summaryrefslogtreecommitdiff
path: root/selftest
Commit message (Collapse)AuthorAgeFilesLines
* auth:creds:tests: Migrate test to a cmocka unit testAndreas Schneider2020-11-031-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* selftest: Drop dummy environment variables for CTDB daemonsMartin Schwenke2020-11-021-8/+1
| | | | | | | | | | | | | This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to chown the socket. The chown is no longer done in test mode so remove this confusing hack. Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Amitay Isaacs <amitay@samba.org> Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
* python:tests: Add SAMR password change tests for fipsAndreas Schneider2020-10-291-1/+1
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Oct 29 15:41:37 UTC 2020 on sn-devel-184
* python:tests: Add SAMR password change tests for fipsAndreas Schneider2020-10-291-0/+2
| | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* s3: smbd: Ensure change notifies can't get set unless the directory handle ↵Jeremy Allison2020-10-291-2/+0
| | | | | | | | | | | | | | | is open for SEC_DIR_LIST. Remove knownfail entry. CVE-2020-14318 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Oct 29 11:47:35 UTC 2020 on sn-devel-184
* s4: torture: Add smb2.notify.handle-permissions test.Jeremy Allison2020-10-291-0/+2
| | | | | | | | | | Add knownfail entry. CVE-2020-14318 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14434 Signed-off-by: Jeremy Allison <jra@samba.org>
* selftest: remove POSIX test from planned tests for ad_dc_ntvfs environRalph Boehme2020-10-232-11/+2
| | | | | | | Just don't run the tests instead of retrofitting them to the skiplist. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:dsdb:acl_read: Implement "List Object" mode featureStefan Metzmacher2020-10-211-50/+0
| | | | | | | | | | | | | | | | | | | | | See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility I tried to avoid any possible overhead for the common cases: - SEC_ADS_LIST (List Children) is already granted by default - fDoListObject is off by default Overhead is only added if the administrator turned on the fDoListObject feature and removed SEC_ADS_LIST (List Children) from a parent object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
* s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECTStefan Metzmacher2020-10-211-104/+0
| | | | | | | | | | We may need to return child objects even if the base dn is invisible. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4:dsdb:tests: add AclVisibiltyTestsStefan Metzmacher2020-10-211-0/+154
| | | | | | | | | | | | | | | | | | | | | | | | | This tests a sorts of combinations in order to demonstrate the visibility of objects depending on: - with or without fDoListObject - with or without explicit DENY ACEs - A hierachy of objects with 4 levels from the base dn - SEC_ADS_LIST (List Children) - SEC_ADS_LIST_LIST_OBJECT (List Object) - SEC_ADS_READ_PROP - all possible scopes and basedns This demonstrates that NO_SUCH_OBJECT doesn't depend purely on the visibility of the base dn, it's still possible to get children returned und an invisible base dn. It also demonstrates the additional behavior with "List Object" mode. See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s3:tests: Add tests for 'valid users'.Denis Karpelevich2020-10-212-0/+42
| | | | | | | | | | | Extending testsuite for option 'valid/invalid users' from smb.conf. Signed-off-by: Denis Karpelevich <dkarpele@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 21 01:17:05 UTC 2020 on sn-devel-184
* test: Get the clusteredmember environment out of its smb1 cornerVolker Lendecke2020-10-161-2/+2
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Oct 16 18:30:18 UTC 2020 on sn-devel-184
* test: Lift clusteredmember_smb1 to use smb2Volker Lendecke2020-10-161-2/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* CVE-2020-1472(ZeroLogon): torture: ServerSetPassword2 max len passwordGary Lockyer2020-10-161-0/+4
| | | | | | | Ensure that a maximum length password (512) is still accepted Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:libsmb: Pass cli_credentials to clidfs do_connect()Andreas Schneider2020-10-091-2/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:tests: Add smbclient tests for 'client smb encrypt'Andreas Schneider2020-10-092-0/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Move enc_desired to provision to have it in 'fileserver' tooAndreas Schneider2020-10-091-5/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Rename 'smb encrypt' to 'server smb encrypt'Andreas Schneider2020-10-091-3/+3
| | | | | | | | This makes it more clear what we want. 'smb encrypt' is a synonym for 'server smb encrypt'. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Fix SMB1 reply_mv() to handle wildcards.Jeremy Allison2020-10-081-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | Pass in the original source last component to rename_internals() from reply_mv(). Change the wildcard detection in rename_internals() to look at the correct thing for the source path. This is now correctly set only from the unmangled last component of the source path sent to reply_mv(). We now pass: Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1) samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1) so remove the knownfail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Oct 8 16:29:27 UTC 2020 on sn-devel-184
* s3: smbd: Fix SMB1 reply_unlink() to handle wildcards.Jeremy Allison2020-10-081-3/+0
| | | | | | | | | | | | | | | | | | | Add a 'bool have_wcard' to unlink_internals(). Move the wildcard detection out of unlink_internals() as it was looking at the wrong thing. This is now correctly set only from the unmangled last component of the path sent to reply_unlink(). We now pass: Samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1) samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1) so remove the knownfail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: selftest: Add new SMB1-only wildcard rename regression test.Jeremy Allison2020-10-082-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-RENAME(nt4_dc_smb1) samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-RENAME(fileserver_smb1) knownfail for now. The recent wildcard changes broke something that used to work. Consider a directory with 2 files: dir/ foo fo* The 'fo*' file has a mangled name of FSHCRD~2. SMB1rename("dir/FSHCRD~2", "dir/ba*") will rename *both* files as the new 'rename has wildcard' check is done after the name unmangle. SMB2 doesn't allow wildcard renames so doesn't have this problem. Fix to follow. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: selftest: Add new SMB1-only wildcard unlink regression test.Jeremy Allison2020-10-082-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | samba3.smbtorture_s3.crypt_client.SMB1-WILD-MANGLE-UNLINK(nt4_dc_smb1) samba3.smbtorture_s3.plain.SMB1-WILD-MANGLE-UNLINK(fileserver_smb1) knownfail for now. The recent wildcard changes broke something that used to work. Consider a directory with 2 files: dir/ a * The '*' file has a mangled name of _2X68P~X. SMB1unlink("_2X68P~X") will delete *both* files as the new 'unlink has wildcard' check is done after the name unmangle. SMB2 doesn't suffer from this problem, as it doesn't allow wildcard unlinks. Fix to follow. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* python2 reduction: Merge remaining compat code into commonDavid Mulder2020-10-021-5/+1
| | | | | | | | | | | | | The remaining compat code (get_string, get_bytes, cmp) are useful helper routines which we should simply merge into common (especially since there is some duplication here). Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Fri Oct 2 14:49:36 UTC 2020 on sn-devel-184
* selftest: Move some more tests from the samba-o3 jobAndrew Bartlett2020-10-011-0/+10
| | | | | | | | These tests do not need to be repeated over and over on multiple distributions. This just wastes CI resources. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* smbclient: Fix recursive mgetVolker Lendecke2020-09-301-1/+0
| | | | | | | | | | | | | | | | | | | Make do_mget rely on do_list() already doing the recursion in a breadth-first manner. The previous code called do_list() from within its callback. Unfortunately the recent simplifications of do_list() broke this, leading to recursive mget to segfault. Instead of figuring out how this worked before the simplifications in do_list() (I did spend a few hours on this) and fixing it, I chose to restructure do_mget() to not recursively call do_list() anymore but instead rely on do_list() to do the recursion. Saves quite a few lines of code and complexity. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 30 17:23:45 UTC 2020 on sn-devel-184
* test3: Add a test showing that smbclient recursive mget is brokenVolker Lendecke2020-09-301-0/+1
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=14517 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: set pid directory in client's smb.confSamuel Cabrero2020-09-161-0/+2
| | | | | | | | | Set a pid file directory to avoid the following testparm error: ERROR: pid directory /usr/local/samba/var/run does not exist Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* selftest: Create client directories in a loopSamuel Cabrero2020-09-161-50/+22
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* tests: Make sure that idmap_ad retrieves unix nss attributesVolker Lendecke2020-09-021-0/+2
| | | | | | | | | | | | Make sure that unix_primary_group and unix_nss_info idmap_ad options work. We have two domains here and test wbinfo -i for both domains, so we also run the test without those options for the trusted domain. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
* gpo: Pass necessary parameters to rsopDavid Mulder2020-09-021-1/+0
| | | | | | | | | | | | | | | | | These parameters were missed by mistake when exts were modified to be initialized within the rsop command. Fixes an exception thrown when executing samba-gpupdate --rsop: Traceback (most recent call last): File "/usr/sbin/samba-gpupdate", line 99, in <module> rsop(lp, creds, gp_extensions, opts.target) File "/usr/lib64/python3.8/site-packages/samba/gpclass.py", line 512, in rsop ext = ext(logger, lp, creds, store) NameError: name 'logger' is not defined Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test rsop function for successDavid Mulder2020-09-021-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* samba-tool: Create unix user with modified template homedirDavid Mulder2020-09-021-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* samba-tool: Test creating unix user with modified template homedirDavid Mulder2020-09-021-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org>
* python/samba/tests/blackbox: Tests with nested DFS containerNoel Power2020-08-311-0/+11
| | | | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 31 19:09:24 UTC 2020 on sn-devel-184
* s3:share_mode_lock: make sure share_mode_cleanup_disconnected() removes the ↵Stefan Metzmacher2020-08-311-1/+0
| | | | | | | | | | | | | | | | | | | | | | record This fixes one possible trigger for "PANIC: assert failed in get_lease_type()" https://bugzilla.samba.org/show_bug.cgi?id=14428 This is no longer enough to remove the record: d->have_share_modes = false; d->modified = true; Note that we can remove it completely from share_mode_cleanup_disconnected() as share_mode_forall_entries() already sets it when there are no entries left. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* s3:share_mode_lock: reproduce problem with stale disconnected share mode entriesStefan Metzmacher2020-08-311-0/+1
| | | | | | | | | | | | | This reproduces the origin of "PANIC: assert failed in get_lease_type()" (https://bugzilla.samba.org/show_bug.cgi?id=14428). share_mode_cleanup_disconnected() removes disconnected entries from leases.tdb and brlock.tdb but not from locking.tdb. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* GPO: Add rsop output for Messages policyDavid Mulder2020-08-271-1/+0
| | | | | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): David Mulder <dmulder@samba.org> Autobuild-Date(master): Thu Aug 27 17:19:48 UTC 2020 on sn-devel-184
* GPO: Test rsop output for Messages policyDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Apply Group Policy Login Prompt MessageDavid Mulder2020-08-271-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test Group Policy Login Prompt MessageDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Apply Group Policy Message of the dayDavid Mulder2020-08-271-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test Group Policy Message of the dayDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* GPO: Add rsop output for smb.conf policyDavid Mulder2020-08-271-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* GPO: Test rsop output for smb.conf policyDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Add CSE for applying smb.confDavid Mulder2020-08-271-1/+0
| | | | | | | | Add an extension that applies smb.conf params applied via the smb.conf admx files. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test Group Policy smb.conf ExtensionDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Fix unapply failure when multiple extensions runDavid Mulder2020-08-271-2/+0
| | | | | | | | | | | When multiple Group Policy Extensions are present, only the last executed extension saves it's changes to the Group Policy Database, due to the database being loaded seperately for each extension. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test multiple extention unapplyDavid Mulder2020-08-271-0/+2
| | | | | | | | Verify that an unapply of multiple extentions deletes the script files and policy settings. Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Add rsop output for Sudoers policyDavid Mulder2020-08-271-1/+0
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* gpo: Test rsop output for Sudoers policyDavid Mulder2020-08-271-0/+1
| | | | | Signed-off-by: David Mulder <dmulder@suse.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
View Lorry Controller Status