sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-18 06:04:06 +03:00
Code
samba-mirror/selftest/knownfail.d
History
Andrew Bartlett cfeb9fe50e CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY 
This makes LDAP_DIRSYNC_OBJECT_SECURITY the only behaviour provided by
Samba.

Having a second access control system withing the LDAP stack is unsafe
and this layer is incomplete.

The current system gives all accounts that have been given the
GUID_DRS_GET_CHANGES extended right SYSTEM access.  Currently in Samba
this equates to full access to passwords as well as "RODC Filtered
attributes" (often used with confidential attributes).

Rather than attempting to correctly filter for secrets (passwords) and
these filtered attributes, as well as preventing search expressions for
both, we leave this complexity to the acl_read module which has this
facility already well tested.

The implication is that callers will only see and filter by attribute
in DirSync that they could without DirSync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15424

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2023-10-10 14:49:39 +00:00
..
bug-14236
libprc ndr tests: Fix ndrdump test ntlmssp_CHALLENGE_MESSAGE
2020-02-07 08:53:40 +00:00
bug-14810
CVE-2020-25720 s4:dsdb/descriptor: Validate owner SIDs written to security descriptors
2022-09-16 02:32:36 +00:00
claims-client-tool
netcmd: domain: rename claim tests for consistency
2023-06-25 23:29:32 +00:00
complex_expressions
ldb: complex expression testing
2018-12-07 07:07:08 +01:00
dfs_paths
s3: smbd: Fix dumb typos that meant smb1.SMB1-DFS-* tests were running against an SMB2-only fileserver.
2023-03-31 06:07:01 +00:00
dirsync
CVE-2023-4154: Unimplement the original DirSync behaviour without LDAP_DIRSYNC_OBJECT_SECURITY
2023-10-10 14:49:39 +00:00
dns
selftest: Fix code spelling
2023-07-05 06:34:32 +00:00
dns_packet
CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibility
2020-07-02 09:01:41 +00:00
dns-aging
dns update: zero flags and reserved
2021-07-05 04:16:34 +00:00
durable-v2-delay
torture: Run durable_v2_reconnect_delay_msec with leases
2019-12-10 20:31:40 +00:00
empty-domain-name
s3:auth_sam: map an empty domain or '.' to the local SAM name
2020-02-05 16:30:42 +00:00
encrypted_secrets
knownfail: remove python[23] lines
2021-03-17 05:57:34 +00:00
getncchanges
s4-rpc_server/drsupai: Avoid looping with Azure AD Connect by not incrementing temp_highest_usn for the NC root
2023-08-13 21:59:29 +00:00
initshutdown
Run test for initshutdown
2019-05-24 03:19:17 +00:00
kdc-salt
dsdb: Allow special chars like "@" in samAccountName when generating the salt
2021-10-20 12:54:54 +00:00
keytab
selftest/samba4.blackbox.export.keytab: Update to use a principal with SPN as UPN
2018-09-05 11:42:25 +02:00
kinit_trust
s4/selftest: Adjust samba4.blackbox.pkinit to use (s3) smbclient
2020-04-03 15:08:30 +00:00
krb5-no-preauth
selftest: knownfail updates after Heimdal Upgrade
2022-01-19 20:50:35 +00:00
labdc
selftest: Add a 'LABDC' testenv to mimic a preproduction test-bed
2018-07-10 04:42:10 +02:00
ldap
CVE-2020-25722 Ensure the structural objectclass cannot be changed
2021-11-09 19:45:34 +00:00
ldap_spn
CVE-2022-0336: s4/dsdb/samldb: Don't return early when an SPN is re-added to an object
2022-01-31 15:27:37 +00:00
lm-hash-support-gone
torture: Allow Samba as an AD DC to use zeros for LM key
2022-03-17 02:47:13 +00:00
lzxpress
lzxpress: compress shortcut if we've reached maximum length
2022-05-17 23:11:21 +00:00
modify-order
CVE-2020-25722 Ensure the structural objectclass cannot be changed
2021-11-09 19:45:34 +00:00
multichannel
selftest: enable 'server multi channel support = yes'
2021-03-06 02:20:05 +00:00
netlogon
smbtorture: Add more tests around NETLOGON challenge reuse
2017-06-27 16:57:42 +02:00
nt-hash-support-gone
samba-tool user: Accomodate missing unicodePwd in getpassword command
2022-06-26 22:10:29 +00:00
ntlmv1-restrictions
knownfail: remove python[23] lines
2021-03-17 05:57:34 +00:00
ntlmv2-restrictions
s4:torture: Migrate smbtorture to new cmdline option parser
2021-06-16 00:34:38 +00:00
oneway
selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
2021-07-07 14:10:29 +00:00
priv_attr
CVE-2020-25722 selftest/priv_attrs: Mention that these knownfails are OK (for now)
2021-11-09 19:45:32 +00:00
protected_users
s4:auth: Disable NTLM authentication for Protected Users
2022-03-18 11:55:30 +00:00
python-segfaults
pyldb: Fix deleting an ldb.Control critical flag
2021-09-28 09:44:35 +00:00
quota1
smbd: Protect smbd_smb2_getinfo_send() against invalid quota files
2020-05-29 09:55:10 +00:00
README
selftest: fix typos in README files
2021-03-01 03:50:35 +00:00
replica_sync
knownfail: remove python[23] lines
2021-03-17 05:57:34 +00:00
rpc-dfs
s3:rpc_server: Fix double blackslash issue in dfs path
2023-07-05 20:24:35 +00:00
rpc-netlogon-zerologon
CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len password
2020-10-16 04:45:40 +00:00
rw-invalid
smbd: add vfs_valid_{pread,pwrite}_range() checks where needed
2020-05-12 19:53:44 +00:00
s3-logging
tests: adapt logging test for s3.
2022-06-17 01:28:30 +00:00
s3-lsa-server
test_trust_ntlm.sh: add lookup name tests
2018-02-21 14:19:19 +01:00
samba3.rpc.samr
lib/torture: Don't overwrite test outcomes
2023-04-12 13:52:32 +00:00
samba3.vfs.fruit
lib/adouble: pass filesize to ad_unpack()
2019-10-30 14:52:33 +00:00
samba4.rpc.netlogon-s3
lib/torture: Don't overwrite test outcomes
2023-04-12 13:52:32 +00:00
samba4.rpc.samr
lib/torture: Don't overwrite test outcomes
2023-04-12 13:52:32 +00:00
samba-4.5-emulation
selftest: Fix code spelling
2023-07-05 06:34:32 +00:00
sddl
s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights
2023-04-28 02:15:36 +00:00
security-descriptors
pytest: security descriptors: test some conditional and RA ACEs
2023-09-26 23:45:35 +00:00
sid-strings
libcli/sec/sddl decode: allow hex numbers in SIDs
2023-04-28 02:15:36 +00:00
silo-client-tool
netcmd: domain: tests for auth silo command line tools
2023-06-25 23:29:32 +00:00
smb1-tests
Add test smbclient 'delree' of dir (on DFS share)
2022-06-17 16:20:35 +00:00
smb2.replay
smb2_server: don't cancel pending request if at least one channel is still alive
2021-03-29 19:36:37 +00:00
smb2.session
s3:smbd: really support AES-256* in the server
2021-07-20 16:13:28 +00:00
smbcacls
s3:smbcacls: Add support for DFS path
2020-07-07 23:03:00 +00:00
smbclient_machine_auth.plain
s3:tests: Correctly implement tests for forceuser/forcegroup
2023-04-06 12:51:30 +00:00
smbclient-smb3
s3/client: fix dfs deltree, resolve dfs path
2022-06-17 17:12:07 +00:00
source3-epmapper
s3:rpc_server: Add samba-dcerpcd helper programs
2021-12-10 14:02:30 +00:00
srvsvc
selftest: Run samba3.srvsvc tests covering more of the srvsvc server
2019-05-24 03:19:17 +00:00
symlink
libsmb: Fix parsing symlink reparse points
2023-09-08 17:24:19 +00:00
uac_objectclass_restrict
CVE-2020-25722 Ensure the structural objectclass cannot be changed
2021-11-09 19:45:34 +00:00
upn_handling
s3:winbind: Do not lookup local system accounts in AD
2018-07-04 23:55:56 +02:00
usage
lib:ldb-samba: Migrate samba extensions to new cmdline option parser
2021-06-16 01:25:28 +00:00
vlv
CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global Catalog port
2020-07-02 09:01:41 +00:00
wkssvc
selftest: Add more testing of wkssvc in source3
2019-05-24 03:19:17 +00:00

README 

# Files in this directory contain lists of regular expressions
# matching the names of tests that are temporarily expected to fail.
#
# "make test" will not report failures for tests listed here and will consider
# a successful run for any of these tests an error.
#
# Empty lines and lines beginning with '#' are ignored.
# Please don't add tests to this README!