summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* selftest: Export DC conf path for special casesTim Beale2020-03-042-0/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | In a few rare cases, a test needs to assert aspects both client-side and server-side aspects. A typical example would be the audit logging, which is exercising client-side behaviour, but also asserting the server-side logging. Usually this has involved a kludge in tests.py to either use socket-wrapper explicitly, or hardcode in the server smb.conf path. This patch exposes the existing SERVERCONFFILE env variable to the tests. DC_SERVERCONFFILE has been added for 2 DC testenvs, where we need the PDC's smb.conf. The benefit of doing this way is the filepath/testenv-dependency logic is all self-contained with the Perl code, and it doesn't bleed out into tests.py as well. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit aeadf75c24a4af4143e389e2b27d3a90899fb638) Fixes autobuild with the patches for BUG: https://bugzilla.samba.org/show_bug.cgi?id=14285 Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Wed Mar 4 11:26:37 UTC 2020 on sn-devel-144
* s3:auth_sam: map an empty domain or '.' to the local SAM nameStefan Metzmacher2020-02-111-1/+1
| | | | | | | | | | | | | | | When a domain member gets an empty domain name or '.', it should not forward the authentication to domain controllers of the primary domain. But we need to keep passing UPN account names with an empty domain to the DCs as a domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca)
* s3:selftest: test authentication with an empty userdomain and upn namesStefan Metzmacher2020-02-111-0/+7
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018)
* upgradedns: ensure lmdb lock files linkedGary Lockyer2020-01-141-1/+0
| | | | | | | | | | | | | | Ensure that the '-lock' files for the dns partitions as well as the data files are linked when running samba_dnsupgrade --dns-backend=BIND9_DLZ failure to create these links can cause corruption of the corresponding data file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0bd479140c18ab79479ced4f25f366744c3afe18)
* test upgradedns: ensure lmdb lock files linkedGary Lockyer2020-01-141-0/+1
| | | | | | | | | | | | | | | | | Add tests to check that the '-lock' files for the dns partitions as well as the data files are linked when running samba_dnsupgrade --dns-backend=BIND9_DLZ failure to create these links can cause corruption of the corresponding data file. Changes to python/samba/tests/__init__.py adding run_command manually copied from commit b27817d491794a292278832e3f59f955f418a6cb BUG: https://bugzilla.samba.org/show_bug.cgi?id=14199 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit f0cebbe4dd0317e2abfcbe252977383e6f37f3bd)
* s3: smbd: Only set xconn->smb1.negprot.done = true after ↵Jeremy Allison2019-12-161-1/+0
| | | | | | | | | | | | | | | | | | | supported_protocols[protocol].proto_reply_fn() succeeds. Otherwise we can end up with negprot.done set, but without smbXsrv_connection_init_tables() being called. This can cause a client self-crash. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Dec 4 21:27:24 UTC 2019 on sn-devel-184 (cherry picked from commit 8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b)
* python: tests. Add test for fuzzing smbd crash bug.Jeremy Allison2019-12-162-0/+2
| | | | | | | | | | Mark knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 46899ecf836d350c0c29b615869851da7d0ad6fb)
* CVE-2019-14870: heimdal: enforce delegation_not_allowed in S4U2SelfIsaac Boukris2019-12-031-1/+0
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* CVE-2019-14870: heimdal: add S4U test for delegation_not_allowedIsaac Boukris2019-12-031-0/+1
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* CVE-2019-14861: s4-rpc/dnsserver: Confirm sort behaviour in ↵Andrew Bartlett2019-12-031-0/+3
| | | | | | | | | | | | | | dcesrv_DnssrvEnumRecords The sort behaviour for child records is not correct in Samba so we add a flapping entry. (patch differs from master patch due to addtional flapping entry for python2) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14138 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with ↵Andrew Bartlett2019-10-241-1/+0
| | | | | | | | dirsync BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results ↵Andrew Bartlett2019-10-241-0/+1
| | | | | | | | | | | style attributes and dirsync Incremental results are provided by a flag on the dirsync control, not by changing the attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14833 dsdb: send full password to check password scriptBjörn Baumbach2019-10-241-1/+0
| | | | | | | | | | | | | | | utf8_len represents the number of characters (not bytes) of the password. If the password includes multi-byte characters it is required to write the total number of bytes to the check password script. Otherwise the last bytes of the password string would be ignored. Therefore we rename utf8_len to be clear what it does and does not represent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2019-14833: Use utf8 characters in the unacceptable passwordAndrew Bartlett2019-10-242-1/+2
| | | | | | | This shows that the "check password script" handling has a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* spnego: fix server handling of no optimistic exchangeIsaac Boukris2019-10-163-4/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
* python/tests/gensec: add spnego downgrade python testsIsaac Boukris2019-10-161-0/+2
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add tests for no optimistic spnego exchangeIsaac Boukris2019-10-161-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: s3: add a test for spnego downgrade from krb5 to ntlmIsaac Boukris2019-10-162-0/+10
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)Michael Adam2019-10-151-4/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e originally introduced the above feature. This functionality was undone as part of "winbind: Restructure get_pwsid" https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a I think that this semantic change was accidential. This patch undoes the semantic change and re-establishes the functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184 (cherry picked from commit 63c9147f8631d73b52bdd36ff407e0361dcf5178) Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-10-test): Tue Oct 15 13:28:49 UTC 2019 on sn-devel-144
* selftest: Test ID_TYPE_BOTH with idmap_rid moduleChristof Schmitt2019-10-151-0/+4
| | | | | | | | | | | | | | ID_TYPE_BOTH means that each user and group has two mappings, a uid and gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid always return some information, so that uid and gid can be mapped to a name. Establish a test to verify that the expected information is returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 485874d6bb328c50c9a98785e85270f28ade7497)
* selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ↵Stefan Metzmacher2019-09-251-0/+1
| | | | | | | | | | | | | | | | ad_member This demonstrates that can do krb5_auth in winbindd without knowning about trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 24 19:51:29 UTC 2019 on sn-devel-184 (similar to commit 0ee085b594878f5e0e83839f465303754f015459)
* selftest/Samba3.pm: use "winbind scan trusted domains = no" for ad_memberStefan Metzmacher2019-09-251-0/+1
| | | | | | | | | | | This demonstrates that we rely on knowning about trusted domains before we can do krb5_auth in winbindd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (similar to commit e2737a74d4453a3d65e5466ddc4405d68444df27)
* selftest/tests.py: test pam_winbind with a lot of username variationsStefan Metzmacher2019-09-251-1/+26
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit f07b542c61f84a97c097208e10bf9375ddfa9a15)
* selftest/tests.py: test pam_winbind with krb5_authStefan Metzmacher2019-09-251-0/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 36e95e42ea8a7e5a4091a647215d06d2ab47fab6)
* selftest/tests.py: prepare looping over pam_winbindd testsStefan Metzmacher2019-09-251-21/+37
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 72daf99fd1ffd8269fce25d69458de35e2ae32cc)
* test_pam_winbind.sh: allow different pam_winbindd config options to be specifiedStefan Metzmacher2019-09-251-3/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> (cherry picked from commit 3d38a8e9135bb72bc4ca079fab0eb5358942b3f1)
* CVE-2019-10197: smbd: split change_to_user_impersonate() out of ↵Stefan Metzmacher2019-08-271-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | change_to_user_internal() This makes sure we always call chdir_current_service() even when we still impersonated the user. Which is important in order to run the SMB* request within the correct working directory and only if the user has permissions to enter that directory. It makes sure we always update conn->lastused_count in chdir_current_service() for each request. Note that vfs_ChDir() (called from chdir_current_service()) maintains its own cache and avoids calling SMB_VFS_CHDIR() if possible. It means we still avoid syscalls if we get a multiple requests for the same session/tcon tuple. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no ↵Stefan Metzmacher2019-08-272-0/+13
| | | | | | | | permission on share root problem BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectoryStefan Metzmacher2019-08-271-2/+5
| | | | | | | | The next patch will otherwise break the fsrvp related tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035 Signed-off-by: Stefan Metzmacher <metze@samba.org>
* samba-tool: fix replication after dns partition fsmo role transferStefan Metzmacher2019-08-081-2/+0
| | | | | | | | | | | | The new role owner need to replicate from the old role owner. Before we told the old role owner to replicate from itself. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 4793f8ed584a4e6d8a26b06b691ec636e77d8f2a)
* s4:torture:fsmo.py: test role transfers of dns partitionsBjörn Baumbach2019-08-081-0/+2
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13973 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Björn Baumbach <bbaumbach@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5e000a8487d788dd196980b77ec7299c8be74abf)
* dnsp.idl: fix payload for DSPROPERTY_ZONE_DELETED_FROM_HOSTNAMEStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 21 11:02:21 UTC 2019 on sn-devel-184 (cherry picked from commit aa2a3d95098231f48d7c308881bf66418164111e)
* dnsp.idl: fix the dnsp_dns_addr_array definitionStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | | | | | | | | | | | The endian changes are needed in order to get the following result from the blobs Windows generated (see the torture test): AddrArray: ARRAY(3) AddrArray: struct dnsp_dns_addr family : 0x0002 (2) port : 0x0035 (53) ipv4 : 172.31.99.33 ipv6 : 0000:0000:0000:0000:0000:0000:0000:0000 [MS-DNSP] states that the port is supposed to be ignored, but it's still good to decode it as port '53' (0x0035) instead of '13568' (0x3500). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 6fc7cc15048673d109042d7b40684ed63eb4ff9e)
* dnsp.idl: fix dnsp_ip4_array definitionStefan Metzmacher2019-08-081-1/+0
| | | | | | | | | | | In future we should use ipv4address, but that would result in a much larger change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 6d958af0b4cb6fd45cfda0298243859b3b043c6f)
* s4:torture: add local.ndr.dnsp testsStefan Metzmacher2019-08-081-0/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13969 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 9a0c3a475f29138c0c49e0d22cf52ab45178d16b)
* python/ntacls: use correct "state directory" smb.conf option instead of ↵Björn Baumbach2019-06-261-2/+0
| | | | | | | | | | | | | | | | "state dir" samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs Fixes: Unknown parameter encountered: "state dir" Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002 Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Wed Jun 26 11:37:29 UTC 2019 on sn-devel-144
* selftest: add test for samba-tool ntacl get/set --use-ntvfs --xattr-backend=tdbBjörn Baumbach2019-06-261-0/+2
| | | | | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 1b0184a9562689a658e75a0cfc69bdd23277cff6) BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002
* s3:auth: explicitly add BUILTIN\Guests to the guest tokenRalph Boehme2019-06-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | This changes ensures that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2 SESSION_SETUP response, because smbd sets it based on the token containing the BUILTIN\Guests SID S-1-5-32-546. At the same time, the packet is not signed which causes Windows clients and smbclient to reject the unsigned SMB2 SESSION_SETUP response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jun 5 16:55:26 UTC 2019 on sn-devel-184 (cherry picked from commit a66af4c96accba4ee64eeb1958458b69f3ccec1d)
* tests: add a test for guest authenticationRalph Boehme2019-06-211-0/+1
| | | | | | | | | | | | | | | This verifies that smbd always adds BUILTIN\Guests to the guest token which is required for guest authentication. Currently the guest token depends on the on-disk configured group mappings. If there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not a member, the final guest token won't contain BUILTIN\Guests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)
* selftest: allow guest login in the ad_member_idmap_rid envRalph Boehme2019-06-211-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit ac2167eb2349dc1c453e14a65692f16c8ba6532e)
* ldap server: generate correct referral schemesGary Lockyer2019-06-211-1/+0
| | | | | | | | | | | | | | | | Ensure that the referrals returned in a search request use the same scheme as the request, i.e. referrals recieved via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184 (cherry picked from commit 1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)
* ldap tests: test scheme for referralsGary Lockyer2019-06-211-0/+1
| | | | | | | | | | | | Ensure that the referrals returned in a search request use the same scheme as the request, i.e. referrals recieved via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)
* vfs_fruit: change trigger points of AppleDouble conversionRalph Boehme2019-06-131-13/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This moves the trigger points where AppleDouble file conversion is run by ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high level VFS entry points. Currently ad_convert() will be triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. This commit moves calling of the conversion funtion to the high level VFS entry points where the converted metadata is needed: o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the repurposed fields in the directory entry metadata o obviously for SMB_VFS_CREATE_FILE() on an macOS stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b) Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-10-test): Thu Jun 13 13:55:35 UTC 2019 on sn-devel-144
* selftest: run vfs.fruit test against a share that deletes empty resource forksRalph Boehme2019-06-131-0/+13
| | | | | | | | | | | | | | | | This reveals a bug in the AppleDouble conversion code: the conversion code that unlinks an empty resource fork AppleDouble sidecar file ("._file") gets triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we call SMB_VFS_FSTAT() on the just created filehandle. This ends up in ad_convert(), finds the resource fork empty and thus deletes the file. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8ed9b6b457923d2353d1d18838f4a278db48c6b9)
* samba-tool dns: use bytes for inet_ntopDouglas Bagnall2019-06-131-1/+0
| | | | | | | | | | | | | | | | | From Python's point of view, array.AddrArray is a list of byte-valued integers. In Python 3 we can convert directly using the likes of bytes(array.AddrArray[i].MaxSa[8:24]) but in 4.10 we need to support both, so we use struct. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184
* tests/samba-tool: test dns serverinfo/zoneinfoDouglas Bagnall2019-06-131-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org>
* smbd: Fix a panicVolker Lendecke2019-06-131-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Opening a file with a stale (smbd died) LEVEL_II oplock makes vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default trigger the immediate leading to do_break_to_none. This goes through because fsp->oplock_type is not initialized yet, thus 0. Also, file_has_read_oplocks is still valid, because the smbd that has died could not clean up the brlock.tdb entry. Later in the code the exclusive oplock is granted, which is then found by do_break_to_none, making it panic. This patch just runs the direct FTRUNCATE instead of vfs_set_filelen. This means the contend_level2_oplock code is skipped. The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock() with the nice effect of removing a comment that was very confusing to me. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184
* smbtorture: Add a test to make smbd panicVolker Lendecke2019-06-131-0/+2
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* dsdb:samdb: schemainfo update with relax controlAaron Haslett2019-06-131-1/+0
| | | | | | | | | | | | | | | | Currently schema info's revision field isn't incremented if relax control is present. This is so that no increment is done during provision, but we need the relax control in other situations where the increment is desired, so we should use the provision control instead to disable schema info update. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit b7c1752754da1e8a83a53670cf4a410ec6e9d7b7)
* samdb: test for schemainfo update with relax controlAaron Haslett2019-06-131-0/+1
| | | | | | | | | | | | | | | | Currently schema info's revision field isn't incremented if relax control is present. This is so that no increment is done during provision, but we need the relax control in other situations where the increment is desired. This patch adds a failing test to expose the problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit e34abefb77729330cd48bc039c82b03fe545f8a9)
View Lorry Controller Status