| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
the dns_packet tests originally checked only for a particular DoS
situation (CVE-2020-10745) but now we widen them to ensure Samba's
replies to invalid packets resembles those of Windows (in particular,
Windows 2012r2). We want Samba to reply only when Windows replies, and
with the same rcode.
At present we fail a lot of these tests.
The original CVE-2020-10745 test is retained and widened indirectly --
any test that leaves the server unable to respond within 0.5 seconds
will count as a failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14378
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
TestProtocolClient.writeOutcome() removed items from self.errors and
self.failures via TestProtocolClient._filterErrors(). This made wasSuccessful()
inappropriately return True even if there were errors or failures.
subunit.run.runTests() uses wasSuccessful() to determine the exit code.
To fix this, do not remove items from self.errors or self.failures, but instead
use indices to keep track of how many items we have already processed in each of
self.errors and self.failures.
This fixes a regression introduced by commit
421dc7fc4d83629d3a5f9e558d378f44c7b9dad3.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15691
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Tue Apr 7 04:17:08 UTC 2026 on atb-devel-224
|
|
Without these, the type checker complains:
Method "addDuration" overrides class "TestResult" in an incompatible manner.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Large DNS response must be truncated over UDP, though this is not yet done in samba. Test is added as knownfail until implementation
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15988
Signed-off-by: Andréas Leroux <aleroux@tranquil.it>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
The windows ADDC checks password validity before password expiry. So an
incorrect expired password will return KDC_ERR_PREAUTH_REQUIRED not
KDC_ERR_KEY_EXPIRED.
The KDC behaviour fixes will be made to lorikeet-heimdal and then imported to
samba.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15746
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Commit c1433f821f7 added PADATA_PK_AS_REP (PA-PK-AS-REP, type 17) to
the expected padata list when check_rep_padata sees KDC_ERR_KEY_EXPIRED.
This reflects Samba's Heimdal KDC behaviour, which includes PKINIT hints
in expired-password error responses.
Samba with MIT KDC does not include PADATA_PK_AS_REP in KDC_ERR_KEY_EXPIRED
responses; it returns a METHOD-DATA with just the NTSTATUS payload (type 3) and
the FX-COOKIE (type 133). This causes test_pw_expired to fail intermittently
when the expired-password code path is exercised against MIT KDC.
Add PADATA_PK_AS_REP to the require_strict set alongside PADATA_PK_AS_REP_19,
so it is treated as optional in non-strict checking mode (STRICT_CHECKING=0)
while still being enforced in strict mode.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Mar 30 10:41:07 UTC 2026 on atb-devel-224
|
|
The assertEqual calls checking the exception attributes were incorrectly
indented inside the 'with self.assertRaises()' block. When the expected
NTSTATUSError is raised by verify_access(), execution exits the block
immediately, so those lines were never reached.
When the exception is not raised (e.g. with MIT KRB5 1.22 where a spurious FAST
error was fixed), execution falls through to the assertEqual inside the block,
causing AttributeError because error.exception is only available after the
'with' block exits.
The exception returned is NT_STATUS_UNSUCCESSFUL with Heimdal.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
The SHA1 hash for KB5014754 SHA1-PUKEY is calculate over the entire
certificate not just the public key.
BUG https://bugzilla.samba.org/show_bug.cgi?id=16001
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
When altSecurityIdentities is set by RSAT / ADUC they store the
Issuer and Subject DN in last to first order i.e.
CN=Common Name, O=Organization, C=Country
Need to reverse that to first to last order, i.e.
C=Country, O=Organization, CN=Common name
Which is how they're stored on the X509 certificates.
Also the serial number is stored in reverse order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16001
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
If AES keys are available in the domain, assume that service accounts support
AES by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15998
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
This will ensure that we use the correct salting algorithm for AES when we
authenticate using gensec.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15998
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
An LDB request interprets an empty attribute list as a request for no
attributes, but LDAP interprets an empty list as a request for all attributes,
and ["1.1"] as a request for no attributes, as per
RFC4511:4.5.1.8(SearchRequest.attributes). We need to convert [] to ["1.1"]
in the ildap module before the request goes out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jan 21 03:29:23 UTC 2026 on atb-devel-224
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
If the test is run against a
require canonicalization = yes
server, requests that do not use the canonicalize flag will be
rejected at the preauth stage, so we check that and nothing more.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
We check here instead of selftest/expectedfail.d/* in part because
on MIT some of these cases will fail to fail to ask for preauth.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
The smb.conf option
kdc name match implicit dollar without canonicalization = no
is supposed to avoid the dollar ticket attack by refusing to consider
"foo$" as a match for "foo" unless canonicalization is requested.
This was rather blunt however, as the only time we care about this is for
the client name in an AS_REQ, and we can easily check whether that is the
case.
This makes the option less intrusive, allowing the use of "SERVER" for a
server name rather than "SERVER$". A number of tests no longer fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
This is what Windows does: where a password change would cause
CONSTRAINT_VIOLATION, a reset causes UNWILLING_TO_PERFORM.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
preventing this message:
/usr/lib/python3.12/unittest/case.py:580: RuntimeWarning: TestResult has no addDuration method
warnings.warn("TestResult has no addDuration method",
as far as I can tell we have no real use for addDuration, since we
already measure time in other ways.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
bind dlz interface does not change much, yet we build
dlz_bind9_NN for every bind9 version NN we support -
despite many of them differ only in soversion, with
the code being identical.
For bind9_20, use dlz_bind9_18.so which we already have.
It'd be nice to extract actual bind9 version string in
sambadns.py and use it in more direct way.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15790
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 10 22:46:11 UTC 2025 on atb-devel-224
|
|
REASON: Exception: Exception: Traceback (most recent call last):
File "/home/asn/workspace/prj/oss/samba/asn-fix/bin/python/samba/tests/krb5/lockout_tests.py", line 858, in test_lockout_transaction_bad_pwd_samr_aes
self.do_lockout_transaction(connect_samr_aes, correct_pw=False)
~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/asn/workspace/prj/oss/samba/asn-fix/bin/python/samba/tests/krb5/lockout_tests.py", line 990, in do_lockout_transaction
connect_future = executor.submit(
connect_fn,
...<7 lines>...
workstation=user_creds.get_workstation(),
dn=str(user_dn))
File "/usr/lib64/python3.14/concurrent/futures/process.py", line 816, in submit
self._adjust_process_count()
~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib64/python3.14/concurrent/futures/process.py", line 775, in _adjust_process_count
self._spawn_process()
~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib64/python3.14/concurrent/futures/process.py", line 793, in _spawn_process
p.start()
~~~~~~~^^
File "/usr/lib64/python3.14/multiprocessing/process.py", line 121, in start
self._popen = self._Popen(self)
~~~~~~~~~~~^^^^^^
File "/usr/lib64/python3.14/multiprocessing/context.py", line 300, in _Popen
return Popen(process_obj)
File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 35, in __init__
super().__init__(process_obj)
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^
File "/usr/lib64/python3.14/multiprocessing/popen_fork.py", line 20, in __init__
self._launch(process_obj)
~~~~~~~~~~~~^^^^^^^^^^^^^
File "/usr/lib64/python3.14/multiprocessing/popen_forkserver.py", line 42, in _launch
prep_data = spawn.get_preparation_data(process_obj._name)
File "/usr/lib64/python3.14/multiprocessing/spawn.py", line 164, in get_preparation_data
_check_not_importing_main()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib64/python3.14/multiprocessing/spawn.py", line 140, in _check_not_importing_main
raise RuntimeError('''
...<16 lines>...
''')
RuntimeError:
An attempt has been made to start a new process before the
current process has finished its bootstrapping phase.
This probably means that you are not using fork to start your
child processes and you have forgotten to use the proper idiom
in the main module:
if __name__ == '__main__':
freeze_support()
...
The "freeze_support()" line can be omitted if the program
is not going to be frozen to produce an executable.
To fix this issue, refer to the "Safe importing of main module"
section in https://docs.python.org/3/library/multiprocessing.html
In Python 3.14, the default multiprocessing start method changed from fork to
forkserver/spawn. When using ProcessPoolExecutor, the code needs to
either:
1. Explicitly set the start method to fork (the simplest fix for this case)
2. Or ensure proper if __name__ == '__main__': guards (not practical for test
code run by a test framework)
The fix is to explicitly use the fork start method when creating the
ProcessPoolExecutor. This can be done by passing a mp_context parameter:
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
In the ad_dc_ntvfs environment.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
This makes it easier to get a loadparm value from the server smb.conf
(rather than the client smb.conf), so you can alter test behaviour
accordingly.
The class._server_lp attribute is lazily loaded when first needed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
Before:
> AssertionError: 6 not found in (20,)
After:
> AssertionError: 6 not found in (20,) : KDC_ERR_C_PRINCIPAL_UNKNOWN not in ['KDC_ERR_TGT_REVOKED']
Useful for people who don't know the codes off by heart.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
to be consistent with all the others.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
This tests authsam_get_session_info_principal() which tests
sam_get_results_principal() which tests crack_user_principal_name().
sam_get_results_principal() is also used in samba_kdc_lookup_client(),
and we are sort of testing on behalf of that.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
signed_attrs is supposed to be a list of key‐value pairs, but we forgot the
values. Because the field was not constructed correctly, the pyasn1 encoder
simply stripped it out.
Also properly separate the signature algorithm and digest algorithms.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 19 00:32:31 UTC 2025 on atb-devel-224
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
If we run e.g. fl2008rc2 env before we run this test, we have a trust account
for this domain.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 14 19:23:38 UTC 2025 on atb-devel-224
|
|
This test runs relatively late in 'make test'. It finds some accounts which are
neither a computer nor a user account and complains that the overall account
count doesn't match.
Add some debug so we can find out more about the accounts.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
We should not work on alice, bob and joe. We should use random user so we can
clean up afterwards. If we don't do this the dbcheck tests will fails with:
UNEXPECTED(failure): samba4.blackbox.dbcheck(ad_dc).dbcheck(ad_dc:local)
REASON: Exception: Exception: Checking 21449 objects
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIM
E=134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14061>;<RMD_ORIGINATING_USN=14061>;<RMD_VE
RSION=2>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9>;<RMD_AD
DTIME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14081>;<RMD_ORIGINATING_USN=14081>;<RM
D_VERSION=2>;CN=Developers,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=Developers\\0ADEL:287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIME=
134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14065>;<RMD_ORIGINATING_USN=14065>;<RMD_VERS
ION=4>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=1a1e5cdf-b92e-4a80-bc35-cccad8e9f865>;<RMD_ADDT
IME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14085>;<RMD_ORIGINATING_USN=14085>;<RMD_
VERSION=4>;CN=QA,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=QA\\0ADEL:1a1e5cdf-b92e-4a80-bc35-cccad8e9f865,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
Checked 21449 objects (4 errors)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Update the tests to check the "kdc always generate pac" configuration and
expect the presence of a PAC accordingly.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
extension
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
View with ‘git show -b’.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
An smb.conf can contain a 'wins hook' parameter, which names a script
to run when a WINS name is changed. The man page says
The second argument is the NetBIOS name. If the name is not a
legal name then the wins hook is not called. Legal names contain
only letters, digits, hyphens, underscores and periods.
but it turns out the legality check is not performed if the WINS
server in question is the source4 nbt one. It is not expected that
people will run this server, but they can. This is bad because the
name is passed unescaped into a shell command line, allowing command
injection.
For this test we don't care whether the WINS server is returning an
error code, just whether it is running the wins hook. The tests show
it often runs the hook it shouldn't, though some characters are
incidentally blocked because the name has to fit in a DN before it
gets to the hook, and DNs have a few syntactic restrictions (e.g.,
blocking '<', '>', and ';').
The source3 WINS server that is used by Samba when not run as a DC is
not affected and not here tested.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15903
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
