summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with ↵Andrew Bartlett2019-10-241-1/+0
| | | | | | | | dirsync BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results ↵Andrew Bartlett2019-10-241-0/+1
| | | | | | | | | | | style attributes and dirsync Incremental results are provided by a flag on the dirsync control, not by changing the attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14833 dsdb: send full password to check password scriptBjörn Baumbach2019-10-241-1/+0
| | | | | | | | | | | | | | | utf8_len represents the number of characters (not bytes) of the password. If the password includes multi-byte characters it is required to write the total number of bytes to the check password script. Otherwise the last bytes of the password string would be ignored. Therefore we rename utf8_len to be clear what it does and does not represent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14833: Use utf8 characters in the unacceptable passwordAndrew Bartlett2019-10-242-1/+2
| | | | | | | This shows that the "check password script" handling has a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* spnego: fix server handling of no optimistic exchangeIsaac Boukris2019-10-163-4/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
* python/tests/gensec: add spnego downgrade python testsIsaac Boukris2019-10-161-0/+2
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add tests for no optimistic spnego exchangeIsaac Boukris2019-10-161-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: s3: add a test for spnego downgrade from krb5 to ntlmIsaac Boukris2019-10-162-0/+10
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)Michael Adam2019-10-151-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e originally introduced the above feature. This functionality was undone as part of "winbind: Restructure get_pwsid" https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a I think that this semantic change was accidential. This patch undoes the semantic change and re-establishes the functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184 (cherry picked from commit 63c9147f8631d73b52bdd36ff407e0361dcf5178) Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-10-test): Tue Oct 15 13:28:49 UTC 2019 on sn-devel-144
* selftest: Test ID_TYPE_BOTH with idmap_rid moduleChristof Schmitt2019-10-151-0/+4
| | | | | | | | | | | | | | ID_TYPE_BOTH means that each user and group has two mappings, a uid and gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid always return some information, so that uid and gid can be mapped to a name. Establish a test to verify that the expected information is returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 485874d6bb328c50c9a98785e85270f28ade7497)
* selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ↵Stefan Metzmacher2019-09-251-0/+1
| | | | | | | | | | | | | | | | ad_member This demonstrates that can do krb5_auth in winbindd without knowning about trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 24 19:51:29 UTC 2019 on sn-devel-184 (similar to commit 0ee085b594878f5e0e83839f465303754f015459)
* selftest/Samba3.pm: use "winbind scan trusted domains = no" for ad_memberStefan Metzmacher2019-09-251-0/+1
| | | | | | | | | | | This demonstrates that we rely on knowning about trusted domains before we can do krb5_auth in winbindd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (similar to commit e2737a74d4453a3d65e5466ddc4405d68444df27)
* selftest/tests.py: test pam_winbind with a lot of username variationsStefan Metzmacher2019-09-251-1/+26
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit f07b542c61f84a97c097208e10bf9375ddfa9a15)
* selftest/tests.py: test pam_winbind with krb5_authStefan Metzmacher2019-09-251-0/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 36e95e42ea8a7e5a4091a647215d06d2ab47fab6)
* selftest/tests.py: prepare looping over pam_winbindd testsStefan Metzmacher2019-09-251-21/+37
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 72daf99fd1ffd8269fce25d69458de35e2ae32cc)
* test_pam_winbind.sh: allow different pam_winbindd config options to be specifiedStefan Metzmacher2019-09-251-3/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 3d38a8e9135bb72bc4ca079fab0eb5358942b3f1)
* CVE-2019-10197: smbd: split change_to_user_impersonate() out of ↵Stefan Metzmacher2019-08-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | change_to_user_internal() This makes sure we always call chdir_current_service() even when we still impersonated the user. Which is important in order to run the SMB* request within the correct working directory and only if the user has permissions to enter that directory. It makes sure we always update conn->lastused_count in chdir_current_service() for each request. Note that vfs_ChDir() (called from chdir_current_service()) maintains its own cache and avoids calling SMB_VFS_CHDIR() if possible. It means we still avoid syscalls if we get a multiple requests for the same session/tcon tuple. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no ↵Stefan Metzmacher2019-08-272-0/+13
| | | | | | | | permission on share root problem BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectoryStefan Metzmacher2019-08-271-2/+5
| | | | | | | | The next patch will otherwise break the fsrvp related tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* samba-tool: fix replication after dns partition fsmo role transferStefan Metzmacher2019-08-081-2/+0
| | | | | | | | | | | | The new role owner need to replicate from the old role owner. Before we told the old role owner to replicate from itself. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 4793f8ed584a4e6d8a26b06b691ec636e77d8f2a)
* s4:torture:fsmo.py: test role transfers of dns partitionsBjörn Baumbach2019-08-081-0/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bbaumbach@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5e000a8487d788dd196980b77ec7299c8be74abf)
* dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAMEStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184 (cherry picked from commit aa2a3d95098231f48d7c308881bf66418164111e)
* dnsp.idl: fix the dnsp_dns_addr_array definitionStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | | | | | | | | | | | The endian changes are needed in order to get the following result from the blobs Windows generated (see the torture test): AddrArray: ARRAY(3) AddrArray: struct dnsp_dns_addr family : 0x0002 (2) port : 0x0035 (53) ipv4 : 172.31.99.33 ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000 [MS-DNSP] states that the port is supposed to be ignored, but it's still good to decode it as port '53' (0x0035) instead of '13568' (0x3500). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 6fc7cc15048673d109042d7b40684ed63eb4ff9e)
* dnsp.idl: fix dnsp_ip4_array definitionStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | In future we should use ipv4address, but that would result in a much larger change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 6d958af0b4cb6fd45cfda0298243859b3b043c6f)
* s4:torture: add local.ndr.dnsp testsStefan Metzmacher2019-08-081-0/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 9a0c3a475f29138c0c49e0d22cf52ab45178d16b)
* python/ntacls: use correct "state directory" smb.conf option instead of ↵Björn Baumbach2019-06-261-2/+0
| | | | | | | | | | | | | | | | "state dir" samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs Fixes: Unknown parameter encountered: "state dir" Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002 Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Wed Jun 26 11:37:29 UTC 2019 on sn-devel-144
* selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdbBjörn Baumbach2019-06-261-0/+2
| | | | | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1b0184a9562689a658e75a0cfc69bdd23277cff6) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
* s3:auth: explicitly add BUILTIN\Guests to the guest tokenRalph Boehme2019-06-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | This changes ensures that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2 SESSION_SETUP response, because smbd sets it based on the token containing the BUILTIN\Guests SID S-1-5-32-546. At the same time, the packet is not signed which causes Windows clients and smbclient to reject the unsigned SMB2 SESSION_SETUP response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184 (cherry picked from commit a66af4c96accba4ee64eeb1958458b69f3ccec1d)
* tests: add a test for guest authenticationRalph Boehme2019-06-211-0/+1
| | | | | | | | | | | | | | | This verifies that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)
* selftest: allow guest login in the ad_member_idmap_rid envRalph Boehme2019-06-211-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ac2167eb2349dc1c453e14a65692f16c8ba6532e)
* ldap server: generate correct referral schemesGary Lockyer2019-06-211-1/+0
| | | | | | | | | | | | | | | | Ensure that the referrals returned in a search request use the same scheme as the request, i.e. referrals recieved via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184 (cherry picked from commit 1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)
* ldap tests: test scheme for referralsGary Lockyer2019-06-211-0/+1
| | | | | | | | | | | | Ensure that the referrals returned in a search request use the same scheme as the request, i.e. referrals recieved via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)
* vfs_fruit: change trigger points of AppleDouble conversionRalph Boehme2019-06-131-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves the trigger points where AppleDouble file conversion is run by ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high level VFS entry points. Currently ad_convert() will be triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. This commit moves calling of the conversion funtion to the high level VFS entry points where the converted metadata is needed: o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the repurposed fields in the directory entry metadata o obviously for SMB_VFS_CREATE_FILE() on an macOS stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b) Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Thu Jun 13 13:55:35 UTC 2019 on sn-devel-144
* selftest: run vfs.fruit test against a share that deletes empty resource forksRalph Boehme2019-06-131-0/+13
| | | | | | | | | | | | | | | | This reveals a bug in the AppleDouble conversion code: the conversion code that unlinks an empty resource fork AppleDouble sidecar file ("._file") gets triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8ed9b6b457923d2353d1d18838f4a278db48c6b9)
* samba-tool dns: use bytes for inet_ntopDouglas Bagnall2019-06-131-1/+0
| | | | | | | | | | | | | | | | | From Python's point of view, array.AddrArray is a list of byte-valued integers. In Python 3 we can convert directly using the likes of bytes(array.AddrArray[i].MaxSa[8:24]) but in 4.10 we need to support both, so we use struct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
* tests/samba-tool: test dns serverinfo/zoneinfoDouglas Bagnall2019-06-131-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* smbd: Fix a panicVolker Lendecke2019-06-131-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Opening a file with a stale (smbd died) LEVEL_II oplock makes vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default trigger the immediate leading to do_break_to_none. This goes through because fsp->oplock_type is not initialized yet, thus 0. Also, file_has_read_oplocks is still valid, because the smbd that has died could not clean up the brlock.tdb entry. Later in the code the exclusive oplock is granted, which is then found by do_break_to_none, making it panic. This patch just runs the direct FTRUNCATE instead of vfs_set_filelen. This means the contend_level2_oplock code is skipped. The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock() with the nice effect of removing a comment that was very confusing to me. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184
* smbtorture: Add a test to make smbd panicVolker Lendecke2019-06-131-0/+2
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* dsdb:samdb: schemainfo update with relax controlAaron Haslett2019-06-131-1/+0
| | | | | | | | | | | | | | | | Currently schema info's revision field isn't incremented if relax control is present. This is so that no increment is done during provision, but we need the relax control in other situations where the increment is desired, so we should use the provision control instead to disable schema info update. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit b7c1752754da1e8a83a53670cf4a410ec6e9d7b7)
* samdb: test for schemainfo update with relax controlAaron Haslett2019-06-131-0/+1
| | | | | | | | | | | | | | | | Currently schema info's revision field isn't incremented if relax control is present. This is so that no increment is done during provision, but we need the relax control in other situations where the increment is desired. This patch adds a failing test to expose the problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit e34abefb77729330cd48bc039c82b03fe545f8a9)
* smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handlingStefan Metzmacher2019-05-161-1/+0
| | | | | | | | | | | | | | | | | | | | | Windows 10 (1803 and higher) support and use SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a fallback (in case the server don't support it) the client traverses all path components, which is very expensive. Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us as the open already went through unix_convert() and we have the information the client is asking for. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed May 1 18:33:00 UTC 2019 on sn-devel-184 (cherry picked from commit b20fd15e04ce9292f90a7f70f4184e43034b4b9d)
* s4:torture/smb2: add smb2.getinfo.normalized testStefan Metzmacher2019-05-161-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8a5828de2bdd95223e5f30996d0490fef53742dd)
* smbd: allow case insensitive opens of named streamsStefan Metzmacher2019-05-161-1/+0
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2a69c0915586fb9fb2148239965d06bf9f93c803)
* s4:torture/smb2: add smb2.stream.names3 testStefan Metzmacher2019-05-161-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b5c4fdbf99caa3a9e7c6446cfbc4f1b23b84b3c8)
* winbind: Fix overlapping id rangesVolker Lendecke2019-05-161-1/+0
| | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 24 02:25:56 UTC 2019 on sn-devel-184 (cherry picked from commit 3020050bdf9df077ec9a0e962a689557187174ac)
* selftest: Add trusted domain tests for idmap_adChristof Schmitt2019-05-161-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2577f43a133f8b8eb997b9529a38e21c77b5da22)
* selftest: Add idmap configuration for trusted domain for idmap_adChristof Schmitt2019-05-161-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 65e1d783cb17904cd117d896569e7cbe79a3131b)
* selftest: Make trusted domain information available for idmap_ad environmentChristof Schmitt2019-05-161-0/+7
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 281fb81ab1c72831c752be44fd1bfdcfd10bd798)
* selftest: Use fl2008r2dc for ad_member_idmap_adChristof Schmitt2019-05-161-1/+1
| | | | | | | | | | | fl2008r2dc already has a trusted domain. That will be used to use idmap_ad for querying idmap attributes from the trusted domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8266bd1f45d1b5b2a61d84006ab8e8e1ed0e52a9)
* netcmd: Fix passwordsettings --max-pwd-age commandTim Beale2019-05-141-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The min_pwd_age and max_pwd_age parameters are both optional and default to None. However, if we just set the max-pwd-age, then the check 'min_pwd_age >= max_pwd_age' will throw a Python exception because it's trying to compare an int to NoneType (min_pwd_age). This works on Python 2 but is a problem on Python 3. We could just add a check that min_pwd_age is not None, but that defeats the point of having the check if you're only setting either the min or max age indepedently. This patch gets the current min/max password age from the DB (in ticks). If either setting is changed, the ticks will be updated. Then at the end we check the min is still less than the max (to do this, we convert the ticks back to days in the interests of readability). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Apr 5 08:03:08 UTC 2019 on sn-devel-144 (cherry picked from commit 7a410ccb5f6f2958d56fa6f16d8780c69a3830dd) Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Tue May 14 17:36:28 UTC 2019 on sn-devel-144
View Lorry Controller Status