summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* dbcheck: detect the change after deletion bugStefan Metzmacher2019-03-281-2/+0
| | | | | | | | | | | | | | | | | | | | | | | Old versions of 'samba-tool dbcheck' could reanimate deleted objects, when running at the same time as the tombstone garbage collection. When the (deleted) parent of a deleted object (with the DISALLOW_MOVE_ON_DELETE bit in systemFlags), is removed before the object itself, dbcheck moved it in the LostAndFound[Config] subtree of the partition as an originating change. That means that the object will be in tombstone state again for 180 days on the local DC. And other DCs fail to replicate the object as it's already removed completely there and the replication only gives the name and lastKnownParent attributes, because all other attributes should already be known to the other DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit a1658b306d85452407388b91a745078c9c1f7dc7)
* blackbox/dbcheck-links.sh: add regression test for lost deleted object repairStefan Metzmacher2019-03-281-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 1ccc21a34d295be3bb2ab481a5918003eae88bf4)
* dbcheck: don't remove dangling one-way links on already deleted objectsStefan Metzmacher2019-03-281-1/+0
| | | | | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. In this case the lastKnownParent attributes points a non existing object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e388e599495b6d7c38b8b6966332e27f8b958783)
* dbcheck: don't move already deleted objects to LostAndFoundStefan Metzmacher2019-03-281-1/+0
| | | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 6d50ee74920c39cdb18b427bfaaf200775bf2d73)
* blackbox/dbcheck-links.sh: reproduce lost deleted object problemStefan Metzmacher2019-03-281-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When a parent object is removed during the tombstone garbage collection before a child object and samba-tool dbcheck runs at the same time, the following can happen: - If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags, samba-tool dbcheck moves the object under the LostAndFound[Config] object (as an originating update!) - The lastKnownParent attribute is removed (as an originating update!) These originating updates cause the object to have an extended time as tombstone. And these changes are replicated to other DCs, which very likely already removed the object completely! This means the destination DC of replication has no chance to handle the object it gets from the source DC with just 2 attributes (name, lastKnownParent). The destination logs something like: No objectClass found in replPropertyMetaData BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 5357f591accffbf8c62335c308b985811b66f0b5)
* selftest: force running with TZ=UTCStefan Metzmacher2019-03-281-0/+3
| | | | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144 (cherry picked from commit 4f307f2302b0fe8fd0fc6379eb8e6491faf8520c)
* libcli/security: fix handling of deny type ACEs in access_check_max_allowed()Ralph Boehme2019-03-111-4/+0
| | | | | | | | | | | | | | Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Mon Mar 11 13:04:13 UTC 2019 on sn-devel-144
* s4:torture: Add test_deny1().Ralph Boehme2019-03-111-0/+2
| | | | | | | | | | | | Creates a 2-element ALLOW + DENY ACE showing that when calculating effective permissions and maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b205d695d769e910a91bec87451dec189ec33740)
* s4:torture: Add test_owner_rights_deny1().Jeremy Allison2019-03-111-0/+2
| | | | | | | | | | | Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when calculating maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 0ebd8c99aed28a0ba43a22c429837f66f7e94409)
* libcli/security: correct access check and maximum access calculation for ↵Ralph Boehme2019-03-111-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Owner Rights ACEs We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9722f75757c0e38c7f42c7cc310d56aa6eaf6392)
* s4:torture: Add test_owner_rights_deny().Jeremy Allison2019-03-111-0/+2
| | | | | | | | | | | | | Shows that owner and SID_OWNER_RIGHTS ACE entries interact in max permissions requests. Tested against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit fadc4c1bc5fcc3b2d9daea44ef8daf8a8ae0fbe2)
* libcli/security: add "Owner Rights" calculation to access_check_max_allowed()Ralph Boehme2019-03-111-2/+0
| | | | | | | | | | | | | | This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144 (cherry picked from commit 5cf0764bc4b65dbc59d8626760dbe946a2234833)
* s4:torture: add a Maximum Access check with an Owner Rights ACERalph Boehme2019-03-111-0/+2
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> (cherry picked from commit 3ca38d2cd1189a5040e13ddab016063280be2b4d)
* s3: smbd: filenames - ensure we replace the missing '/' if we error in an ↵Jeremy Allison2019-03-051-1/+0
| | | | | | | | | | | | | | | | | intermediate POSIX path. Previous regression test ensures we still return the correct error code for POSIX pathname operations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144 (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205)
* s3: torture: Add additional POSIX mkdir tests.Jeremy Allison2019-03-051-0/+1
| | | | | | | | | | | | | | | | | | Ensure that if POSIX_foo exists as a file we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND if we try and traverse it as a directory. Also ensure creation/deletion of POSIX_foo/foo fails for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND if the directory POSIX_foo/ doesn't exist. knownfail is back :-). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 632d0db8c42d50f5eecd002d9573f739cd945960)
* smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.Jeremy Allison2019-03-051-1/+0
| | | | | | | | | | | | | | | | | | | For posix_pathnames don't blunder into the name_has_wildcard OR get_real_filename() codepaths as they may be doing case insensitive lookups. So when creating a new POSIX directory 'Foo' they might match on name 'foo'. Remove POSIX-MKDIR from knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144 (cherry picked from commit 12da33e2bbce657f25abe9bc4cb936ca4615b30f)
* s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.Jeremy Allison2019-03-052-0/+2
| | | | | | | | | | | | | | | | | | | | | | | Test does: mkdir POSIX_foo mkdir POSIX_Foo mkdir POSIX_foo/Foo mkdir POSIX_foo/foo mkdir POSIX_Foo/Foo mkdir POSIX_Foo/foo Which should pass a SMB1 POSIX extensions server as posix mkdir should always be case sensitive no matter what the share is set to. Mark as knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit f0decb31fff24ceb57d23bebbfb87aa0e5103947)
* messages_dgm: Properly handle receiver re-initializationVolker Lendecke2019-03-051-1/+0
| | | | | | | | | | | | | | | | | | | | | | This only properly covers the small-message nonblocking case. Covering the large-message and the blocking case is a much larger effort assuming we want to re-send the failed message if parts of the message has gone through properly. Don't do that for now. This was found by sanba_dnsupdate constantly recreating its irpc handle to winbindd in the RODC case. The messaging_dgm code cached connected datagram sockets based on the destination pid for 1 second. Which means the IRPC responses from winbindd are never delivered to samba_dnsupdate, which will then hit a timeout. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 2543bba0364d8054e9ad316f5611621841bc061d)
* torture3: Extend read3 for the "messaging target re-inits" failureVolker Lendecke2019-03-051-0/+1
| | | | | | | | | | | Do ping_pong a hundred times, re-initializing the msg_ctx every time. https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 8d8f62c4b9dea381ce9f5833bc794553ae358173)
* smbd: uid: Don't crash if 'force group' is added to an existing share ↵Jeremy Allison2019-02-211-2/+0
| | | | | | | | | | | | | | | | | | | | | | connection. smbd could crash if "force group" is added to a share definition whilst an existing connection to that share exists. In that case, don't change the existing credentials for force group, only do so for new connections. Remove knownfail from regression test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Jan 25 16:31:27 CET 2019 on sn-devel-144 (cherry picked from commit e37f9956c1f2416408bad048a4618f6366086b6a)
* s3: tests: Add regression test for smbd crash on share force group change ↵Jeremy Allison2019-02-213-0/+9
| | | | | | | | | | | | with existing connection. Mark as known fail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7b21b4c1f538650f23ec77fb3c02fe1e224d89aa)
* selftest:Samba4: use 'smbcontrol samba shutdown'Stefan Metzmacher2019-02-051-0/+9
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Björn Baumbach <bbaumbach@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 (cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d)
* vfs_shadow_copy2: in fstat also convert fsp->fsp_name and ↵Ralph Boehme2018-12-131-1/+0
| | | | | | | | | | | | | | | | fsp->base_fsp->fsp_name Stacked VFS modules might use the file name, not the file handle. Looking at you, vfs_fruit... Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Thu Dec 13 18:20:47 CET 2018 on sn-devel-144
* s3:selftest: add a VSS test reading a streamRalph Boehme2018-12-132-1/+2
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3)
* vfs_shadow_copy2: nicely deal with attempts to open previous version for writingRalph Boehme2018-12-131-1/+0
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit cf95756235f718478e556ce1fbf7c032f9c9acfb)
* s3:script/tests: add a test for VSS write behaviourRalph Boehme2018-12-132-0/+10
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit 12778f015988f7e8755016c72c26939998758dae)
* winbindd: Route predefined domains through the BUILTIN domain childRalph Boehme2018-12-071-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this eg "NT Authority" didn't work: $ bin/wbinfo -n "NT Authority/Authenticated Users" failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority/Authenticated Users $ bin/wbinfo --group-info="NT Authority/Authenticated Users" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group NT Authority/Authenticated Users With the patch: $ bin/wbinfo -n "NT Authority/Authenticated Users" S-1-5-11 SID_WKN_GROUP (5) $ bin/wbinfo --group-info="NT Authority/Authenticated Users" NT AUTHORITY\authenticated users:x:10002: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144 (cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Fri Dec 7 16:15:58 CET 2018 on sn-devel-144
* selftest: test wbinfo -n and --gid-info with "NT Authority"Ralph Boehme2018-12-071-0/+2
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db)
* CVE-2018-14629 dns: fix CNAME loop prevention using counter regressionStefan Metzmacher2018-12-071-6/+0
| | | | | | | | | | | | | | | | | The loop prevention should only be done for CNAME records! Otherwise we truncate the answer records for A, AAAA or SRV queries, which is a bad idea if you have more than 20 DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144 (cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)
* CVE-2018-14629: Tests to expose regression from dns cname loop fixAaron Haslett2018-12-071-2/+18
| | | | | | | | | | | These tests expose the regression described by Stefan Metzmacher in discussion on the bugzilla paged linked below. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)
* libcli/smb: don't overwrite status codeRalph Boehme2018-12-041-2/+0
| | | | | | | | | | | | | | | | The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
* s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() worksRalph Boehme2018-12-041-0/+2
| | | | | | | | | | | | This adds a simple test that verifies that after having set smbXcli_session_set_disconnect_expired() a session gets disconnected when it expires. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68)
* Merge tag 'samba-4.8.7' into v4-8-testKarolin Seeger2018-11-271-0/+6
|\ | | | | | | samba: tag release samba-4.8.7
| * CVE-2018-14629 dns: CNAME loop prevention using counterAaron Haslett2018-11-261-0/+6
| | | | | | | | | | | | | | | | | | | | | | Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* | s3:smb2_sesssetup: check session_info security level before it gets ↵Ralph Boehme2018-11-231-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | talloc_move'd We talloc_move() session_info to session->global->auth_session_info which sets session_info to NULL. This means security_session_user_level(NULL, NULL) will always return SECURITY_ANONYMOUS so we never sign the session setup response. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144 (cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Fri Nov 23 13:52:04 CET 2018 on sn-devel-144
* | s4:torture/smb2/session: session reauth response must be signedRalph Boehme2018-11-231-0/+1
| | | | | | | | | | | | | | | | | | | | | | This test checks that a session setup reauth is signed even when neither client nor server require signing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b)
* | vfs_fruit: validation of writes on AFP_AfpInfo streamRalph Boehme2018-11-141-3/+0
| | | | | | | | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (backported from commit a7c877847f855be5ee6673e541a181b818013abf) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Wed Nov 14 17:12:08 CET 2018 on sn-devel-144
* | s4:torture/vfs/fruit: torture writing AFP_AfpInfo streamRalph Boehme2018-11-141-0/+3
| | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 221133b0e9ed28274f7513d9416f13a81b7b458b)
* | selftest: Add share to test "delete readonly" optionChristof Schmitt2018-11-071-0/+4
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit a8e79decbcfbae1b1a53ec81b942ee06db26bf8f)
* | smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attributeChristof Schmitt2018-11-071-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MS-FSA states that a CREATE with FILE_DELETE_ON_CLOSE on an existing file with READ_ONLY attribute has to return STATUS_CANNOT_DELETE. This was missing in smbd as the check used the DOS attributes from the CREATE instead of the DOS attributes on the existing file. We need to handle the new file and existing file cases separately. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 162a5257c48f20d3752f644e86c9e626b46436c0)
* | smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attributeChristof Schmitt2018-11-071-0/+2
| | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13673 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit dc9bbbe4141d8425e66fe9290ff611845f4bd1ce)
* | vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fdRalph Boehme2018-11-061-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the final step in implementing the needed macOS semantics on the FinderInfo stream: as long as the client hasn't written a non-zero FinderInfo blob to the stream, there mustn't be a visible filesystem entry for other openers. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Nov 1 01:14:23 CET 2018 on sn-devel-144 (cherry picked from commit 1b2de44ea8114cf2025e8b8c843131e2f2dbed27)
* | s4:torture/vfs/fruit: add test "empty_stream"Ralph Boehme2018-11-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | One to rule them all: consistently test critical operations on all streams relevant to macOS clients: the FinderInfo stream, the Resource Fork stream and an arbitrary stream that macOS maps to xattrs when written to on a macOS SMB server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9d8751db64de75a0de442365b317c1b9ce194170)
* | vfs_fruit: filter empty streamsRalph Boehme2018-11-061-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | First step in achieving macOS compliant behaviour wrt to empty streams: - hide empty streams in streaminfo - prevent opens of empty streams This means that we may carry 0-byte sized streams in our streams backend, but this shouldn't really hurt. The previous attempt of deleting the streams when an SMB setinfo eof to 0 request came in, turned out be a road into desaster. We could set delete-on-close on the stream, but that means we'd have to check for it for every write on a stream and checking the delete-on-close bits requires fetching the locking.tdb record, so this is expensive and I'd like to avoid that overhead. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ebfcf75e993b1a792db76b94aa898532e1c81eeb)
* | s4:torture/vfs/fruit: expand test "setinfo eof stream"Ralph Boehme2018-11-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Adds checks verifying that after setting eof to 0 on a stream, a subsequent open gets ENOENT, before and after closing the handle that had been used to set eof to 0. o Verify that a write to a handle succeeds after that handle has been used to set eof to 0 on a stream. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b35d9e74028727da24f349242cb0bc62403a9b09)
* | vfs_fruit: update handling of read-only creation of resource forkRalph Boehme2018-11-061-3/+0
| | | | | | | | | | | | | | | | | | | | | | macOS SMB server versions supports this since 10.12, so we adapt our behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 055ca448f1a2bd995291af1810c9ec94f90f32dd)
* | s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for ↵Ralph Boehme2018-11-061-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | newer macOS versions While this operation failed against older macOS versions, it passes against versions 10.12 and newer. Update the test accordingly, a subsequent commit will then update our implementation. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13646 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit c3cf09a0791ed4dfb7ca18d175396ac1aca5d2ed)
* | s3:smbd: fix SMB2 aio cancellingRalph Boehme2018-11-061-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As we currently don't attempt to cancel the internal aio request, we must ignore the SMB2 cancel request and continue to process the SMB2 request, cf MS-SM2 3.3.5.16: If the target request is not successfully canceled, processing of the target request MUST continue and no response is sent to the cancel request. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 07eb805cde4db6ac74740e3cfbc56ab6f8e2118a)
* | s4:torture/smb2/read: add test for cancelling SMB aioRalph Boehme2018-11-062-0/+7
| | | | | | | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e37ff8c5fe18d400e378bf2591e209b30473d9f9)
* | s4:samldb: internally use extended dns while changing the primaryGroupID fieldStefan Metzmacher2018-11-051-2/+0
| | | | | | | | | | | | | | | | | | | | | | This is important, otherwise we'll loose the <SID=> component of the linked attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13418 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 7a36cb30b716d56b84e894851c1a18e9eb3a0964)
View Lorry Controller Status