Jeremy Allison [Tue, 13 Jul 2021 00:21:03 +0000 (17:21 -0700)]
s3: VFS: default. In vfswrap_read_dfs_pathat(), cope with relative pathnames.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 16:15:18 +0000 (09:15 -0700)]
s3: VFS: default. In vfswrap_read_dfs_pathat() use sys_fstatat().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 12 Jul 2021 22:24:30 +0000 (15:24 -0700)]
s2: VFS: default. Fix vfswrap_read_dfs_pathat() to use fsp_get_pathref_fd() not fsp_get_io_fd().
We don't need an io fd here, and we only get away
with it as we have the assert above:
SMB_ASSERT(dirfsp == dirfsp->conn->cwd_fsp);
This will be removed next.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 16:10:50 +0000 (09:10 -0700)]
s3: VFS: default. Fix vfswrap_readdir() to use sys_fstatat().
Change struct stat st -> SMB_STRUCT_STAT st
and just copy the struct on success, as sys_fstatat()
already does the init_stat_ex_from_stat() for us.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 12 Jul 2021 22:37:20 +0000 (15:37 -0700)]
s3: lib: Add sys_fstatat() wrapper.
Does the usual things we need with fake_dir_create_times.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Tue, 13 Jul 2021 16:03:31 +0000 (09:03 -0700)]
s3: expect fstatat() and dirfd()
FreeBSD, AIX and Solaris all have this.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Sat, 3 Jul 2021 13:46:11 +0000 (15:46 +0200)]
vfs_shadow_copy2: ensure we call convert_sbuf() in shadow_copy2_*stat() on already converted paths with absolute path
shadow_copy2_strip_snapshot() will happily return without modifying the passed
timestamp=0 if the path is already converted and refers to an object in a
snapshot, eg (first debug line from extra debugging patch [1]):
[10 2021/07/02 08:19:28.811424 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1303 shadow_copy2_fstat]
shadow_copy2_fstat: fsp [test.txt {@GMT-2000.01.02-03.04.05}]
[10 2021/07/02 08:19:28.811449 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:607 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: [from shadow_copy2_fstat()] Path 'test.txt {@GMT-2000.01.02-03.04.05}'
[10 2021/07/02 08:19:28.811474 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:619 _shadow_copy2_strip_snapshot_internal]
_shadow_copy2_strip_snapshot_internal: abs path '/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt'
[10 2021/07/02 08:19:28.811496 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:1924 shadow_copy2_snapshot_to_gmt]
shadow_copy2_snapshot_to_gmt: match @GMT-%Y.%m.%d-%H.%M.%S: @GMT-2000.01.02-03.04.05
[10 2021/07/02 08:19:28.811536 pid=738290 ../../source3/modules/vfs_shadow_copy2.c:566 check_for_converted_path]
check_for_converted_path: path |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05/test.txt| is already converted. connect path = |/gpfs0/smb_snapshots2/filesetone/.snapshots/@GMT-2000.01.02-03.04.05|
As check_for_converted_path() detects an "already converted path",
_shadow_copy2_strip_snapshot_internal() just returns without modifying the value
of the timestamp.
By using shadow_copy2_strip_snapshot_converted() instead of
shadow_copy2_strip_snapshot() we can check if the path is in fact referring to a
VSS object by checking the "converted" bool.
An alternative way would have been directly checking fsp->fsp_name->twrp != 0,
but that would be a new semantic in the module, I'll leave this excersize for
the future when we clean up the usage of shadow_copy2_strip_snapshot() in the
whole module.
This change also switches to using the absolute paths in both place where
convert_sbuf() is called.
[1]
@@ -1309,8 +1348,16 @@ static int shadow_copy2_fstat(vfs_handle_struct *handle, files_struct *fsp,
saved_errno = errno;
}
+ DBG_DEBUG("fsp [%s]\n", fsp_str_dbg(fsp));
RN: vfs_shadow_copy2 fixinodes not correctly updating inode numbers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Jul 2021 05:24:00 +0000 (07:24 +0200)]
selftest: add a test for shadow:fixinodes
This will fail with
Failed to open file \@GMT-2015.10.31-19.40.30\subdir\hardlink. NT_STATUS_ACCESS_DENIED
The open is failing in openat_pathref_fsp():
[2021/07/06 04:58:17.677104, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:541(openat_pathref_fsp)
openat_pathref_fsp: file [subdir/hardlink {@GMT-2015.10.31-19.40.30}] - dev/ino mismatch. Old (dev=64770, ino=
3826943444). New (dev=64770, ino=
1746568660).
[2021/07/06 04:58:17.677114, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/files.c:568(openat_pathref_fsp)
openat_pathref_fsp: Opening pathref for [subdir/hardlink {@GMT-2015.10.31-19.40.30}] failed: NT_STATUS_ACCESS_DENIED
The reason is subtle:
shadow_copy2 calculates inode numbers of snapshot files based on the path of the
file. The result of that when doing a path based stat() from filename_convert()
was
[2021/07/06 04:58:17.676159, 10, pid=95070, effective(1000, 1000), real(1000, 0)] ../../source3/smbd/filename.c:1945(filename_convert_internal)
filename_convert_internal: XXX smb_fname [subdir/hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=
3826943444).
which is the "Old" inode shown above.
Later in the open code called from openat_pathref_fsp() -> fd_openat() ->
non_widelink_open() since 4.14 we call SMB_VFS_FSTAT() where fsp->fsp_name will
be set to the new relative *basename* of the file:
[2021/07/06 04:58:17.676917, 10, pid=95070, effective(1000, 1000), real(1000, 0), class=vfs] ../../source3/modules/vfs_default.c:1302(vfswrap_fstat)
vfswrap_fstat: XXX fsp [hardlink {@GMT-2015.10.31-19.40.30}] (dev=64770, ino=
3826943444)
So for stat() the hash function in called with the full path relative to the share
root:
subdir/hardlink
while for fstat() the hash function will used
hardlink
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Jul 2021 05:22:40 +0000 (07:22 +0200)]
selftest: simplify snapshot directory creation in test_shadow_copy_torture.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Jul 2021 05:20:15 +0000 (07:20 +0200)]
selftest: enable "shadow:fixinodes" in "shadow_write" share
The existing tests don't care and this will be used in a subsequent commit to
demonstrate that this option is currently broken.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Jul 2021 05:19:36 +0000 (07:19 +0200)]
selftest: pass smbclient arg to samba3.blackbox.shadow_copy_torture test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 7 Jul 2021 10:40:05 +0000 (12:40 +0200)]
smbd: update smb_fname statinfo from fsp
fd_openat() has done an FSTAT on the handle so update the smb_fname stat info
with "truth". from the handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Wed, 7 Jul 2021 09:48:34 +0000 (11:48 +0200)]
smbd: put back dev/ino stat/fstat check in openat_pathref_fsp()
This reverts commit
a6df051dd5e8c63f2fdfdb20ee01169d2bdb97dd:
"s3: smbd: In openat_pathref_fsp(), just check we're opening the same file type, not dev and inode."
The prior changes mean we can go back to checking dev/ino
matches.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 6 Jul 2021 07:04:26 +0000 (09:04 +0200)]
smbd: canonicalize SMB_VFS_FSTAT() stat buffer
This helps code inside any module implementing fstat() looking at
fsp->fsp_name->st instead of the passed in stat buf.
I only ran afoul of this in a DEBUG message I added while debugging some inode
related problem.
No change in behaviour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 18:41:05 +0000 (11:41 -0700)]
s3: VFS: streams_xattr: In streams_xattr_stat() use synthetic_pathref() with basename
Remove my poor imitation of synthetic_pathref(), just call the real thing.
We need to go through the full VFS stack here to get
the ino correct to get the fsp handle.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 13 Jul 2021 18:40:09 +0000 (11:40 -0700)]
s3: VFS: fruit. In ad_get_meta_fsp(), we only need a handle on the base file, not the stream.
We'll be calling SMB_VFS_FGETXATTR() on the base fsp anyway.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14756
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Mon, 28 Jun 2021 20:54:52 +0000 (13:54 -0700)]
s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
We actually don't need this to get the right semantics, as the open or the
set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
makes me much happier to see the prerequisites needed expressed in code here
right at the point of use.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184
Stefan Metzmacher [Sun, 9 May 2021 19:16:00 +0000 (21:16 +0200)]
libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts
Any garbage at the end needs to be ignored.
This fixes the Negotiate_SMB311_ContextID_NetName test from:
https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/FileServer/src/SMB2/TestSuite/Negotiate/Negotiation.cs#L730
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 12 21:25:21 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 9 Jul 2021 16:20:30 +0000 (18:20 +0200)]
nsswitch: ensure the attrlist_t array is large enough for a NULL sentinel
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14754
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 12 15:11:42 UTC 2021 on sn-devel-184
David Mulder [Wed, 7 Jul 2021 14:00:36 +0000 (08:00 -0600)]
WHATSNEW: samba-tool without ad-dc
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Jul 8 14:43:11 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 23 Nov 2020 07:54:29 +0000 (20:54 +1300)]
selftest: Print dns_update_cache path into the logs
This sometimes get stuck in a loop and this may help debug it.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 8 12:44:49 UTC 2021 on sn-devel-184
Samuel Cabrero [Fri, 31 Jul 2020 09:13:27 +0000 (11:13 +0200)]
lib/tsocket: Free subreq as soon as possible
This is not a memory leak as it is freed when the parent req's state is
freed, but will help in low memory situations.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 8 10:21:25 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 31 Jul 2020 09:27:25 +0000 (11:27 +0200)]
witness.idl: fix length calculation for witness_IPaddrInfoList
If r->num is 0, we should not dereference r->addr.
Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/
5686294157197312
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Stefan Metzmacher [Fri, 31 Jul 2020 09:27:10 +0000 (11:27 +0200)]
torture/ndr: reproduce a problem with witness_AsyncNotify
Credit Oss-Fuzz
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/
5686294157197312
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Stefan Metzmacher [Fri, 31 Jul 2020 11:23:19 +0000 (13:23 +0200)]
torture/ndr: add more details to the test names
We can have more than one blob for a given idl function
and we should avoid using the same name for all of them.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Stefan Metzmacher [Fri, 31 Jul 2020 11:20:09 +0000 (13:20 +0200)]
torture/ndr: make check functions typesafe
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Samuel Cabrero [Fri, 22 Jan 2021 13:04:35 +0000 (14:04 +0100)]
libcli: Move map_errno_from_nt_status from s3 lib to common libcli
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Thu, 30 Jul 2020 10:07:57 +0000 (12:07 +0200)]
s3:lib: Map ECANCELED to NT_STATUS_CANCELLED
Now map_nt_error_from_unix() returns the same value as
map_nt_error_from_unix_common().
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Tue, 22 Jun 2021 07:31:29 +0000 (09:31 +0200)]
auth:creds: Remove unused simple.c file
This code is tested by the cmocka unit test:
auth/credentials/tests/test_creds.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Andreas Schneider [Wed, 7 Jul 2021 09:12:37 +0000 (11:12 +0200)]
lib:tdb: Fix a memory leak on error
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Isaac Boukris [Thu, 8 Oct 2020 12:00:44 +0000 (14:00 +0200)]
selftest: Add test for one-way trust wbinfo auth
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 15:01:22 UTC 2021 on sn-devel-184
Andreas Schneider [Fri, 9 Jun 2017 13:03:29 +0000 (15:03 +0200)]
selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Isaac Boukris [Tue, 6 Oct 2020 20:33:45 +0000 (22:33 +0200)]
selftest: Fix "outgoing" test in kinit_trust heimdal
Found by the test not failing in one-way trust.
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 23 Jun 2021 08:55:04 +0000 (10:55 +0200)]
testprogs: Show that DOM\user and REALM\user work for auth
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 23 Jun 2021 08:50:23 +0000 (10:50 +0200)]
testprogs: Rename TRUST_CREDS variables in test_trust_utils.sh
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 18 Jun 2021 11:40:59 +0000 (13:40 +0200)]
selftest: Add the trusted domain realms to krb5.conf
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Mon, 14 Jun 2021 09:38:44 +0000 (11:38 +0200)]
s3:tests: Fix wbinfo_lookuprids_cache test with system tdb-tools
If libtdb is used from the system, we should use those tools by default.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Sun, 4 Jul 2021 18:06:04 +0000 (20:06 +0200)]
Add editorconfig config file
See https://editorconfig.org/ for details.
(neo)vim: https://github.com/editorconfig/editorconfig-vim
emacs: https://github.com/editorconfig/editorconfig-emacs
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 7 05:54:16 UTC 2021 on sn-devel-184
Pavel Březina [Mon, 31 May 2021 12:58:19 +0000 (14:58 +0200)]
tevent: bump the version number to 0.11.0
* Other minor build fixes.
* Add custom tag to events
* Add event trace api
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Březina [Tue, 1 Jun 2021 12:10:05 +0000 (14:10 +0200)]
tevent: add event trace api
Adds new tracing API to trace fd, timer, signal and immediate events
on specific trace points: attach, before handler and dettach.
This can be used in combination with the event tag to keep track
of the currently executed event for purpose of debugging.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Březina [Tue, 1 Jun 2021 11:57:45 +0000 (13:57 +0200)]
tevent: add custom tag to events
Adds a new API to set and get an uint64_t tag on fd, timer, signal and
immediate events. This can be used to assign a unique and known id to
the event to allow easy tracking of such event.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pavel Březina [Thu, 3 Jun 2021 11:05:46 +0000 (13:05 +0200)]
tevent: add support for cmocka unit tests
This adds a placeholder for new cmocka tests for tevent. Tests
are added in individual commits.
Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Andreas Schneider [Tue, 8 Jun 2021 12:29:06 +0000 (14:29 +0200)]
third_party:cmocka: Fix build when used in lib/tevent
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Mon, 5 Jul 2021 15:17:30 +0000 (17:17 +0200)]
smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records
I saw systems with locking.tdb records being part of:
ctdb catdb smbXsrv_tcon_global.tdb
It's yet unknown how that happened, but we should not panic in srvsvc_*
calls because the info0 pointer was NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 6 11:08:43 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 3 Apr 2020 14:29:36 +0000 (16:29 +0200)]
testprogs: Consistantly use kinit -c $KRB5CCNAME
We want to be really clear which credentials cache we use.
The kerberos_kinit() shell function uses this internally.
-c is the common option between MIT and Heimdal, and is
equivilant to --cache
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 5 23:51:43 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 2 Jul 2021 07:37:25 +0000 (09:37 +0200)]
gensec_krb5: restore ipv6 support for kpasswd
We need to offer as much space we have in order to
get the address out of tsocket_address_bsd_sockaddr().
This fixes a regression in commit
43c808f2ff907497dfff0988ff90a48fdcfc16ef.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 5 May 2021 14:55:47 +0000 (14:55 +0000)]
printing: avoid crash in LPRng_time
If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.
Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 5 05:07:13 UTC 2021 on sn-devel-184
Douglas Bagnall [Tue, 6 Apr 2021 11:11:32 +0000 (23:11 +1200)]
fuzz: add fuzz_parse_lpq_entry
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 14 May 2021 03:05:05 +0000 (15:05 +1200)]
fuzz: fix multiple comment headers
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 26 May 2021 03:01:36 +0000 (15:01 +1200)]
dns update: zero flags and reserved
This is the observed behaviour on Windows.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 15 Apr 2021 04:07:58 +0000 (16:07 +1200)]
dns_common_replace: do not leak
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 20 Jun 2021 02:52:48 +0000 (14:52 +1200)]
samba-tool: dns update rejects malformed addresses
Because neither filling out the struct will not necessarily tell you
you got it wrong, and the RPC could succeed in setting an arbitrary
wrong address (typically, an IPv6 address would set an A record to
"255.255.255.255").
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 20 Jun 2021 10:03:35 +0000 (22:03 +1200)]
pydns: fix a comment in replace_by_dn()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 29 Mar 2021 00:03:45 +0000 (13:03 +1300)]
ldb-samba: dns tombstone matching: constrict value length
We know the only values we want to see are uint32, ie < ~4 billion
(and real values will be 7 digits for hundreds of years).
We also know the caller (we have just checked) is a trusted system
session which won't be padding the thing with spaces. But if they do,
let's call them out.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 30 Mar 2021 21:47:05 +0000 (10:47 +1300)]
dns_server: free old zones when reloading
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 18 Jun 2021 03:31:42 +0000 (15:31 +1200)]
s4/dns_common_replace: add comments about tombstones
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 10 Apr 2021 23:58:25 +0000 (11:58 +1200)]
dns_common_replace: comment in needs_add case
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 9 Apr 2021 10:50:24 +0000 (22:50 +1200)]
dns_common_replace: do logging in needs_add case
The idiom is we return via goto exit.
This was evidently missed from commit
7e2b71d8f7cf7ac72022e1b15c30fc30706e8375
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 1 Apr 2021 01:24:23 +0000 (14:24 +1300)]
dnsserver_common: comments about record sorting
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 19 May 2021 03:43:14 +0000 (15:43 +1200)]
py/dnsserver: TXTRecord copes with single strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 11 Apr 2021 11:38:10 +0000 (23:38 +1200)]
dnsserver/update: add a few comments
Really just signposts.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Mar 2021 01:23:36 +0000 (14:23 +1300)]
dns update: emit warnings upon unexpected occurrances
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 31 Mar 2021 01:21:43 +0000 (14:21 +1300)]
dlz_bind9: insert missing words into error message
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Mon, 12 Apr 2021 18:34:23 +0000 (06:34 +1200)]
dlz_bind9: fix a copy-pasted comment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 19:07:37 +0000 (12:07 -0700)]
s3: VFS: Update status of SMB_VFS_GETXATTR.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Jul 4 18:01:16 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 23 Jun 2021 19:06:19 +0000 (12:06 -0700)]
vfs: RIP SMB_VFS_GETXATTR()
.--. .-, .-..-.__
.'(`.-` \_.-'-./` |\_( "\__
__.>\ '; _;---,._| / __/`'--)
/.--. : |/' _.--.<| / | |
_..-' `\ /' /` /_/ _/_/
>_.-``-. `Y /' _;---.`|/))))
'` .-''. \|: .' __, .-'"`
.'--._ `-: \/: /' '.\ _|_
/.'`\ :; /' `- `-|-`
-` | | |
:.; : | .-'~^~`-.
|: | .' _ _ `.
|:. | | |_) | |_) |
:. : | | | \ | | |
: ; | | |
: ; | | SMB_VFS |
: ; | | GETXATTR |
: ; | | |
.jgs. : ; | |
-."-/\\\/:::. `\."-._'."-"_\\-| |///."-
" -."-.\\"-."//.-".`-."_\\-.".-\\`=.........=`//-".
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:07:29 +0000 (18:07 -0700)]
s3: VFS: xattr_tdb: Remove xattr_tdb_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:06:20 +0000 (18:06 -0700)]
s3: VFS: vxfs: Remove vxfs_get_xattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:05:23 +0000 (18:05 -0700)]
s3: VFS: unityed_media: Remove um_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:04:07 +0000 (18:04 -0700)]
s3: VFS: snapper: Remove snapper_gmt_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:03:09 +0000 (18:03 -0700)]
s3: VFS: shadow_copy2: Remove shadow_copy2_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:02:13 +0000 (18:02 -0700)]
s3: VFS: posix_eadb: Remove posix_eadb_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:01:23 +0000 (18:01 -0700)]
s3: VFS: media_harmony: Remove mh_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 01:00:22 +0000 (18:00 -0700)]
s3: VFS: glusterfs: Remove vfs_gluster_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 00:58:53 +0000 (17:58 -0700)]
s3: VFS: ceph_snapshots: Remove ceph_snap_gmt_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 00:57:45 +0000 (17:57 -0700)]
s3: VFS: ceph: Remove cephwrap_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 00:56:11 +0000 (17:56 -0700)]
s3: VFS: catia: Remove catia_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Wed, 23 Jun 2021 00:55:01 +0000 (17:55 -0700)]
s3: VFS: cap: Remove cap_getxattr.
No longer used.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:56:30 +0000 (13:56 -0700)]
s3: lib: adouble.c: In ad_read_meta() we can now guarantee a valid fsp.
There are now no more callers of SMB_VFS_GETXATTR().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:55:04 +0000 (13:55 -0700)]
s3: VFS: fruit: In fruit_streaminfo_meta_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:53:02 +0000 (13:53 -0700)]
s3: VFS: fruit: In fruit_stat_meta_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:52:02 +0000 (13:52 -0700)]
s3: VFS: fruit: In readdir_attr_meta_finderi_netatalk(), ad_get() -> ad_get_meta_fsp().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:50:48 +0000 (13:50 -0700)]
s3: VFS: fruit: In update_btime(), ad_get() -> ad_get_meta_fsp().
Uncomment ad_get_meta_fsp() as we're now using it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:43:49 +0000 (13:43 -0700)]
s3: VFS: fruit: Add helper function ad_get_meta_fsp().
Not yet used. We will use this to replace calls
to ad_get(..., ADOUBLE_META). It uses openat_pathref_fsp()
to get a handle before calling into ad_get(..., ADOUBLE_META).
Uses the recursion guard to prevent recursion into openat_pathref_fsp()
from stat calls within.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:40:39 +0000 (13:40 -0700)]
s3: VFS: fruit: In the fruit handle->fruit_config_data, add a recursion guard we will set before calling openat_pathref_fsp().
Not yet used.
Same technique as used to prevent recursion in stat calls in vfs_fake_acls.c
This will go away once SMB_VFS_STATX() is added and we can select exactly
what fields we are calling stat() to get.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:37:56 +0000 (13:37 -0700)]
s3: VFS: fruit: In fruit_stat_meta_netatalk(), move the call to fruit_stat_base() before the ad_get() call.
Both must succeed for a valid return, and we're next going
to replace ad_get() with a wrapper that calls openat_pathref_fsp(),
which needs a VALID_STAT().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:47:30 +0000 (13:47 -0700)]
s3: VFS: fruit: Inside fruit_open_meta_netatalk() change to use fsp->base_fsp->fsp_name in ad_get() instead of smb_fname.
We know this will have a valid fsp within.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Fri, 2 Jul 2021 20:35:37 +0000 (13:35 -0700)]
s3: lib: In ad_read_meta(), allow use of SMB_VFS_FGETXATTR() as well as SMB_VFS_GETXATTR().
Eventually we will guarantee a valid smb_fname->fsp here and
will remove SMB_VFS_GETXATTR().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 1 Jul 2021 01:40:59 +0000 (18:40 -0700)]
s3: smbd: Fix fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient in non_widelink_open().
Currently in master when we call into openat() in the VFS
we violate the invarient:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp.
The reason for this is subtle. Inside open.c:non_widelink_open()
we change the fsp->base_fsp to be relative to the new $cwd.
We do this by the following code in open.c:non_widelink_open():
/* Also setup base_fsp to be relative to the new cwd */
if (fsp->base_fsp != NULL) {
base_smb_fname_rel = (struct smb_filename) {
.base_name = smb_fname_rel->base_name,
};
orig_base_fsp_name = fsp->base_fsp->fsp_name;
fsp->base_fsp->fsp_name = &base_smb_fname_rel;
}
Note that fsp->base_fsp->fsp_name now points at a
stack variable struct smb_filename, with smb_fname->fsp == NULL.
This fixes that problem by removing the horrid
stack based smb_filename and changing to use a
talloc'ed fsp->base_fsp->fsp_name, with
correctly linked fsp->base_fsp->fsp_name-> pointer.
Remove the selftest/knownfail.d/fruit_vfs_invariant
file as all vfs_fruit tests now pass again.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Thu, 1 Jul 2021 18:26:21 +0000 (11:26 -0700)]
s3: smbd: Code inside non_widelink_open() breaks an invarient inside the VFS. Demonstrate this.
vfs_fruit isn't the bad guy here. It's just a convenient
place to show that non_widelink_open() violates:
fsp->base_fsp->fsp_name->fsp == fsp->base_fsp invarient
Add selftest/knownfail.d/fruit_vfs_invariant to show
what this breaks. Next patch will fix the non_widelink_open()
code and remove the knownfail.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pavel Filipenský [Fri, 2 Jul 2021 07:14:18 +0000 (09:14 +0200)]
s3:libads: Remove extra new line in keytab list output
net ads keytab list prints extra new line for uknown encoding types,
so it spans over two lines, instead over a single line:
1 AES-128 CTS mode with 96-bit SHA-1 HMAC ADDC$@ADDOM.SAMBA.EXAMPLE.COM
1 UNKNOWN: 3
ADDC$@ADDOM.SAMBA.EXAMPLE.COM
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jul 2 11:45:48 UTC 2021 on sn-devel-184
Stefan Metzmacher [Fri, 10 Apr 2020 21:10:28 +0000 (23:10 +0200)]
s4:kdc: prefer newer enctypes for preauth responses
This matches Windows KDCs, which was demonstrated by the
krb5.as_req_tests tests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 1 18:37:14 UTC 2021 on sn-devel-184
Joseph Sutton [Mon, 21 Jun 2021 02:14:48 +0000 (14:14 +1200)]
s4:torture/krb5/kdc-heimdal: Automatically determine AS-REP enctype to check against
This enables us to more easily switch to a different algorithm to find
the strongest key in _kdc_find_etype().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Wed, 16 Jun 2021 00:52:11 +0000 (12:52 +1200)]
tests/krb5: Use admin creds for SamDB rather than user creds
This makes the purpose of each set of credentials more consistent, and
makes some tests more convenient to run standalone as they no longer
require user credentials.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 15 Jun 2021 23:49:05 +0000 (11:49 +1200)]
tests/krb5/as_canonicalization_tests.py: Refactor account creation
Making this test a subclass of KDCBaseTest allows us to make use of its
methods for obtaining credentials and creating accounts, which helps to
eliminate some duplicated code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 15 Jun 2021 23:01:50 +0000 (11:01 +1200)]
tests/krb5: Deduplicate 'host' attribute initialisation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 15 Jun 2021 01:25:34 +0000 (13:25 +1200)]
tests/krb5/raw_testcase.py: Check for an explicit 'unspecified kvno' value
This is clearer than using the constant zero, which could be mistaken
for a valid kvno value.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Tue, 15 Jun 2021 01:24:22 +0000 (13:24 +1200)]
tests/krb5/as_req_tests.py: Check the client kvno
Ensure we have the correct kvno for the client, rather than an 'unknown'
value.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Tue, 21 Apr 2020 09:07:45 +0000 (11:07 +0200)]
tests/krb5/as_req_tests.py: add simple test_as_req_enc_timestamp test
Example commands:
Windows 2012R2:
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=
a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=
4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
2eb6d146a2653d333cdbfb641a4efbc3de81af49e878e112bb4f6cbdd73fca52 KRBTGT_RC4_KEY_HEX=
4e6d99c30e5fab901ea71f8894289d3b python/samba/tests/krb5/as_req_tests.py AsReqKerberosTests
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.188 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W2012R2-L6 REALM=W2012R2-L6.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=ldaptestuser CLIENT_PASSWORD=
a1B2c3D4 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=4 python/samba/tests/krb5/as_req_tests.py
Windows 2008R2:
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=
A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=
dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=
dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=
A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.133 SMB_CONF_PATH=/dev/null STRICT_CHECKING=1 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
Samba:
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=
A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=
dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 KRBTGT_KVNO=2 KRBTGT_AES256_KEY_HEX=
550aea2ea2719cb81c87692569796d1b3a099d433a93438f53bee798cc2f83be KRBTGT_RC4_KEY_HEX=
dbc0d1feaaca3d5abc6794857b7f6fe0 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=administrator CLIENT_PASSWORD=
A1b2C3d4 CLIENT_AS_SUPPORTED_ENCTYPES=4 CLIENT_KVNO=1 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 CLIENT_USERNAME=cifsmount CLIENT_PASSWORD=
A1b2C3d4-08 CLIENT_AS_SUPPORTED_ENCTYPES=28 CLIENT_KVNO=17 python/samba/tests/krb5/as_req_tests.py
SERVER=172.31.9.163 SMB_CONF_PATH=/dev/null STRICT_CHECKING=0 DOMAIN=W4EDOM-L4 REALM=W4EDOM-L4.BASE ADMIN_USERNAME=administrator ADMIN_PASSWORD=
A1b2C3d4 python/samba/tests/krb5/as_req_tests.py
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 16 Jun 2021 02:51:22 +0000 (14:51 +1200)]
tests/krb5/as_req_tests.py: Automatically obtain credentials
The credentials for the client and krbtgt accounts are now fetched
automatically rather than using environment variables, and the client
account is now automatically created.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>