The branch, master has been updated via ca7b7bde391 selftest: Use "debug syslog format = always" in selftest via 83fe7a0316d lib/util: Add "debug syslog format = always", which logs to stdout in syslog style via 33effa76d6b s4:torture: Extend smb2 session requested_life_time via e69453fc417 s4:torture: Fix warning messages for smb2.session via 6dc7ae8b143 s4:torture: Fix warning messages for smb.raw.session via 67535ac2259 s4:torture: Remove trailing white spaces via 938cbe07db8 s3:tests: Add exit code with failed tests via d163d1ba7aa s3:tests: Use CONFIGURATION passed down to the test via fa591f52234 s3:tests: Correctly implement tests for forceuser/forcegroup via bfae4262036 s3:tests: Use the CONFIGURATION passed down to the test via d8acec0caf8 s3:selftest: Remove ad_dc_ntvfs for smbclient_machine_auth.plain via e5ef368fb61 lib:ldb:tests: Fix signedness build error via 0ef53b948e1 net_ads: fill ads->auth.realm from c->creds via 3b585f9e8cc testprogs/blackbox: add test_net_ads_search_server.sh from 112faff82f9 dsdb: modify unicodePwd requires encrypted connection
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ca7b7bde3915a821b1b9911abf18d2d441665382 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Apr 6 12:28:12 2023 +1200 selftest: Use "debug syslog format = always" in selftest Some of the most difficult to debug issues in Samba development are around timing, so this changes our default logging format in the selftest system to include a high-resolution timestamp to help correlate bad events with what else is going on at the same time. This fits in well with the timestamps already logged into st/subunit and may assist with correlation. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Autobuild-User(master): Stefan Metzmacher <me...@samba.org> Autobuild-Date(master): Thu Apr 6 13:44:47 UTC 2023 on atb-devel-224 commit 83fe7a0316d3e5867a56cfdc51ec17f36ea03889 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Apr 6 12:26:11 2023 +1200 lib/util: Add "debug syslog format = always", which logs to stdout in syslog style Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 33effa76d6bdb53ecfc1e77c6706d765e34716be Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 10:04:57 2023 +0200 s4:torture: Extend smb2 session requested_life_time It also only waits for the required amount of time elapsed. Hopefully this should avoid running into timeouts. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit e69453fc41767fe99ed95b624d3fb25dc17b1ad6 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 10:04:34 2023 +0200 s4:torture: Fix warning messages for smb2.session Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 6dc7ae8b143bdd9d9573426d7ad6e753e1ff960e Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 10:00:15 2023 +0200 s4:torture: Fix warning messages for smb.raw.session Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 67535ac22594b7b7558871b8d582aa768925a144 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 09:59:14 2023 +0200 s4:torture: Remove trailing white spaces Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 938cbe07db8eb4784b40c961857707a31108793e Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 09:23:41 2023 +0200 s3:tests: Add exit code with failed tests Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d163d1ba7aa1c511fadd69c39aa0df155e71b4d0 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 09:21:24 2023 +0200 s3:tests: Use CONFIGURATION passed down to the test Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit fa591f5223434b63429c5505ffbe948b4d6d6847 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 08:48:29 2023 +0200 s3:tests: Correctly implement tests for forceuser/forcegroup They used the tmp share ... Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit bfae42620365e8caf41f181286268e8f18470aaa Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 08:47:16 2023 +0200 s3:tests: Use the CONFIGURATION passed down to the test Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit d8acec0caf820429c4e81b8c99b87d26105568e0 Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 08:57:49 2023 +0200 s3:selftest: Remove ad_dc_ntvfs for smbclient_machine_auth.plain There is no need to run it against this environment and saves resources. Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit e5ef368fb61dd81dcdbd10dc2009cbbd96c399ca Author: Andreas Schneider <a...@samba.org> Date: Wed Apr 5 08:44:54 2023 +0200 lib:ldb:tests: Fix signedness build error lib/ldb/tests/ldb_filter_attrs_in_place_test.c:836:55: error: pointer targets in passing argument 1 of ‘_assert_string_equal’ differ in signedness [-Werror=pointer-sign] 836 | assert_string_equal(msg->elements[0].values[0].data, | ^ | | | uint8_t * {aka unsigned char *} Signed-off-by: Andreas Schneider <a...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> commit 0ef53b948e13eb36b536228cccd89aa4c2adbb90 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Mar 2 14:46:25 2023 +0100 net_ads: fill ads->auth.realm from c->creds We get the realm we use for authentication needs to the realm belonging to the username we use. We derive the username from c->creds, so we need to do the same for the realm. Otherwise we try to authenticate as the wrong user. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 3b585f9e8cc320841fab4cd5c3be53788d0a87ac Author: Stefan Metzmacher <me...@samba.org> Date: Wed Apr 5 16:45:21 2023 +0200 testprogs/blackbox: add test_net_ads_search_server.sh This reproduces a regression with 'net ads search -P --server server.of.trusted.domain' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15323 Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: ctdb/common/logging.c | 2 +- docs-xml/smbdotconf/logging/debugsyslogformat.xml | 16 ++- lib/ldb/tests/ldb_filter_attrs_in_place_test.c | 2 +- lib/param/param_table.c | 12 ++ lib/util/debug.c | 39 ++++-- lib/util/debug.h | 8 +- selftest/knownfail.d/smbclient_machine_auth.plain | 7 + selftest/target/Samba3.pm | 3 + selftest/target/Samba4.pm | 3 + .../script/tests/test_smbclient_machine_auth.sh | 37 +++-- source3/script/tests/test_smbclient_ntlm.sh | 39 +++--- source3/selftest/tests.py | 2 +- source3/utils/net_ads.c | 10 +- source4/selftest/tests.py | 11 ++ source4/torture/raw/session.c | 22 +-- source4/torture/smb2/session.c | 156 +++++++++++++++++---- testprogs/blackbox/test_net_ads_search_server.sh | 37 +++++ 17 files changed, 332 insertions(+), 74 deletions(-) create mode 100644 selftest/knownfail.d/smbclient_machine_auth.plain create mode 100755 testprogs/blackbox/test_net_ads_search_server.sh Changeset truncated at 500 lines: diff --git a/ctdb/common/logging.c b/ctdb/common/logging.c index 3aa5ca996ee..ad6d0c959a4 100644 --- a/ctdb/common/logging.c +++ b/ctdb/common/logging.c @@ -146,7 +146,7 @@ static int file_log_setup(TALLOC_CTX *mem_ctx, const char *app_name) { struct debug_settings settings = { - .debug_syslog_format = true, + .debug_syslog_format = DEBUG_SYSLOG_FORMAT_ALWAYS, .debug_hires_timestamp = true, .debug_no_stderr_redirect = true, }; diff --git a/docs-xml/smbdotconf/logging/debugsyslogformat.xml b/docs-xml/smbdotconf/logging/debugsyslogformat.xml index f943f3a5323..ee1627de534 100644 --- a/docs-xml/smbdotconf/logging/debugsyslogformat.xml +++ b/docs-xml/smbdotconf/logging/debugsyslogformat.xml @@ -1,16 +1,28 @@ <samba:parameter name="debug syslog format" context="G" - type="boolean" + type="enum" + enumlist="enum_debug_syslog_format" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para> - With this option enabled, debug messages are printed in a + With this option enabled (<constant>yes</constant> (alias + <constant>in_logs</constant>) or + <constant>always</constant>), debug messages are printed in a single-line format like that traditionally produced by syslog. The timestamp consists of an abbreviated month, space-padded date, and time including seconds. This is followed by the hostname and the program name, with the process-ID in square brackets. </para> + <para>The value <constant>always</constant> produces this log + format even to <constant>STDOUT</constant> or + <constant>STDERR</constant> + </para> + + <para>The value <constant>no</constant> defers to other parameters + and typically produces traditional two-line Samba logs to log files. + </para> + <para> If <smbconfoption name="debug hires timestamp"/> is also enabled then an RFC5424 timestamp is used instead. diff --git a/lib/ldb/tests/ldb_filter_attrs_in_place_test.c b/lib/ldb/tests/ldb_filter_attrs_in_place_test.c index da333c73c99..35c778d2080 100644 --- a/lib/ldb/tests/ldb_filter_attrs_in_place_test.c +++ b/lib/ldb/tests/ldb_filter_attrs_in_place_test.c @@ -833,7 +833,7 @@ static void test_filter_attrs_in_place_one_attr_matched_dn(void **state) assert_non_null(msg->dn); assert_string_equal(msg->elements[0].name, "distinguishedName"); assert_int_equal(msg->elements[0].num_values, 1); - assert_string_equal(msg->elements[0].values[0].data, + assert_string_equal((char *)msg->elements[0].values[0].data, ldb_dn_get_linearized(msg->dn)); } diff --git a/lib/param/param_table.c b/lib/param/param_table.c index cd6e3403a4c..512de250a2f 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -418,6 +418,18 @@ static const struct enum_list enum_spotlight_backend[] = { {-1, NULL} }; +static const struct enum_list enum_debug_syslog_format[] = { + {DEBUG_SYSLOG_FORMAT_NO, "No"}, + {DEBUG_SYSLOG_FORMAT_NO, "False"}, + {DEBUG_SYSLOG_FORMAT_NO, "0"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "in_logs"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "Yes"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "True"}, + {DEBUG_SYSLOG_FORMAT_IN_LOGS, "1"}, + {DEBUG_SYSLOG_FORMAT_ALWAYS, "always"}, + {-1, NULL} +}; + /* Note: We do not initialise the defaults union - it is not allowed in ANSI C * * NOTE: Handling of duplicated (synonym) parameters: diff --git a/lib/util/debug.c b/lib/util/debug.c index 43d5151fbab..95de5ce3595 100644 --- a/lib/util/debug.c +++ b/lib/util/debug.c @@ -1557,10 +1557,25 @@ void check_log_size( void ) static void Debug1(const char *msg, size_t msg_len) { int old_errno = errno; + enum debug_logtype logtype = state.logtype; debug_count++; - switch(state.logtype) { + if (state.settings.debug_syslog_format == DEBUG_SYSLOG_FORMAT_ALWAYS) { + switch(state.logtype) { + case DEBUG_STDOUT: + case DEBUG_STDERR: + case DEBUG_DEFAULT_STDOUT: + case DEBUG_DEFAULT_STDERR: + /* Behave the same as logging to a file */ + logtype = DEBUG_FILE; + break; + default: + break; + } + } + + switch(logtype) { case DEBUG_CALLBACK: debug_callback_log(msg, msg_len, current_msg_level); break; @@ -1749,23 +1764,31 @@ bool dbghdrclass(int level, int cls, const char *location, const char *func) dbgsetclass(level, cls); - /* Don't print a header if we're logging to stdout. */ - if ( state.logtype != DEBUG_FILE ) { - return( true ); + /* + * Don't print a header if we're logging to stdout, + * unless 'debug syslog format = always' + */ + if (state.logtype != DEBUG_FILE && + state.settings.debug_syslog_format != DEBUG_SYSLOG_FORMAT_ALWAYS) + { + return true; } - /* Print the header if timestamps are turned on. If parameters are - * not yet loaded, then default to timestamps on. + /* + * Print the header if timestamps (or debug syslog format) is + * turned on. If parameters are not yet loaded, then default + * to timestamps on. */ if (!(state.settings.timestamp_logs || state.settings.debug_prefix_timestamp || - state.settings.debug_syslog_format)) { + state.settings.debug_syslog_format != DEBUG_SYSLOG_FORMAT_NO)) + { return true; } GetTimeOfDay(&tv); - if (state.settings.debug_syslog_format) { + if (state.settings.debug_syslog_format != DEBUG_SYSLOG_FORMAT_NO) { if (state.settings.debug_hires_timestamp) { timeval_str_buf(&tv, true, true, &tvbuf); } else { diff --git a/lib/util/debug.h b/lib/util/debug.h index 4bbfa05df65..4e5ce3da035 100644 --- a/lib/util/debug.h +++ b/lib/util/debug.h @@ -325,12 +325,18 @@ enum debug_logtype { DEBUG_CALLBACK = 5 }; +enum debug_syslog_format { + DEBUG_SYSLOG_FORMAT_NO = 0, + DEBUG_SYSLOG_FORMAT_IN_LOGS = 1, + DEBUG_SYSLOG_FORMAT_ALWAYS = 2, +}; + struct debug_settings { size_t max_log_size; bool timestamp_logs; bool debug_prefix_timestamp; bool debug_hires_timestamp; - bool debug_syslog_format; + enum debug_syslog_format debug_syslog_format; bool debug_pid; bool debug_uid; bool debug_class; diff --git a/selftest/knownfail.d/smbclient_machine_auth.plain b/selftest/knownfail.d/smbclient_machine_auth.plain new file mode 100644 index 00000000000..849c8da0ddf --- /dev/null +++ b/selftest/knownfail.d/smbclient_machine_auth.plain @@ -0,0 +1,7 @@ +# These envs don't have forceuser/forcegroup shares +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...addc.forcegroup\(ad_dc:local\) +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...addc.forceuser\(ad_dc:local\) +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...dc5.forcegroup\(fl2000dc:local\) +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...dc5.forceuser\(fl2000dc:local\) +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...s4member.forcegroup\(s4member:local\) +^samba3.blackbox.smbclient_machine_auth.plain.smbclient...s4member.forceuser\(s4member:local\) diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d83eb879c78..830f0da533c 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -2856,6 +2856,9 @@ sub provision($$) debug pid = yes max log size = 0 + debug syslog format = always + debug hires timestamp = yes + state directory = $lockdir cache directory = $lockdir diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index d15156a538b..4e60155a20f 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -810,6 +810,9 @@ sub provision_raw_step1($$) rpc server port:netlogon = 1026 include system krb5 conf = no + debug syslog format = always + debug hires timestamp = yes + "; print CONFFILE " diff --git a/source3/script/tests/test_smbclient_machine_auth.sh b/source3/script/tests/test_smbclient_machine_auth.sh index abb687c8243..c89f84892e7 100755 --- a/source3/script/tests/test_smbclient_machine_auth.sh +++ b/source3/script/tests/test_smbclient_machine_auth.sh @@ -4,22 +4,41 @@ if [ $# -lt 2 ]; then cat <<EOF -Usage: test_smbclient_machine_auth.sh SERVER SMBCLIENT <smbclient arguments> +Usage: test_smbclient_machine_auth.sh SERVER SMBCLIENT CONFIGURATION <smbclient arguments> EOF exit 1 fi SERVER="$1" SMBCLIENT="$2" -SMBCLIENT="$VALGRIND ${SMBCLIENT}" -shift 2 +# This is used by test_smbclient() +# shellcheck disable=2034 +CONFIGURATION="${3}" +shift 3 ADDARGS="$*" -incdir=$(dirname $0)/../../../testprogs/blackbox -. $incdir/subunit.sh +# This is used by test_smbclient() +# shellcheck disable=2034 +smbclient="${VALGRIND} ${SMBCLIENT}" -testit "smbclient //$SERVER/tmp" $SMBCLIENT //$SERVER/tmp --machine-pass -p 139 -c quit $ADDARGS +incdir="$(dirname "${0}")/../../../testprogs/blackbox" +. "${incdir}/subunit.sh" +. "${incdir}/common_test_fns.inc" -# Testing these here helps because we know the machine account isn't already this user/group -testit "smbclient //$SERVER/forceuser" $SMBCLIENT //$SERVER/tmp --machine-pass -p 139 -c quit $ADDARGS -testit "smbclient //$SERVER/forcegroup" $SMBCLIENT //$SERVER/tmp --machine-pass -p 139 -c quit $ADDARGS +failed=0 + +test_smbclient "smbclient //${SERVER}/tmp" \ + "quit" "//${SERVER}/tmp" --machine-pass -p 139 "${ADDARGS}" || \ + failed=$((failed + 1)) + +# Testing these here helps because we know the machine account isn't already +# this user/group. +test_smbclient "smbclient //${SERVER}/forceuser" \ + "quit" "//${SERVER}/forceuser" --machine-pass -p 139 "${ADDARGS}" || \ + failed=$((failed + 1)) + +test_smbclient "smbclient //${SERVER}/forcegroup" \ + "quit" "//${SERVER}/forcegroup" --machine-pass -p 139 "${ADDARGS}" || \ + failed=$((failed + 1)) + +exit ${failed} diff --git a/source3/script/tests/test_smbclient_ntlm.sh b/source3/script/tests/test_smbclient_ntlm.sh index d3e42dfb7f0..1e53b1eab3d 100755 --- a/source3/script/tests/test_smbclient_ntlm.sh +++ b/source3/script/tests/test_smbclient_ntlm.sh @@ -4,7 +4,7 @@ if [ $# -lt 6 ]; then cat <<EOF -Usage: test_smbclient_ntlm.sh SERVER USERNAME PASSWORD MAPTOGUEST SMBCLIENT PROTOCOL <smbclient arguments> +Usage: test_smbclient_ntlm.sh SERVER USERNAME PASSWORD MAPTOGUEST SMBCLIENT PROTOCOL CONFIGURATION <smbclient arguments> EOF exit 1 fi @@ -16,7 +16,8 @@ MAPTOGUEST="$4" SMBCLIENT="$5" PROTOCOL="$6" SMBCLIENT="$VALGRIND ${SMBCLIENT}" -shift 6 +CONFIGURATION=${7} +shift 7 ADDARGS="$*" incdir=$(dirname $0)/../../../testprogs/blackbox @@ -29,47 +30,51 @@ EOF exit 1 fi +failed=0 + if [ $PROTOCOL = "NT1" ]; then - testit "smbclient username.password.NT1OLD" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no -c quit $ADDARGS - testit "smbclient username.password.NT1NEW" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mNT1 -c quit $ADDARGS + testit "smbclient username.password.NT1OLD" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no -c quit $ADDARGS || failed=$((failed + 1)) + testit "smbclient username.password.NT1NEW" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mNT1 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit "smbclient username.password.SMB3" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mSMB3 -c quit $ADDARGS + testit "smbclient username.password.SMB3" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U$USERNAME%$PASSWORD -mSMB3 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "NT1" ]; then - testit "smbclient anonymous.nopassword.NT1OLD" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no -c quit $ADDARGS - testit "smbclient anonymous.nopassword.NT1NEW" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mNT1 -c quit $ADDARGS + testit "smbclient anonymous.nopassword.NT1OLD" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no -c quit $ADDARGS || failed=$((failed + 1)) + testit "smbclient anonymous.nopassword.NT1NEW" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mNT1 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit "smbclient anonymous.nopassword.SMB3" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mSMB3 -c quit $ADDARGS + testit "smbclient anonymous.nopassword.SMB3" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U% -mSMB3 -c quit $ADDARGS || failed=$((failed + 1)) fi if test x"${MAPTOGUEST}" = x"never"; then if [ $PROTOCOL = "NT1" ]; then - testit_expect_failure "smbclient anonymous.badpassword.NT1NEW.fail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mNT1 -c quit $ADDARGS + testit_expect_failure "smbclient anonymous.badpassword.NT1NEW.fail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mNT1 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit_expect_failure "smbclient anonymous.badpassword.SMB3.fail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mSMB3 -c quit $ADDARGS + testit_expect_failure "smbclient anonymous.badpassword.SMB3.fail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mSMB3 -c quit $ADDARGS || failed=$((failed + 1)) fi else if [ $PROTOCOL = "NT1" ]; then - testit "smbclient anonymous.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mNT1 -c quit $ADDARGS + testit "smbclient anonymous.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mNT1 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit "smbclient anonymous.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mSMB3 -c quit $ADDARGS + testit "smbclient anonymous.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -U%badpassword -mSMB3 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "NT1" ]; then - testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS + testit "smbclient baduser.badpassword.NT1NEW.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS + testit "smbclient baduser.badpassword.SMB3.guest" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "NT1" ]; then - testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --client-protection=sign -c quit $ADDARGS - testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --client-protection=sign -c quit $ADDARGS + testit_expect_failure "smbclient baduser.badpassword.NT1OLD.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --option=clientusespnego=no --option=clientntlmv2auth=no --client-protection=sign -c quit $ADDARGS || failed=$((failed + 1)) + testit_expect_failure "smbclient baduser.badpassword.NT1NEW.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mNT1 --client-protection=sign -c quit $ADDARGS || failed=$((failed + 1)) fi if [ $PROTOCOL = "SMB3" ]; then - testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --client-protection=sign -c quit $ADDARGS + testit_expect_failure "smbclient baduser.badpassword.SMB3.signfail" $SMBCLIENT //$SERVER/IPC\$ $CONFIGURATION -Ubaduser%badpassword -mSMB3 --client-protection=sign -c quit $ADDARGS || failed=$((failed + 1)) fi fi + +exit ${failed} diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index c65475bbc0f..0346867abd1 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -540,7 +540,7 @@ for options in ["", "--option=clientntlmv2auth=no", "--option=clientusespnego=no env = "nt4_dc" plantestsuite("samba3.blackbox.smbclient_auth.plain.%s" % (options), env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_auth.sh"), '$SERVER', '$SERVER_IP', '$DC_USERNAME', '$DC_PASSWORD', smbclient3, configuration, options]) -for env in ["nt4_dc", "nt4_member", "ad_member", "ad_dc", "ad_dc_ntvfs", "s4member", "fl2000dc"]: +for env in ["nt4_dc", "nt4_member", "ad_member", "ad_dc", "s4member", "fl2000dc"]: plantestsuite("samba3.blackbox.smbclient_machine_auth.plain", "%s:local" % env, [os.path.join(samba3srcdir, "script/tests/test_smbclient_machine_auth.sh"), '$SERVER', smbclient3, configuration]) smb1_env = env if smb1_env == "ad_dc" or smb1_env == "nt4_dc": diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 2c5786a6e65..d1b2a25ca92 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -710,7 +710,15 @@ retry: TALLOC_FREE(ads); return ADS_ERROR(LDAP_NO_MEMORY); } - } + } else if (ads->auth.realm == NULL) { + const char *c_realm = cli_credentials_get_realm(c->creds); + + ads->auth.realm = talloc_strdup(ads, c_realm); + if (ads->auth.realm == NULL) { + TALLOC_FREE(ads); + return ADS_ERROR(LDAP_NO_MEMORY); + } + } status = ads_connect(ads); diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index fc38c09966d..f9e37610bdc 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -669,6 +669,17 @@ plantestsuite("samba4.blackbox.client_etypes_strong(ad_dc:client)", "ad_dc:clien plantestsuite("samba4.blackbox.net_ads_dns(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_net_ads_dns.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$USERNAME', '$PASSWORD']) plantestsuite("samba4.blackbox.samba-tool_ntacl(ad_member:local)", "ad_member:local", [os.path.join(bbdir, "test_samba-tool_ntacl.sh"), '$PREFIX', '$DOMSID']) +env = "ad_member:local" +plantestsuite("samba4.blackbox.net_ads_search_server_P.primary", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$DC_SERVER', '$REALM']) +plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_e_both", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$TRUST_E_BOTH_SERVER', '$TRUST_E_BOTH_REALM']) +plantestsuite("samba4.blackbox.net_ads_search_server_P.trust_f_both", env, + [os.path.join(bbdir, "test_net_ads_search_server.sh"), + '$TRUST_F_BOTH_SERVER', '$TRUST_F_BOTH_REALM']) + if have_gnutls_fips_mode_support: plantestsuite("samba4.blackbox.weak_crypto.client", "ad_dc", [os.path.join(bbdir, "test_weak_crypto.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', "$PREFIX/ad_dc"]) plantestsuite("samba4.blackbox.test_weak_disable_ntlmssp_ldap", "ad_member:local", [os.path.join(bbdir, "test_weak_disable_ntlmssp_ldap.sh"),'$DC_USERNAME', '$DC_PASSWORD']) diff --git a/source4/torture/raw/session.c b/source4/torture/raw/session.c index fc528cfd0ba..76ae8089240 100644 --- a/source4/torture/raw/session.c +++ b/source4/torture/raw/session.c @@ -1,18 +1,18 @@ -/* +/* Unix SMB/CIFS implementation. test suite for session setup operations Copyright (C) Gregor Beck 2012 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -246,12 +246,18 @@ static bool test_session_expire1(struct torture_context *tctx) use_kerberos = cli_credentials_get_kerberos_state( samba_cmdline_get_creds()); if (use_kerberos != CRED_USE_KERBEROS_REQUIRED) { - torture_warning(tctx, "smb2.session.expire1 requires -k yes!"); - torture_skip(tctx, "smb2.session.expire1 requires -k yes!"); + torture_warning(tctx, + "smb2.session.expire1 requires " + "--use-kerberos=required!"); + torture_skip(tctx, + "smb2.session.expire1 requires " + "--use-kerberos=required!"); } - torture_assert_int_equal(tctx, use_kerberos, CRED_USE_KERBEROS_REQUIRED, - "please use -k yes"); + torture_assert_int_equal(tctx, + use_kerberos, + CRED_USE_KERBEROS_REQUIRED, + "please use --use-kerberos=required"); lpcfg_set_option(tctx->lp_ctx, "gensec_gssapi:requested_life_time=4"); diff --git a/source4/torture/smb2/session.c b/source4/torture/smb2/session.c index fe2beafbe9b..51df51542d4 100644 --- a/source4/torture/smb2/session.c +++ b/source4/torture/smb2/session.c @@ -34,6 +34,17 @@ #include "lib/param/param.h" #include "lib/util/tevent_ntstatus.h" +/* Ticket lifetime we want to request in seconds */ +#define KRB5_TICKET_LIFETIME 5 +/* Allowed clock skew in seconds */ +#define KRB5_CLOCKSKEW 5 +/* Time till ticket fully expired in seconds */ +#define KRB5_TICKET_EXPIRETIME KRB5_TICKET_LIFETIME + KRB5_CLOCKSKEW + +#define texpand(x) #x +#define GENSEC_GSSAPI_REQUESTED_LIFETIME(x) \ + "gensec_gssapi:requested_life_time=" texpand(x) + #define CHECK_CREATED(tctx, __io, __created, __attribute) \ do { \ torture_assert_int_equal(tctx, (__io)->out.create_action, \ @@ -55,6 +66,20 @@ } \ } +static void sleep_remaining(struct torture_context *tctx, + const struct timeval *endtime) +{ + struct timeval current = tevent_timeval_current(); -- Samba Shared Repository