summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* idmap: In _wbint_Sids2UnixIDs, pass back what we haveVolker Lendecke2019-01-081-1/+0
| | | | | | | | | | | SOME_UNMAPPED does not mean that nothing worthwhile is in here. We need to pass what we have. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jan 8 13:15:35 CET 2019 on sn-devel-144
* selftest: Test sids-to-xids with one failing sidVolker Lendecke2019-01-081-0/+1
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:pylibsmb: Add .savefile() API to SMB py bindingsTim Beale2019-01-071-2/+0
| | | | | | | | | | | | | | | | | | This provides a simple API for writing a file's contents and makes the s3 API consistent with the s4 API. All the async APIs here support SMBv2 so we don't need to use the sync APIs at all. Note that we have the choice here of using either cli_write_send() or cli_push_send(). I chose the latter, because that's what smbclient uses. It also appears to handle writing a large file better (i.e. one that exceeds the max write size of the underlying connection). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* py:dcerpc/tests: rename dcerpc/string.py -> string_tests.pyStefan Metzmacher2018-12-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise it's not possible to run the raw_protocol tests anymore: python/samba/tests/dcerpc/raw_protocol.py Traceback (most recent call last): File "python/samba/tests/dcerpc/raw_protocol.py", line 26, in <module> import samba.dcerpc.dcerpc as dcerpc File "bin/python/samba/__init__.py", line 32, in <module> from samba.compat import string_types File "bin/python/samba/compat.py", line 151, in <module> from urllib import quote as urllib_quote File "/usr/lib/python2.7/urllib.py", line 25, in <module> import string File "/abs/path/samba/python/samba/tests/dcerpc/string.py", line 22, in <module> # Some strings for ctype-style character classification File "bin/python/samba/tests/__init__.py", line 36, in <module> from samba.compat import text_type ImportError: cannot import name text_type This allows the following again: SMB_CONF_PATH=/dev/null \ SERVER=172.31.9.188 \ TARGET_HOSTNAME=w2012r2-188.w2012r2-l6.base \ USERNAME=administrator \ PASSWORD=A1b2C3d4 \ DOMAIN=W2012R2-L6 \ REALM=W2012R2-L6.BASE \ python/samba/tests/dcerpc/raw_protocol.py -v -f TestDCERPC_BIND BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* paged results: testing suite for new paged results moduleAaron Haslett2018-12-211-0/+1
| | | | | | | | | | | Testing the new GUID list based paged results module Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Dec 21 11:10:30 CET 2018 on sn-devel-144
* vlv: tests for delete, add, and modify casesAaron Haslett2018-12-211-0/+1
| | | | | | | | | More vlv testing for cases involving modifying, deleting, and adding records while observing the effect on already initialised views. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: treating fully qualified and unqualified zone as identical.Aaron Haslett2018-12-201-1/+1
| | | | | | | | | | | | | "zone.com." and "zone.com" should be treated as the same zone. This patch picks the unqualified representation as standard and enforces it, in order to match BIND9 behaviour. Note: This fixes the failing test added previously, but that test still fails on the rodc test target so we modify the expected failure but don't remove it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13442 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dns: test for treating fully qualified zones same as unqualifiedAaron Haslett2018-12-201-0/+1
| | | | | | | | | | Failing test that checks if fully qualified zone names are treated the same as unqualified zone names by the dns zone creation RPC method. Fix to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13214 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Create included files during provisionSamuel Cabrero2018-12-191-2/+16
| | | | | | | | | | Files included from smb.conf have to exists, otherwise python fails to load the configuration. Found while trying to run a python test before samba3.blackbox.smbd_error creates the included file. Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Noel Power <npower@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 messaging: Add support for smbcontrol sleepGary Lockyer2018-12-191-2/+0
| | | | | | | | | | Add a sleep command that pauses the target process for the specified number of seconds This command is only enabled on developer and self test builds. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 messaging tests: Tests for smbcontrol sleep commandGary Lockyer2018-12-191-0/+2
| | | | | | | | | | Add a sleep command that pauses the target process for the specified number seconds This command is only enabled on developer and self test builds. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 messaging: support smbcontrol inject fault commandGary Lockyer2018-12-191-2/+0
| | | | | | | | | | Add support of the smbcontrol inject fault command to the samba daemon. This is useful for manual testing of process restart etc. command is only enabled for developer and self test builds Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 messaging tests: Add inject fault commandGary Lockyer2018-12-191-0/+2
| | | | | | | | Test for processing of the smbcontrol inject fault message in the samba daemon. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* PY3: change shebang to python3 in misc dirsJoe Guo2018-12-143-3/+3
| | | | | | | | Signed-off-by: Joe Guo <joeg@catalyst.net.nz> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Fri Dec 14 18:00:40 CET 2018 on sn-devel-144
* selftest/knownfail.d/smb: avoid explicit python versionStefan Metzmacher2018-12-141-2/+1
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=7113 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11892 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Tim Beale <timbeale@samba.org> Autobuild-User(master): Tim Beale <timbeale@samba.org> Autobuild-Date(master): Fri Dec 14 00:49:31 CET 2018 on sn-devel-144
* s4:torture/smb2/session: Fix expire testsJustin Stephenson2018-12-121-0/+3
| | | | | | | | | | | | | | | | | | | | When run with MIT kerberos, the smb2 session expire tests fail when run against the ad_member test environment. The krb5 library initializes values from the private krb5.conf profile st/ad_member/lockdir/smb_krb5/krb5.conf.ADDOMAIN, this file does not contain a defined clockskew setting. The expire tests require a low clockskew value that is set in st/ad_member/lib/krb5.conf. This patch disables the creation of the private krb5.conf for the ad_member_idmap_rid testenv, and runs the smb2.session tests against ad_member_idmap_rid instead of ad_member. Signed-off-by: Justin Stephenson <jstephen@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Dec 12 12:51:24 CET 2018 on sn-devel-144
* tests: Extend SMB test_save_load_text case to check overwriteTim Beale2018-12-121-0/+3
| | | | | | | | | | | | | | Extend the test case to check overwriting a file as well. Currently this has the behaviour of appending to the existing file, rather than overwriting the file with new contents. It's not clear from the API that this is the intended behaviour in this case, so I've marked it as a failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest/flapping.d: Add python2 versions for flapping testsNoel Power2018-12-102-0/+2
| | | | | | | | | | | | | Post build & test running under python3 we now run with '--extra-python=/usr/bin/python2', these tests will get python2 appended to the test name so we need also to create new flapping*/* entries for these. We will keep the python3 versions in case we create some CI job(s) with PYTHON=python configure.developer --extra-python=/usr/bin/python3 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest/knownfail: Add python2 version of known failsNoel Power2018-12-106-0/+24
| | | | | | | | | | | | | Post build & test running under python3 we now run with '--extra-python=/usr/bin/python2', these tests will get python2 appended to the test name so we need also to create new knownfails for these. We will keep the python3 versions in case we create (and we probably should) some CI job(s) with PYTHON=python configure.developer --extra-python=/usr/bin/python3 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: don't hardcode '.python3' for extra-python testsNoel Power2018-12-101-1/+2
| | | | | | | | Instead of hardcoding '.python3' we now hardcode the extra python exe (which will be python2 for a default python3 build) Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Always set PYTHON to something sensible (if it isn't set)Noel Power2018-12-101-0/+15
| | | | | | | | | | | | | | | | Lots of test scripts need to run with the correct version of python. With the correct shebang the script should run with the correct version, the problem is that not all scripts are part of the installation, some scripts are part of the source code, and the shebang is not dynamically generated as yet. It is safer if we are somewhat version neutral at the moment and ignore the shebang and always run scripts from the test environment with the python version (determined by PYTHON env variable) If this env variable isn't set then set it according to the python version that is running the tests Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* PY3: wrap filter calls with list where list is expectedNoel Power2018-12-101-1/+1
| | | | | | | filter in PY2 returns list in PY3 it returns an iterator Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* ldb: complex expression testingAaron Haslett2018-12-071-0/+4
| | | | | | | | | | | | | Tests that prepare complex ldap expressions and equivalent python expressions, then compare the results of the two. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Dec 7 07:07:08 CET 2018 on sn-devel-144
* selftest: Don't run KCC on backup testenvs (to avoid flappiness)Tim Beale2018-12-061-1/+3
| | | | | | | | | | | | | | | | | | | | KCC onthe backup domain (i.e. backupfromdc, restoredc, offlinebackupdc) can establish new connections for replication. Depending on timing, this can cause the join_ldapcmp test to fail, because there's an extra object under the NTDS Settings, at the point the ldapcmp is done. We don't need any replication to happen on the backup domain. The backup/restore workflow in the real world should mean that the restored DC is never run in the same network as the original DC. This patch updates the default KCC command for the backup testenvs to be a no-op, so the DCs won't create new connection objects. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Dec 6 12:03:53 CET 2018 on sn-devel-144
* winbindd: Route predefined domains through the BUILTIN domain childRalph Boehme2018-12-051-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Without this eg "NT Authority" didn't work: $ bin/wbinfo -n "NT Authority/Authenticated Users" failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority/Authenticated Users $ bin/wbinfo --group-info="NT Authority/Authenticated Users" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group NT Authority/Authenticated Users With the patch: $ bin/wbinfo -n "NT Authority/Authenticated Users" S-1-5-11 SID_WKN_GROUP (5) $ bin/wbinfo --group-info="NT Authority/Authenticated Users" NT AUTHORITY\authenticated users:x:10002: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144
* selftest: test wbinfo -n and --gid-info with "NT Authority"Ralph Boehme2018-12-051-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:tests: Add test for checking that root is not allowed as home dirAndreas Schneider2018-12-051-1/+5
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Dec 5 05:22:43 CET 2018 on sn-devel-144
* s3:tests: Test for users connecting to their 'homes' shareAndreas Schneider2018-12-051-0/+4
| | | | | | | | | This adds a test for CVE-2009-2813. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* selftest: Add gooduser and eviluser to Samba3Andreas Schneider2018-12-051-1/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13699 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2018-14629 dns: fix CNAME loop prevention using counter regressionStefan Metzmacher2018-12-041-6/+0
| | | | | | | | | | | | | | | The loop prevention should only be done for CNAME records! Otherwise we truncate the answer records for A, AAAA or SRV queries, which is a bad idea if you have more than 20 DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144
* CVE-2018-14629: Tests to expose regression from dns cname loop fixAaron Haslett2018-12-041-2/+18
| | | | | | | | | | These tests expose the regression described by Stefan Metzmacher in discussion on the bugzilla paged linked below. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4 smdb standard: Limit processes forked on accept.Gary Lockyer2018-11-301-1/+0
| | | | | | | | | | | | Limit the number of processes started by the standard model on accept. For those services that support fork on accept, the standard model forks a new process for each new connection. This patch limits the number of processes to the value specified in 'max smbd processes', a value of zero indicates that there is no limit on the number of processes that can be forked. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4 smbd standard tests: limit forked processesGary Lockyer2018-11-304-0/+48
| | | | | | | | Tests to confirm the standard process model honours the smbd.conf variable "max smbd processes", when forking a new process on accept. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOsTim Beale2018-11-281-2/+0
| | | | | | | | | | Fix a remaining place where we were trying to read the msDS-LockoutObservationWindow as an int instead of an int64. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit intTim Beale2018-11-281-2/+0
| | | | | | | | | | | | | | | | | Commit 442a38c918ae1666b35 refactored some code into a new get_lockout_observation_window() function. However, in moving the code, an ldb_msg_find_attr_as_int64() inadvertently got converted to a ldb_msg_find_attr_as_int(). ldb_msg_find_attr_as_int() will only work for values up to -2147483648 (about 3.5 minutes in MS timestamp form). Unfortunately, the automated tests used a low enough timeout that they still worked, however, password lockout would not work with the Samba default settings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16857 tests: Sanity-check password lockout works with default valuesTim Beale2018-11-281-0/+4
| | | | | | | | | | | | | | | | Sanity-check that when we use the default lockOutObservationWindow that user lockout actually works. The easiest way to do this is to reuse the _test_login_lockout() test-case, but stop at the point where we wait for the lockout duration to expire (because we don't want the test to wait 30 mins). This highlights a problem currently where the default values don't work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctlyGary Lockyer2018-11-281-4/+0
| | | | | | | | | | | | | | | Fixes for Bug 13669 - (CVE-2018-16852) NULL pointer de-reference in Samba AD DC DNS management The presence of the ZONE_MASTER_SERVERS property or the ZONE_SCAVENGING_SERVERS property in a zone record causes the server to follow a null pointer and terminate. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-16852 dcerpc dnsserver: Verification testsGary Lockyer2018-11-281-0/+4
| | | | | | | | | | | | | | | Tests to verify Bug 13669 - (CVE-2018-16852) NULL pointer de-reference in Samba AD DC DNS management The presence of the ZONE_MASTER_SERVERS property or the ZONE_SCAVENGING_SERVERS property in a zone record causes the server to follow a null pointer and terminate. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13669 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-14629 dns: CNAME loop prevention using counterAaron Haslett2018-11-281-0/+6
| | | | | | | | | | | Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* dns: prevent self-referencing CNAMEAaron Haslett2018-11-281-0/+1
| | | | | | | | | | | Stops the user from adding a self-referencing CNAME over RPC, which is an easy mistake to make with samba-tool. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* vfs_shadow_copy2: in fstat also convert fsp->fsp_name and ↵Ralph Boehme2018-11-271-1/+0
| | | | | | | | | | | | fsp->base_fsp->fsp_name Stacked VFS modules might use the file name, not the file handle. Looking at you, vfs_fruit... Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:selftest: add a VSS test reading a streamRalph Boehme2018-11-272-1/+2
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs_shadow_copy2: nicely deal with attempts to open previous version for writingRalph Boehme2018-11-271-1/+0
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:script/tests: add a test for VSS write behaviourRalph Boehme2018-11-272-0/+10
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests: Run backup tests against restoredc (SMBv1 disabled)Tim Beale2018-11-271-0/+12
| | | | | | | | | | | | | | | | | Running the backup tests against the restoredc highlights that the backup online/rename commands don't work if SMBv1 is disabled. Note that the offline commands still work because they don't rely on an SMB connection to the server. (Note that running the backup tests against the restoredc is probably a good idea anyway, to prove that there's no limit to the number of times you can restore a domain from backup, i.e. we support more than just a one-off restore). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Designate one testenv as having SMBv1 disabledTim Beale2018-11-272-6/+15
| | | | | | | | | | | | | | | | | | | We recommend users disable SMBv1 to avoid potential security holes. However, none of the AD DC testenvs have SMBv1 disabled. This patch disables SMBv1 on an arbitrarily-chosen testenv (restoredc). I chose restoredc as we'll want to run the backup tool tests against this target, and it might be useful to check we can backup a DC if it's already been restored once. Note that SMBv2 doesn't support POSIX extensions (only SMBv1 does), which is why we haven't just disabled SMBv1 on *all* testenvs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Make testenv NTVFS usage match --use-ntvfsTim Beale2018-11-271-2/+18
| | | | | | | | | | | | | | | | | | | | | | | | Regardless of whether the testenv uses --use-ntvfs as part of its provision options, the s4 testenvs all default to using the NTVFS file server. It's not particularly obvious that this is happening. The new restore DCS (restoredc, renamedc, labdc) were all using NTVFS unintentionally. The problem is the s4 testenvs default to using services '-s3fs +smb". provision_ad_dc() explicitly overrides this to use s3fs again (technically it ends up with both in its smb.conf and just uses whatever comes last). This patch changes the testenv setup to check for the presence of the '--use-ntvfs' option and to set the 'server services' config option appropriately. This way, the provision command and the smb.conf options should always line up, with respect to NTVFS. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Make chgdcpass's NTVFS usage more obviousTim Beale2018-11-271-1/+1
| | | | | | | | | | | | | | | | | The chgdcpass testenv was not passing --use-ntvfs to the provision command, but it was still actually using NTVFS. The reason is the smb.conf generated by provision_raw_step1() would always try to use the s4/NTVFS file server. Because the smb.conf already existed, this trumped what was passed to the provision command. This patch doesn't change the chgdcpass file server. It just makes it more obvious that chgdcpass is using NTVFS. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Be explicit about which testenvs use ntvfsTim Beale2018-11-271-8/+13
| | | | | | | | | | | | | | | | If a testenv didn't specify any other provision arguments, then it defaulted to using the NTVFS file server. This patch makes it explicit, so we just pass through "--use-ntvfs" as extra provision args in the cases we want. (Whether all these testenvs really need to use NTVFS or not is another question, but at least now it's easy to see which testenvs use it). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* source4 smbd prefork: Cleanup messaging on restartGary Lockyer2018-11-231-8/+0
| | | | | | | Clean up names registered in messaging for a terminated process. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status