Björn Baumbach [Fri, 24 Feb 2023 15:27:17 +0000 (16:27 +0100)]
testprogs: use more unique names in "net ads dns" tests
ADMINNAME can be used for records, created by the AD admin
MACHINENAME for records, created by the machine (-P)
UNPRIVNAME for records, created by the unprivileged user
Signed-off-by: Björn Baumbach <bb@sernet.de> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sat, 28 Jan 2023 20:30:24 +0000 (20:30 +0000)]
Add a git-blame-ignore-revs file
'git blame' can ignore certain revisions when annotating, e.g. revisions that just reformatting.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 3 02:02:51 UTC 2023 on atb-devel-224
[753/756] Processing source3/librpc/idl/libnet_join.idl
source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
#include "config.h"
^~~~~~~~~~
compilation terminated.
source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer
libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 22:37:03 +0000 (11:37 +1300)]
torture/backupkey: Fix flapping test
UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_default)
REASON: Exception: Exception: ../../source4/torture/rpc/backupkey.c:2219: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAMETER: decrypt should fail with WERR_INVALID_PARAMETER
"The use of the wrong key can still create structures that parse as a
SID, therefore we can sometimes get an unusual error, which becomes a
flapping test".
Joseph Sutton [Tue, 28 Feb 2023 04:02:52 +0000 (17:02 +1300)]
pytest/samba_tool_drs: Convert bytes to UTF-8 string
We later use this variable as part of a string substitution, and if we
leave it as bytes we will end up with b' ' quotes surrounding it, which
we do not want. Fix this by converting it to a string.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 03:36:07 +0000 (16:36 +1300)]
tests: Fix old-style function definitions
These files are included into the source3/wscript configure
checks and so need to avoid C89 features otherwise they
may cause an incorrect configure failure.
Joseph Sutton [Wed, 2 Nov 2022 01:57:03 +0000 (14:57 +1300)]
source3/wscript: Fix configure-time checks
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.
Joseph Sutton [Mon, 20 Feb 2023 23:04:38 +0000 (12:04 +1300)]
tests/krb5: Avoid duplicate group members
Decode the existing members into strings, so that if we add additional
members (that will also be strings), we won't try to add duplicates (and
have samdb.modify() fail).
Further, ensure callers don't try to pass in a bytes object for the DN.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 02:08:21 +0000 (15:08 +1300)]
tests/krb5: Support nested SID structures in map_sids()
The passed-in set of SIDs may now contain frozensets that themselves
contain SIDs, enabling nested groups. This is necessary to test how
resource SIDs are grouped together in the device info structure.
'git show -b' shows that we're not actually changing very much.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Oct 2021 01:53:21 +0000 (14:53 +1300)]
tests/krb5: Remove client_as_etypes parameter
The client_as_etypes parameter previously indicated which etypes we
thought the client supported. In practice, this was rarely specified, so
we simply assumed that all three main enctypes were supported.
Now that we have removed this parameter, rewrite the etype-info padata
checking code to be simpler, and no longer to contain loops.
Use get_default_enctypes() to determine which enctypes are supported.
For tests that inherit from KDCBaseTest, this is based on the domain
functional level, and will be more correct for tests that previously
passed in client_as_etypes=None.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 01:46:27 +0000 (14:46 +1300)]
tests/krb5: Request only supported encryption types in get_tgt()
If the domain uses functional level 2003, calling get_tgt() would
request an AES256-encrypted ticket. The KDC would respond to that
request with incorrect etype-info, and were it not for many tests lying
(via client_as_etypes) about what etypes were supported, those tests
would fail pointlessly.
As this behaviour is not what get_tgt() is intended to test, we now only
request etypes that are actually supported.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 01:45:40 +0000 (14:45 +1300)]
tests/krb5: Lazily fetch SamDB in get_default_enctypes()
There's no need to get a connection to SamDB if we already have the
domain functional level.
connect_kdc() in lockout_tests.py is one place where we already have the
domain functional level, but deliberately drop our SamDB connection. If
we need to call get_default_enctypes(), that shouldn't cause us to try
to connect again.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Amir Goldstein [Thu, 9 Feb 2023 09:39:21 +0000 (11:39 +0200)]
s4:torture:basic: use milliseconds granularity in delayed_write_update7
The test sets an mtime with non zero nsec and verifies that
the timestamp of pre-close matches the timestamp after close-open.
This is a regression test for
https://bugzilla.samba.org/show_bug.cgi?id=6529
The bug speaks of loosing the milliseconds part of the timestamp,
but the test uses a value of 103*100ns for the sub-second part.
Meaning that if the backing filesystem has only milliseconds
granularity, the test practically checks that a value of
0 milliseconds is preserved, which will not have actually
caught the bug.
Also, with the default 'smbd getinfo ask sharemode = yes'
the test will fail if the filesystem truncates the sub-second part
to milliseconds granularity.
Use a non-zero milliseconds value with zero microseconds in the test
to support backing filesystems with milliseconds granularity.
Signed-off-by: Amir Goldstein <amir@ctera.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 1 20:55:47 UTC 2023 on atb-devel-224
John Mulligan [Wed, 15 Feb 2023 21:09:48 +0000 (16:09 -0500)]
doc/vfs_ceph: document ceph:filesystem parameter
Document how the `ceph:filesystem` parameter allows one to select
the cephfs file system to use for the share.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Feb 24 05:37:57 UTC 2023 on atb-devel-224
John Mulligan [Wed, 15 Feb 2023 21:04:07 +0000 (16:04 -0500)]
doc/vfs_ceph: update confusing default hint for ceph:user_id param
Previously, the manpage hinted that the `ceph:user_id` parameter derived
a default value from the process id. This implies that it referring
to the PID but this is not what libcephfs actually does. Rather, this
param is used to derive the `client.<id>` authorization name ceph uses.
This mistake probably originates in a comment in the libcephfs header.
When I first started using the vfs_ceph module this confused me as I
didn't know what to use to get access to my cluster. Eventually, after
reading both docs and code I found that it does not use the pid but
defaults to a value in the ceph client library (typically "admin").
Therefore, if you are using commands like `ceph fs authorize x
client.foo` or `ceph auth get client.bar` to authorize a client you
would supply smb.conf with `ceph:user_id = foo` or `ceph:user_id = bar`
respectively. These entries then need corresponding entries in your
ceph keyring file.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
John Mulligan [Wed, 15 Feb 2023 20:21:43 +0000 (15:21 -0500)]
vfs_ceph: add support to select ceph file system
Add a config parameter `ceph:filesystem` that will be passed to
ceph_select_filesystem when provided. This allows shares on a single
smbd to access multiple different cephfs file systems.
The ceph_select_filesystem call was added as part of ceph 'nautilus'
(v14), released on 2019-03-19 and EOLed on 2021-06-30.
Since ceph 'pacific' (v16) multiple file system support is stable
and ready to use. At the time of this commit, 'pacific' is the oldest
actively supported version of ceph upstream.
Since samba tests building on ubntu 18.04, which has ceph packages
older than v14, a waf check for the function is added to test for
the presence of ceph_select_filesystem and disable its use on
these very old platforms.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
John Mulligan [Wed, 15 Feb 2023 20:12:12 +0000 (15:12 -0500)]
vfs_ceph: cache ceph mounts based on share configuration params
Previously, the vfs_ceph module kept one global cached mount.
This makes it impossible to support multiple ceph clusters or
file systems. Add a mount cache in a similar fashion to the connection
cache found in the vfs_glusterfs module. The vfs_ceph cache uses
a single "cookie" value, a unique string based on config params, to
ID the cache entry. Shares that produce the same cookie will share
cephfs mount objects and increment a counter when multiple shares
are using the same cache entry.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
John Mulligan [Wed, 15 Feb 2023 19:22:00 +0000 (14:22 -0500)]
vfs_ceph: split ceph mount logic into a new function
This new function is entirely dedicated to just setting up a libcephfs
mount. Handling the cmount global and samba connection params remains
in cephwrap_connect. This change will later be used to avoid a single
global cached connection and add improved connection handling.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 23 23:33:46 UTC 2023 on atb-devel-224
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
selftest: fix scope and attrs not passed to search
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
selftest: specify env rather than picking it up from loop
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
projects / thirdparty / samba.git / log
