amitay/samba.git
8 months agoFix spelling mistakes
Olly Betts [Tue, 27 Nov 2018 22:10:17 +0000 (11:10 +1300)]
Fix spelling mistakes

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoNew testcase samba3.blackbox.net_rpc_join_creds
Olly Betts [Tue, 23 Oct 2018 22:46:11 +0000 (11:46 +1300)]
New testcase samba3.blackbox.net_rpc_join_creds

Tests that you can now use a credentials file with net.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agonet: Add support for a credentials file
Olly Betts [Tue, 1 May 2018 01:19:58 +0000 (13:19 +1200)]
net: Add support for a credentials file

Add support for the same -A authfile/--authentication-file authfile
option that most of the other tools already do.

Signed-off-by: Olly Betts <olly@survex.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agos3/testparm: Reduce debug level to 1
Anoop C S [Fri, 23 Nov 2018 08:41:45 +0000 (14:11 +0530)]
s3/testparm: Reduce debug level to 1

Adhere to what we document in manual page for testparm that default
debug level is set to reasonable value 1.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 29 11:52:22 CET 2018 on sn-devel-144

8 months agos4:torture: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Wed, 21 Nov 2018 10:38:24 +0000 (11:38 +0100)]
s4:torture: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Thu Nov 29 02:20:48 CET 2018 on sn-devel-144

8 months agos4:smbd: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Wed, 21 Nov 2018 10:37:26 +0000 (11:37 +0100)]
s4:smbd: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos4:ntvfs: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Wed, 21 Nov 2018 10:36:23 +0000 (11:36 +0100)]
s4:ntvfs: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos4:lib: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Wed, 21 Nov 2018 10:33:51 +0000 (11:33 +0100)]
s4:lib: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:winbindd: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:58:28 +0000 (15:58 +0100)]
s3:winbindd: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:utils: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:57:51 +0000 (15:57 +0100)]
s3:utils: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:smbd: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:57:09 +0000 (15:57 +0100)]
s3:smbd: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:rpc_server: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:56:14 +0000 (15:56 +0100)]
s3:rpc_server: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:nmbd: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:55:43 +0000 (15:55 +0100)]
s3:nmbd: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:modules: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:54:28 +0000 (15:54 +0100)]
s3:modules: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:libsmb: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 14:53:23 +0000 (15:53 +0100)]
s3:libsmb: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:libads: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:14:07 +0000 (14:14 +0100)]
s3:libads: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:lib: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:12:49 +0000 (14:12 +0100)]
s3:lib: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:include: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:12:23 +0000 (14:12 +0100)]
s3:include: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:ldap: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:11:39 +0000 (14:11 +0100)]
s3:ldap: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3:auth: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:10:36 +0000 (14:10 +0100)]
s3:auth: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agonss_winbind: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:08:31 +0000 (14:08 +0100)]
nss_winbind: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agowins: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:08:05 +0000 (14:08 +0100)]
wins: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agowbclient: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:07:39 +0000 (14:07 +0100)]
wbclient: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agokrb5_plugin: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:06:48 +0000 (14:06 +0100)]
krb5_plugin: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agolibcli:smbreadline: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:06:21 +0000 (14:06 +0100)]
libcli:smbreadline: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agolibcli:smb: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:05:39 +0000 (14:05 +0100)]
libcli:smb: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agolib:util: Avoid name confusion with config.h
Andreas Schneider [Wed, 21 Nov 2018 17:24:59 +0000 (18:24 +0100)]
lib:util: Avoid name confusion with config.h

The HAVE_* is normally used for config.h definitions, so rename it to
USE_ASM_BYTEORDER.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agolib:util: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:01:20 +0000 (14:01 +0100)]
lib:util: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agotdb: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 13:00:39 +0000 (14:00 +0100)]
tdb: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoreplace: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 12:57:48 +0000 (13:57 +0100)]
replace: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agokrb5_wrap: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 12:57:13 +0000 (13:57 +0100)]
krb5_wrap: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoctdb: Use #ifdef instead of #if for config.h definitions
Andreas Schneider [Tue, 20 Nov 2018 12:55:49 +0000 (13:55 +0100)]
ctdb: Use #ifdef instead of #if for config.h definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoautobuild: Add _FORTIFY_SOURCE=2 to the -O3 build
Andreas Schneider [Tue, 20 Nov 2018 11:11:43 +0000 (12:11 +0100)]
autobuild: Add _FORTIFY_SOURCE=2 to the -O3 build

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agowafsamba: Do not always set _FORTIFY_SOURCE=2
Andreas Schneider [Tue, 20 Nov 2018 11:09:31 +0000 (12:09 +0100)]
wafsamba: Do not always set _FORTIFY_SOURCE=2

This requires to be compiled with optimization (-O).

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agos3: Remove unsused MMAP_BLACKLIST ifdef checks
Andreas Schneider [Tue, 20 Nov 2018 11:06:13 +0000 (12:06 +0100)]
s3: Remove unsused MMAP_BLACKLIST ifdef checks

This doesn't get defined by anything.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agolib:replace: Check if HAVE_DECL_ENVIRON is defined first
Andreas Schneider [Tue, 20 Nov 2018 11:01:32 +0000 (12:01 +0100)]
lib:replace: Check if HAVE_DECL_ENVIRON is defined first

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agokrb5_wrap: Fix a typo
Volker Lendecke [Wed, 21 Nov 2018 13:55:10 +0000 (14:55 +0100)]
krb5_wrap: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 28 21:15:31 CET 2018 on sn-devel-144

8 months agoauth: Align integer types
Volker Lendecke [Tue, 20 Nov 2018 16:03:17 +0000 (17:03 +0100)]
auth: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agolib: Align integer types
Volker Lendecke [Tue, 20 Nov 2018 12:38:05 +0000 (13:38 +0100)]
lib: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agokrb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()
Volker Lendecke [Tue, 20 Nov 2018 16:45:11 +0000 (17:45 +0100)]
krb5_wrap: Add a talloc_ctx to smb_krb5_principal_get_realm()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agocredentials: Remove an unnecessary talloc_steal()
Volker Lendecke [Wed, 21 Nov 2018 14:30:29 +0000 (15:30 +0100)]
credentials: Remove an unnecessary talloc_steal()

ccc was already allocated off cred, this talloc_steal was a no-op.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agocredentials: Fix set_ccache with empty creds cache
Volker Lendecke [Wed, 21 Nov 2018 14:28:42 +0000 (15:28 +0100)]
credentials: Fix set_ccache with empty creds cache

This is an extension of bb2f7e3aee7e9b8: Without this fix in the
"empty ccache" case we never set cred->ccache, so the whole call to
cli_credentials_set_ccache became pointless

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agocredentials: Fix an error path memleak
Volker Lendecke [Wed, 21 Nov 2018 14:24:24 +0000 (15:24 +0100)]
credentials: Fix an error path memleak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agocredentials: Only do shallow copies of valid ccaches
Volker Lendecke [Wed, 21 Nov 2018 16:36:35 +0000 (17:36 +0100)]
credentials: Only do shallow copies of valid ccaches

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agotfork: add a README how to run test torture test under valgrind
Ralph Boehme [Tue, 20 Nov 2018 14:50:52 +0000 (15:50 +0100)]
tfork: add a README how to run test torture test under valgrind

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 28 15:57:43 CET 2018 on sn-devel-144

8 months agotfork: add a suppresssions file for drd
Ralph Boehme [Tue, 20 Nov 2018 15:03:03 +0000 (16:03 +0100)]
tfork: add a suppresssions file for drd

drd reports:

 initialized twice: cond 0x514f188
    at 0x4C3A399: pthread_cond_init_intercept (drd_pthread_intercepts.c:1022)
    by 0x4C3A399: pthread_cond_init@* (drd_pthread_intercepts.c:1030)
    by 0x50F3FF3: tfork_atfork_child (tfork.c:250)
    by 0x9A4B95D: fork (fork.c:204)
    by 0x50F4834: tfork_start_waiter_and_worker (tfork.c:581)
    by 0x50F4CDB: tfork_create (tfork.c:780)
    by 0x2F7469: tfork_thread (tfork.c:431)
    by 0x4C358F8: vgDrd_thread_wrapper (drd_pthread_intercepts.c:444)
    by 0x8D46593: start_thread (pthread_create.c:463)
    by 0x9A7EE6E: clone (clone.S:95)
 cond 0x514f188 was first observed at:
    at 0x4C3A399: pthread_cond_init_intercept (drd_pthread_intercepts.c:1022)
    by 0x4C3A399: pthread_cond_init@* (drd_pthread_intercepts.c:1030)
    by 0x50F413A: tfork_global_initialize (tfork.c:287)
    by 0x8D4DEA6: __pthread_once_slow (pthread_once.c:116)
    by 0x4C377FD: pthread_once_intercept (drd_pthread_intercepts.c:800)
    by 0x4C377FD: pthread_once (drd_pthread_intercepts.c:806)
    by 0x50F4C0E: tfork_create (tfork.c:743)
    by 0x2F7469: tfork_thread (tfork.c:431)
    by 0x4C358F8: vgDrd_thread_wrapper (drd_pthread_intercepts.c:444)
    by 0x8D46593: start_thread (pthread_create.c:463)
    by 0x9A7EE6E: clone (clone.S:95)

This is intentional, the reinit is in a child process. Cf the comment in
tfork.c.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agotfork: add a suppresssions file for helgrind
Ralph Boehme [Mon, 19 Nov 2018 14:18:34 +0000 (15:18 +0100)]
tfork: add a suppresssions file for helgrind

tfork_atexit_unknown[1|2]:

  No idea what triggers this, definitely not tfork itself.

tfork_pthread_get_specific:

 Helgrind reports:

 Possible data race during read of size 4 at 0x5141304 by thread #3
 Locks held: none
    at 0x50E602E: tfork_global_get (tfork.c:301)
    by 0x50E69B1: tfork_create (tfork.c:737)
    by 0x2F7419: tfork_thread (tfork.c:431)
    by 0x4C35AC5: mythread_wrapper (hg_intercepts.c:389)
    by 0x8D38593: start_thread (pthread_create.c:463)
    by 0x9A70E6E: clone (clone.S:95)

 This conflicts with a previous write of size 4 by thread #2
 Locks held: none
    at 0x8D3F7B7: pthread_key_create (pthread_key_create.c:41)
    by 0x50E5F79: tfork_global_initialize (tfork.c:280)
    by 0x8D3FEA6: __pthread_once_slow (pthread_once.c:116)
    by 0x50E6999: tfork_create (tfork.c:728)
    by 0x2F7419: tfork_thread (tfork.c:431)
    by 0x4C35AC5: mythread_wrapper (hg_intercepts.c:389)
    by 0x8D38593: start_thread (pthread_create.c:463)
    by 0x9A70E6E: clone (clone.S:95)
  Location 0x5141304 is 0 bytes inside global var "tfork_global_key"
  declared at tfork.c:122

  This is nonsense, tfork_global_get() calls pthread_getspecific, so
  we're looking at the pthread_key_create()/pthread_[g|s]etspecific()
  API here which works with threads by design.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agotfork: TFORK_ANNOTATE_BENIGN_RACE
Ralph Boehme [Mon, 19 Nov 2018 22:07:55 +0000 (23:07 +0100)]
tfork: TFORK_ANNOTATE_BENIGN_RACE

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agotfork/test: ensure all threads start with SIGCHLD unblocked
Ralph Boehme [Mon, 19 Nov 2018 15:47:33 +0000 (16:47 +0100)]
tfork/test: ensure all threads start with SIGCHLD unblocked

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow
Tim Beale [Tue, 13 Nov 2018 00:22:41 +0000 (13:22 +1300)]
CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow

Clearly the lockOutObservationWindow value is important, and using a
default value of zero doesn't work very well.

This patch adds a better default value (the domain default setting of 30
minutes).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Wed Nov 28 11:31:14 CET 2018 on sn-devel-144

8 months agoCVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs
Tim Beale [Tue, 13 Nov 2018 00:19:04 +0000 (13:19 +1300)]
CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs

Fix a remaining place where we were trying to read the
msDS-LockoutObservationWindow as an int instead of an int64.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int
Tim Beale [Mon, 12 Nov 2018 23:24:16 +0000 (12:24 +1300)]
CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int

Commit 442a38c918ae1666b35 refactored some code into a new
get_lockout_observation_window() function. However, in moving the code,
an ldb_msg_find_attr_as_int64() inadvertently got converted to a
ldb_msg_find_attr_as_int().

ldb_msg_find_attr_as_int() will only work for values up to -2147483648
(about 3.5 minutes in MS timestamp form). Unfortunately, the automated
tests used a low enough timeout that they still worked, however,
password lockout would not work with the Samba default settings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16857 tests: Sanity-check password lockout works with default values
Tim Beale [Mon, 12 Nov 2018 22:49:56 +0000 (11:49 +1300)]
CVE-2018-16857 tests: Sanity-check password lockout works with default values

Sanity-check that when we use the default lockOutObservationWindow that
user lockout actually works.

The easiest way to do this is to reuse the _test_login_lockout()
test-case, but stop at the point where we wait for the lockout duration
to expire (because we don't want the test to wait 30 mins).

This highlights a problem currently where the default values don't work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16853: fix crash in expired passowrd case
Isaac Boukris [Wed, 7 Nov 2018 20:53:35 +0000 (22:53 +0200)]
CVE-2018-16853: fix crash in expired passowrd case

When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.

Fixes expired passowrd case in samba4.blackbox.kinit test.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16853: Do not segfault if client is not set
Andreas Schneider [Wed, 28 Sep 2016 05:22:32 +0000 (07:22 +0200)]
CVE-2018-16853: Do not segfault if client is not set

This can be triggered with FAST but we don't support this yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16853: Add a test to verify s4u2self doesn't crash
Isaac Boukris [Sat, 18 Aug 2018 13:01:59 +0000 (16:01 +0300)]
CVE-2018-16853: Add a test to verify s4u2self doesn't crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16853: The ticket in check_policy_as can actually be a TGS
Isaac Boukris [Fri, 17 Aug 2018 21:40:30 +0000 (00:40 +0300)]
CVE-2018-16853: The ticket in check_policy_as can actually be a TGS

This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL.  Use the name from client entry instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16853: Fix kinit test on system lacking ldbsearch
Isaac Boukris [Sat, 18 Aug 2018 12:32:43 +0000 (15:32 +0300)]
CVE-2018-16853: Fix kinit test on system lacking ldbsearch

By fixing bindir variable name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
8 months agoCVE-2018-16853 WHATSNEW: The Samba AD DC, when build with MIT Kerberos is experimental
Andrew Bartlett [Tue, 6 Nov 2018 00:40:48 +0000 (13:40 +1300)]
CVE-2018-16853 WHATSNEW: The Samba AD DC, when build with MIT Kerberos is experimental

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoCVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental
Andrew Bartlett [Tue, 6 Nov 2018 00:32:05 +0000 (13:32 +1300)]
CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental

This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoCVE-2018-16852 dcerpc dnsserver: refactor common properties handling
Gary Lockyer [Wed, 7 Nov 2018 02:08:04 +0000 (15:08 +1300)]
CVE-2018-16852 dcerpc dnsserver: refactor common properties handling

dnsserver_common.c and dnsutils.c both share similar code to process
zone properties.  This patch extracts the common code and moves it to
dnsserver_common.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly
Gary Lockyer [Mon, 5 Nov 2018 23:16:30 +0000 (12:16 +1300)]
CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly

Fixes for
Bug 13669 - (CVE-2018-16852) NULL
            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16852 dcerpc dnsserver: Verification tests
Gary Lockyer [Mon, 5 Nov 2018 23:10:07 +0000 (12:10 +1300)]
CVE-2018-16852 dcerpc dnsserver: Verification tests

Tests to verify
Bug 13669 - (CVE-2018-16852) NULL
            pointer de-reference in Samba AD DC DNS management

The presence of the ZONE_MASTER_SERVERS property or the
ZONE_SCAVENGING_SERVERS property in a zone record causes the server to
follow a null pointer and terminate.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16851 ldap_server: Check ret before manipulating blob
Garming Sam [Mon, 5 Nov 2018 03:18:18 +0000 (16:18 +1300)]
CVE-2018-16851 ldap_server: Check ret before manipulating blob

In the case of hitting the talloc ~256MB limit, this causes a crash in
the server.

Note that you would actually need to load >256MB of data into the LDAP.
Although there is some generated/hidden data which would help you reach that
limit (descriptors and RMD blobs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoCVE-2018-16841 selftest: Check for mismatching principal in certficate compared with...
Andrew Bartlett [Wed, 24 Oct 2018 02:41:28 +0000 (15:41 +1300)]
CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoCVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal
Andrew Bartlett [Tue, 23 Oct 2018 04:33:46 +0000 (17:33 +1300)]
CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal

In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free
mem_ctx.

This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the
MIT KDC effort.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
8 months agoCVE-2018-14629 dns: CNAME loop prevention using counter
Aaron Haslett [Tue, 23 Oct 2018 04:25:51 +0000 (17:25 +1300)]
CVE-2018-14629 dns: CNAME loop prevention using counter

Count number of answers generated by internal DNS query routine and stop at
20 to match Microsoft's loop prevention mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
8 months agodns: prevent self-referencing CNAME
Aaron Haslett [Mon, 22 Oct 2018 22:52:07 +0000 (11:52 +1300)]
dns: prevent self-referencing CNAME

Stops the user from adding a self-referencing CNAME over RPC, which is an easy
mistake to make with samba-tool.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
8 months agonotifyd: Improve a debug message
Volker Lendecke [Mon, 26 Nov 2018 15:21:16 +0000 (16:21 +0100)]
notifyd: Improve a debug message

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 27 21:42:24 CET 2018 on sn-devel-144

8 months agowinbind: Use dom_sid_str_buf
Volker Lendecke [Sat, 24 Nov 2018 12:25:25 +0000 (13:25 +0100)]
winbind: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 27 10:38:11 CET 2018 on sn-devel-144

8 months agolibcli: Use dom_sid_str_buf
Volker Lendecke [Sat, 24 Nov 2018 12:16:56 +0000 (13:16 +0100)]
libcli: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agolibcli: Use dom_sid_str_buf
Volker Lendecke [Sat, 24 Nov 2018 12:16:56 +0000 (13:16 +0100)]
libcli: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agoidmap_cache: Use dom_sid_str_buf
Volker Lendecke [Sat, 24 Nov 2018 12:14:23 +0000 (13:14 +0100)]
idmap_cache: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agowinbind: Fix "wbint_Principals" definition
Volker Lendecke [Fri, 23 Nov 2018 08:03:13 +0000 (09:03 +0100)]
winbind: Fix "wbint_Principals" definition

A signed integer does not make any sense for an IDL array length

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agowinbind: Use dom_sid_str_buf
Volker Lendecke [Fri, 23 Nov 2018 07:58:59 +0000 (08:58 +0100)]
winbind: Use dom_sid_str_buf

Also fix a DBG format string specifier

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agowinbind: Use dom_sid_str_buf
Volker Lendecke [Fri, 23 Nov 2018 07:55:13 +0000 (08:55 +0100)]
winbind: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agowinbind: Use dom_sid_str_buf
Volker Lendecke [Fri, 23 Nov 2018 07:53:45 +0000 (08:53 +0100)]
winbind: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agolibgpo: Align integer types
Volker Lendecke [Fri, 23 Nov 2018 07:50:47 +0000 (08:50 +0100)]
libgpo: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agolibgpo: Use dom_sid_str_buf
Volker Lendecke [Fri, 23 Nov 2018 07:49:44 +0000 (08:49 +0100)]
libgpo: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agolibads: Give krb5_errs.c its own header
Volker Lendecke [Fri, 23 Nov 2018 11:34:50 +0000 (12:34 +0100)]
libads: Give krb5_errs.c its own header

The protos were declared in lib/krb5_wrap but the functions are not
available there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name
Ralph Boehme [Wed, 21 Nov 2018 16:20:30 +0000 (17:20 +0100)]
vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name

Stacked VFS modules might use the file name, not the file
handle. Looking at you, vfs_fruit...

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:smbd: pass down twrp from SMB2_CREATE to filename_convert()
Ralph Boehme [Sat, 24 Nov 2018 09:54:06 +0000 (10:54 +0100)]
s3:smbd: pass down twrp from SMB2_CREATE to filename_convert()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:smbd: add twrp args to filename_convert()
Ralph Boehme [Sat, 24 Nov 2018 09:45:49 +0000 (10:45 +0100)]
s3:smbd: add twrp args to filename_convert()

All existing callers pass NULL, no change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:smbd: add twrp processing to filename_convert_internal()
Ralph Boehme [Sat, 24 Nov 2018 08:05:37 +0000 (09:05 +0100)]
s3:smbd: add twrp processing to filename_convert_internal()

Not used for now, existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:smbd: prepare filename_convert_internal() for twrp
Ralph Boehme [Sat, 24 Nov 2018 07:56:49 +0000 (08:56 +0100)]
s3:smbd: prepare filename_convert_internal() for twrp

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:selftest: add a VSS test reading a stream
Ralph Boehme [Fri, 23 Nov 2018 13:36:56 +0000 (14:36 +0100)]
s3:selftest: add a VSS test reading a stream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_shadow_copy2: nicely deal with attempts to open previous version for writing
Ralph Boehme [Fri, 23 Nov 2018 13:08:15 +0000 (14:08 +0100)]
vfs_shadow_copy2: nicely deal with attempts to open previous version for writing

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted
Ralph Boehme [Thu, 22 Nov 2018 10:04:54 +0000 (11:04 +0100)]
vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted

Can be used by callers to determine if a path is in fact pointing at a
file in a snapshot. Will be used in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()
Ralph Boehme [Thu, 22 Nov 2018 10:02:24 +0000 (11:02 +0100)]
vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal()

Not used for now, all existing callers pass NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos3:script/tests: add a test for VSS write behaviour
Ralph Boehme [Fri, 23 Nov 2018 09:18:44 +0000 (10:18 +0100)]
s3:script/tests: add a test for VSS write behaviour

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agos4:torture: add a test-suite for VSS
Ralph Boehme [Wed, 14 Nov 2018 12:45:11 +0000 (13:45 +0100)]
s4:torture: add a test-suite for VSS

This test will not be run from the main torture test runner in selftest,
as there we don't pass the required arguments 'twrp_file' and
'twrp_snapshot'.

The test needs a carefully prepared environment with provisioned
snapshot data, so the test will be started from a blackbox test
script. That comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_error_inject: add EBADF error
Ralph Boehme [Fri, 23 Nov 2018 09:18:10 +0000 (10:18 +0100)]
vfs_error_inject: add EBADF error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agovfs_error_inject: add pwrite
Ralph Boehme [Fri, 23 Nov 2018 09:07:29 +0000 (10:07 +0100)]
vfs_error_inject: add pwrite

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
8 months agotests: Rework backup test inheritance to make LP constraints clearer
Tim Beale [Thu, 22 Nov 2018 03:56:22 +0000 (16:56 +1300)]
tests: Rework backup test inheritance to make LP constraints clearer

The backup tests have a special constraint where we always want to use
check_output() over runcmd(). The reason is we need the samba-tool
backup/restore commands executed in a separate process. Otherwise the
global underlying LoadParm can accumulate settings from earlier test
case runs.

We can avoid someone in future inadvertently running runcmd() by
mistake, by simply changing the inheritance so we no longer inherit from
SambaToolCmdTest (so the runcmd functions are no longer present).

The comment explaining this has been moved to the top of the file.

Note that the TestCaseInTempDir inheritance was redundant.
BlackboxTestCase inherits from TestCaseInTempDir (and SambaToolCmdTest
was inheriting from BlackboxTestCase).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Tue Nov 27 06:57:03 CET 2018 on sn-devel-144

8 months agotests: Work out DOMSID via samdb rather than environs
Tim Beale [Thu, 22 Nov 2018 20:46:38 +0000 (09:46 +1300)]
tests: Work out DOMSID via samdb rather than environs

Not all testenvs have the DOMSID set as an environment variable.
However, it's easy enough to work out from querying the samdb.

This is a slight change in that we use a source4-generated loadparm
to connect to the DB (self.lp is source3-generated, presumably for
some SMB connection dependency).

This change is so we can run the ntacls_backup tests against a DC with
SMBv1 disabled (the restoredc). Note that currently the tests fail in
the smb.SMB() connection in the setUp(), so we can't run them as part
of autobuild just yet (because we can't known-fail test errors).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agotests: Run backup tests against restoredc (SMBv1 disabled)
Tim Beale [Thu, 22 Nov 2018 01:05:01 +0000 (14:05 +1300)]
tests: Run backup tests against restoredc (SMBv1 disabled)

Running the backup tests against the restoredc highlights that the
backup online/rename commands don't work if SMBv1 is disabled. Note that
the offline commands still work because they don't rely on an SMB
connection to the server.

(Note that running the backup tests against the restoredc is probably a
good idea anyway, to prove that there's no limit to the number of times
you can restore a domain from backup, i.e. we support more than just a
one-off restore).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agopython/samba/test: PY3 port samba.tests.domain_backup
Noel Power [Mon, 5 Nov 2018 19:00:20 +0000 (19:00 +0000)]
python/samba/test: PY3 port samba.tests.domain_backup

The restoredc already runs under python3, so before we can run the
domain_backup tests against the restoredc, we need to make sure they
work under python3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agotests: Handle backup command exceptions as test failures, not errors
Tim Beale [Thu, 22 Nov 2018 01:35:58 +0000 (14:35 +1300)]
tests: Handle backup command exceptions as test failures, not errors

If the backup command fails (i.e. throws an exception), we want the test
to fail. This makes it easier to mark tests as 'knownfail' (because we
can't knownfail test errors).

In theory, this should just involve updating run_cmd() to catch any
exceptions from the command and then call self.fail().

However, if the backup command fails, it can leave behind files in the
targetdir. Partly this is intentional, as these files may provide clues
to users as to why the command failed. However, in selftest, it causes
the TestCaseInTempDir._remove_tempdir() assertion to fire. Because this
assert actually gets run as part of the teardown, the assertion gets
treated as an error rather than a failure (and so we can't knownfail the
backup tests). To get around this, we remove any files in the tempdir
prior to calling self.fail().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agotests: Rework backup test_backup_invalid_args test-case
Tim Beale [Thu, 22 Nov 2018 01:35:58 +0000 (14:35 +1300)]
tests: Rework backup test_backup_invalid_args test-case

self.create_backup() uses self.run_cmd(), which is a wrapper around
self.check_output(). Rework the code to call the underlying
check_output() function directly instead.

The reason we're doing this is we want run_cmd() to catch exceptions and
fail the test (i.e. in the next patch). However, we can't do that because
this test case relies on receiving the exceptions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
8 months agoselftest: Designate one testenv as having SMBv1 disabled
Tim Beale [Thu, 22 Nov 2018 00:22:19 +0000 (13:22 +1300)]
selftest: Designate one testenv as having SMBv1 disabled

We recommend users disable SMBv1 to avoid potential security holes.
However, none of the AD DC testenvs have SMBv1 disabled.

This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc).

I chose restoredc as we'll want to run the backup tool tests against
this target, and it might be useful to check we can backup a DC if it's
already been restored once.

Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does),
which is why we haven't just disabled SMBv1 on *all* testenvs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>