summaryrefslogtreecommitdiff
path: root/source4/selftest
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2019-14870: heimdal: add S4U test for delegation_not_allowedIsaac Boukris2019-12-031-0/+1
| | | | Signed-off-by: Isaac Boukris <iboukris@gmail.com>
* selftest: add tests for no optimistic spnego exchangeIsaac Boukris2019-10-161-0/+4
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14106 Signed-off-by: Isaac Boukris <iboukris@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4:torture: add a file-id related testRalph Boehme2019-09-101-0/+1
| | | | | | | | | | | Note I'm using the share vfs_fruit_xattr because I need a share with both a streams and a acl_* VFS object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 2ecab3c60abf9baa16a6a5e3eba0fc4720def840)
* tests/drs_no_dns: Check dbcheck and ldapcmp passGarming Sam2019-08-071-0/+7
| | | | | | | | | | | | | When joining a DC without DNS partitions, make sure that the alternate flow of creating them afterwards results in a database with everything that is necessary. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051 RN: Allow a DC join without DNS partitions, to add them later Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit 35c54007e6183829d9d85a24b3bd95f469739ad3)
* gp_inf: Read/write files with a UTF-16LE BOM in GptTmpl.infGarming Sam2019-08-071-0/+0
| | | | | | | | | | | | | | | | | | | Regression caused by 16596842a62bec0a9d974c48d64000e3c079254e [MS-GPSB] 2.2 Message Syntax says that you have to write a BOM which I didn't do up until this patch. UTF-16 as input encoding was marked much higher up in the inheritance tree, which got overriden with the Python 3 fixes. I've now marked the encoding much more obviously for this file. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14004 Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Fri Jul 19 02:20:47 UTC 2019 on sn-devel-184 (cherry picked from commit 0bcfc550b1a902e3a6a766b06603ac9285d0ff63)
* tests: ensure that most python scripts have usage textDouglas Bagnall2019-07-051-0/+2
| | | | | | | | | | | | | | | | | | | | | When a script is run with the wrong arguments, it should at least say something like this: Usage: samba-foo [OPTIONS] For many samba scripts, especially without a server environment, having no arguments is the wrong arguments. Here we look for every executable file with '#![...]python[3]' on the first line, and exclude certain files and directories that have excuses to fail the test. For example, many selftest scripts are stream-oriented and will hang forever waiting for stdin, which is not an error. Some test modules are designed so they can be optionally run from the command line, but this option is typically only used by the developer who is writing them. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add tests for contact managementBjörn Baumbach2019-07-041-1/+2
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add test for 'samba-tool group edit' commandBjörn Baumbach2019-07-041-1/+2
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: add test for 'samba-tool computer edit' commandBjörn Baumbach2019-07-041-1/+2
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: rename "user edit" test from edit.sh to user_edit.shBjörn Baumbach2019-07-041-1/+1
| | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool dcpromo tests: add --backend-store-size optionGary Lockyer2019-07-021-0/+2
| | | | | | | | | Add a new "samba-tool domain dcpromo" option "backend-store-size". This allows the lmdb map size to be set during a promotion, instead of hard-wiring it to 8Gb. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* clone-dc-database tests: Add --backend-store-size optionGary Lockyer2019-07-021-0/+2
| | | | | | | | | Add a new "samba-tool drs clone-dc-database" option "backend-store-size". This allows the lmdb map size to be set during a clone, instead of hard-wiring it to 8Gb. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>' Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* domain join tests: Add --backend-store-size option.Gary Lockyer2019-07-021-0/+2
| | | | | | | | | Tests for the new "samba-tool domain join" option "backend-store-size". This allows the lmdb map size to be set during a provision, instead of hard-wiring it to 8Gb. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* provision tests: Add --backend-store-size option.Gary Lockyer2019-07-021-0/+1
| | | | | | | | | Tests for the new "samba-tool domain provision" option "backend-store-size". This allows the lmdb map size to be set during a provision, instead of hard-wiring it to 8Gb Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/drsuapi: Add expected value unit tests for ↵Andrew Bartlett2019-06-271-0/+2
| | | | | | | drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: add tests for samba-tool ntacl changedomsidBjörn Baumbach2019-06-181-1/+1
| | | | | | | | Signed-off-by: Björn Baumbach <bb@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Baumbach <bb@sernet.de> Autobuild-Date(master): Tue Jun 18 16:54:22 UTC 2019 on sn-devel-184
* downgradedatabase: blackbox testAaron Haslett2019-05-291-0/+2
| | | | | | | | | This test confirms that running downgradedatabase causes all GUID keys to be replaced with DN keys at the KV level Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* ldap tests: test scheme for referralsGary Lockyer2019-05-241-0/+8
| | | | | | | | | | | Ensure that the referrals returned in a search request use the same scheme as the request, i.e. referrals recieved via ldap are prefixed with "ldap://" and those over ldaps are prefixed with "ldaps://" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Add tests for large LDAP responsesAndrew Bartlett2019-05-171-0/+16
| | | | | | | | | | | This behaviour is Samba-specific, we have not traditionally cut of responses at 1000 or so as Windows does, and we need to change that behaviour carefully. This triggers this bug in TDB: BUG: https://bugzilla.samba.org/show_bug.cgi?id=13952 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pytests: try ldap.modify_order with normal userDouglas Bagnall2019-05-011-0/+14
| | | | | | | | | | | | We run the tests again, trying to modify as a normal user rather than Administrator. It turns out that we do not always return the same error code as Windows, but in all these tests both Windows and Samba always return some kind of error (as you might hope). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dsdb pytests: test the effect of reordering modify requestsDouglas Bagnall2019-05-011-0/+12
| | | | | | | Do we interpret these the same way as Windows? In many cases, no. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4/tests.py: shorten lines with common pathDouglas Bagnall2019-05-011-22/+24
| | | | | | | A small step Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftests: Place credential cache file inside environment directorySamuel Cabrero2019-04-291-1/+1
| | | | | | | Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Move simple-dc-steps.sh to correct folderAndrew Bartlett2019-04-231-0/+34
| | | | | | | This script helps re-create the environment for the dbcheck-oldrelease.sh links test. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: rename schemaupgrade_dc (+pair) to schema_dcGarming Sam2019-04-121-5/+5
| | | | | | | | | | | | | | | | This is needed because the name of the autobuild job and the name of the selftest env end up in the socket path for ncalrpc sockets. The challenge is that (for example) /memdisk/autobuild/fl/b2424063/samba-schemaupgrade/bin/ab/schemaupgrade_pair_dc/ncalrpc/np/protected_storage does not fit in a struct sockaddr_un. Signed-off-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Apr 12 05:41:36 UTC 2019 on sn-devel-144
* repl: test for schema object and LA repl across chunksAaron Haslett2019-04-111-0/+6
| | | | | | | | | | During replication, transmission of objects and linked attributes are split into chunks. These two tests check behavioural consistency across chunks for regular schema objects and linked attributes. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: tagging tests for new schemaupgrade_dc targetAaron Haslett2019-04-111-7/+17
| | | | | | | | | Tagging schema tests against schemaupgrade_dc test target and fixing some DN assertions to be more generic. Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* samdb: test for schemainfo update with relax controlAaron Haslett2019-04-111-1/+1
| | | | | | | | | | | | | | | Currently schema info's revision field isn't incremented if relax control is present. This is so that no increment is done during provision, but we need the relax control in other situations where the increment is desired. This patch adds a failing test to expose the problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* CVE-2019-3870 tests: Add test to check file-permissions are correct after ↵Tim Beale2019-04-081-0/+1
| | | | | | | | | | | | | provision This provisions a new DC and checks there are no world-writable files in the new DC's private directory. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ldb: tests for <= and >= integer indexingAaron Haslett2019-04-081-0/+1
| | | | | | | | | | | | | | | | Testing max, min and negative values for indexed 32 and 64 bit types. This has to be done in two different files because the 64 bit type is LDB_SYNTAX_INTEGER which is implemented at the ldb level, while the 32 bit is added in the ldb-samba module. Schema syntax binding added for ldb-samba. We also need to make sure that full scans are not invoked for LMDB. Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Spelling fix s/informations/information/Mathieu Parent2019-04-022-2/+2
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* ldb: cmocka test for empty attributes bugAaron Haslett2019-03-291-0/+3
| | | | | | | | | | | | Cmocka test exposing LDB bug where a request with an empty attributes list returns a response containing all attributes. The bug is in the ACL module and will be fixed in the next commit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836 Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: use the str() value of the "name" attributeStefan Metzmacher2019-03-211-1/+1
| | | | | | | | | | | We do the same with the rdn attribute value and we need the same logic on both in order to check they are the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Noel Power <npower@samba.org>
* selftest: Remove obsolete py3_compatible=True markersAndrew Bartlett2019-03-211-136/+105
| | | | | | | All our tests now run in python3. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Remove support for running multiple tests against python versions ↵Andrew Bartlett2019-03-211-7/+1
| | | | | | | | | in a single run The extra_python support was added to aid the python3 transition Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* dbcheck: don't check expired tombstone objects by default anymoreStefan Metzmacher2019-03-141-8/+18
| | | | | | | | | | | | | These will be removed anyway and any change on them risks to be an originating update that causes replication problems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144
* blackbox/dbcheck-links.sh: prepare regression test for skipping expired ↵Stefan Metzmacher2019-03-141-0/+9
| | | | | | | | | tombstones BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: detect the change after deletion bugStefan Metzmacher2019-03-141-8/+7
| | | | | | | | | | | | | | | | | | | | | | Old versions of 'samba-tool dbcheck' could reanimate deleted objects, when running at the same time as the tombstone garbage collection. When the (deleted) parent of a deleted object (with the DISALLOW_MOVE_ON_DELETE bit in systemFlags), is removed before the object itself, dbcheck moved it in the LostAndFound[Config] subtree of the partition as an originating change. That means that the object will be in tombstone state again for 180 days on the local DC. And other DCs fail to replicate the object as it's already removed completely there and the replication only gives the name and lastKnownParent attributes, because all other attributes should already be known to the other DC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* blackbox/dbcheck-links.sh: add regression test for lost deleted object repairStefan Metzmacher2019-03-141-0/+9
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: don't remove dangling one-way links on already deleted objectsStefan Metzmacher2019-03-141-5/+2
| | | | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. In this case the lastKnownParent attributes points a non existing object. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: don't move already deleted objects to LostAndFoundStefan Metzmacher2019-03-141-5/+3
| | | | | | | | | | | | This would typically happen when the garbage collection removed a parent object before a child object (both with the DISALLOW_MOVE_ON_DELETE bit set in systemFlags), while dbcheck is running at the same time as the garbage collection. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* blackbox/dbcheck-links.sh: reproduce lost deleted object problemStefan Metzmacher2019-03-141-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | When a parent object is removed during the tombstone garbage collection before a child object and samba-tool dbcheck runs at the same time, the following can happen: - If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags, samba-tool dbcheck moves the object under the LostAndFound[Config] object (as an originating update!) - The lastKnownParent attribute is removed (as an originating update!) These originating updates cause the object to have an extended time as tombstone. And these changes are replicated to other DCs, which very likely already removed the object completely! This means the destination DC of replication has no chance to handle the object it gets from the source DC with just 2 attributes (name, lastKnownParent). The destination logs something like: No objectClass found in replPropertyMetaData BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testsuite: Remove build_farm testsuitesTim Beale2019-03-121-49/+0
| | | | | | | | | | | | This test code is not run (and has not been run for about a decade). Let's remove it - it's there in the git history if we ever want to try to repurpose it again. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Mar 12 02:56:05 UTC 2019 on sn-devel-144
* dsdb/pytests: sanity checks for links under subtree renamesDouglas Bagnall2019-03-041-0/+11
| | | | | | | | | | These tests will ensure that linked attributes continue to be handled correctly under forthcoming changes. The la_move_ou_tree_big() test will show that the changes make this much faster, after which it can perhaps be removed. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Work auth_log CLIENT_IP out from config instead of env varTim Beale2019-03-041-4/+4
| | | | | | | | | | | | | | | | | Instead of passing the CLIENT_IP to the auth_log tests, we can just work out the source-IP that the client will use from its smb.conf file. This only works for auth_log_pass_change, but not auth_log.py - the latter still needs to be run on the :local testenv for other reasons, so it doesn't use the client.conf. However, we can still update the base code to use the client.conf IP, as auth_log.py overrides self.remoteAddress anyway. The main advantage of this change is it avoids having hardcoded IP addresses in the selftest framework. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Work audit_log CLIENT_IP out from config instead of env varTim Beale2019-03-041-6/+3
| | | | | | | | | | | | | Instead of passing the CLIENT_IP to the audit_log tests, we can just work out the source-IP that the client will use from its smb.conf file. Because the audit_log tests are all run on the non-local testenv, they'll already use the client.conf and the 127.0.0.11 address. The main advantage of this change is it avoids having hardcoded IP addresses in the selftest framework. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Remove explicit SOCKET_WRAPPER usage from auth_log testsTim Beale2019-03-041-15/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | The auth-logging tests are an odd combination of server and client behaviour. On the one hand we want a IRPC connection to see the auth events being logged on the server. On the other hand, we want the auth events to appear to be happening on a client. Currently we hardcode in the use of a SOCKET_WRAPPER interface to make this happen. We can avoid this explicit socket wrapper usage by using the server smb.conf instead in the one place we actually want to act like the server (creating the IRPC connection). Then we can switch from using the 'ad_dc*:local' testenvs to use 'ad_dc*', in order to act like a client by default. The SERVERCONFFILE environment variable has already been added for the few cases where a test needs explicit access to the server's smb.conf. However, for samba.tests.auth_log, the samlogon test cases are still reliant on being run on the :local testenv, and so we can't switch them over just yet. This is because the samlogon is using the DC's machine creds underneath, which will fail on the non-local testenv. We could create separate machine creds for the client and use those, but this is a non-trivial rework of the test code. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:tests: Remove unused DC_ENV variableTim Beale2019-03-041-2/+1
| | | | | | | | I believe this was a leftover remnant from an earlier patch revision - it's now been replaced by the DC_SERVERCONFFILE variable. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:tests: Move duplicated test cases into loopTim Beale2019-03-041-16/+8
| | | | | | | This is more consistent with how we run tests elsewhere. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:tests: Avoid passing unnecessary env variables to auth_log testsTim Beale2019-03-041-18/+10
| | | | | | | | | | These tests all use the ncalrpc connection, so they're always testing a connection that's local to the server-side. Therefore passing in the CLIENT_IP and SOCKET_WRAPPER_DEFAULT_IFACE variables (in order to try to simulate a client connecting) is unnecessary. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status