sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00
Code
v4-17-stable
samba-mirror/selftest/knownfail.d
History
Andrew Bartlett cbd68f39d5 CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY 
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.

Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.

The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access.  Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).

Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.

The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-08 22:06:23 +02:00
..
bug-14236 libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE 2020-02-07 08:53:40 +00:00
complex_expressions ldb: complex expression testing 2018-12-07 07:07:08 +01:00
dirsync CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY 2023-10-08 22:06:23 +02:00
dns s4/rpc_server/dnsserver: Allow parsing of dnsProperty to fail gracefully 2020-05-15 07:29:16 +00:00
dns_packet CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility 2020-07-02 09:01:41 +00:00
dns-aging dns update: zero flags and reserved 2021-07-05 04:16:34 +00:00
durable-v2-delay torture: Run durable_v2_reconnect_delay_msec with leases 2019-12-10 20:31:40 +00:00
empty-domain-name s3:auth_sam: map an empty domain or '.' to the local SAM name 2020-02-05 16:30:42 +00:00
encrypted_secrets knownfail: remove python[23] lines 2021-03-17 05:57:34 +00:00
getncchanges s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root 2023-08-21 08:42:32 +00:00
initshutdown Run test for initshutdown 2019-05-24 03:19:17 +00:00
kdc-salt dsdb: Allow special chars like "@" in samAccountName when generating the salt 2021-10-20 12:54:54 +00:00
keytab selftest/samba4.blackbox.export.keytab: Update to use a principal with SPN as UPN 2018-09-05 11:42:25 +02:00
kinit_trust s4/selftest: Adjust samba4.blackbox.pkinit to use (s3) smbclient 2020-04-03 15:08:30 +00:00
krb5-no-preauth selftest: knownfail updates after Heimdal Upgrade 2022-01-19 20:50:35 +00:00
labdc selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed 2018-07-10 04:42:10 +02:00
ldap CVE-2020-25722 Ensure the structural objectclass cannot be changed 2021-11-09 19:45:34 +00:00
ldap_spn CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object 2022-01-31 15:27:37 +00:00
lm-hash-support-gone torture: Allow Samba as an AD DC to use zeros for LM key 2022-03-17 02:47:13 +00:00
lzxpress lzxpress: compress shortcut if we've reached maximum length 2022-05-17 23:11:21 +00:00
modify-order CVE-2020-25722 Ensure the structural objectclass cannot be changed 2021-11-09 19:45:34 +00:00
multichannel selftest: enable 'server multi channel support = yes' 2021-03-06 02:20:05 +00:00
netlogon
nt-hash-support-gone samba-tool user: Accomodate missing unicodePwd in getpassword command 2022-06-26 22:10:29 +00:00
ntlmv1-restrictions knownfail: remove python[23] lines 2021-03-17 05:57:34 +00:00
ntlmv2-restrictions s4:torture: Migrate smbtorture to new cmdline option parser 2021-06-16 00:34:38 +00:00
oneway selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc 2021-07-07 14:10:29 +00:00
priv_attr CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK (for now) 2021-11-09 19:45:32 +00:00
protected_users s4:auth: Disable NTLM authentication for Protected Users 2022-03-18 11:55:30 +00:00
python-segfaults pyldb: Fix deleting an ldb.Control critical flag 2021-09-28 09:44:35 +00:00
quota1 smbd: Protect smbd_smb2_getinfo_send() against invalid quota files 2020-05-29 09:55:10 +00:00
README selftest: fix typos in README files 2021-03-01 03:50:35 +00:00
replica_sync knownfail: remove python[23] lines 2021-03-17 05:57:34 +00:00
rpc-dfs s3:rpcclient: Fix crash in rpcclient 2022-03-07 00:00:32 +00:00
rpc-netlogon-zerologon CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password 2020-10-16 04:45:40 +00:00
rw-invalid smbd: add vfs_valid_{pread,pwrite}_range() checks where needed 2020-05-12 19:53:44 +00:00
s3-logging tests: adapt logging test for s3. 2022-06-17 01:28:30 +00:00
s3-lsa-server
samba3.vfs.fruit lib/adouble: pass filesize to ad_unpack() 2019-10-30 14:52:33 +00:00
samba-4.5-emulation python-drs: Add client-side debug and fallback for GET_ANC 2022-10-07 08:48:17 +00:00
sid-strings sddl: Remove SDDL SID strings unsupported by Windows 2022-03-17 23:11:37 +00:00
smb1-tests Add test smbclient 'delree' of dir (on DFS share) 2022-06-17 16:20:35 +00:00
smb2.replay smb2_server: don't cancel pending request if at least one channel is still alive 2021-03-29 19:36:37 +00:00
smb2.session s3:smbd: really support AES-256* in the server 2021-07-20 16:13:28 +00:00
smbcacls s3:smbcacls: Add support for DFS path 2020-07-07 23:03:00 +00:00
smbclient-smb3 s3/client: fix dfs deltree, resolve dfs path 2022-06-17 17:12:07 +00:00
source3-epmapper s3:rpc_server: Add samba-dcerpcd helper programs 2021-12-10 14:02:30 +00:00
srvsvc selftest: Run samba3.srvsvc tests covering more of the srvsvc server 2019-05-24 03:19:17 +00:00
uac_objectclass_restrict CVE-2020-25722 Ensure the structural objectclass cannot be changed 2021-11-09 19:45:34 +00:00
upn_handling s3:winbind: Do not lookup local system accounts in AD 2018-07-04 23:55:56 +02:00
usage lib:ldb-samba: Migrate samba extensions to new cmdline option parser 2021-06-16 01:25:28 +00:00
vlv CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port 2020-07-02 09:01:41 +00:00
wkssvc selftest: Add more testing of wkssvc in source3 2019-05-24 03:19:17 +00:00

README 

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines beginning with '#' are ignored.
# Please don't add tests to this README!