summaryrefslogtreecommitdiff
path: root/source4/selftest
Commit message (Collapse)AuthorAgeFilesLines
* selftest: Rename ntlmauth tests to ntlmdisabledTim Beale2017-09-261-2/+2
| | | | | | | | | | There are already some existing ntlm_auth tests, so the new tests I've added make things a bit confusing. Also, ntlmdisabled probably better reflects the specific case we're trying to test. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add new AD DC testenv with NTLM disabledTim Beale2017-09-261-1/+1
| | | | | | | | | | | | | This is so that we test the source4 case as well. Currently the only testenv with NTLM disabled is ktest, and that only exercises the source3 code. I've tried to support the new test environment with minimal changes to the Samba4.pm setup code. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add some tests for linked attribute conflictsTim Beale2017-09-181-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | Currently we have tests that check we can resolve object conflicts, but these don't test anything related to conflicting linked attributes. This patch adds some basic tests that checks that Samba can resolve conflicting linked attributes. This highlights some problems with Samba, as the following tests currently fail: - test_conflict_single_valued_link: Samba currently can't resolve a conflicting targets for a single-valued linked attribute - the replication exits with an error. - test_link_deletion_conflict: If 2 DCs add the same linked attribute, currently when they resolve this conflict the RMD_VERSION for the linked attribute incorrectly gets incremented. This means the version numbers get out of step and subsequent changes to the linked attribute can be dropped/ignored. - test_full_sync_link_conflict: fails for the same reason as above. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Mon Sep 18 09:56:41 CEST 2017 on sn-devel-144
* python:samba: Use 'binddns dir' in samba-tool and samba_upgradednsAndreas Schneider2017-09-056-9/+13
| | | | | | | | | | This provisions the bind_dlz files in the 'binddns dir'. If you want to migrate to the new files strcuture you can run samba_upgradedns! BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org>
* s4-drsuapi: Avoid segfault when replicating as a non-admin with ↵Andrew Bartlett2017-08-291-0/+5
| | | | | | | | | | | | | | | | GUID_DRS_GET_CHANGES Users who are not administrator do not get b_state->sam_ctx_system filled in. We should probably use the 'sam_ctx' variable in all cases (instead of b_state->sam_ctx*), but I'll make this change in a separate patch, so that the bug fix remains independent from other tidy-ups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* getncchanges.py: Add a new test for replicationTim Beale2017-08-181-0/+10
| | | | | | | | | | | | | | | | | | | | | | This adds a new test to check that if objects are modified during a replication, then those objects don't wind up missing from the replication data. Note that when this scenario occurs, samba returns the objects in a different order to Windows. This test doesn't care what order the replicated objects get returned in, so long as they all have been received by the end of the test. As part of this, I've refactored _check_replication() in drs_base.py so it can be reused in new tests. In these cases, the objects are split up over multiple different chunks. So asserting that the objects are returned in a specific order makes it difficult to run the same test on both Samba and Windows. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12972
* tests: replace traffic_summary test with python blackbox testGary Lockyer2017-08-171-0/+3
| | | | | | | | | | | | | | Replace the shell subunit test for script/traffic_summary.pl with a python black box test. This involves moving the test files to more standard locations. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Thu Aug 17 07:59:38 CEST 2017 on sn-devel-144
* scripts: Scripts to replay and generate samba trafficGary Lockyer2017-08-171-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | Scripts to generate representative network traffic and replay this to a samba instance. For load testing, performance profiling and capacity planning. traffic_learner process a file generated by traffic_summary and generate a model that can be used by traffic_replay to generate samba network traffic. traffic_replay Replay a summary file generated by traffic_summary, or use a model created by traffic_learner to generate network traffic. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> Pair-Programmed-With: Tim Beale <timbeale@catalyst.net.nz>
* dnsserver: Tests for dns wildcard entriesGary Lockyer2017-08-151-1/+1
| | | | | | | | | | Add tests for dns wildcards. Tests validated against Windows Server 2012 R2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12952
* s4:auth/ntlmssp: add support for using "winbind" as DCStefan Metzmacher2017-08-071-2/+2
| | | | | | | This adds support for trusted domains to the auth stack on AD DCs. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: Add tests for credentials.get_named_ccache()Andrew Bartlett2017-07-281-0/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* tests auth_log: Add new tests for NETLOGONGary Lockyer2017-07-241-0/+18
| | | | | | | | | | | | | Tests for the logging of NETLOGON authentications in the netr_ServerAuthenticate3 message processing Test code based on the existing auth_log tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12865 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* python/tests: add python test for cracknamesBob Campbell2017-07-241-0/+5
| | | | | | | | | | | | | This fails due the bug, which causes the related test in drsuapi_cracknames.c to flap. It also fails due to us not yet supporting DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL or DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12842 Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* Add code to run the tests for 'samba-tool user edit'Rowland Penny2017-07-051-0/+4
| | | | | | | | Signed-off-by: Rowland Penny <rpenny@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Jul 5 17:53:24 CEST 2017 on sn-devel-144
* selftest: Add test to confirm NTLM authentication is enabledTim Beale2017-07-041-0/+5
| | | | | | | | | (or later, that it is disabled) Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
* selftest: Use new ntlmv2-only and mschapv2-and-ntlmv2-only optionsAndrew Bartlett2017-07-041-3/+4
| | | | | | | This will allow the py_credentials test to tell if these are in use Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* tests: Add simple check whether netlogon server is runningTim Beale2017-07-041-0/+5
| | | | | | | | | | Netlogon only needs to run in DC environment. This is a simple test to check whether the netlogon service is running. This will allow us to disable the netlogon service on setups that don't require it. Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pycredentials: add function to return the netr_AuthenticatorGary Lockyer2017-06-221-0/+3
| | | | | | | | | | | Add method new_client_authenticator that returns data to allow a netr_Authenticator to be constructed. Allows python to make netr_LogonSamLogonWithFlags, netr_LogonGetDomainInfo and similar calls Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Tests lsa.String: add String constructor, str and reprGary Lockyer2017-06-221-0/+2
| | | | | | | | | Tests for the String constructor, str and repr methods added to the samba.dcerpc.lsa.String python object Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add a test for @ATTRIBUTES and @INDEXLIST generationAndrew Bartlett2017-06-151-0/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: Test join.py and confirm that the DNS record is createdAndrew Bartlett2017-06-101-0/+3
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest: run dns tests in multiple envsAndrew Bartlett2017-06-101-0/+2
| | | | | | | | This will let us check the negative behaviour: that updates against RODCs fail and un-authenticated updates fail. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* selftest/rodc: Do not run in single mode, this causes deadlocksGarming Sam2017-06-071-0/+2
| | | | | | | | | | | Attempting to 'ls' the file server against a single process AD will get stuck. This also appears as the KDC being busy. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Garming Sam <garming@samba.org> Autobuild-Date(master): Wed Jun 7 05:14:17 CEST 2017 on sn-devel-144
* tests net_join: use private secrets database.Gary Lockyer2017-05-251-1/+4
| | | | | | | | | Tests were leaving entries in the secrets database that caused subsequent test cases to fail. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth_log: Add test that execises the SamLogon python bindingsGary Lockyer2017-05-251-2/+11
| | | | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests password_hash: Add ldap based tests for WDigestGary Lockyer2017-05-251-0/+4
| | | | | | | | | | | Add tests of the WDigest values using ldap. This allows the tests to be run against Windows, to validate the calculated values. Tests validated against Windows Server 2012 R2 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool tests: Tests for virtualCryptSHAxxx roundsGary Lockyer2017-05-251-0/+1
| | | | | | | | | Add tests to for the new rounds option for the virtualCryptSHA256 and virtualCryptSHA512 attributes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool user: Tests for virtualWDigest attributesGary Lockyer2017-05-251-0/+1
| | | | | | | | | | Add tests for the new virtualWDigest attributes, these return the hashes stored in supplementalCredentials Primary:WDigest in a form suitable for use with htdigest authentication. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* testprogs: Add 'net rpc user' test against AD DCAndreas Schneider2017-05-111-0/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add MIT Kerberos specific kpasswd blackbox testAndreas Schneider2017-04-291-0/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add test with exported keytab from samba-toolAndreas Schneider2017-04-291-0/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add a kinit trust test for MIT KDCAndreas Schneider2017-04-291-0/+3
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* testprogs: Add test_kinit_mit.sh testAndreas Schneider2017-04-291-0/+4
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4:selftest: Only run auth_log tests with HeimdalAndreas Schneider2017-04-291-1/+1
| | | | | | | | They have only been created against Samba AD with Heimdal Kerberos. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlet <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* source3 smbd: tests for null pointer dereferenceGary Lockyer2017-04-281-0/+3
| | | | | | | | | Test case to replicate null pointer dereference in smbd, introduced in the auth logging changes. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests/rodc: Add a number of tests for RODC-RWDC interactionGarming Sam2017-04-131-0/+7
| | | | | | | | | | This tests password fallback to RWDC in preloaded and non-preloaded cases. It also tests some basic scenarios around what things are replicated between the two DCs. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Add ldap rodc python testGarming Sam2017-04-131-0/+6
| | | | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> BUG: https://bugzilla.samba.org/show_bug.cgi?id=12008
* s4:selftest: run test_trust_ntlm.sh against various environmentsStefan Metzmacher2017-04-101-0/+4
| | | | | | | | | | | | | | | | | | This shows that NTLM authentication is currently completely broken on an DCs of AD domains with trusts. Currently we completely ignore the client provided domain and try to authenticate against the username in our local sam.ldb. If the same username/password combination exists in both domains, the user of the trusted domain silenty impersonates the user of the local domain. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* password_hash: Add tests to allow refactoringGary Lockyer2017-04-061-0/+15
| | | | | | | | Add tests for password_hash.c to allow refactoring of setup_supplemental_field Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* auth log tests: password change testsGary Lockyer2017-03-291-0/+6
| | | | Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* auth_log: Add tests by listening for JSON messages over the message busAndrew Bartlett2017-03-291-0/+10
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Pair-programmed-by: Gary Lockyer <gary@catalyst.net.nz>
* selftest: Add more RODC tests to avoid regressions hereAndrew Bartlett2017-03-271-1/+14
| | | | | | | | This ensures that the RODC can authenticatate users over wbinfo, normal services and SamLogon including in particular the important need-to-be-forwarded case Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* auth: Add SID_NT_NTLM_AUTHENTICATION / S-1-5-64-10 to the token during NTLM authAndrew Bartlett2017-03-271-1/+2
| | | | | | | | | So far this is only on the AD DC Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz> Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz> Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
* s4:selftest: specify auth methods of pdbtests without 'samba4:' prefixStefan Metzmacher2017-03-241-2/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12709 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests/match_rules: Use system privilege for msDS-RevealedUsersGarming Sam2017-03-131-1/+1
| | | | | | | Must be done before the systemOnly attribute is enforced. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* dbcheck: Improve dbcheck to find (and may fix) dangling msDS-RevealedUsersGarming Sam2017-03-134-0/+62
| | | | | | | | We cannot add missing backlinks because of the duplicate checking. There seems to be no trivial way to add the bypass. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* python/tests: Add repl_rodc testBob Campbell2017-03-131-0/+7
| | | | | | | | | Currently, this tests the msDS-RevealedUsers feature, which we don't support at the moment. Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
* python: selftest: Add possibility to run old Python test suites with Python 3Lumir Balhar2017-03-101-2/+8
| | | | | | | | | Add possibility to execute old Python test suites with Python 3 and enable tests with Python 3 of ported samba.gensec module. Signed-off-by: Lumir Balhar <lbalhar@redhat.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* s4/torture: some tests for kernel oplocksRalph Boehme2017-03-101-1/+1
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=7537 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s4/torture: add a creditting test skipping a SMB2 MIDRalph Boehme2017-03-041-1/+1
| | | | | | | | | | | | | | | | This tests that skipping a SMB2 MID the client's usable MID window is [unused mid, unused mid + 8192] The test currently fails against Samba as we only grant up to 512 credits. It passes against Windows 2016 as that grants up to 8192 credits by default. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Mar 4 01:54:07 CET 2017 on sn-devel-144
View Lorry Controller Status