summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* selftest: Add test for password change when NTLM is disabledTim Beale2017-08-161-0/+2
| | | | | | | | | | | | | | | | | | | | | When NTLM is disabled, the server should reject NTLM-based password changes. Changing the password is a bit complicated from python, but because the server should reject the password change outright with NTLM_BLOCKED, the test doesn't actually need to provide valid credentials. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144 (cherry picked from commit 4e04f025a0665e2573bdd92efe9ba5aa9dcd82d7) Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-7-test): Wed Aug 16 13:03:26 CEST 2017 on sn-devel-144
* s4-dsdb/netlogon: allow missing ntver in cldap pingArvid Requate2017-08-011-1/+0
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392 Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)
* s4:torture/ldap: Test netlogon without NtVerArvid Requate2017-08-011-0/+1
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392 Signed-off-by: Arvid Requate <requate@univention.de> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)
* selftest: Make --include-env and --exclude-env use the base env nameAndrew Bartlett2017-07-311-3/+3
| | | | | | | | | | | | | | | | | | | | | | The code as deployed would have required (eg) '--include-env=ktest --include-env=ktest:local' which was not done in autobuild, causing tests to be skipped. This patch restores the intended behaviour. This causes 33 testsuites to run, one more test (the newly added samba.tests.ntlmauth) than the old regex provided (before 602772159dfd1213385f42ecbf31136f57693b63). (The regression dropped us down to matching only 7 tests). BUG: https://bugzilla.samba.org/show_bug.cgi?id=12922 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Jul 24 03:33:01 CEST 2017 on sn-devel-144 (cherry picked from commit 61455ad82e293df4a094204fdf28162baad686ae)
* source4 netlogon: Add authentication logging for ServerAuthenticate3Gary Lockyer2017-07-311-8/+0
| | | | | | | | | | | | Log NETLOGON authentication activity by instrumenting the netr_ServerAuthenticate3 processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit efc335a03062740f51a6edd09d765a8b77e239c5)
* tests auth_log: Add new tests for NETLOGONGary Lockyer2017-07-311-0/+8
| | | | | | | | | | | | | | Tests for the logging of NETLOGON authentications in the netr_ServerAuthenticate3 message processing Test code based on the existing auth_log tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit f3d3e6da5a42833b8de86e9b7c0aa1c56e1c4e80)
* samdb/cracknames: support user and service principal as desired formatBob Campbell2017-07-311-1/+0
| | | | | | | | | | | | | | | | | | This adds support for DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL and DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL as desired formats. This also causes the test in cracknames.py to no longer fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842 Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Jul 24 11:10:26 CEST 2017 on sn-devel-144 (cherry picked from commit eb2e77970e41c1cb62c041877565e939c78ff52d)
* python/tests: add python test for cracknamesBob Campbell2017-07-311-0/+1
| | | | | | | | | | | | | | This fails due the bug, which causes the related test in drsuapi_cracknames.c to flap. It also fails due to us not yet supporting DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL or DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842 Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> (cherry picked from commit 4779afe0d2dd14371b68e80f47d11942456bb365)
* selftest: Disable NTLM authentication in ktest environmentTim Beale2017-07-042-0/+6
| | | | | | | | | This allows us to prove that "ntlm auth = disabled" works Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
* selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only optionsAndrew Bartlett2017-07-042-0/+9
| | | | | | | This will allow the py_credentials test to tell if these are in use Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s3-rpc_server: Disable the NETLOGON server by defaultAndrew Bartlett2017-07-041-0/+4
| | | | | | | | | The NETLOGON server is only needed when the classic/NT4 DC is enabled and has been the source of security issues in the past. Therefore reduce the attack surface. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s4/torture: test fetching a resume key twiceRalph Boehme2017-07-031-0/+1
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3/vfs: make SMB_VFS_OFFLOAD_WRITE_SEND offload token basedRalph Boehme2017-07-031-2/+0
| | | | | | | | | | | | | Remove the source fsp argument and instead pass the offload token generated with SMB_VFS_OFFLOAD_READ_SEND/RECV. An actual offload fsctl is not implemented yet, neither in the VFS nor at the SMB ioctl layer, and returns NT_STATUS_NOT_IMPLEMENTED With these changes we now pass the copy-chunk-across-shares test. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4/torture: add a test for copy-chunk across sharesRalph Boehme2017-07-031-0/+2
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Bind rfc2307 tests to exactly one serverAndrew Bartlett2017-07-021-0/+2
| | | | | | | | | The tests make changes to the DC, do not wait for replication, then expect those to be reflected in the client. If they bind to another server this will not hold true. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Do not force run of kcc at start of selftestBob Campbell2017-07-021-52/+1
| | | | | | | | | | | This should help to avoid clashes between periodic and manual runs of the KCC during autobuild. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Teach the Samba partition module how to lock all the DB backendsAndrew Bartlett2017-07-021-5/+0
| | | | | | | | | | | The metadata partition (sam.ldb) lock is not enough to block another process in prepare_commit(), because prepare_commit() is a no-op, if nothing was changed in the specific backend. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add tests showing that the CN=CONFIGURATION partition is also lockedAndrew Bartlett2017-07-021-0/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dsdb: Add more locking more tests, confirming blocking locks in both directionsStefan Metzmacher2017-07-021-1/+3
| | | | | | | | | | | These extended tests allow us to show that a search (read) blocks a transaction commit (write), and that a transaction commit blocks a search. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add test showing a search can't start while a transaction is already ↵Andrew Bartlett2017-07-021-0/+1
| | | | | | | | | | repared in a backend partition Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Allow selftest.pl to run just some environmentsAndrew Bartlett2017-06-301-1/+33
| | | | | | | | This makes it easier to declare that some autobuild environments only run some selftest environments. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Do *NOT* flush the complete gencache!Andreas Schneider2017-06-281-1/+1
| | | | | | | | | | | | This removes *IMPORTANT* entries from the gencache winbindd creates on startup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12868 Pair-Programmed-With: Ralph Boehme <slow@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org>
* s3:selftest: run samba3.blackbox.inherit_owner tests with NT1 and SMB3Stefan Metzmacher2017-06-271-0/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:selftest: run samba3.blackbox.acl_xattr with NT1 and SMB3Stefan Metzmacher2017-06-271-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:selftest: also run test_smbclient_s3.sh with PROTO=SMB3Stefan Metzmacher2017-06-271-0/+1
| | | | | | | | This makes sure only the "creating a bad symlink and deleting it" is failing with -mSMB3. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest:Samba3: call "net primarytrust dumpinfo" setup_nt4_member() after ↵Stefan Metzmacher2017-06-271-0/+10
| | | | | | | | | | | | the join Here we check that we get 'REDACTED SECRET VALUES' printed, in order to avoid regression on the non '-f' behavior. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3:smbd: unimplement FSCTL_VALIDATE_NEGOTIATE_INFO with "server max protocol ↵Stefan Metzmacher2017-06-271-3/+0
| | | | | | | | | | | | | | | | | | | | | = SMB2_02" A client that supports SMB3 will do a signed FSCTL_VALIDATE_NEGOTIATE_INFO after a tree connect. This FSCTL_VALIDATE_NEGOTIATE_INFO call contains the client capabilities, client guid, security mode and the array of supported dialects. But if SMB 2.02 is negotiated the doesn't send these values to the server in the first connection attempt (when the client starts with a SMB1 Negotiate). Windows servers that only support SMB2 just return NT_STATUS_FILE_CLOSED as answer to FSCTL_VALIDATE_NEGOTIATE_INFO. We should do the same if we just pretend to support SMB 2.02, as SMB 2.10 always include an SMB2 Negotiate request we can leave it as is. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: run nt4_dc_schannel with 'server max protocol = SMB2_02'Stefan Metzmacher2017-06-272-0/+5
| | | | | | | | | | This reproduces the problem with trying to implement FSCTL_VALIDATE_NEGOTIATE_INFO as SMB2_02 server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12772 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* smbtorture: Add more tests around NETLOGON challenge reuseAndrew Bartlett2017-06-271-0/+4
| | | | | | | | | | | The existing tests did not actually demonstrate what they thought they did until the credential values were refreshed. The new test showed this, because Samba fails it (windows passes) due to the way we keep the last challenge on the connection. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:tests: Add blackbox test for 'net usershare'Andreas Schneider2017-06-271-0/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3:tests: Do not delete the contets of LOCAL_PATH with tarmode testAndreas Schneider2017-06-271-0/+3
| | | | | | | | | | | The test_smbclient_tarmode.pl test operates on $LOCAL_PATH by default and removes everything. So it deletes all precreated files and directories which the setup_fileserver() function initially set up. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12867 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3: smbd: fix regression with non-wide symlinks to directories over SMB3.Daniel Kobras2017-06-261-1/+0
| | | | | | | | | | | | | | | | | | The errno returned by open() is ambiguous when called with flags O_NOFOLLOW and O_DIRECTORY on a symlink. With ELOOP, we know for certain that we've tried to open a symlink. With ENOTDIR, we might have hit a symlink, and need to perform further checks to be sure. Adjust non_widelink_open() accordingly. This fixes a regression where symlinks to directories within the same share were no longer followed for some call paths on systems returning ENOTDIR in the above case. Also remove the knownfail added in previous commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860 Signed-off-by: Daniel Kobras <d.kobras@science-computing.de> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Add regression test for non-wide symlinks to directories fail over ↵Jeremy Allison2017-06-262-0/+9
| | | | | | | | | | | SMB3. Mark as knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12860 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* add provision performance testsDouglas Bagnall2017-06-231-0/+8
| | | | | | | Because making provision faster makes autobuild faster. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* perftest: add a new medley testDouglas Bagnall2017-06-231-0/+12
| | | | | | | | | | | | | | | | | | | | This is something of a rewrite of ad_dc_performance.py with more search tests and a rebalancing of others. For example, the users are added in three lots of 2000 using varying methods rather than 5 of 1000 using ldap, reducing duplication thus clarifying the results. Links are added in more realistic patterns with groups of varying size. To save time, the database is not cleaned up. Usually perftests are run with TESTS= restriction to a single suite, but in case this is not done, this suite is run last. The ad_dc_performance suite is not replaced so that comparisons with old test sequences are still possible. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-5/+0
| | | | | | | | | Add a String constructor, str and repr methods to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+5
| | | | | | | | | Tests for the String constructor, str and repr methods added to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Give tmux a bit of time to establishVolker Lendecke2017-06-211-0/+4
| | | | | | | | | | | | I've seen a lot of failures with make testenv telling that stdin returns EAGAIN. I haven't fully diagnosed it, but this seems to fix it. Now make testenv is much more reliable. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jun 21 03:14:17 CEST 2017 on sn-devel-144
* selftest: Use 'ad_dc' as the default for testenvAndreas Schneider2017-06-201-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Also wait for winbindd to startAndrew Bartlett2017-06-161-0/+22
| | | | | | | | | | | This ensures that the posixacl.py test does not race against winbindd starting up and so give wrong mappings BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Correctly print message when nbt is not up in 20 secondsAndrew Bartlett2017-06-161-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12843 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* replmd: check duplicate linked attributesDouglas Bagnall2017-06-151-5/+0
| | | | | | | | This is simple enough because we already have the sorted list. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb/tests/ldap: test single valued linked attributesDouglas Bagnall2017-06-151-0/+5
| | | | | | | This fails, so we add it to selftest/knownfail.d/ Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: pass the workgroup name to Samba3::provision()Stefan Metzmacher2017-06-141-13/+12
| | | | | | | | | | Not all environments should use the samba workgroup name. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 14 02:53:27 CEST 2017 on sn-devel-144
* selftest: don't use hardcoded domain names in Samba3::setup_admember()Stefan Metzmacher2017-06-131-7/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: test pam_winbind with a local user on ad_memberStefan Metzmacher2017-06-131-1/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: use "$DC_USERNAME" and "$DC_PASSWORD" for the pam_winbind testStefan Metzmacher2017-06-131-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* python/samba/tests: don't use hardcoded names in *pam_winbind* testsStefan Metzmacher2017-06-131-1/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* join.py Add DNS records at domain join timeAndrew Bartlett2017-06-112-12/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This avoids issues getting replication going after the DC first starts as the rest of the domain does not have to wait for samba_dnsupdate to run successfully We do not just run samba_dnsupdate as we want to strictly operate against the DC we just joined: - We do not want to query another DNS server - We do not want to obtain a Kerberos ticket for the new DC (as the KDC we select may not be the DC we just joined, and so may not be in sync with the password we just set) - We do not wish to set the _ldap records until we have started - We do not wish to use NTLM (the --use-samba-tool mode forces NTLM) The downside to using DCE/RPC rather than DNS is that these will be regarded as static entries, and (against windows) have a the ACL assigned for static entries. However this is still better than no DNS at all. Because some tests want a DNS record matching their own name this fixes some tests and removes entires from knownfail Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Jun 11 02:04:52 CEST 2017 on sn-devel-144
* selftest: Add test confirming join-created DNS entries can be modified as the DCAndrew Bartlett2017-06-101-1/+2
| | | | | | | This ensures that samba_dnsupdate can run in the long term against the new DNS entries Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
View Lorry Controller Status