summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* tests/dns: Add additional testing of CNAME handlingGarming Sam2016-05-031-0/+1
| | | | | | | | | | | RFC 1034, for instance, describes that all intermediate CNAMEs should be returned. As it is, CNAME do not return all found intermediate results in the case of straightforward failure. It should be noted that in the case of forwarding success, ALL intermediate paths are returned, including the failure ones. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/dns_forwarder: Add testing for DNS forwardingGarming Sam2016-05-033-1/+10
| | | | | | | | | | | The new tests show that single and multiple forwarders work as expected. They also describe the behaviour encountered when the DNS server encounters a CNAME from a forwarded request (which is not to pursue any further). Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Remove an early return in the fl2003dc provisionGarming Sam2016-05-031-2/+0
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testsuit/manage-ca.sh: specify key size in CSRsBjörn Jacke2016-04-281-2/+2
| | | | | | | specifying the key size is required by some openssl versions Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSPStefan Metzmacher2016-04-281-1/+5
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest:Samba4: let fl2000dc use Windows2000 supported_enctypesStefan Metzmacher2016-04-282-0/+16
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dcStefan Metzmacher2016-04-281-0/+14
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:rpc_server: no authentication is indicated by ↵Stefan Metzmacher2016-04-121-4/+0
| | | | | | | | | | | pkt->auth_length == 0 pkt->u.*.auth_info.length is not the correct thing to check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2015-5370: s4:librpc/rpc: avoid using dcecli_security->auth_info and use ↵Stefan Metzmacher2016-04-121-0/+4
| | | | | | | | | | | | | | | | | | | | per request values We now avoid reusing the same auth_info structure for incoming and outgoing values. We need to make sure that the remote server doesn't overwrite our own values. This will trigger some failures with our currently broken server, which will be fixed in the next commits. The broken server requires an dcerpc_auth structure with no credentials in order to do an alter_context request that just creates a presentation context without doing authentication. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2118: s3:rpc_server/{samr,lsa,netlogon}: reject ↵Stefan Metzmacher2016-04-121-0/+4
| | | | | | | | | | | | | DCERPC_AUTH_LEVEL_CONNECT by default This prevents man in the middle downgrade attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Pair-Programmed-With: Günther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org>
* CVE-2016-2118: s4:rpc_server/samr: reject DCERPC_AUTH_LEVEL_CONNECT by defaultStefan Metzmacher2016-04-121-0/+2
| | | | | | | | | This prevents man in the middle downgrade attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2118: s4:rpc_server/drsuapi: require DCERPC_AUTH_LEVEL_PRIVACYStefan Metzmacher2016-04-121-0/+2
| | | | | | | | | This matches windows and prevents man in the middle downgrade attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2113: selftest: use "tls verify peer = no_check"Stefan Metzmacher2016-04-122-0/+2
| | | | | | | | | Individual tests will check the more secure values. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2113: selftest: test all "tls verify peer" combinations with ldapsStefan Metzmacher2016-04-121-0/+10
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2112: s4:selftest: run some ldap test against ad_dc_ntvfs, ↵Stefan Metzmacher2016-04-121-0/+6
| | | | | | | | | | | | fl2008r2dc and fl2003dc We want to test against all "ldap server require strong auth" combinations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2112: selftest: servers with explicit "ldap server require strong ↵Stefan Metzmacher2016-04-121-2/+6
| | | | | | | | | | | | | | auth" options The default is "ldap server require strong auth = yes", ad_dc_ntvfs uses "ldap server require strong auth = allow_sasl_over_tls", fl2008r2dc uses "ldap server require strong auth = no". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* CVE-2016-2111: selftest:Samba3: use "raw NTLMv2 auth = yes" for nt4_dcStefan Metzmacher2016-04-121-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* Revert "selftest: dbcheck should not be marked flapping"Stefan Metzmacher2016-04-121-0/+1
| | | | This reverts commit a7b242aa61429fc41449d2d8f3f96d3b76ff12a1.
* selftest: Load time_audit and full_auditChristof Schmitt2016-04-061-1/+1
| | | | | | | This triggers the check for missing VFS functions in these modules. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest/Samba3: use the correct "SELFTEST_WINBINDD_SOCKET_DIR" for "net join"Stefan Metzmacher2016-03-242-7/+3
| | | | | | | | | | | | This avoids picking up a gid from the DC's winbind when creating BUILTIN\Administrators Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Mar 24 22:15:44 CET 2016 on sn-devel-144
* seltest: add test for "ignore system acls" in vfs_acl_xattr.Uri Simchoni2016-03-242-0/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806 Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add durable-v2-open.reopen1a-leaseMichael Adam2016-03-221-0/+1
| | | | | | | | | | | Lease variant of the reopen1a test which tests the relevance of the client guid. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Mar 22 03:47:02 CET 2016 on sn-devel-144
* torture:smb2: add durable-open.reopen1a-leaseMichael Adam2016-03-221-0/+1
| | | | | | | | Lease variant of the reopen1a test which tests the relevance of the client guid. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add test for checking sequence number wrap around.Günther Deschner2016-03-221-0/+1
| | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: setup information of new samba.example.com CA in the client ↵Stefan Metzmacher2016-03-171-0/+39
| | | | | | | environment Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: set tls crlfile if it existStefan Metzmacher2016-03-171-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: use Samba::prepare_keyblobs() and use the certs from the new CAStefan Metzmacher2016-03-171-215/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: add Samba::prepare_keyblobs() helper functionStefan Metzmacher2016-03-171-0/+105
| | | | | | | | This copies the certificates from the samba.example.com CA if they exist. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: mark commands in manage-CA-samba.example.com.sh as DONEStefan Metzmacher2016-03-171-7/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: add CA-samba.example.com binary files (currently unused by Samba)Stefan Metzmacher2016-03-179-0/+0
| | | | | | | This patch can be skipped, when it causes problems with tools like 'patch'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: add CA-samba.example.com (non-binary) filesStefan Metzmacher2016-03-1745-0/+3264
| | | | | | | | The binary files will follow in the next, this allows the next commit to be skipped as the binary files are not used by samba yet. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: add config and script to create a samba.example.com CAStefan Metzmacher2016-03-172-0/+39
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: add some helper scripts to mange a CAStefan Metzmacher2016-03-176-0/+697
| | | | | | | | This is partly based on the SmartCard HowTo from: https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: s!addc.samba.example.com!addom.samba.example.com!Stefan Metzmacher2016-03-171-1/+1
| | | | | | | | | | | It's confusing to have addc.samba.example.com as domain name and addc.addc.samba.example.com as hostname. We now have addom.samba.example.com as domain name and addc.addom.samba.example.com as hostname. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* selftest: mark samba4.winbind.struct.domain_info.ad_member as flappingStefan Metzmacher2016-03-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | See https://lists.samba.org/archive/samba-technical/2016-March/112861.html found 517 lines matching '^UNEXPECTED' in 641 files matching 'samba.stdout$' 175 UNEXPECTED(failure): samba4.winbind.struct.domain_info(ad_member:local) 19 UNEXPECTED(failure): samba4.winbind.struct.domain_info(s3member:local) 12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_encrypt_decrypt_wrong_key(ad_dc_ntvfs) 12 UNEXPECTED(failure): samba4.drs.delete_object.python(promoted_dc).delete_object.DrsDeleteObjectTestCase.test_ReplicateDeletedObject1(promoted_dc) 12 UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_ntvfs) 11 UNEXPECTED(failure): samba4.ldap.notification.python(ad_dc_ntvfs).__main__.LDAPNotificationTest.test_max_search(ad_dc_ntvfs) We'll see if we also need to add samba4.winbind.struct.domain_info.s3member before we're able to identify and fix the problem. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 12 02:14:39 CET 2016 on sn-devel-144
* s4:librpc/rpc: dcerpc_generic_session_key() should only be available on ↵Stefan Metzmacher2016-03-101-0/+4
| | | | | | | | local transports Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2016-0771: tests: rename test getopt to get_optGarming Sam2016-03-101-1/+1
| | | | | | | | | | | | This avoids any conflicts in this directory with the original toplevel getopt. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128 BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-EA test.Jeremy Allison2016-03-101-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* CVE-2015-7560: s3: torture3: Add new POSIX-SYMLINK-ACL test.Jeremy Allison2016-03-101-0/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* Add python server sort testsDouglas Bagnall2016-03-091-0/+5
| | | | | | | | | | | The tests are repeated twice: once properly with complex Unicode strings, and again in a simplified ASCII subset. We only expect Samba to pass the simplified version. The hard tests are aspirational and show what Active Directory does. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Allow 4 hours for the test to run (ouch!)Andrew Bartlett2016-03-081-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: dbcheck should not be marked flappingAndrew Bartlett2016-03-081-1/+0
| | | | | | | | The primary cause of the flapping was due to the objectclass sort routine being non-deterministic. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* smbd:smb2: implement create replayMichael Adam2016-03-031-10/+0
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add smb2.replay.replay-dhv2-lease3Michael Adam2016-03-031-0/+1
| | | | | | | | create with a lease, and replay with lease with a different lease key. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add smb2.replay.replay-oplock-leaseMichael Adam2016-03-031-0/+1
| | | | | | | create with an oplock, and replay with a lease. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add smb2.replay.replay-dhv2-lease-oplockMichael Adam2016-03-031-0/+1
| | | | | | | Open with a lease and replay with an oplock. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add smb2.replay.replay-dhv2-lease2Michael Adam2016-03-031-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: add smb2.replay.replay-dhv2-lease1Michael Adam2016-03-031-0/+1
| | | | | | | | This is a variant of the replay-dhv2-oplock1 test for leases instead of for oplocks. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: split rename2 into multiple tests and extend theseMichael Adam2016-03-031-1/+4
| | | | | | | | | | - replay-regular - replay-dhv2-oplock1 - replay-dhv2-oplock2 - replay-dhv2-oplock3 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* torture:smb2: rename replay1 -> replay-commandsMichael Adam2016-03-031-1/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status