summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* s4: torture: Add a new test - samba3.smb2.durable-open.stat-open.Jeremy Allison2022-05-092-0/+2
| | | | | | | | | | | | | | | | | | Passes against Windows. Shows that Windows allows a durable handle on a leased open for READ_ATTRUBUTES only (a stat open). Mark as knownfail for now. NB. Not sure why we are testing smb2.durable-open against ad_dc as that provisioning has "smb2 leases = no" which precludes granting durable handles. Not changing for this bug but this should be looked at in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit bb329d4de505d2c01ba45a06311c9dc6d87f8dec)
* s3:auth: Fix user_in_list() for UNIX groupsPavel Filipenský2022-04-111-1/+0
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Thu Apr 7 09:49:44 UTC 2022 on sn-devel-184 (cherry picked from commit 6dc463d3e2eb229df1c4f620cfcaf22ac71738d4) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon Apr 11 09:22:01 UTC 2022 on sn-devel-184
* s3:tests Test "username map" for UNIX groupsPavel Filipenský2022-04-111-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit af8747a28bd62937a01fa4648f404bd0b09a44c0)
* selftest: Add to "username.map" mapping for jackthemappergroupPavel Filipenský2022-04-111-0/+2
| | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041 Only for environment ad_member_idmap_nss. * !jacknompapper = \@jackthemappergroup jackthemaper from group jackthemappergroup is mapped to jacknompapper * !root = jacknomappergroup since there is no '@' or '+' prefix, it is not an UNIX group mapping Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit 0feeb6d58a6d6b1949faa842473053af4562c979)
* selftest: Create groups "jackthemappergroup" and "jacknomappergroup"Pavel Filipenský2022-04-111-0/+6
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit 26e4268d6e3bde74520e36f3ca3cc9d979292d1d)
* selftest: Create users "jackthemapper" and "jacknomapper"Pavel Filipenský2022-04-111-1/+11
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15041 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 1b0146182224fe01ed70815364656a626038685a)
* vfs_shadow_copy2: implement readdir()Ralph Boehme2022-04-111-1/+0
| | | | | | | | | | | | | RN: shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 31 18:47:42 UTC 2022 on sn-devel-184 (cherry picked from commit 9fa67ba8eeb6249d4b91b894e80eb1985c845314)
* CI: add a test listing a snapshotted directoryRalph Boehme2022-04-111-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=15035 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ba9c5ba8ec54e72d68e3f753a5350afe0fb50a7c)
* s3: smbd: Preserve the fsp->fsp_name->st buf across a MSG_SMB_FILE_RENAME ↵Jeremy Allison2022-04-111-1/+0
| | | | | | | | | | | | | message. Remove knownfail.d/rename-full-info BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (Back-ported from commit 06bfac2125da5e4d37a596d1213912f0c698e69e)
* s4: torture: Add test_smb2_close_full_information() test to smb2.rename.Jeremy Allison2022-04-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Creates a file, opens it again on two different connections and then renames it. When we close and ask for SMB2_CLOSE_FLAGS_FULL_INFORMATION we expect this to succeed and return valid data on the handles that did not do the rename request. This currently succeeds by accident on master, so we are not adding a knownfail.d/ file here. When we back-port this test to 4.16.next, 4.15.next we will add a knownfail.d file. The rename request zeros out the fsp->fsp_name->st field on the handles that are open but are not being renamed, marking them as INVALID_STAT. This should not happen on any open handle. Fix to follow will preserve the field on rename in both the local connection and different connection case. Master gets away with this as in this branch, openat_pathref_fsp(), which we use in the setup_close_full_information() call to fetch the SMB2_CLOSE_FLAGS_FULL_INFORMATION data doesn't require an existing VALID_STAT struct in order to open the file. This hides the fact the rename zeroed out fsp->fsp_name->st. 4.16.x and 4.15.x don't have this fix, so expose the bug. Regardless, even in master we should not zero out any fsp->fsp_name->st values on rename. Add knownfail.d/rename-full-info for 4.16.x, 4.15.x. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15038 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (Back-ported from commit 1301e6461393601a4d43cfc465a05114e6ae4662)
* s3: smbd: smbd_smb2_setinfo_send(). All calls to SMB_VFS_FSTAT(fsp, ↵Jeremy Allison2022-04-111-1/+0
| | | | | | | | | | | | | | | | | | | | &fsp->fsp_name->st) clobber fsp->fsp_name->st.st_ex_iflags. If doing an SMB_VFS_FSTAT() returning onto the stat struct stored in the fsp, we must call vfs_stat_fsp() as this preserves the iflags. This is the last SMB_VFS_FSTAT that uses fsp->fsp_name->st, so remove knownfail.d/durable-v2-setinfo BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 24 17:21:29 UTC 2022 on sn-devel-184 (cherry picked from commit c4f9c372405bea8a7d9c6b39e04cebefa3322a19)
* s4: torture: Add regression test for re-opening a durable handle after ↵Jeremy Allison2022-04-111-0/+1
| | | | | | | | | | | | | | | | calling SMB2 setinfo (end of file). This is an implementation of a test written by Apple for their client. Currently fails to reconnect due to btime being overwritten incorrectly in the SMB2 setinfo path. Add knownfail.d/durable-v2-setinfo BUG: https://bugzilla.samba.org/show_bug.cgi?id=15022 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0036617a5c76e6003e3c9a5039c325d77d897709)
* CI: enable "smbd async dosmode" on shadow_write shareRalph Boehme2022-03-291-0/+1
| | | | | | | | Existing tests don't care, upcoming new test needs it. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 48f81b4e7216e4dad0a86aca75890c32117a342e)
* smbd: also check for NT_STATUS_NOT_SUPPORTEDRalph Boehme2022-03-291-1/+0
| | | | | | | | | | | | | | | | | | | If a VFS module fails SMB_VFS_GETXATTRAT_SEND/RECV with ENOSYS like currently vfs_shadow_copy2 or any other module that uses vfs_not_implemented_getxattrat_send() the ENOSYS error that vfs_not_implemented_getxattrat_send() sets gets mapped to NT_STATUS_NOT_SUPPORTED by map_nt_error_from_unix(). Unfortunately when checking whether the async SMB_VFS_GETXATTRAT_SEND() failed and to determine if the sync fallback should be triggered, we currently only check for NT_STATUS_NOT_IMPLEMENTED which is the error we get when "store dos attributes" is disabled. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 97caec07ffd18f247134d21c3ba07c31591863bc)
* CI: add test "smb2.async_dosmode"Ralph Boehme2022-03-292-0/+7
| | | | | | | | | | | Verifies async-dosmode sync fallback works with shadow_copy2 which returns ENOSYS for SMB_VFS_GET_DOS_ATTRIBUTES_SEND(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ffdb1c3e00c233efc99e8f1a66a5f83beb4e07f3)
* CI: remove shares referencing removed functionalityRalph Boehme2022-03-291-52/+0
| | | | | | | | | | | The whole "smbd:force sync [user|root] [path|chdir] safe threadpool" stuff was removed long ago by 29dd6f3e59055a17fa3d6a63619773f940e63374. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14957 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 1e3e22cc45583cb11ef5dbc3c044bf6189fe6036)
* s3: smbd: Don't allow setting the delete on close bit on a directory if it ↵Jeremy Allison2022-03-241-1/+0
| | | | | | | | | | | | | | | | | | | contains non-visible files and "delete veto files = no". Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 22 17:48:25 UTC 2022 on sn-devel-184 (cherry picked from commit 80503b46e7238d0796f5cc9eb6104958c3b3fcc7) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Thu Mar 24 13:32:14 UTC 2022 on sn-devel-184
* s3: torture: Add 2 new tests SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO, ↵Jeremy Allison2022-03-242-0/+26
| | | | | | | | | | | | | | | | | | | | | | | SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-YES. We currently allow setting the delete on close bit for a directory containing only explicitly hidden/vetoed files in the case where "delete veto files = yes" *and* "delete veto files = no". For the "delete veto files = no" case we should be denying setting the delete on close bit when the client tries to set it (that's the only time Windows looks at the bit and returns an error to the user). We already do the in the dangling symlink case, we just missed it in the !is_visible_fsp() case. Mark SMB2-DEL-ON-CLOSE-NONWRITE-DELETE-NO as knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15023 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit 5fe341d2d67afb7088edcb772b058c747ab341b1)
* s4:kdc: redirect pre-authentication failured to an RWDCStefan Metzmacher2022-03-191-1/+0
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14865 Signed-off-by: Stefan Metzmacher <metze@samba.org> (similar to commit 0f5d7ff1a9fd14fd412b09883d413d1d660fa7be) Autobuild-User(v4-15-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-15-test): Sat Mar 19 02:38:24 UTC 2022 on sn-devel-184
* s4:auth: let authenticate_ldap_simple_bind() pass down the mapped nt4namesStefan Metzmacher2022-03-171-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | authenticate_ldap_simple_bind*() needs to pass the result of the cracknames operation into the auth stack as user_info->client.{account,domain}_name, because user_info->client.{account,domain}_name is also used when forwarding the request via netrLogonSamLogon* to a remote server, for exactly that the values are also used in order to map a AUTH_PASSWORD_PLAIN into AUTH_PASSWORD_RESPONSE, where the NTLMv2 response contains the account and domain names passed in the netr_IdentityInfo value. Otherwise it would not be possible to forward the LDAP simple bind authentication request to a remote DC. Currently this only applies to an RODC that forwards the request to an RWDC. But note that LDAP simple binds (as on Windows) only work for users in the DCs forest, as the DsCrackNames need to work and it can't work for users of remote forests. I tested that in a DC of a forest root domain, if rejected the LDAP simple bind against a different forest, but allowed it for a users of a child domain in the same forest. The NTLMSSP bind worked in both cases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 10 04:10:54 UTC 2022 on sn-devel-184 (cherry picked from commit 40f2070d3b2b1b13cc08f7844bfe4945e9f0cd86)
* winbindd: don't set mapped_state in winbindd_dual_auth_passdb()Stefan Metzmacher2022-03-171-2/+0
| | | | | | | | | | | | | | | | | | | mapped_state is a special hack for authenticate_ldap_simple_bind_send() in order to avoid some additional work in authsam_check_password_internals() This doesn't apply here. We should also handle wbinfo -a authentication UPN names, e.g. administrator@DOMAIN, even if the account belongs to the local sam. With this change the behavior is consistent also locally on DCs and also an RODC can handle these requests locally for cached accounts. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8dfdbe095a4c8a7bedd29341656a7c3164517713)
* nsswitch: let test_wbinfo.sh also test wbinfo -a $USERNAME@$DOMAINStefan Metzmacher2022-03-171-0/+2
| | | | | | | | | | | | | | | | | When winbindd forwards wbinfo -a via netrLogonSamLogon* to a remote DC work fine for upn names, e.g. administrator@DOMAIN. But it currently fails locally on a DC against the local sam. For the RODC only work because it forwards the request to an RWDC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15003 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e1d2c59d360fb4e72dafe788b5d9dbb0572bf811)
* rodc: Add tests for simple BIND alongside NTLMSSP bindsGarming Sam2022-03-171-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 62fb6c1dc8527db6cf0f08d4d06e8813707f767a)
* s4:auth_sam: use USER_INFO_INTERACTIVE_LOGON as inducation for an ↵Stefan Metzmacher2022-03-171-1/+0
| | | | | | | | | | | | | | | | | | interactive logon Using != AUTH_PASSWORD_RESPONSE is not the correct indication due to the local mappings from AUTH_PASSWORD_PLAIN via AUTH_PASSWORD_HASH to AUTH_PASSWORD_RESPONSE. It means an LDAP simble bind will now honour 'old password allowed period'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2ad44686229ba02f98de5769c26a3dfeaf5ada2b)
* dsdb/tests: add test_login_basics_simple()Stefan Metzmacher2022-03-171-0/+1
| | | | | | | | | | | | This demonstrates that 'old password allowed period' also applies to LDAP simple binds and not only to GSS-SPNEGO/NTLMSSP binds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13879 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15001 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 3625d1381592f7af8ec14715c6c2dfa4d9f02676)
* s3: smbd: Fix our leases code to return the correct error in the non-dynamic ↵Jeremy Allison2022-03-071-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | share case. We now return INVALID_PARAMETER when trying to open a different file with a duplicate lease key on the same (non-dynamic) share. This will enable us to pass another Windows test suite leases test. We now behave the same as Windows10. Remove knownfail.d/smb2-lease-duplicateopen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184 (cherry picked from commit 408be54323861c24b6377b804be4428cf45b471e) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon Mar 7 14:34:46 UTC 2022 on sn-devel-184
* s4: torture: Add new SMB2 lease test test_lease_duplicate_open().Jeremy Allison2022-03-071-0/+1
| | | | | | | | | | | | | | Checks we return INVALID_PARAMETER when trying to open a different file with a duplicate lease key on the same share. Checked against Windows10. Currently fails against smbd so add knownfail.d/smb2-lease-duplicateopen BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> (cherry picked from commit ca3896b6f8bbcad68f042720feceedfa29ddbd83)
* s4/auth/simple_bind: correctly report TLS stateDouglas Bagnall2022-03-071-4/+0
| | | | | | | | | | | | | | | | It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184 (cherry picked from commit 309f1982263677045d407463eb19a2444c165a63) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996 Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon Mar 7 09:28:54 UTC 2022 on sn-devel-184
* pytest:auth_log: expect TLS connections when using ldapsDouglas Bagnall2022-03-071-0/+4
| | | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f37682747898591b37405f9e96a8135c15638637) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996
* s3:modules: Fix virusfilter_vfs_openatPavel Filipenský2022-02-141-2/+0
| | | | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184 (cherry picked from commit 3f1c958f6fa9d2991185f4e281a377a295d09f9c) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon Feb 14 11:35:40 UTC 2022 on sn-devel-184
* s3:selftest: Add test for virus scannerPavel Filipenský2022-02-142-0/+14
| | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)
* selftest: Fix trailing whitespace in Samba3.pmPavel Filipenský2022-02-141-3/+3
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 547b4c595a8513a4be99177edbaa39ce43840f7a)
* selftest: Do not force -d0 for smbd/nmbd/winbinddAndreas Schneider2022-02-141-1/+1
| | | | | | | | | | | We have the env variable SERVER_LOG_LEVEL which allows you to change the log level on the command line. If we force -d0 this will not work. make test TESTS="samba" SERVER_LOG_LEVEL=10 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9693f7ea7383c6a51ab58b7c8255b30206f18a3b)
* selftest/quick: add smb2.sessionStefan Metzmacher2022-02-131-0/+1
| | | | | | | | | | | | | We run the quicktest on each linux distro as part of samba-o3 builds. We should make sure smb2 signing/enctyption works on all of them and all different system libraries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 68e62962b08497da8359ddbe4324443818c05cd1)
* s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().Jeremy Allison2022-02-091-1/+0
| | | | | | | | | | | | | | | | | | | Strips off any DFS prefix from the target if passed in. Remove knownfail selftest/knownfail.d/msdfs-rename. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Feb 4 12:02:36 UTC 2022 on sn-devel-184 (cherry picked from commit b9b82f3611c56e837e9189f5275ae9a78e647262) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Wed Feb 9 09:22:03 UTC 2022 on sn-devel-184
* s3: tests: Add a new test test_msdfs_rename() that does simple renames on ↵Jeremy Allison2022-02-092-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MSDFS root shares. We fail this on SMB2 for a subtle reason. Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the following operations: SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share. SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS However, from smbclient, dst_path is a MSDFS path but we don't set the flag, so even though the rename code inside smbd will cope with a MSDFS path (as used in the SMB1 SMBmv call) it fails as the correct flag isn't set. Add knownfail selftest/knownfail.d/msdfs-rename. Note we need to add the new test to "selftest/knownfail.d/smb1-tests" as test_smbclient_s3.sh is run against the (ad_member|nt4_member) environments first using NT1 (SMB1) protocol and then using SMB3, but the (ad_member|nt4_member) environments don't support SMB1. Seems a bit strange to me, but all the other SMB1 tests inside test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests" so just go with the test environment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit 44cc9fb0e01b3635804f41e03f9b20afc3bfe36c)
* s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks ↵Jeremy Allison2022-02-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | on MSDFS root shares. We pass this already as the cmd_hardlink in smbclient doesn't do the DFS path conversion on the hardlink target. But it's good to have the test. Note we need to add the new test to "selftest/knownfail.d/smb1-tests" as test_smbclient_s3.sh is run against the (ad_member|nt4_member) environments first using NT1 (SMB1) protocol and then using SMB3, but the (ad_member|nt4_member) environments don't support SMB1. Seems a bit strange to me, but all the other SMB1 tests inside test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests" so just go with the test environment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org> (cherry picked from commit d7deb876053ef45313026b4dea9ee1b376153611)
* lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.Jeremy Allison2022-02-041-1/+0
| | | | | | | | | | | | | | | | | | | | | Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir() cli_chkpath() to ensure SMB2 calls correctly set raw_status for libsmbclient uses. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Feb 2 21:50:31 UTC 2022 on sn-devel-184 (cherry picked from commit ca60f6350d566b7ecc822bcbb44fb65a1d150bbe) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Fri Feb 4 08:09:02 UTC 2022 on sn-devel-184
* s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.Jeremy Allison2022-02-041-0/+1
| | | | | | | | | | Add knownfail.d/libsmbclient_rename BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0ecc58858360bcc0181a02e52ada3e8327f97c5b)
* Merge tag 'samba-4.15.5' into v4-15-testJule Anger2022-01-313-3/+3
|\ | | | | | | samba: tag release samba-4.15.5
| * CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use ↵Jeremy Allison2022-01-311-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | vfs_stat() for existence, not SMB_VFS_STAT(). We need to take SMB1+POSIX into account here and do an LSTAT if it's a POSIX name. Remove knownfail.d/posix_sylink_rename BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: Add a test ↵Jeremy Allison2022-01-311-0/+1
| | | | | | | | | | | | | | | | | | | | samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename. Add a knownfail.d/posix_sylink_rename BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from ↵Jeremy Allison2022-01-311-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filename_convert(). If filename_convert() fails to convert the path, we never call check_name(). This means we can return an incorrect error code (NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points outside the share to a non-readable directory. We need to make sure in this case we always call check_name(). Remove knownfail.d/symlink_traversal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the ↵Jeremy Allison2022-01-311-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | correct error codes when failing symlinks. NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure. NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure. Remove: samba3.blackbox.test_symlink_traversal.SMB1.posix samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\) samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\) in knownfail.d/symlink_traversal as we now pass these. Only one more fix remaining to get rid of knownfail.d/symlink_traversal completely. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, ↵Jeremy Allison2022-01-311-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | always return NT_STATUS_OBJECT_NAME_NOT_FOUND. Matches the error return from openat_pathref_fsp(). NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not a bad terminal symlink. Remove knownfail.d/simple_posix_open, we now pass. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: Change expected error return for ↵Jeremy Allison2022-01-311-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | samba3.smbtorture_s3.plain.POSIX.smbtorture. Trying to open a symlink as a terminal component should return NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND. Mark as knownfail.d/simple_posix_open until we fix the server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes ↵Jeremy Allison2022-01-312-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND. For SMB1/2/3 (minus posix) we need to treat bad symlinks as though they don't exist. Add to knwownfail.d/symlink_traversal BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: Add ↵Jeremy Allison2022-01-311-0/+1
| | | | | | | | | | | | | | | | | | | | samba3.blackbox.test_symlink_traversal.SMB1.posix Add to knownfail.d/symlink_traversal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.Jeremy Allison2022-01-311-0/+1
| | | | | | | | | | | | | | | | Add to knownfail.d/symlink_traversal. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
| * CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.Jeremy Allison2022-01-311-0/+1
| | | | | | | | | | | | | | | | Add to knownfail.d/symlink_traversal BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911 Signed-off-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status