| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The KCC service runs a periodic samba_kcc child process (every 300s,
first at 15s after startup) with a 40 second timeout. If a test calls
DsExecuteKCC while the periodic child is running, kccsrv returns
NT_STATUS_DS_BUSY which propagates as EPT_NT_CANT_PERFORM_OP to the
client, causing flaky test failures.
UNEXPECTED(error): samba4.drs.samba_tool_drs_showrepl.python(schema_pair_dc).samba_tool_drs_showrepl.SambaToolDrsShowReplTests.test_samba_tool_showrepl(schema_pair_dc:local)
REASON: Exception: Exception: Traceback (most recent call last):
File "/builds/samba-testbase/samba-def-build/source4/torture/drs/python/samba_tool_drs_showrepl.py", line 57, in test_samba_tool_showrepl
kcc_out = self.check_output("samba-tool drs kcc %s %s" % (self.dc1,
File "/builds/samba-testbase/samba-def-build/bin/python/samba/tests/__init__.py", line 593, in check_output
raise BlackboxProcessError(retcode, line, stdoutdata, stderrdata)
samba.tests.BlackboxProcessError: Command 'python3 bin/samba-tool drs kcc liveupgrade1dc -USCHEMADOMAIN/Administrator%locDCpass1'; shell True; exit status 255;
stdout: ''; stderr: 'ERROR(runtime): DsExecuteKCC failed - (3221356597, 'The operation cannot be performed.')
3221356597 => 0xc0020035 (EPT_NT_CANT_PERFORM_OP)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Apr 23 07:55:04 UTC 2026 on atb-devel-224
|
|
this allows redirusr and redircmp to work as expected
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9143
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 8 15:41:21 UTC 2026 on atb-devel-224
|
|
Large DNS response must be truncated over UDP, letting client retry over TCP. Current threshold is set to 1232 as it is regarded as a safe size.
Truncated packets have no answers nor record, only the packet header and initial question(s).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15988
Signed-off-by: Andréas Leroux <aleroux@tranquil.it>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Wed Apr 1 05:08:14 UTC 2026 on atb-devel-224
|
|
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Mar 20 14:30:23 UTC 2026 on atb-devel-224
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
suppress warnings with discard_align_p
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Use memcpy to extract the pointer, suppressing the cast-align warnings
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Adds code to check that buffer is aligned correctly for the expected types.
Then suppresses the cast-align warnings with discard_align_p
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Use talloc_get_type_abort to suppress cats-align warnings.
As buffer is allocated via talloc it will be correctly aligned.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
While printing very large numbers of bytes or operations per
second, it's hard to reach the value.
So we now print '26,847,201,280' instead of '26847201280'.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
',' will be used as thousands separator in the next patch.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
[4102/5009] Compiling source4/torture/rpc/spoolss_notify.c
../../source4/torture/rpc/spoolss.c:3984:48: error: variable 'data' is
uninitialized when passed as a const pointer argument here
[-Werror,-Wuninitialized-const-pointer]
3984CHECK_NEEDED_SIZE_LEVEL(spoolss_PrinterData, &data, type, needed, 1);
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Mar 3 05:55:25 UTC 2026 on atb-devel-224
|
|
Use GUID_buf_string(), dom_sid_str_buf() and talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Use GUID_buf_string(), dom_sid_str_buf() and talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Only check for NULL once
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Call krb5_free_principal to quiet valgrind leak reports
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
When altSecurityIdentities is set by RSAT / ADUC they store the
Issuer and Subject DN in last to first order i.e.
CN=Common Name, O=Organization, C=Country
Need to reverse that to first to last order, i.e.
C=Country, O=Organization, CN=Common name
Which is how they're stored on the X509 certificates.
Also the serial number is stored in reverse order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16001
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
|
|
If AES keys are available in the domain, assume that service accounts support
AES by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15998
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
CFLAGS=-Og did not finish this file. Also, this makes the file a few
hundred kilobytes smaller
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
MIT Kerberos maps this error code to KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN, avoiding
problems from the KDC returning KRB5KRB_ERR_GENERIC.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
These are modelled after the kdc-canon-heimdal tests.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
An LDB request interprets an empty attribute list as a request for no
attributes, but LDAP interprets an empty list as a request for all attributes,
and ["1.1"] as a request for no attributes, as per
RFC4511:4.5.1.8(SearchRequest.attributes). We need to convert [] to ["1.1"]
in the ildap module before the request goes out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jan 21 03:29:23 UTC 2026 on atb-devel-224
|
|
The next patch will remove the data_blob_null global constant. The
APIs here are a bit weird in that they don't work fine with a NULL
pointer but require a reference to a NULL blob. But that's few enough
to add the special case in the callers.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Only used in this file and never modified
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
This test opens one file for each loop (for nprocs * qdepth loops)
and for each file it loops in write requests for the first
io_size bytes.
time smbtorture //127.0.0.1/m -Uroot%test smb2.bench.write \
--option="torture:timelimit=600" \
--option="torture:nprocs=1" \
--option="torture:qdepth=4" \
--option="torture:io_size=4096"
In order to generate constant load for profiles
--option="torture:looplimit=150000" can be used to stop
after the given number of loops before the timelimit hits.
Sometimes the bottleneck is the smbtorture process.
In order to bring the smbd process to 100% cpu, you can use
'--option="libsmb:client_guid=6112f7d3-9528-4a2a-8861-0ca129aae6c4"'
and run multiple instances of the test at the same time,
which both talk to the same smbd process.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 16 16:50:46 UTC 2026 on atb-devel-224
|
|
is needed
This makes it easier to analyze wireshark traces,
it will be important for smbdirect over roce, as
wireshark has some problems there.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
We left basically the Channel value of the SMB2 write with a high chance
of being non 0, which means the server should reject the request
as rdma offload is not used.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
fix cppcheck
source4/client/http_test.c:85:3: style: Non-boolean value returned from
function returning bool [returnNonBoolInBooleanFunction]
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15924
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
The combination of the server 'require canonicalization' option with a
lack of a 'canonicalize' flag from the client will result in AS_REPs
with PRINCIPAL UNKNOWN.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
The client doesn't request canonicalization here, so we always expect
its AS_REP to be C_PRINCIPAL_UNKNOWN.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
The smb.conf option
kdc name match implicit dollar without canonicalization = no
is supposed to avoid the dollar ticket attack by refusing to consider
"foo$" as a match for "foo" unless canonicalization is requested.
This was rather blunt however, as the only time we care about this is for
the client name in an AS_REQ, and we can easily check whether that is the
case.
This makes the option less intrusive, allowing the use of "SERVER" for a
server name rather than "SERVER$". A number of tests no longer fail.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
for Heimdal
Adjust tests to match the new behaviour.
The implementation is simply to set a flag that is already present
in upstream Heimdal.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
These should always be an empty list.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
This test was supposed to corrupt the KDC signature and ensure that PAC
verification failed, but it corrupted a harmless padding byte instead. However,
PAC verification still failed as expected because the principal remained
corrupted from the previous test.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
|
|
Resets are unwilling, not constrained.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
As always, a reset returns UNWILLING_TO_PERFORM even though it is
pretending to be a change due to the control.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12020
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
|
