summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2019-14847 dsdb: Correct behaviour of ranged_results when combined with ↵Andrew Bartlett2019-10-311-1/+0
| | | | | | | | | | | | dirsync BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Oct 31 23:29:15 UTC 2019 on sn-devel-184
* CVE-2019-14847 dsdb: Demonstrate the correct interaction of ranged_results ↵Andrew Bartlett2019-10-311-0/+1
| | | | | | | | | | | | style attributes and dirsync Incremental results are provided by a flag on the dirsync control, not by changing the attribute name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14040 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* lib/adouble: pass filesize to ad_unpack()Ralph Boehme2019-10-301-3/+0
| | | | | | | | | | | | | | | | | ad_unpack() needs the filesize, not the capped IO size we're using in the caller to read up to "size" bystem from the ._ AppleDouble file. This fixes a regression introduced by bdc257a1cbac7e8c73a084b618ba642476807483 for bug 13968. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 RN: vfs_fruit returns capped resource fork length Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184
* torture: expand test "vfs.fruit.resource fork IO" to check sizeRalph Boehme2019-10-301-0/+3
| | | | | | | | | Reveals a bug where the resource fork size is capped at 65454 bytes. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2019-14833 dsdb: send full password to check password scriptBjörn Baumbach2019-10-291-1/+0
| | | | | | | | | | | | | | | | | | utf8_len represents the number of characters (not bytes) of the password. If the password includes multi-byte characters it is required to write the total number of bytes to the check password script. Otherwise the last bytes of the password string would be ignored. Therefore we rename utf8_len to be clear what it does and does not represent. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Tue Oct 29 11:58:45 UTC 2019 on sn-devel-184
* CVE-2019-14833: Use utf8 characters in the unacceptable passwordAndrew Bartlett2019-10-292-1/+2
| | | | | | | This shows that the "check password script" handling has a bug. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12438 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* s4:dirsync: fix interaction of dirsync and extended_dn controlsStefan Metzmacher2019-10-241-1/+0
| | | | | | | | | | | | | | | | | | | Azure AD connect reports discovery errors: reference-value-not-ldap-conformant for attributes member and manager. The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without an ExtendedDNRequestValue blob, which means the flag value should be treated as 0 and the HEX string format should be used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153 RN: Prevent azure ad connect from reporting discovery errors: reference-value-not-ldap-conformant Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184
* s4:tests/dirsync: add tests for dirsync with extended_dnStefan Metzmacher2019-10-241-0/+1
| | | | | | | | | | | | | | | | | | This demonstrates a problems that the extended_dn returned by the dirsync module always uses the SDDL format for GUID/SID components. Azure AD connect reports discovery errors: reference-value-not-ldap-conformant for attributes member and manager. The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without an ExtendedDNRequestValue blob, which means the flag value should be treated as 0 and the HEX string format should be used. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:kdc: fix the principal names in samba_kdc_update_delegation_info_blobStefan Metzmacher2019-10-211-2/+0
| | | | | | | | | | | | | We need the target service without realm, but the proxy services with realm. I have a domain with an w2008r2 server and a samba and now both generate the same S4U_DELEGATION_INFO. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: add a test for PAC delegation-info blob in S4U2ProxyIsaac Boukris2019-10-211-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13133 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* dbwrap_watch: Fix cleaning up dead watchersVolker Lendecke2019-10-181-1/+0
| | | | | | | | | | | "wrec->num_watchers" changes in dbwrap_watch_rec_del_watcher(). In 32d6cc84c I forgot to update the copy of that variable. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 18 22:28:07 UTC 2019 on sn-devel-184
* dbwrap_watch: Test cleanup of dead watchersVolker Lendecke2019-10-181-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Disable RTLD_DEEPBIND if running with ASANGary Lockyer2019-10-161-1/+4
| | | | | | | | | | | | | Disable the RTLD_DEEPBIND option for dlopen in LDB and Socket Wrapper when running with AddressSanitizer. The RTLD_DEEPBIND option is not compatible with Address Sanitizer see https://github.com/google/sanitizers/issues/611 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Oct 16 15:41:41 UTC 2019 on sn-devel-184
* s3:libads: Do not turn on canonicalization flag for MIT KerberosAndreas Schneider2019-10-121-1/+0
| | | | | | | | | | | | | | | This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155 Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 17:39:13 UTC 2019 on sn-devel-184
* testprogs: Add test for kinit with canonicalizationAndreas Schneider2019-10-121-0/+1
| | | | | | | | Pair-Programmed-With: Isaac Boukris <iboukris@redhat.com> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* gitlab-ci: Run several AD tests with MIT KDCAndreas Schneider2019-10-121-0/+1
| | | | | | | This will avoid introducing regressions in either client or server code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* spnego: fix server handling of no optimistic exchangeIsaac Boukris2019-10-123-4/+0
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Sat Oct 12 15:51:42 UTC 2019 on sn-devel-184
* python/tests/gensec: add spnego downgrade python testsIsaac Boukris2019-10-121-0/+2
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Isaac Boukris <iboukris@gmail.com> Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add tests for no optimistic spnego exchangeIsaac Boukris2019-10-121-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: s3: add a test for spnego downgrade from krb5 to ntlmIsaac Boukris2019-10-122-0/+10
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: add end-to-end tests for mdssvc with a fake HTTP serverRalph Boehme2019-10-091-0/+4
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* s3:mdssvc: add unit tests for the Spotlight to Elasticsearch parserRalph Boehme2019-10-092-0/+3
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* auth/gensec: fix AES schannel seal and unsealGünther Deschner2019-10-071-1/+0
| | | | | | | | | | | | | Workaround bug present in gnutls 3.6.8: gnutls_cipher_decrypt() uses an optimization internally that breaks decryption when processing buffers with their length not being a multiple of the blocksize. Signed-off-by: Stefan Metzmacher <metze@samba.org> Pair-Programmed-With: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/gensec: fix non-AES schannel sealGünther Deschner2019-10-071-1/+0
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14134 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/auth: add test for gensec_schannel codeGünther Deschner2019-10-072-0/+4
| | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: smbd: Fix the SMB2 server to pass SMB2-PATH-SLASH.Jeremy Allison2019-10-021-1/+0
| | | | | | | | | | | | | | | | | | | | [MS-FSA] 2.1.5.1 Server Requests an Open of a File Windows pathname specific processing. Always disallow trailing /, and also \\ on FILE_NON_DIRECTORY_FILE. We need to check this before the generic pathname parser as the generic pathname parser removes any trailing '/' and '\\'. Currently this is SMB2 only, but we could also add this check to the SMB1 NTCreateX calls if ultimately neded. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Oct 2 09:31:40 UTC 2019 on sn-devel-184
* s3: torture: Add MS-FSA style terminating '/' and '\\' test - SMB2-PATH-SLASH.Jeremy Allison2019-10-021-0/+2
| | | | | | | | | | | [MS-FSA] 2.1.5.1 Server Requests an Open of a File. Checks how to behave on both files and directories. Tested against Windows 10 server - passes. Currently smbd fails this. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:smbd: ensure a created stream picks up the File-ID from the basefileRalph Boehme2019-10-021-1/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: when storing DOS attribute call dos_mode() beforehandRalph Boehme2019-10-021-1/+0
| | | | | | | | | | This is required to ensure File-ID info is populated with the correct on-disk value, before calling file_set_dosmode() which will update the on-disk value. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add a File-ID test on directoriesRalph Boehme2019-10-021-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: extend test for File-IDsRalph Boehme2019-10-021-0/+1
| | | | | | | | | | This now hopefully covers most possible combinations of creating and opening files plus, checking the file's File-ID after every operation. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14137 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping (again)Michael Adam2019-09-271-4/+0
| | | | | | | | | | | | | | | | | | | | | https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e originally introduced the above feature. This functionality was undone as part of "winbind: Restructure get_pwsid" https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a I think that this semantic change was accidential. This patch undoes the semantic change and re-establishes the functionality. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184
* selftest: Test ID_TYPE_BOTH with idmap_rid moduleChristof Schmitt2019-09-271-0/+4
| | | | | | | | | | | | | ID_TYPE_BOTH means that each user and group has two mappings, a uid and gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid always return some information, so that uid and gid can be mapped to a name. Establish a test to verify that the expected information is returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest/Samba3.pm: use "winbind use krb5 enterprise principals = yes" for ↵Stefan Metzmacher2019-09-242-1/+1
| | | | | | | | | | | | | | ad_member This demonstrates that can do krb5_auth in winbindd without knowning about trusted domains. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Sep 24 19:51:29 UTC 2019 on sn-devel-184
* selftest/Samba3.pm: use "winbind scan trusted domains = no" for ad_memberStefan Metzmacher2019-09-242-0/+2
| | | | | | | | | | This demonstrates that we rely on knowning about trusted domains before we can do krb5_auth in winbindd. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* selftest/tests.py: test pam_winbind for trusts domainsStefan Metzmacher2019-09-241-0/+84
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* selftest: Export TRUST information in the ad_member target environmentAndreas Schneider2019-09-242-2/+44
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* selftest/tests.py: test pam_winbind with a lot of username variationsStefan Metzmacher2019-09-241-1/+26
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* selftest/tests.py: test pam_winbind with krb5_authStefan Metzmacher2019-09-241-0/+4
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* selftest/tests.py: prepare looping over pam_winbindd testsStefan Metzmacher2019-09-241-21/+37
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* test_pam_winbind.sh: allow different pam_winbindd config options to be specifiedStefan Metzmacher2019-09-241-3/+3
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* vfs: restore stat fields in vfs_stat_fsp()Ralph Boehme2019-09-101-1/+0
| | | | | | | | | | | | | | | | | | This ensures we preserve btime, itime and File-ID. As the Durable Handles code calls vfs_stat_fsp() in the DH disconnect function, previously the btime was lost and NOT stored in the cookie. With this change the cookie will store the correct btime (and iflags), which requires us to call dos_mode() in the reconnect function to ensure we pass vfs_default_durable_reconnect_check_stat(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Sep 10 20:22:21 UTC 2019 on sn-devel-184
* s4:torture: add a file-id related testRalph Boehme2019-09-101-0/+1
| | | | | | | | | | Note I'm using the share vfs_fruit_xattr because I need a share with both a streams and a acl_* VFS object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:selftest: add delay_inject:brl_lock_windows testingStefan Metzmacher2019-09-091-0/+12
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Sep 9 15:42:45 UTC 2019 on sn-devel-184
* s3:blocking: fix the fsp->blocked_smb1_lock_reqs handlingStefan Metzmacher2019-09-091-4/+0
| | | | | | | | | | | | | | A new request is first checks against all pending requests before checking the already granted locks. Before we retried the lock array of another request (the first in the list), but then finished current request, which is wrong. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:torture/raw: add multilock6 testStefan Metzmacher2019-09-092-0/+2
| | | | | | | | | | | This is similar to multilock3, but uses a read-only (LOCKING_ANDX_SHARED_LOCK) locks for the 2nd lock request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:torture/raw: add multilock5 testStefan Metzmacher2019-09-091-0/+1
| | | | | | | | | | | This is similar to multilock3, but uses a read-only (LOCKING_ANDX_SHARED_LOCK) locks for the first lock request. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:torture/raw: add multilock4 testStefan Metzmacher2019-09-091-0/+1
| | | | | | | | | | | This is similar to multilock3, but uses read-only (LOCKING_ANDX_SHARED_LOCK) locks for the blocked requests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s4:torture/raw: add multilock3 testStefan Metzmacher2019-09-091-0/+1
| | | | | | | | | | | This demonstrates that unrelated lock ranges are not blocked by other blocked requests on the same fsp. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:smb2_lock: add retry for POSIX locksStefan Metzmacher2019-09-091-1/+0
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
View Lorry Controller Status