summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2018-10919 tests: Add tests for guessing confidential attributesTim Beale2018-08-111-0/+15
| | | | | | | | | | | | | | | | | | | | | Adds tests that assert that a confidential attribute cannot be guessed by an unprivileged user through wildcard DB searches. The tests basically consist of a set of DB searches/assertions that get run for: - basic searches against a confidential attribute - confidential attributes that get overridden by giving access to the user via an ACE (run against a variety of ACEs) - protecting a non-confidential attribute via an ACL that denies read- access (run against a variety of ACEs) - querying confidential attributes via the dirsync controls These tests all pass when run against a Windows Dc and all fail against a Samba DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
* s3: smbd: printing: Re-implement delete-on-close semantics for print files ↵Jeremy Allison2018-06-201-1/+0
| | | | | | | | | | | | | | missing since 3.5.x. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 1 20:32:03 CEST 2018 on sn-devel-144 (cherry picked from commit 364175b359f018c8641359440fa07b0ea567b045)
* s3: torture: Add DELETE-PRINT test.Jeremy Allison2018-06-201-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 42f049858f2037aab5b2097036db3e0375fdbf30)
* s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on ↵Jeremy Allison2018-06-201-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | directories. Tests against a directory handle on the root of a share, and a directory handle on a sub-directory in a share. Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately, either allows flush to succeed. Passes against Windows. Regression test for: BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144 (cherry picked from commit d42f467a25e75e5487a00378609a24809ddc83ee)
* smbd: Cache dfree information based on query pathChristof Schmitt2018-06-071-1/+0
| | | | | | | | | | | | | Sub directories in a SMB share can have different free space information (e.g. when a different file system is mounted there). Caching the dfree information per SMB share will return invalid data. Address this by switching to memcache and store the cached data based on the query path. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8f121747b06ca78cf51801a3931b2ddd1a424c77)
* selftest: Add test for 'dfree cache'Christof Schmitt2018-06-071-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit a55b3d2fcc2f7737a2702bf908dcf1f80969bf21)
* selftest: Add dfq_cache share with 'dfree cache time' setChristof Schmitt2018-06-071-0/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 7ffcbd5ce1222971cb9879f78765d87cdc4102a8)
* auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a serverStefan Metzmacher2018-06-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!" error messages, which were generated if the client only sends NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP connection. This fixes a regession in the combination of commits 77adac8c3cd2f7419894d18db735782c9646a202 and 3a0b835408a6efa339e8b34333906bfe3aacd6e3. We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end of the authentication (as a server, while we already do so at the beginning as a client). As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE (as an internal flag) in order to let us work as a Windows using NTLMSSP for LDAP. Even if only signing is negotiated during the authentication the following PDUs will still be encrypted if NTLMSSP is used. This is exactly the same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL. I guess it's a bug in Windows, but we have to reimplement that bug. Note this only applies to NTLMSSP and only to LDAP! Signing only works fine for LDAP with Kerberos or DCERPC and NTLMSSP. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144 (cherry picked from commit c7a3ce95ac4ce837d8fde36578b3b1f56c3ac2fa)
* s4:selftest: run test_ldb_simple.sh with more auth optionsStefan Metzmacher2018-06-041-0/+1
| | | | | | | | | | | This demonstrates the broken GENSEC_FEATURE_LDAP_STYLE handling in our LDAP server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit fc1c5bd3be2c3f90eab2f31e43cf053f7ff13782)
* s3:smbd: fix interaction between chown and SD flagsRalph Boehme2018-05-241-1/+0
| | | | | | | | | | | | | | | A change ownership operation that doesn't set the NT ACLs must not touch the SD flags (type). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144 (cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0)
* s4:torture/smb2: new test for interaction between chown and SD flagsRalph Boehme2018-05-241-0/+1
| | | | | | | | | | This passes against Windows, but fails against Samba. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5)
* winbind: Fix UPN handling in parse_domain_user()Andreas Schneider2018-05-241-1/+0
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit a05b63db627fdbe0bdea4d144dfaeedb39025592)
* winbind: Pass upn unmodified to lookup namesStefan Metzmacher2018-05-241-2/+0
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 789c89e6ecb7d388fb5acdd5abc8fe99c58524f0)
* nsswitch:tests: Add test for wbinfo --user-infoAndreas Schneider2018-05-241-0/+11
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33)
* selftest: Add a user with a different userPrincipalNameAndreas Schneider2018-05-241-1/+18
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8)
* selftest: Make sure we have correct group mappingsAndreas Schneider2018-05-241-0/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 9bc2b922bbc6539341a2056f33f117ac350e61f1)
* rpc_server: Fix NetSessEnum with stale sessionsChristof Schmitt2018-05-071-1/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 25 22:49:07 CEST 2018 on sn-devel-144 (cherry picked from commit a6fade4e10760284ef56abf45d3fa70038091cbe)
* selftest: Add testcase for querying sessions after smbd crashChristof Schmitt2018-05-071-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e04846c7df8e3eec1f3dbb2fc5eaf47ceb1c44d2)
* s3: tests: Regression test to ensure we can never return a DIRECTORY ↵Jeremy Allison2018-05-071-0/+4
| | | | | | | | | | | | | | | | | | attribute on a stream. Tests streams_xattr and also streams_depot. Inspired from a real-world test case by Andrew Walker <awalker@ixsystems.com>. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13380 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 12 02:04:28 CEST 2018 on sn-devel-144 (cherry picked from commit 82beaf868f252c4bc975ddafd80240af6f679b83)
* winbindd: Do not ignore domain in the LOOKUPNAME requestChristof Schmitt2018-04-111-2/+0
| | | | | | | | | | | | | | | | | | | A LOOKUPNAME request with a domain and a name containing a winbind separator character would return the result for the joined domain, instead of the specified domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Apr 6 21:03:31 CEST 2018 on sn-devel-144 (cherry picked from commit 1775ac8aa4dc00b9a0845ade238254ebb8b32429) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Wed Apr 11 17:11:21 CEST 2018 on sn-devel-144
* Add test for wbinfo name lookupChristof Schmitt2018-04-111-0/+2
| | | | | | | | | | | | | This demonstrates that wbinfo -n / --name-to-sid returns information instead of failing the request. More specifically the query for INVALIDDOMAIN//user returns the user SID for the joined domain, instead of failing the request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 552a00ec1f6795b9025298931a6cc50ebe552052)
* selftest: vfs.fruit: add xattr_tdb where possibleRalph Boehme2018-04-061-6/+6
| | | | | | | | | | This makes the tests indepent from fs xattr support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 49996ca9324596b6cd72eb8051ca3676dab17191)
* selftest: run vfs.fruit_netatalk test against seperate shareRalph Boehme2018-04-061-0/+10
| | | | | | | | | | | These tests require a fs with xattr support. This allows adding xattr_tdb to all other shares in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 013aaffe7ff0ed4c30495761bb3208c29b3b5de2)
* s3:auth: make use of make_{server,session}_info_anonymous()Stefan Metzmacher2018-03-211-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It's important to have them separated from make_{server,session}_info_guest(), because there's a fundamental difference between anonymous (the client requested no authentication) and guest (the server lies about the authentication failure). When it's really an anonymous connection, we should reflect that in the resulting session info. This should fix a problem where Windows 10 tries to join a Samba hosted NT4 domain and has SMB2/3 enabled. We no longer return SMB_SETUP_GUEST or SMB2_SESSION_FLAG_IS_GUEST for true anonymous connections. The commit message from a few commit before shows the resulting auth_session_info change. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Mar 16 03:03:31 CET 2018 on sn-devel-144 (cherry picked from commit 1957bf11f127fc08c6622999cadc7dd580ac7d3b) Autobuild-User(v4-8-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-8-test): Wed Mar 21 02:29:57 CET 2018 on sn-devel-144
* s3:selftest: run SMB2-ANONYMOUSStefan Metzmacher2018-03-201-0/+1
| | | | | | | | | | This fails against a non AD DC smbd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit bf707a1eba39e996bb19457b63ddb658cc4183c2)
* CVE-2018-1057: s4/dsdb: correctly detect password resetsRalph Boehme2018-03-131-2/+0
| | | | | | | | | | | | | | | | | | | | | | | This change ensures we correctly treat the following LDIF dn: cn=testuser,cn=users,... changetype: modify delete: userPassword add: userPassword userPassword: thatsAcomplPASS1 as a password reset. Because delete and add element counts are both one, the ACL module wrongly treated this as a password change request. For a password change we need at least one value to delete and one value to add. This patch ensures we correctly check attributes and their values. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2018-1057: s4:dsdb/tests: add a test for password change with empty deleteRalph Boehme2018-03-131-0/+2
| | | | | | | | | | Note that the request using the clearTextPassword attribute for the password change is already correctly rejected by the server. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* repl_metadata: Avoid silent skipping an object during DRS (due to RODC ↵Garming Sam2018-02-271-1/+0
| | | | | | | | | | | | | | | | | rename collisions) No error code was being set in this case, and so, we would commit the HWM and UDV without actually having all the updates. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Thu Feb 15 10:18:42 CET 2018 on sn-devel-144 (cherry picked from commit 9952eda7a1923971f77f3183cfa4c505386b30ee)
* repl_metadata: Avoid silent skipping an object during DRS (due to RODC name ↵Garming Sam2018-02-271-1/+0
| | | | | | | | | | | | | collisions) No error code was being set in this case, and so, we would commit the HWM and UDV without actually having all the updates. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 59fa9e7ecf84bd4c2469e9a6835855769c4f6287)
* tests/replica_sync_rodc: Test conflict handling on an RODCGarming Sam2018-02-271-0/+2
| | | | | | | | | | | | | | | | There are two cases we are interested in: 1) RODC receives two identical DNs which conflict 2) RODC receives a rename to a DN which already exists Currently these issues are ignored, but the UDV and HWM are being updated, leading to objects/updates being skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 45d19167d52e42bd2f9369dbe37a233902cc81b0)
* selftest: Add RODC variables to list of those exportedGarming Sam2018-02-271-0/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13269 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e694b8a1b993bf7213b191e1132c5d02e16ab85d)
* s4:auth_sam: allow logons with an empty domain nameStefan Metzmacher2018-02-272-2/+0
| | | | | | | | | | | | | | It turns out that an empty domain name maps to the local SAM. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144 (cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)
* tests/bind.py: Add a bind test with NTLMSSP with no domainGarming Sam2018-02-271-0/+1
| | | | | | | | | | | Confirmed to pass against Windows 2012 R2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2e49a97777ebf5bffbeadca03517b4a21bca24c0)
* tests/py_creds: Add a SamLogonEx test with an empty string domainGarming Sam2018-02-271-0/+1
| | | | | | | | | | | This test passes against 4.6, but failed against 4.7.5 and master. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)
* s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()Stefan Metzmacher2018-02-271-4/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144 (cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140)
* tests:dcerpc/raw_protocol: reproduce call_id truncation bugStefan Metzmacher2018-02-271-0/+4
| | | | | | | | | | We need to make sure the server handles call_id values > UINT16_MAX. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11)
* s4:rpc_server/lsa: implement forwarding lsa_Lookup{Sids,Names}() requests to ↵Stefan Metzmacher2018-02-271-2/+0
| | | | | | | | | | | | | | winbindd This might not be perfect yet, but it's enough to allow names from trusted forests/domain to be resolved, which is very important for samba based domain members. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit e9d5b8b6b41155a8a043275ae497bdb87044d476)
* test_trust_ntlm.sh: add lookup name testsStefan Metzmacher2018-02-272-0/+3
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 475a761637bbcc93edbe8d83fc13037e1087941a)
* selftest: fix envvars for creation of default user in wait_for_startJamie McClymont2018-02-121-0/+4
| | | | | | | | | | | | | | | | Resolves failure of ad_member to start up under ad_dc (if the user is determined to be needed). Signed-off-by: Jamie McClymont <jamiemcclymont@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=13225 Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Tue Jan 16 07:12:01 CET 2018 on sn-devel-144 (cherry picked from commit 7a3f97f2662c6197913aeb50e5e3c0c09ff8307f)
* dbcheck: add support for restoring missing forward linksRalph Boehme2018-02-091-2/+0
| | | | | | | | | | | | | | | | This recovers broken databases with duplicate and missing forward links. See commit a25c99c9f1fd1814c56c21848c748cd0e038eed7 for the fix that prevents to problem from happening. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 5bf823d68bd33ee3160175a18a3838eff4e3cbb2)
* selftest/dbcheck: add a test for corrupt forward links restorationRalph Boehme2018-02-091-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 52bd0b09804621e6de9ee0a377a442a42e07ee05)
* Revert "dbcheck: disable fixing duplicate linked attributes until we can ↵Ralph Boehme2018-02-091-5/+0
| | | | | | | | | | | | | | recover lost forward links" This reverts commit 43e3f79d54c5aeaea820865d298d4249cf47af99. The real fix will follow in the next commits. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8c01acd56274a5cb5926622cacab997cb62dd5a9)
* python/common: add __cmp__ function to dsdb_Dn similar to parsed_dn_compare()Stefan Metzmacher2018-02-091-1/+0
| | | | | | | | | | | | Linked attribute values are sorted by objectGUID of the link target. For C code we have parsed_dn_compare() to implement the logic, the same is now available on python dsdb_Dn objects. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 55d466549a3113f7625acdd6eb42f71cf63719b5)
* python:tests: add test_dsdb_Dn_sorted() to "samba.tests.common"Stefan Metzmacher2018-02-091-0/+1
| | | | | | | | | | Failing until dsdb_Dn implements the correct __cmp__() function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c56eb49119117a1a06afb0a76630ae5c7a1ca30c)
* dbcheck: disable fixing duplicate linked attributes until we can recover ↵Stefan Metzmacher2018-01-251-0/+5
| | | | | | | | | | | | | lost forward links BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 850a8027f32185e523614231cca76505134bb5e4) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Thu Jan 25 20:04:53 CET 2018 on sn-devel-144
* repl_meta_data: fix linked attribute corruption on databases with unsorted ↵Stefan Metzmacher2018-01-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | links on expunge This is really critical bug, it removes valid linked attributes. When a DC was provisioned/joined with a Samba version older than 4.7 is upgraded to 4.7 (or later), it can happen that the garbage collection (dsdb_garbage_collect_tombstones()), triggered periodically by the 'kcc' task of 'samba' or my 'samba-tool domain tombstones expunge' corrupt the linked attributes. This is similar to Bug #13095 - Broken linked attribute handling, but it's not triggered by an originating change. The bug happens in replmd_modify_la_delete() were get_parsed_dns_trusted() generates a sorted array of struct parsed_dn based on the values in old_el->values. If the database doesn't support the sortedLinks compatibleFeatures in the @SAMBA_DSDB record, it's very likely that the array of old_dns is sorted differently than the values in old_el->values. The problem is that struct parsed_dn has just a pointer 'struct ldb_val *v' that points to the corresponding value in old_el->values. Now if vanish_links is true the damage happens here: if (vanish_links) { unsigned j = 0; for (i = 0; i < old_el->num_values; i++) { if (old_dns[i].v != NULL) { old_el->values[j] = *old_dns[i].v; j++; } } old_el->num_values = j; } old_el->values[0] = *old_dns[0].v; can change the value old_dns[1].v is pointing at! That means that some values can get lost while others are stored twice, because the LDB_FLAG_INTERNAL_DISABLE_SINGLE_VALUE_CHECK allows it to be stored. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a25c99c9f1fd1814c56c21848c748cd0e038eed7)
* testprogs:blackbox: add regression test for unsorted links in ↵Stefan Metzmacher2018-01-251-0/+1
| | | | | | | | | | tombstones-expunge.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit c34c2dd55545b99fba46cf374a1653bad96cea9e)
* gpo: Add the winbind call to gpupdateDavid Mulder2018-01-131-1/+1
| | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/graph: module for generating ASCII and graphviz visualisationsDouglas Bagnall2018-01-131-0/+1
| | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Mark wbinfo test flappingDouglas Bagnall2018-01-131-0/+1
| | | | | | | | | | please fix and revert Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 13 03:01:10 CET 2018 on sn-devel-144
View Lorry Controller Status