaf7c98bb dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects
We should never do originating updates on deleted objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 07a8326746f0c444eedf3860b178fc29d84e8d16)
2019-03-28 08:35:21 +00:00
Noel Power
5602db1b1d python/samba: extra ndr_unpack needs bytes function
(cherry picked from commit 8db43696e70d7c4cb21172b7e7461cf6a72914a2)
2019-03-28 08:35:20 +00:00
Noel Power
139da67cb3 python/samba: PY3 port for ridalloc_exop test to work
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fc13a1268a4a9de94efd312a8309aa55d331ae19)
2019-03-28 08:35:20 +00:00
Joe Guo
6f697b9c68 netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg
python[3]-gpgme is deprecated since ubuntu 1804 and debian 9.
use python[3]-gpg instead, and adapt the API.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13728

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 84069c8a5476a47d45ab946d82abb0d6c04635c3)
2019-02-21 12:31:46 +01:00
Tim Beale
56b401ebd3 join: Throw CommandError instead of Exception for simple errors
Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.

In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.

Throw a CommandError instead, which samba-tool will catch and display
more nicely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144

(cherry picked from commit 9e4b08f4c384b8cae5ad853a7be7cf03e2749be5)
2019-02-05 15:33:28 +01:00
Tim Beale
e51de1d48a join: Fix TypeError when handling exception
When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.

ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing

Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.

The same problem is also present for the domain trust commands.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
(cherry picked from commit 3bb7808984c163a7bba66fb983411d1281589722)
2019-02-05 15:33:28 +01:00
Noel Power
d253c470ae python: Add new compat PYARG_STR_UNI format
In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 253af8b85450c2830a442084e98734ca338c1b2f)
2019-01-21 09:48:14 +01:00
Björn Jacke
1d927b23f6 samba-tool: don't print backtrace on simple DNS errors
samba-tool throws backtraces even for simple DNS error
messages, we should not frighten users for no good reason.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13721

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Dec 19 20:58:52 CET 2018 on sn-devel-144

(cherry picked from commit 49dc04f9f553c443c78c8073c07ea2a38cde61b2)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-9-test): Thu Jan 10 16:55:06 CET 2019 on sn-devel-144
2019-01-10 16:55:06 +01:00
Douglas Bagnall
55e8277a97 samba-tool drs showrepl: do not crash if no dnsHostName found
This should not happen, but it does sometimes in an autobuild
environment. Rather than reporting this by crashing, we report it by
showing there is no DNS name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13716

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 12 15:27:07 CEST 2018 on sn-devel-144

(cherry picked from commit 2fc855e7d2458249ca6fc8ffdf1d7633ab84cc55)
2019-01-09 09:37:19 +01:00
Aaron Haslett
850a5521a3 CVE-2018-14629: Tests to expose regression from dns cname loop fix
These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)
2018-12-10 10:12:21 +01:00
Garming Sam
f4105adc28 sync_passwords: Remove dirsync cookie logging for continuous operation
Under normal operation, users shouldn't see giant cookies in their logs.
We still log the initial cookie retrieved from the cache database, which
should still be helpful for identifying corrupt cookies.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ac90c9faa783fc133229e7c163471d96440ff30e)
2018-12-04 13:55:09 +01:00
Joe Guo
a816ca4004 PEP8: fix E231: missing whitespace after ','
Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

(part of commit 12d3fbe15cb58b57c60499103101e3a845378859 from master
cherry-picked to v4-9-test)
2018-12-04 13:55:09 +01:00
Aaron Haslett
bf596c14c2 CVE-2018-14629 dns: CNAME loop prevention using counter
Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-11-25 14:46:43 +01:00
Gary Lockyer
0945b9babd dsdb encrypted_secrets tests: Allow "ldb://" in file path
When creating a new user and specifying the local file path of the
sam.ldb DB, it's possible to create an account that you can't actually
login with.

This commit contains tests to verify the bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13653

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e1eee614ca8a3f0f5609a3d9d8ce7ae926de1f9e)
2018-11-05 12:44:32 +01:00
Gary Lockyer
19e17ff2dd python tests Blackbox: add random_password
Add the random_password method to the BlackboxTestCase class and remove
duplicated copies from other test cases. Also use SystemRandom so that
the generated passwords are more cryptographically sound.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b6e45fb479689cff028b1fe626533b035e313ce3)
2018-11-05 12:44:32 +01:00
Stefan Metzmacher
4da901d10c dbchecker: Fix missing <SID=...> on linked attributes
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a801799ebe26780653f4ed3fa3fc633e31871f7d)
2018-11-05 12:44:31 +01:00
Stefan Metzmacher
ea9b694dd9 dbchecker: improve verbose output of do_modify()
This makes it easier to debug dbcheck problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c5c99b569569ce36cac94e967ca53e3182abd6f7)
2018-11-05 12:44:31 +01:00