diff options
| author | Stefan Metzmacher <metze@samba.org> | 2022-03-09 12:53:18 +0100 |
|---|---|---|
| committer | Jule Anger <janger@samba.org> | 2022-03-14 14:27:13 +0000 |
| commit | e6196c456c1d9635376fcc5565b9f67e2e7cf65a (patch) | |
| tree | 6a977354bcf4d7486fd345e1c3ef7b259295f25b | |
| parent | 4643536739464a1f1c49ca780ae34a1c8f6df360 (diff) | |
| download | samba-e6196c456c1d9635376fcc5565b9f67e2e7cf65a.tar.gz | |
selftest: use 'kdc enable fast = no' for fl2000 fl2003
This makes sure we still run tests against KDCs without FAST support
and it already found a few regressions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15002
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15005
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
(cherry picked from commit f1a71e24864367a55a30813dd642e7ef392b5ac9)
| -rw-r--r-- | selftest/knownfail.d/broken.no-fast | 32 | ||||
| -rwxr-xr-x | selftest/target/Samba4.pm | 2 | ||||
| -rwxr-xr-x | source4/selftest/tests.py | 5 |
3 files changed, 38 insertions, 1 deletions
diff --git a/selftest/knownfail.d/broken.no-fast b/selftest/knownfail.d/broken.no-fast new file mode 100644 index 00000000000..a337cacee8b --- /dev/null +++ b/selftest/knownfail.d/broken.no-fast @@ -0,0 +1,32 @@ +^samba4.rpc.pac.on.ncacn_np.netr-bdc-arcfour.s4u2self-arcfour.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-bcd-aes.s4u2self-aes.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-arcfour.s4u2self-arcfour.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-aes.s4u2self-aes.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2000dc +^samba4.rpc.pac.on.ncacn_np.netr-bdc-arcfour.s4u2self-arcfour.fl2003dc +^samba4.rpc.pac.on.ncacn_np.netr-bcd-aes.s4u2self-aes.fl2003dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-arcfour.s4u2self-arcfour.fl2003dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-aes.s4u2self-aes.fl2003dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-arcfour.s4u2proxy-arcfour.fl2003dc +^samba4.rpc.pac.on.ncacn_np.netr-mem-aes.s4u2proxy-aes.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.kerberos.ccache.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.lowercase.realm.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.lowercase.realm.2.fl2003dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2000dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2000dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.ccache.fl2000dc +^samba4.blackbox.kinit_trust.Test.login.with.kerberos.ccache.fl2000dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.lowercase.realm.fl2000dc +^samba4.blackbox.kinit_trust.Test.login.with.user.kerberos.lowercase.realm.2.fl2000dc +^samba4.blackbox.trust_token.Test.token.with.kerberos.fl2003dc +^samba4.blackbox.trust_token.Test.token.with.kerberos.fl2000dc +^samba3.wbinfo_simple.trust:--krb5auth=ADDOM.SAMBA.EXAMPLE.COM/Administrator%locDCpass1.wbinfo.ad_member_oneway +^samba3.wbinfo_simple.trust:--krb5auth=ADDOMAIN/Administrator%locDCpass1.wbinfo.ad_member_oneway +^samba3.wbinfo_simple.trust:--krb5auth=ADDOM.SAMBA.EXAMPLE.COM/Administrator%locDCpass1.wbinfo.fl2000dc +^samba3.wbinfo_simple.trust:--krb5auth=ADDOMAIN/Administrator%locDCpass1.wbinfo.fl2000dc +^samba3.wbinfo_simple.trust:--krb5auth=ADDOM.SAMBA.EXAMPLE.COM/Administrator%locDCpass1.wbinfo.fl2003dc +^samba3.wbinfo_simple.trust:--krb5auth=ADDOMAIN/Administrator%locDCpass1.wbinfo.fl2003dc diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm index da6b2de488b..4c263f55de4 100755 --- a/selftest/target/Samba4.pm +++ b/selftest/target/Samba4.pm @@ -1655,6 +1655,7 @@ sub provision_fl2000dc($$) print "PROVISIONING DC WITH FOREST LEVEL 2000...\n"; my $extra_conf_options = " + kdc enable fast = no spnego:simulate_w2k=yes ntlmssp_server:force_old_spnego=yes "; @@ -1698,6 +1699,7 @@ sub provision_fl2003dc($$$) print "PROVISIONING DC WITH FOREST LEVEL 2003...\n"; my $extra_conf_options = "allow dns updates = nonsecure and secure + kdc enable fast = no dcesrv:header signing = no dcesrv:max auth states = 0 dns forwarder = $ip_addr1 [$ip_addr2]:54"; diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 829eda82979..a7572b53cad 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -1666,12 +1666,15 @@ plansmbtorture4testsuite('krb5.kdc', env, ['ncacn_np:$SERVER_IP', "-k", "yes", ' '--option=torture:krb5-service=http'], "samba4.krb5.kdc with account having identical UPN and SPN") for env in ["fl2008r2dc", "fl2003dc"]: + fast_support = have_fast_support + if env in ["fl2003dc"]: + fast_support = 0 planoldpythontestsuite(env, "samba.tests.krb5.as_req_tests", environ={ 'ADMIN_USERNAME': '$USERNAME', 'ADMIN_PASSWORD': '$PASSWORD', 'STRICT_CHECKING': '0', - 'FAST_SUPPORT': have_fast_support, + 'FAST_SUPPORT': fast_support, 'TKT_SIG_SUPPORT': tkt_sig_support, 'EXPECT_PAC': expect_pac, 'EXPECT_EXTRA_PAC_BUFFERS': extra_pac_buffers, |