Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jan 13 18:14:31 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 6 Jan 2021 17:03:05 +0000 (09:03 -0800)]
libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.
This can be returned from NetApp Ontap 7.3.7 SMB server
implementations. Now we have ensured smb2_signing_check_pdu()
cannot return NT_STATUS_INVALID_PARAMETER on a signing error
it's safe to check this error code here. Windows 10
clients ignore this error from the NetApp.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 8 21:38:18 UTC 2021 on sn-devel-184
Ralph Boehme [Fri, 11 Dec 2020 12:00:56 +0000 (13:00 +0100)]
vfs_fruit: check fake_fd in fruit_pread_meta_stream()
Don't call into the next VFS backend if we know we still have a fake-fd. Just
return -1 and the caller has the logic to handle this, which results in
returning a AFP_AfpInfo blob initialized with some defaults.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit c5da08422990dfc1e082bc01aa10d6e415eebe3f)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 36eb30fd7d4b82bffd0e1ab471c088f678d700a4)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 40e70cbd3c3a1df9205a7b18d07784c1754cc340)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 719c83b4dc4cef16429ec2803621039545f6885e)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 8f057333466b2d9845cd8bc2b794d98252ade2a4)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 6 23:59:58 UTC 2021 on sn-devel-184
Arne Kreddig [Fri, 1 Jan 2021 21:54:22 +0000 (22:54 +0100)]
vfs_virusfilter: Allocate separate memory for config char*
Instead of using only the pointer to the configuration char* from the
global configuration, vfs_virusfilter now allocates its own memory and
copies the char* from the global configuration.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14606 Signed-off-by: Arne Kreddig <arne@kreddig.net> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 7 19:25:38 UTC 2021 on sn-devel-184
Andrew Bartlett [Mon, 23 Nov 2020 06:35:37 +0000 (19:35 +1300)]
Do not create an empty DB when accessing a sam.ldb
Samba already does this for samba-tool and doing this should make
our errors more sensible, particularly in BIND9 if not provisioned
with the correct --dns-backend=DLZ_BIND9
The old error was like:
named[62954]: samba_dlz: Unable to get basedn for
/var/lib/samba/private/dns/sam.ldb
- NULL Base DN invalid for a base search.
The new error will be like (in this case from the torture test):
Failed to connect to Failed to connect to
ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb:
Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb':
No such file or directory: Operations error
Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d49e96bc45ea5e2d3364242dad36fe9094b7cc42)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Thu Jan 7 09:50:29 UTC 2021 on sn-devel-184
Martin Schwenke [Tue, 8 Dec 2020 13:03:47 +0000 (00:03 +1100)]
bootstrap: Cope with case changes in CentOS 8 repo names
RN: Be more flexible with repository names in CentOS 8 test environments
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14594 Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit 1c59f49aaede8ec1662d4e49aef84fcd902a8a76)
Autobuild-User(v4-12-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-12-test): Wed Jan 6 12:19:21 UTC 2021 on sn-devel-184
Dimitry Andric [Fri, 1 Jan 2021 17:25:48 +0000 (18:25 +0100)]
lib: Avoid declaring zero-length VLAs in various messaging functions
In messaging_rec_create(), messaging_recv_cb() and
messaging_dispatch_rec(), variable length arrays of file descriptors are
declared using an incoming num_fds parameter.
However, there are several scenarios where num_fds can be zero, and
declaring a zero-length VLA is undefined behavior. This can lead to
segmentation faults and/or other crashes when compiling with recent
versions of clang at high optimization levels.
To avoid ever using zero as the length for these declarations, use
MAX(1, length) instead.
Signed-off-by: Dimitry Andric <dimitry@andric.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 4 10:50:07 UTC 2021 on sn-devel-184
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 1 20:29:34 UTC 2020 on sn-devel-184
Ralph Boehme [Thu, 26 Nov 2020 14:24:44 +0000 (15:24 +0100)]
s4/samba: call force_check_log_size() in standard_new_task()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
RN: samba process does not honor max log size
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 7 18:54:29 UTC 2020 on sn-devel-184
Ralph Boehme [Fri, 20 Nov 2020 14:21:03 +0000 (15:21 +0100)]
s4: replace low-level SIGUP handler with a tevent handler
Replace the low-level signal handler for SIGHUP with a nice tevent signal
handler. The low-level handler sig_hup() installed by setup_signals() remains
being used during early startup before a tevent context is available.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 516c2a04a242a539f9fbddb2822295fee233644c)
[slow@samba.org: process_prefork.c has additional include in master]
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 68f71f227b17774a12c84575c1eecd82279fac95)
[slow@samba.org: conflict due to rename source4/smbd/ -> source4/samba/ in master]
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Rowland penny <rpenny@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 4 20:54:06 UTC 2020 on sn-devel-184
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov 27 17:15:07 UTC 2020 on sn-devel-184
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Nov 9 13:30:06 UTC 2020 on sn-devel-184
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Nov 12 17:23:19 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 9 04:10:45 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 30 11:18:43 UTC 2020 on sn-devel-184
Jones Syue [Mon, 28 Sep 2020 01:10:03 +0000 (09:10 +0800)]
interface: fix if_index is not parsed correctly
Replace probed_ifaces[i] with ifs.
In SDC 2020 SMB3 Virtual IO Lab,
run Windows Protocol Test Suite to test FileServer multichannel test cases.
Samba server has 2 virtual interfaces for VPN connection:
> name=tun2001, ip/mask=192.168.144.9/22
> name=tun2002, ip/mask=192.168.144.10/22
test suite client can ping these 2 ip addresses and browse shares.
Then client try to use IOCTL FSCTL_QUERY_NETWORK_INTERFACE_INFO to get the
virtual ip addresses of samba server, but samba server responded it
without the virtual ip addresses. My VPN setup is point-to-point and the
virtual interfaces 'tun2001' & 'tun2002' are without flag IFF_BROADCAST.
So edit smb.conf and add
"interfaces = ${virtual_ip}/${mask_length};if_index=${id}", like this:
> interfaces = eth4 eth8 eth11 eth10 qvs0 "192.168.144.9/22;if_index=50" "192.168.144.10/22;if_index=51"
then samba server IOCTL response could return the virtual ip addresses,
but found a issue:
the interface index of virtual ip addresses is always 4294967295
(0xFFFFFFFF, -1).
Quote Metze: https://gitlab.com/samba-team/devel/samba/-/commit/6cadb55d975a6348a417caed8b3258f5be2acba4#note_419181789
This looks good, I think that also explains
the possible memory corruption/crash I mentioned in the bug report.
As 'i' is most likely the same as 'total_probed' and
probed_ifaces[i] is not valid, so we overwrite unrelated memory.
Later I see 'realloc(): invalid pointer' and this backtrace:
BACKTRACE:
#0 log_stack_trace + 0x29 [ip=0x7f2f1b6fffa9] [sp=0x7ffcd0ab53e0]
#1 smb_panic + 0x11 [ip=0x7f2f1b700301] [sp=0x7ffcd0ab5d10]
#2 sig_fault + 0x54 [ip=0x7f2f1b7004f4] [sp=0x7ffcd0ab5e20]
#3 funlockfile + 0x50 [ip=0x7f2f17ce6dd0] [sp=0x7ffcd0ab5ec0]
#4 gsignal + 0x10f [ip=0x7f2f1794970f] [sp=0x7ffcd0ab6b90]
#5 abort + 0x127 [ip=0x7f2f17933b25] [sp=0x7ffcd0ab6cb0]
#6 __libc_message + 0x297 [ip=0x7f2f1798c897] [sp=0x7ffcd0ab6de0]
#7 malloc_printerr + 0x1c [ip=0x7f2f17992fdc] [sp=0x7ffcd0ab6ef0]
#8 realloc + 0x23a [ip=0x7f2f17997f6a] [sp=0x7ffcd0ab6f00]
#9 _talloc_realloc + 0xee [ip=0x7f2f1a365d2e] [sp=0x7ffcd0ab6f50]
#10 messaging_filtered_read_send + 0x18c [ip=0x7f2f1a10f54c] [sp=0x7ffcd0ab6fb0]
#11 messaging_read_send + 0x55 [ip=0x7f2f1a10f705] [sp=0x7ffcd0ab7000]
#12 smb2srv_session_table_init + 0x83 [ip=0x7f2f1b3a6cd3] [sp=0x7ffcd0ab7040]
#13 smbXsrv_connection_init_tables + 0x2d [ip=0x7f2f1b373f4d] [sp=0x7ffcd0ab7060]
#14 smbd_smb2_request_process_negprot + 0x827 [ip=0x7f2f1b38cb47] [sp=0x7ffcd0ab7080]
#15 smbd_smb2_request_dispatch + 0x19db [ip=0x7f2f1b38921b] [sp=0x7ffcd0ab71d0]
#16 smbd_smb2_process_negprot + 0x298 [ip=0x7f2f1b38bb38] [sp=0x7ffcd0ab7260]
#17 process_smb + 0x2ca [ip=0x7f2f1b37537a] [sp=0x7ffcd0ab72b0]
#18 smbd_server_connection_read_handler + 0xd0 [ip=0x7f2f1b376420] [sp=0x7ffcd0ab7350]
Signed-off-by: Jones Syue <jonessyue@qnap.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b78ff5717654064c8a4facc54a8e9833e5843c21)
Jeremy Allison [Tue, 10 Nov 2020 18:18:18 +0000 (10:18 -0800)]
s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function.
file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.
As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 4 22:53:49 UTC 2020 on sn-devel-184
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.
Signed-off-by: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Sachin Prabhu <sprabhu@redhat.com>
Pair-Programmed-With: Anoop C S <anoopcs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184
ctdb-common: Avoid aliasing errors during code optimization
When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum. The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184
Andrew Walker [Thu, 24 Sep 2020 20:04:12 +0000 (16:04 -0400)]
vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
When ZFS aclmode is set to "passthrough" chmod(2)/fchmod(2) will result
in special entries being modified in a way such that delete, delete_child,
write_named_attr, write_attribute are stripped from the returned ACL entry,
and the kernel / ZFS treats this as having rights equivalent to the desired
POSIX mode. Historically, samba has added delete_child to the NFSv4 ACL, but
this is only really called for in the case of special entries in this
particular circumstance.
Alter circumstances in which delete_child is granted so that it only
is added to special entries. This preserves the intend post-chmod behavior,
but avoids unnecessarily increasing permissions in cases where it's not
intended. Further modification of this behavior may be required so that
we grant a general read or general write permissions set in case of
POSIX read / POSIX write on special entries.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14471
RN: vfs_zfsacl: only grant DELETE_CHILD if ACL tag is special
Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c1a37b4f31d5252ce074d41f69e526aa84b0d3b3)
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 13b4f913b06457d8e1f7cf71c85722bbecabd990)
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a182f2e6cdded739812e209430d340097acc0031)
Andrew Walker [Thu, 24 Sep 2020 15:42:16 +0000 (11:42 -0400)]
vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Prevent ZFS from automatically adding NFSv4 special entries (owner@, group@,
everyone@). ZFS will automatically add these these entries when calculating the
inherited ACL of new files if the ACL of the parent directory lacks an
inheriting special entry. This may result in user confusion and unexpected
change in permissions of files and directories as the inherited ACL is
generated. Blocking this behavior is achieved by setting an inheriting
everyone@ that grants no permissions and not adding the entry to the file's
Security Descriptor.
This change also updates behavior so that the fd-based syscall facl() is
used where possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14470
RN: vfs_zfsacl: Add new parameter to stop automatic addition of special entries
Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c10ae30c1185463eb937f69c1fc9914558087167)
Pair-Programmed-With: Andrew Walker <awalker@ixsystems.com> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Andrew Walker <awalker@ixsystems.com> Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit f763b1e43640082af80c855a4a519f7747a6c87c)
[slow@samba.org: conflict in zfs_get_nt_acl_common() due to *AT changes in 4.13]
smb.conf.5: add clarification how configuration changes reflected by Samba
Users of Linux distributions know to read smb.conf(5) manual page but
apparently not many of them read smbd(8) and winbindd(8) to understand
how changes to smb.conf file are reflected in the running processes.
Add a small section that makes it clear where to find relevant
information. Also correct the information in smbd, nmbd, and winbindd
manual pages.
The interval at which smbd does check for smb.conf changes was increased
from 60 seconds to 180 seconds in 1999 with commit 3db52feb1f3b.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 20 08:50:13 UTC 2020 on sn-devel-184
Karolin Seeger [Tue, 27 Oct 2020 11:24:47 +0000 (12:24 +0100)]
VERSION: Disable GIT_SNAPSHOT for Samba 4.12.9.
o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
o CVE-2020-14323: Unprivileged user can crash winbind.
o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
crafted records.
Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 6 23:06:50 UTC 2020 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Aug 24 00:21:41 UTC 2020 on sn-devel-184
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
(based on commit 7afe449e7201be92bed8e53cbb37b74af720ef4e)
CVE-2020-14323 torture4: Add a simple test for invalid lookup_sids winbind call
We can't add this test before the fix, add it to knownfail and have the fix
remove the knownfail entry again. As this crashes winbind, many tests after
this one will fail.
Reported by Bas Alberts of the GitHub Security Lab Team as GHSL-2020-134
winexe: add configure option to control whether to build it (default: auto)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 9 16:27:21 UTC 2020 on sn-devel-184
nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
glibc 2.32 will define these varibles [1] which results in conflicts
with these static function names, therefore prefix these function names
with samba_ to avoid it
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit ffc0bdc6d49e88da1ee408956365da163ff3e1b2)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit e1529bedb2b6c8553e69a42537ac0cffd03af6d6)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit faff8e6c89777c38443e561235073c336cfb2e9c)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit c4a3028de726d6708f57d02f9162a4d62d1b6ae7)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit d2dd7c2a5c1f8ee30f0f3b41f933d082b0c75f7c)
This tests a sorts of combinations in order to
demonstrate the visibility of objects depending on:
- with or without fDoListObject
- with or without explicit DENY ACEs
- A hierachy of objects with 4 levels from the base dn
- SEC_ADS_LIST (List Children)
- SEC_ADS_LIST_LIST_OBJECT (List Object)
- SEC_ADS_READ_PROP
- all possible scopes and basedns
This demonstrates that NO_SUCH_OBJECT doesn't depend purely
on the visibility of the base dn, it's still possible to
get children returned und an invisible base dn.
It also demonstrates the additional behavior with "List Object" mode.
See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 06d134406739e76b97273db3023855150dbaebbc)
projects / thirdparty / samba.git / log
