summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* s3: Remove --log-stdout from daemonsAndreas Schneider2021-04-291-6/+4
| | | | | | | The common cmdline parser provides --debug-stdout. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Check the return code of setup_namespaces()Andreas Schneider2021-04-281-14/+38
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Use --configfile instead of -sAndreas Schneider2021-04-282-7/+7
| | | | | | | | | | We should use long options in tests to make clear what we are trying to do. Also the -s short option will be removed for --configfile later. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Use ldbsearch '--scope instead of '-s'Andreas Schneider2021-04-281-1/+1
| | | | | | | | We should use long options in tests to make clear what we are trying to do. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Specify /dev/null as the smbd config fileAndreas Schneider2021-04-281-1/+1
| | | | | | | smbd will require a smb.conf later. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python: remove all 'from __future__ import print_function'Douglas Bagnall2021-04-283-3/+0
| | | | | | | | | | | | | | | | This made Python 2's print behave like Python 3's print(). In some cases, where we had: from __future__ import print_function """Intended module documentation...""" this will have the side effect of making the intended module documentation work as the actual module documentation (i.e. becoming __doc__), because it is once again the first statement in the module. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool group listmembers: always list objects which can not expireBjörn Baumbach2021-04-261-1/+0
| | | | | | | | | | | | | | Otherwise for example contacts wouldn't be listed when the --hide-expired option is used. Contacts typically do not have the accountExpires attribute. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Rowland penny <rpenny@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Mon Apr 26 13:21:43 UTC 2021 on sn-devel-184
* test samba-tool group listmembers: test listing contacts as group membersBjörn Baumbach2021-04-261-0/+1
| | | | | | | | | | | | Make sure that contacts are listed as group members, even if the --hide-expired option is used. Expect failure. Fix follows up. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14692 Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Rowland penny <rpenny@samba.org>
* s3:smbd: Remove NIS supportAndreas Schneider2021-04-221-4/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: Use s3 net join for member joinDavid Mulder2021-04-211-3/+3
| | | | | | | | | | | | The s4 member join code has been broken for some time. Modify samba-tool to instead use the working s3 member join code. Signed-off-by: David Mulder <dmulder@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Wed Apr 21 21:40:13 UTC 2021 on sn-devel-184
* torture: Show sddl_decode() failure for "GWFX" access maskVolker Lendecke2021-04-201-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Prevent fchmod on a symlink.Jeremy Allison2021-04-201-2/+0
| | | | | | | | | | Remove selftest/knownfail.d/symlink_chmod. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 20 08:23:42 UTC 2021 on sn-devel-184
* s3: torture: Add samba3.smbtorture_s3.plain.POSIX-SYMLINK-CHMODJeremy Allison2021-04-201-0/+2
| | | | | | | | | | Shows we must protect against a null fsp handle when doing POSIX chmod on a symlink, whether the symlink points to a real object or is dangling. Add to knownfail for now. Commit 9722732b1867e359304594ada72ff40cd1341be5 removed the fsp == NULL protection for POSIX, and we need to put it back. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* allow tests to be run against a PAM-less buildPhilipp Gesang2021-04-161-2/+2
| | | | | | | | | | | | | | | | | | | | | Indexing the config hash table fails for PAM related values: Traceback (most recent call last): File "/src/samba/samba/selftest/tests.py", line 49, in <module> pam_set_items_so_path = config_hash["PAM_SET_ITEMS_SO_PATH"] KeyError: 'PAM_SET_ITEMS_SO_PATH' Error creating recipe from python3 /src/samba/samba/selftest/tests.py| at /src/samba/samba/selftest/selftest.pl line 645. which prevents the test suite from running when built --without-pam. Access those values using the get() method instead. Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Apr 16 10:27:41 UTC 2021 on sn-devel-184
* tests python krb5: MS-KILE client principal look-upGary Lockyer2021-04-122-0/+28
| | | | | | | | | | | | Tests of [MS-KILE]: Kerberos Protocol Extensions section 3.3.5.6.1 Client Principal Lookup Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Apr 12 00:38:26 UTC 2021 on sn-devel-184
* smbd: SMB2 Compound related chain handling when generation of FileId has failedRalph Boehme2021-04-081-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Issue: We have a scenario where an application sends a Compound Related chain consisting of: SMB2_CREATE SMB2_IOCTL SMB2_SET_INFO SMB2_CLOSE SMB2_CREATE failed with NT_STATUS_ACCESS_DENIED and subsequent requests all fail. In Samba they return NT_STATUS_FILE_CLOSED. When I tried the same against a Win2k12 server, I noticed that all the failed requests of the chain would return NT_STATUS_ACCESS_DENIED. I believe this behaviour is also mentioned in the [MS-SMB2] Specs 3.3.5.2.7.2: Handling Compounded Related Requests "When the current operation requires a FileId and the previous operation either contains or generates a FileId, if the previous operation fails with an error, the server SHOULD<223> fail the current operation with the same error code returned by the previous operation." Fix: Save NTATUS of a failed Create request. When we process subsequent requests of the chain we check if the previous Create has failed. In case of a Create failure we returned the saved NTSTATUS. Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 8 17:30:50 UTC 2021 on sn-devel-184
* torture: add smbtorture compound SMB2 requests test "related8"Ralph Boehme2021-04-081-0/+2
| | | | | | | | | This verifies that if the initial create fails with NT_STATUS_OBJECT_NAME_NOT_FOUND, compount related operations fail with the same error. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: add smbtorture testcase "related7" for failure in compound related ↵Anubhav Rakshit2021-04-081-0/+2
| | | | | | | | | | | | | chain We want to verify what Windows does when the first request of the chain has failed and an async request is part of the chain. We see Windows fails the async request with the same error. Also the async request is immediately failed. Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture: Add couple of compound related test cases to verify that server ↵Anubhav Rakshit2021-04-081-0/+2
| | | | | | | | | | should return NTSTATUS of the failed Create for succeeding requests. We already pass samba3.smb2.compound.related5, but mark related4 as knownfail. Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Fix parent_pathref() to cope with symlink parents.Jeremy Allison2021-04-071-2/+0
| | | | | | | | | | | | | | | | | We know that the parent name must exist, and the name has been canonicalized even if this was a POSIX pathname. Ensure that we follow symlinks for the parent. See the torture test POSIX-SYMLINK-PARENT for details. Remove knownfail entry. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Apr 7 15:39:45 UTC 2021 on sn-devel-184
* s3: torture: Add an SMB1 POSIX specific test POSIX-SYMLINK-PARENT.Jeremy Allison2021-04-071-0/+2
| | | | | | | | | | | | This creates a directory, then a symlink to a directory, and then checks we can POSIX create and delete file, directory, symlink and hardlink filesystem objects under the symlink parent directory. Mark as knownfail until next commit. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* cracknames: Allow auto-conversion from an extended canonical nameJoseph Sutton2021-04-071-1/+0
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: Add test for binding with an extended canonical nameJoseph Sutton2021-04-071-0/+1
| | | | | Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* cracknames: Add support for SID string formatJoseph Sutton2021-04-071-1/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* auth/credentials: Add test for binding with a domain SIDJoseph Sutton2021-04-071-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10319 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s3: rpc_server: Store new association groups in the id treeSamuel Cabrero2021-04-072-3/+2
| | | | | | | | | | | | | | | | | | | | Right now a new association group is created for each connection assigning the legacy 0x53F0 id, but it is not stored anywhere. When a second client request to join an association group by its id it is not found and a new one is created with the same ID. In practise, it means the association groups are not working even in the same server process. This commit stores the created association group in the idtree, but to make use of it assigns a random id instead of the historical 0x53F0. The test assoc_group_ok2 was wrongly passing before this change because the same id 0x53F0 was assigned to all association groups. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: Test RPC handles and association groups from different connectionSamuel Cabrero2021-04-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | Add a test to check if a RPC handle can be used from a different connection than the one where it was created, when the same association group is requested in the bind operation of the second connection. The association group handling is one of the differences between the S3 and S4 RPC server implementations provided by the implementation callbacks after the merge. Association groups work fine in the S4 implementation as the RPC server runs in one process, except for the 'smbd' embedded services provided by the S3 implementation like winreg (see lp_enforce_ad_dc_settings()). In the S3 implementation, association groups should work in the same process, but the merge introduced a bug where a new association group is always created even when it already exists in the same process. Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s4:dsdb/password_hash: Don't generate crypt() password for krbtgt accountJoseph Sutton2021-04-071-1/+0
| | | | | | | | | | | | | Since the length of the krbtgt password after conversion to UTF-8 form is typically greater than the maximum accepted by crypt(), the call usually fails. This commit disables generation of crypt() passwords for this specific account, as it's not necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision tests: Add test for the CryptSHA256 and CryptSHA512 password ↵Joseph Sutton2021-04-071-0/+1
| | | | | | | | | | hashing schemes BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* test: Add a test for background_job_send crashVolker Lendecke2021-04-011-0/+6
| | | | | | | I haven't figured out how to properly add a crashing test to "knownfail", so this is added after the fix. Signed-off-by: Volker Lendecke <vl@samba.org>
* selftest: Allow to set the 'log level' for clientsAndreas Schneider2021-03-311-1/+2
| | | | | | | | | | | | This allows to set the 'log level' for clients on the command line: make test TESTS=wurst CLIENT_LOG_LEVEL=10 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 31 21:20:23 UTC 2021 on sn-devel-184
* s3: smbd: fix deferred renamesRalph Boehme2021-03-311-1/+0
| | | | | | | | | | | | | This was broken by c7a9e0e4cdfb22e66533b5c8e20af3cfdb8ae78c. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@amba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Mar 31 06:13:39 UTC 2021 on sn-devel-184
* s4: torture. Add smb2.lease.rename_wait test to reproduce regression in ↵Jeremy Allison2021-03-311-0/+1
| | | | | | | | | | | | | delay rename for lease break code. Passes against Windows 10. Add to knownfail, the next commit will fix this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14679 CI: https://gitlab.com/samba-team/samba/-/merge_requests/1875 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.Jeremy Allison2021-03-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | As this is done on existing files, we know that fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1 (i.e. it's a pathref fd) for stream handles. When getting and setting ACLs on stream handles, use the fsp->base_fsp instead (as Windows does). This not only fixes streams_xattr, but will allow us to later analyze and remove all special casing code for get/set ACLs on streams handles. Remove the knownfail.d/stream-acl file. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184
* s3: torture: Add a test for setting and getting ACLs on stream handles ↵Jeremy Allison2021-03-301-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | (SMB2-STREAM-ACL). It shows this isn't done correctly for streams_xattr. A common config is: vfs_objects = streams_xattr acl_xattr to store both streams and Windows ACLs in xattrs. Unfortunately getting and setting ACLs using handles opened on stream files isn't being done correctly in Samba. This test passes against Windows 10. This adds tests that prove this doesn't work. Next patch will add the fix and remove the knownfail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* smb2_server: don't cancel pending request if at least one channel is still aliveStefan Metzmacher2021-03-291-9/+0
| | | | | | | | | | | | | | | | | | | | | | In order to allow replays of requests on a channel failure, we should not cancel pending requests, the strategie that seems to make windows clients happy is to let the requests running and return NT_STATUS_FILE_NOT_AVAILABLE as long as the original request is still pending. Here we introduce xconn->transport.shutdown_wait_queue, this is used to keep the xconn alive for the lifetime of pending requests. Now we only cancel pending requests if the disconnected connection is the last channel for a session. In that case smbXsrv_session_remove_channel() and smb2srv_session_shutdown_send() will take care of it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbXsrv_open: intruduce smbXsrv_open_replay_cache to support FILE_NOT_AVAILABLEStefan Metzmacher2021-03-291-18/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before processing an open we need to reserve the replay cache entry in order to signal that we're still in progress. If a reserved record is already present we need to return FILE_NOT_AVAILABLE in order to let the client retry again. [MS-SMB2] contains this: <152> Section 3.2.5.1: For the following error codes, Windows-based clients will retry the operation up to three times and then retry the operation every 5 seconds until the count of milliseconds specified by Open.ResilientTimeout is exceeded: - STATUS_SERVER_UNAVAILABLE - STATUS_FILE_NOT_AVAILABLE - STATUS_SHARE_UNAVAILABLE This works fine for windows clients, but current windows servers seems to return ACCESS_DENIED instead of FILE_NOT_AVAILABLE. A Windows server doesn't do any replay detection on pending opens, which wait for a HANDLE lease to be broken (because of a SHARING_VIOLATION), at all. As this is not really documented for the server part of the current [MS-SMB2], I found the key hint in "SMB 2.2: Bigger. Faster. Scalier - (Parts 1 and 2)" on page 24. There's a picture showing that a replay gets FILE_NOT_AVAILABLE as long as the original request is still in progress. See: https://www.snia.org/educational-library/smb-22-bigger-faster-scalier-parts-1-and-2-2011 A Windows client is unhappy with the current windows server behavior if it such a situation happens. There's also a very strange interaction with oplock where the replay gets SHARING_VIOLATION after 35 seconds because it conflicts with the original open. I think it's good to follow the intial design from the 2011 presentation and make the clients happy by using FILE_NOT_AVAILABLE (and differ from Windows). I'll report that to dochelp@microsoft.com in order to get this hopefully fixed in their server too). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbXsrv_session: smbXsrv_session_remove_channel() should also remove the ↵Stefan Metzmacher2021-03-291-1/+0
| | | | | | | | | | | | last channel There's nothing special regarding the last channel, as the smb2.session.bind2 test demonstrates. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture/smb2: add smb2.session.bind2Stefan Metzmacher2021-03-291-0/+1
| | | | | | | | | | This demonstrates that a session and it's open handles is destroyed when the last explicitly bound channel gets disconnected. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture/smb2: add smb2.replay.dhv2-pending* testsStefan Metzmacher2021-03-291-0/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | These demonstrate that the replay detection for pending opens either doesn't exist (for the share_access=NONE => SHARING_VIOLATION case) or return the wrong status code => ACCESS_DENIED instead of FILE_NOT_AVAILABLE. Windows clients transparently retry after FILE_NOT_AVAILABLE, while they pass ACCESS_DENIED directly to the application. I'll report that to dochelp@microsoft.com in order to clarify the situation. In the meantime I added tests with a '-windows' suffix, which demostrate the current windows server behavior, while the tests with a '-sane' suffix expect the behavior that whould make windows clients happy. For Samba I'll implement the '-sane' behavior that detects all replays and returns FILE_NOT_AVAILABLE if the original request is still pending. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14449 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explodeDouglas Bagnall2021-03-241-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A DN string with lots of trailing space can cause ldb_dn_explode() to put a zero byte in the wrong place in the heap. When a DN string has a value represented with trailing spaces, like this "CN=foo ,DC=bar" the whitespace is supposed to be ignored. We keep track of this in the `t` pointer, which is NULL when we are not walking through trailing spaces, and points to the first space when we are. We are walking with the `p` pointer, writing the value to `d`, and keeping the length in `l`. "CN=foo ,DC= " ==> "foo " ^ ^ ^ t p d --l--- The value is finished when we encounter a comma or the end of the string. If `t` is not NULL at that point, we assume there are trailing spaces and wind `d and `l` back by the correct amount. Then we switch to expecting an attribute name (e.g. "CN"), until we get to an "=", which puts us back into looking for a value. Unfortunately, we forget to immediately tell `t` that we'd finished the last value, we can end up like this: "CN=foo ,DC= " ==> "" ^ ^ ^ t p d l=0 where `p` is pointing to a new value that contains only spaces, while `t` is still referring to the old value. `p` notices the value ends, and we subtract `p - t` from `d`: "CN=foo ,DC= " ==> ? "" ^ ^ ^ t p d l ~= SIZE_MAX - 8 At that point `d` wants to terminate its string with a '\0', but instead it terminates someone else's byte. This does not crash if the number of trailing spaces is small, as `d` will point into a previous value (a copy of "foo" in this example). Corrupting that value will ultimately not matter, as we will soon try to allocate a buffer `l` long, which will be greater than the available memory and the whole operation will fail properly. However, with more spaces, `d` will point into memory before the beginning of the allocated buffer, with the exact offset depending on the length of the earlier attributes and the number of spaces. What about a longer DN with more attributes? For example, "CN=foo ,DC= ,DC=example,DC=com" -- since `d` has moved out of bounds, won't we continue to use it and write more DN values into mystery memory? Fortunately not, because the aforementioned allocation of `l` bytes must happen first, and `l` is now huge. The allocation happens in a talloc_memdup(), which is by default restricted to allocating 256MB. So this allows a person who controls a string parsed by ldb_dn_explode to corrupt heap memory by placing a single zero byte at a chosen offset before the allocated buffer. An LDAP bind request can send a string DN as a username. This DN is necessarily parsed before the password is checked, so an attacker does not need proper credentials. The attacker can easily cause a denial of service and we cannot rule out more subtle attacks. The immediate solution is to reset `t` to NULL when a comma is encountered, indicating that we are no longer looking at trailing whitespace. Found with the help of Honggfuzz. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-27840: pytests:segfault: add ldb.Dn validate testDouglas Bagnall2021-03-241-0/+1
| | | | | | | | | ldb.Dn.validate wraps ldb_dn_explode. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netcmd: Determine which files are to be copied for an offline domain backupJoseph Sutton2021-03-231-2/+0
| | | | | | | | | | | | | | | | | The old behaviour attempted to check for and remove files with duplicate names, but did not do so due to a bug, and would have left undetermined which files were given priority when duplicate filenames were present. Now when hardlinks are present, only one instance of each file is chosen, with files in the private directory having priority. If one backup dir is nested inside another, the files contained in the nested directory are only added once. Additionally, the BIND DNS database is omitted from the backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
* netcmd: Add test for an offline backup of nested directoriesJoseph Sutton2021-03-231-0/+1
| | | | | | | | | | | | This test verifies that when performing an offline backup of a domain where one of the directories to be backed up is nested inside another, the contained files are only included once in the backup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
* netcmd: Add test for an offline backup of a directory containing hardlinksJoseph Sutton2021-03-231-0/+1
| | | | | | | | | | | | | This test verifies that when performing an offline backup of a domain where the directories to be backed up contain hardlinks, only one instance of each file is backed up, and that files in the private directory take precedence. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14027 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz
* samba-tool: Add a gpo command for removing VGP Host Access Group PolicyDavid Mulder2021-03-181-1/+0
| | | | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 18 20:02:50 UTC 2021 on sn-devel-184
* samba-tool: Test gpo manage access remove commandDavid Mulder2021-03-181-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: Add a gpo command for adding VGP Host Access Group PolicyDavid Mulder2021-03-181-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: Test gpo manage access add commandDavid Mulder2021-03-181-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: Add a gpo command for listing VGP Host Access Group PolicyDavid Mulder2021-03-181-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status