summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* s4:torture/smb2: split replay_smb3_specification into durable handle and ↵Stefan Metzmacher2020-07-141-1/+2
| | | | | | | | | | | | multichannel It's better to have durable handles and multichannel tested separate: 1. we test both cases in the server 2. it makes it easier to deal with knownfail entries if only one of these features is active on the server. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* ads: set sasl-wrapping to plain when over TLSIsaac Boukris2020-07-131-1/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: add tests for net-ads over TLSIsaac Boukris2020-07-132-0/+11
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14439 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* winbind: Fix lookuprids cache problemVolker Lendecke2020-07-091-1/+0
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jul 9 21:40:52 UTC 2020 on sn-devel-184
* winbind: Add test for lookuprids cache problemVolker Lendecke2020-07-091-0/+1
| | | | | | | | | | | | | | | | | | | | When reading entries from gencache, wb_cache_rids_to_names() can return STATUS_SOME_UNMAPPED, which _wbint_LookupRids() does not handle correctly. This test enforces this situation by filling gencache with one wbinfo -R and then erasing the winbindd_cache.tdb. This forces winbind to enter the domain helper process, which will then read from gencache filled with the previous wbinfo -R. Without having the entries cached this does not happen because wb_cache_rids_to_names() via the do_query: path calls deep inside calls dcerpc_lsa_lookup_sids_noalloc(), which hides the STATUS_SOME_UNMAPPED that came in as lsa_LookupSids result value. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14435 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libcli/ldap: Fix decoding struct ldap_ExtendedResponseVolker Lendecke2020-07-091-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/ldap: Test decoding an exop responseVolker Lendecke2020-07-091-0/+1
| | | | | | | | ldap-starttls-response.dat is a reply to a starttls extended operation. Right now ldap_decode() does not handle this correctly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest/Samba3: make use of 'smbd:FSCTL_SMBTORTURE = yes'Stefan Metzmacher2020-07-082-1/+1
| | | | | | | | | | | | | | | This makes sure the lease/oplock break retry logic based on missing TCP acks is tested. We're still not able to run multichannel tests automatically, as socket wrapper doesn't support fd-passing yet. But this testing this with single channels is a good start. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s4:torture/smb2: split smb2.oplock.batch22 into a and bStefan Metzmacher2020-07-082-1/+2
| | | | | | | | | | batch22a tests the timeout on a valid connection and batch22b tests the timeout on a broken/blocked connection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* s3:smbcacls: Add support for DFS pathAnubhav Rakshit2020-07-071-1/+0
| | | | | | | | | | | | | | | | | smbcacls does not handle DFS paths correctly. This is beacuse once the command encounters a path which returns STATUS_PATH_NOT_COVERED, it does not attempt a GET REFERRAL. We use cli_resolve_path API to perform a DFS path resolution to solve the above problem. Additionally this removes the known fail against smbcacls tests Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com> Reviewed-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 7 23:03:00 UTC 2020 on sn-devel-184
* selftest: run smbcacls test against a share with a DFS linkNoel Power2020-07-072-0/+9
| | | | | | | | | | | | | The commit creates a dfs link in existing 'fileserver' env share msdfs_share. Additionally we create a new dfs target in a new share (with associated directory) Additionally add a known fail as smbcacls doesn't not yet navigate DFS links. A subsequent commit will fix smcacls to handle DFS (and remove the knownfail) Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Add basic smbcacls test(s)Noel Power2020-07-071-0/+3
| | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:rpc_server: Implement epmapper LookupHandleFreeSamuel Cabrero2020-07-071-1/+0
| | | | | | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Samuel Cabrero <scabrero@samba.org> Autobuild-Date(master): Tue Jul 7 13:43:14 UTC 2020 on sn-devel-184
* selftest: Split samba4 epmapper expected failures into individual testsSamuel Cabrero2020-07-071-1/+4
| | | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* lib/torture: fix subunit names of nested suitesStefan Metzmacher2020-07-071-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | E.g. passing 'smb2.multichannel.generic' to smbtorture results in - interface_info - num_channels While passing 'smb2.multichannel' to smbtorture results in: - generic.interface_info - genetic.num_channels - oplocks.test1 ... - leases.test1 ... Before we got this: - interface_info - num_channels - test1 ... - test1 That made it impossible to add knownfail entries for leases.test1 vs. oplocks.test1 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest/Samba4: split out _setup_ad_dc()Stefan Metzmacher2020-07-071-2/+8
| | | | | | | | | | | | | | | | | | | setup_ad_dc() was used for more than 'ad_dc'. Setting up 'ad_dc' means not all missing arguments are passed as undef. The following had no effect if (!defined($conf_opts)) { $conf_opts = ""; } and $conf_opts results in a string of 'HASH(....)' So we better pass explicit undef arguments from setup_ad_dc() to _setup_ad_dc() now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:smbd: make sure vfs_ChDir() always sets conn->cwd_fsp->fh->fd = AT_FDCWDStefan Metzmacher2020-07-021-1/+0
| | | | | | | | | This is what all consumers of conn->cwd_fsp->fh->fd expect! BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s4:torture/smb2: add smb2.delete-on-close-perms.BUG14427Stefan Metzmacher2020-07-021-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14427 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packetGary Lockyer2020-07-021-1/+0
| | | | | | | | | | | | An empty UDP packet put the nbt server into a busy loop that consumes 100% of a cpu. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jul 2 10:26:24 UTC 2020 on sn-devel-184
* CVE-2020-14303 Ensure an empty packet will not DoS the NBT serverAndrew Bartlett2020-07-021-0/+1
| | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-10760 dsdb: Add tests for paged_results and VLV over the Global ↵Andrew Bartlett2020-07-021-1/+1
| | | | | | | | Catalog port This should avoid a regression. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2020-10745: ndr/dns-utils: prepare for NBT compatibilityDouglas Bagnall2020-07-022-3/+0
| | | | | | | | | | | | | | | | | NBT has a funny thing where it sometimes needs to send a trailing dot as part of the last component, because the string representation is a user name. In DNS, "example.com", and "example.com." are the same, both having three components ("example", "com", ""); in NBT, we want to treat them differently, with the second form having the three components ("example", "com.", ""). This retains the logic of e6e2ec0001fe3c010445e26cc0efddbc1f73416b. Also DNS compression cannot be turned off for NBT. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-10745: dns_util/push: forbid names longer than 255 bytesDouglas Bagnall2020-07-021-1/+0
| | | | | | | | As per RFC 1035. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-10745: ndr_dns: do not allow consecutive dotsDouglas Bagnall2020-07-022-2/+0
| | | | | | | | | | The empty subdomain component is reserved for the root domain, which we should only (and always) see at the end of the list. That is, we expect "example.com.", but never "example..com". BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-10745: librpc/tests: cmocka tests of dns and ndr stringsDouglas Bagnall2020-07-021-0/+4
| | | | | | | | | | | These time the push and pull function in isolation. Timing should be under 0.0001 seconds on even quite old hardware; we assert it must be under 0.2 seconds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* CVE-2020-10745: pytests: hand-rolled invalid dns/nbt packet testsDouglas Bagnall2020-07-021-0/+2
| | | | | | | | | | | | The client libraries don't allow us to make packets that are broken in certain ways, so we need to construct them as byte strings. These tests all fail at present, proving the server is rendered unresponsive, which is the crux of CVE-2020-10745. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Run test of how userPassword / crypt() style passwords are stored ↵Andrew Bartlett2020-07-011-0/+3
| | | | | | | | | | | | in quicktest This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in all the samba-o3 builds and so is checked on RHEL7 in GitLab CI. https://bugzilla.samba.org/show_bug.cgi?id=14424 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:smbd: fix the handling of the durable_v2_timeoutStefan Metzmacher2020-06-271-24/+0
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Jun 27 05:42:05 UTC 2020 on sn-devel-184
* s4:torture/smb2: adjust durable v2 tests to pass against Windows Server 2019Stefan Metzmacher2020-06-271-0/+24
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:torture/smb2: remove MULTI_CHANNEL checking from smb2.replay.channel-sequenceStefan Metzmacher2020-06-271-3/+2
| | | | | | | | | This test doesn't need multi-channel. But we need to force using the channel_sequence, as our client libraries only use them for multi-channel connections or persistent handles. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest/Samba3: support durable handles on the 'aio' shareStefan Metzmacher2020-06-272-2/+3
| | | | | | | | This means we can test the lock sequence checking via the 'samba3.smb2.lock aio(nt4_dc)' test. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Allow a SHUTDOWN_CLOSE on a file with outstanding aio if there are ↵Jeremy Allison2020-06-241-2/+0
| | | | | | | | | | | | | | | | | | | no client connections alive. The process is exiting now so pthreads will never complete to cause problems. Remove the knownfail.d/aio_outstanding entry. Followup-bugfix for: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 24 20:14:15 UTC 2020 on sn-devel-184
* s3: selftest: Add samba3.blackbox.aio-outstanding test.Jeremy Allison2020-06-241-0/+2
| | | | | | | | | | | | | Shows smbd panics if connection is terminated (torn down) by killing the client with outstanding aio requests in the queue. As we're closing smbd we should cope with this. Followup-bugfix for: BUG: https://bugzilla.samba.org/show_bug.cgi?id=14301 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* tests: Only run mdsparser test if we build with spotlight supportAndreas Schneider2020-06-221-2/+4
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jun 22 15:53:30 UTC 2020 on sn-devel-184
* Properly handle msDS-AdditionalDnsHostName returned from Windows DCIsaac Boukris2020-06-181-3/+0
| | | | | | | | | | | | | | Windows DC adds short names for each specified msDS-AdditionalDnsHostName attribute, but these have a suffix of "\0$" and thus fail with ldap_get_values(), use ldap_get_values_len() instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Thu Jun 18 16:43:47 UTC 2020 on sn-devel-184
* selftest: add tests for binary msDS-AdditionalDnsHostNameIsaac Boukris2020-06-181-0/+3
| | | | | | | | | Like the short names added implicitly by Windows DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14406 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* db-glue.c: set forwardable flag on cross-realm tgt ticketsIsaac Boukris2020-06-122-3/+0
| | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Match Windows behavior and allow the forwardable flag to be set in cross-realm tickets. We used to allow forwardable to any server, but now that we apply disallow-forwardable policy in heimdal we need to explicitly allow in the corss-realm case (and remove the workaround we have for it the MIT plugin). Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jun 12 22:10:34 UTC 2020 on sn-devel-184
* selftest: test forwardable flag in cross-realm with s4u2proxyIsaac Boukris2020-06-121-0/+2
| | | | | Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: test forwardable flag in cross-realm tgt ticketsIsaac Boukris2020-06-121-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* heimdal: apply disallow-forwardable on server in TGS requestIsaac Boukris2020-06-121-1/+0
| | | | | | | | | | upstream commit: 839b073facd2aecda6740224d73e560bc79965dc BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: add test for disallowed-forwardable serverIsaac Boukris2020-06-121-0/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14233 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* kdc: allow checksum of PA-FOR-USER to be HMAC_MD5Isaac Boukris2020-06-111-2/+0
| | | | | | | | | | | | | | | | | | | | | even if the tgt session key uses different hmac. Per [MS-SFU] 2.2.1 PA-FOR-USER the checksum is always HMAC_MD5, and that's what windows 7 client and MIT client send. In heimdal both the client and kdc use the checksum of the tgt key instead and therefore work with each other but windows and MIT clients fail against heimdal KDC. Windows KDC allows either checksum (HMAC_MD5 or from tgt) so we should do the same to support all clients. Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Jun 11 02:48:58 UTC 2020 on sn-devel-184
* s3: VFS: default. Ensure read_dfs_pathat() returns stat info.Jeremy Allison2020-06-031-3/+0
| | | | | | | | | | | | | | Remove the knownfail.d/msdfs-attr file. Everything now passes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Jun 3 06:19:21 UTC 2020 on sn-devel-184
* s3: torture: Add test for getting attibutes on an MSDFS link.Jeremy Allison2020-06-031-0/+3
| | | | | | | | | Mark as knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14391 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* Add msDS-AdditionalDnsHostName entries to the keytabIsaac Boukris2020-05-291-2/+0
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Add a test for msDS-AdditionalDnsHostName entries in keytabIsaac Boukris2020-05-291-0/+2
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Fix accidental overwrite of dnsHostName by the last netbios aliasIsaac Boukris2020-05-291-2/+0
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Add a test to check dNSHostName with netbios aliasesIsaac Boukris2020-05-291-0/+2
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14396 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* smbd: Protect smbd_smb2_getinfo_send() against invalid quota filesVolker Lendecke2020-05-291-2/+0
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14367 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri May 29 09:55:10 UTC 2020 on sn-devel-184
* torture3: Check error code for quotactl on a non-quota file handleVolker Lendecke2020-05-291-0/+4
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14367 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status